Transition WildFire Profiles Safely to Best Practices
Apply WildFire Analysis profiles to allow rules to protect
against unknown threats without risking application availability.
Use the following guidance to help define
the initial configuration of WildFire Analysis profiles.
PAN-OS includes basic WildFire service, which enables forwarding
portable executable (PE) files for WildFire analysis and retrieving
WildFire signatures with antivirus or Threat Prevention updates
every 24-48 hours. A WildFire subscription includes
many more features, such as receiving updates every five minutes, support
for more file types, and an API.
WildFire signature generation is highly accurate and
false positives are rare. Deploying the best practice WildFire Analysis
profile from the start does not impact network traffic. However,
WildFire Action settings in the Antivirus profile may
impact traffic if the traffic generates a WildFire signature that
results in a reset or drop action.
Exclude internal traffic such as software distribution applications
if you deploy custom-built programs through these applications because
WildFire may identify custom-built programs as malicious and generate
a signature for them.
The default WildFire Analysis profile is the recommended best
practice profile, including at the internet gateway and in
the data center.
When you have the initial profiles in place, monitor the WildFire
Submissions logs (
for enough time to gain confidence you understand whether any business-critical
applications cause alerts or blocks due to the Antivirus profile
WildFire Action. Create exceptions (open a support ticket if necessary)
in the Antivirus profile as needed to remediate any confirmed false