The Palo Alto Networks (PAN)
Firewall uses WildFire (a Cloud service) to block and sandbox unknown malwares (zero day attack). You first
need a WildFire license applied.
To verify the PAN Firewall license, go to Device > Licenses > WildFire. Notice the Date Expires: May 19, 2020.
Click Download for the WildFire update (2019).
Click Install.
You can modify the WildFire settings under Device > Setup > WildFire tab > click edit (gear icon). I just left its settings in default.
To configure the PAN Firewall to submit decrypted file in WildFire cloud (for sandboxing) under Device > Setup > Content-ID > Content-ID Settings.
You'll need SSL Decryption policy configured on the PAN Firewall as well.
Tick Allow forwarding of decrypted content > click OK.
To configure a WildFire Analysis Security Profile, go to Objects > Security Profiles > WildFire Analysis > tick default > Clone.
Leave the Name selected by default > click OK.
Click default-1 to edit.
Type a Name (WILDFIRE-PROFILE-1) > leave the other settings in default > click OK.
To apply a WildFire Analysis Security Profile, go to Policies > Security > click on Rule #1 (Allow-Any).
Under Actions > Profile Setting > WildFire Analysis: WILDFIRE-PROFILE-1 > click OK.
Click Commit.
There's several test files on the Palo Alto Networks website for testing WildFire configured on a PAN Firewall. I tried to download various Malware test files to trigger WildFire.
To monitor WildFire logs, go to Monitor > Logs > Traffic. Notice the traffic from inside client machine (192.168.1.20) was redirected to Palo Alto WildFire cloud.
Click the magnifying glass icon to get a Detailed Log View.
The WildFire Submission logs took a few minutes to appear under Monitor > Log >WildFire Submissions.
Click the magnifying glass icon to get a Detailed Log View.
To verify the PAN Firewall license, go to Device > Licenses > WildFire. Notice the Date Expires: May 19, 2020.
You also
need to update WildFire under Device >Dynamic Updates > WildFire. You can
sort from the latest update by clicking the Release Date column.
Notice
the WildFire last update is from 2017. Click Check Now to download new updates.
Click Download for the WildFire update (2019).
Click Install.
You can modify the WildFire settings under Device > Setup > WildFire tab > click edit (gear icon). I just left its settings in default.
To configure the PAN Firewall to submit decrypted file in WildFire cloud (for sandboxing) under Device > Setup > Content-ID > Content-ID Settings.
You'll need SSL Decryption policy configured on the PAN Firewall as well.
Tick Allow forwarding of decrypted content > click OK.
To configure a WildFire Analysis Security Profile, go to Objects > Security Profiles > WildFire Analysis > tick default > Clone.
Leave the Name selected by default > click OK.
Click default-1 to edit.
Type a Name (WILDFIRE-PROFILE-1) > leave the other settings in default > click OK.
To apply a WildFire Analysis Security Profile, go to Policies > Security > click on Rule #1 (Allow-Any).
Under Actions > Profile Setting > WildFire Analysis: WILDFIRE-PROFILE-1 > click OK.
Click Commit.
There's several test files on the Palo Alto Networks website for testing WildFire configured on a PAN Firewall. I tried to download various Malware test files to trigger WildFire.
To monitor WildFire logs, go to Monitor > Logs > Traffic. Notice the traffic from inside client machine (192.168.1.20) was redirected to Palo Alto WildFire cloud.
Click the magnifying glass icon to get a Detailed Log View.
The WildFire Submission logs took a few minutes to appear under Monitor > Log >WildFire Submissions.
Click the magnifying glass icon to get a Detailed Log View.