Disable Automatic Server Select for WildFire on the Palo Alto Networks Firewall
Resolution
Overview
The Palo Alto Networks firewall can be configured to allowed to only specific IP addresses for various services, including WildFire. In the case of WildFire, the firewall can be configured to only communicate to a single WildFire server and disable the automatic server selection.
Details
To disable the automatic server selection, run the following command on the CLI:
PAN-OS 6.0 and below:
# set deviceconfig setting wildfire disable-server-select yes
PAN-OS 6.1 and above:
> debug wildfire server-selection disable
Go to Device > Setup > Wildfire tab on the web UI and specify a WildFire Server, as shown below:
The configuration can be verified on the CLI with the following command:
> show wildfire status
Connection info:
Wildfire cloud: jp-s1.wildfire.paloaltonetworks.com
Status: Idle
Best server: jp-s1.wildfire.paloaltonetworks.com
Device registered: yes
Valid wildfire license: yes
Service route IP address: 10.64.16.8
Signature verification: enable
Server selection: disable
Through a proxy: no
owner: apasupulati