How to verify the status and troubleshoot the WildFire Real Time Signature Updates feature
Objective
This article covers the basic CLI commands that can be used to verify if the WildFire Real Time Signature Updates feature is working properly.
Environment
- Palo Alto Networks Firewall
- PAN-OS 10.0 and above.
Procedure
The Palo Alto Networks next-generation firewall now supports real-time retrieval of WildFire signatures. This enables you to access the WildFire cloud signatures and new signatures as soon as they are generated.
Even when the firewall is configured to use real-time signatures, supplemental signature packages are still installed on a hourly basis. This provides an up-to-date signature source when you experience connectivity issues, as well as a speed benefit, where signatures are available locally.
To check the current frequency:
# show deviceconfig system update-schedule wildfire recurring
recurring {
real-time;
}
To check if the feature is enabled:
> show system info | match wildfire-rt
wildfire-rt: Enabled
The firewall will connect to:
realtimesignatures.service.paloaltonetworks.com:443
To allow this connection, allow App-ID’s:
paloalto-updates
ssl
if the connection fails, there will be a Medium severity System Log entry. Filter Query:
( description contains 'Failed to connect to wildfire-realtime cloud, retry after 30 seconds' )
Check connection status:
> show wildfire-realtime-cloud-status
RealTime WildFire Signature cloud
License: valid
Current cloud server: realtimesignatures.service.paloaltonetworks.com
Cloud connection: connected
Check statistics:
> show wildfire-realtime-stats
Additional Information
WildFire Real-Time Signature Updates