Forward Files for Advanced WildFire Analysis
Focus
Focus
Advanced WildFire Powered by Precision AI™

Forward Files for Advanced WildFire Analysis

Table of Contents

Forward Files for Advanced WildFire Analysis

Where Can I Use This?What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • NGFW (Managed by PAN-OS or Panorama)
  • VM-Series
  • CN-Series
  • Advanced WildFire License
    For Prisma Access, this is usually included with your Prisma Access license.
Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures for analysis. Use the WildFire Analysis profile to define files to forward to one of the Advanced WildFire public cloud options and then attach the profile to a security rule to trigger inspection for zero-day malware.
Specify traffic to be forwarded for analysis based on the application in use, the file type detected, links contained in email messages, or the transmission direction of the sample (upload, download, or both). For example, you can set up the firewall to forward Portable Executables (PEs) or any files that users attempt to download during a web-browsing session. In addition to unknown samples, the firewall forwards blocked files that match existing antivirus signatures. This provides Palo Alto Networks a valuable source of threat intelligence based on malware variants that signatures successfully prevented but has not been seen before.
If you are using a WildFire appliance to host a WildFire private cloud, you can extend WildFire analysis resources to a WildFire hybrid cloud, by configuring the firewall to continue to forward sensitive files to your WildFire private cloud for local analysis, and forward less sensitive or unsupported file types to the WildFire public cloud. For more information about using and configuring the WildFire appliance, refer to the WildFire Appliance Administration.
Before you begin:
  • File analysis support can have minor differences between Advanced WildFire cloud regions. Refer to File Type Support for more information.
  • If a firewall resides between the firewall you are configuring to forward files and the Advanced WildFire cloud, make sure that the firewall in the middle allows the following ports:
    Port
    Usage
    443
    Registration, PCAP Downloads, Sample Downloads, Report Retrieval, File Submission, PDF Report Downloads
    10443
    Dynamic Updates