Essentials
WCF Installation
How to install and run World Crime Feeds (WCF) by OneFirewall
The WCF Agent integrates with the OneFirewall Platform to:
- Ingest security events from SIEMs (via syslog)
- Serve threat feeds to firewalls (FortiGate, pfSense, etc.)
- Automate blocking of malicious activity
This guide shows you how to deploy the WCF Agent on your own infrastructure.
1. Prerequisites
1.1 Virtual Machine Specifications
- RAM: 8 GB (minimum 4 GB)
- vCPU: 4 cores (minimum 2 cores)
- Disk: 50 GB (minimum 20 GB)
1.2 Network Requirements
Direction | Protocol / Port | Purpose |
---|---|---|
Inbound | UDP 514 | Receive syslog events from your SIEM |
Inbound | TCP 443 (HTTPS) | Serve threat feeds to firewalls |
Outbound | TCP 443 → OneFirewall | Sync config & retrieve instructions |
Outbound | TCP 443 → Firewalls | Push automated-blocking commands (optional) |
2. Install Docker & Docker Compose
3. Prepare Your Deployment Directory
- Download the WCF Agent Docker image into this folder.
- Obtain your config.json from OneFirewall’s Install Agent page.
- Place config.json in ~/wcf-agent/.
4. Create docker-compose.yml
Contact OneFirewall support team with access to download WCF Agent binary image
5. Launch the Agent
docker compose up -d
runs containers in the background.docker compose logs -f
streams the agent’s output for troubleshooting.
6. Verify Operation
- Visit
https://app.onefirewall.com/agent-status.html
to see the Agent is working and blocking malicious connections - Visit
https://app.onefirewall.com/live.html
to see the traffic captured in real time