Disable Automatic Server Select for WildFire on the Palo Alto Networks Firewall

Disable Automatic Server Select for WildFire on the Palo Alto Networks Firewall

Created On 09/26/18 13:53 PM - Last Modified 02/07/19 23:39 PM



The Palo Alto Networks firewall can be configured to allowed to only specific IP addresses for various services, including WildFire. In the case of WildFire, the firewall can be configured to only communicate to a single WildFire server and disable the automatic server selection.


To disable the automatic server selection, run the following command on the CLI:

PAN-OS 6.0 and below:

# set deviceconfig setting wildfire disable-server-select yes

PAN-OS 6.1 and above:

> debug wildfire server-selection disable

Go to Device > Setup > Wildfire tab on the web UI and specify a WildFire Server, as shown below:


The configuration can be verified on the CLI with the following command:

> show wildfire status

Connection info:

        Wildfire cloud:                jp-s1.wildfire.paloaltonetworks.com

        Status:                        Idle

        Best server:                   jp-s1.wildfire.paloaltonetworks.com

        Device registered:             yes

        Valid wildfire license:        yes

        Service route IP address:

        Signature verification:        enable

        Server selection:              disable

        Through a proxy:               no

owner: apasupulati

  • Print
  • Copy Link


Choose Language