Next-Generation Firewall
Device > Setup > WildFire
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Device > Setup > WildFire
Select DeviceSetupWildFire to
configure WildFire settings on the
firewall and Panorama. You can enable both the WildFire cloud and
a WildFire appliance to be used to perform file analysis. You can
also set file size limits and session information that will be reported.
After populating WildFire settings, you can specify what files to
forward to the WildFire cloud or the WildFire appliance by creating
a WildFire Analysis profile (ObjectsSecurity ProfilesWildFire Analysis).
To forward decrypted content to WildFire, refer to Forward Decrypted SSL Traffic for WildFire
Analysis.
WildFire Settings | Description |
---|---|
General Settings | |
WildFire Public Cloud | Enter wildfire.paloaltonetworks.com to send files to the WildFire global
cloud (U.S.), hosted in the United States, for analysis.
Alternatively, you can instead send files to a WildFire regional cloud
for analysis. Regional clouds are designed to adhere to the data
privacy expectations you might have depending on your location. Forward samples to a regional WildFire cloud
to ensure adherence to the data privacy and compliance standards specific
to your region. Regional clouds are:
|
WildFire Private Cloud | Specify the IPv4/IPv6 address or FQDN of
the WildFire appliance. The firewall sends files for analysis
to the specified WildFire appliance. Panorama collects threat
IDs from the WildFire appliance to enable the addition of threat
exceptions in Anti-Spyware profiles (for DNS signatures only) and
Antivirus profiles that you configure in device groups. Panorama
also collects information from the WildFire appliance to populate
fields that are missing in the WildFire Submissions logs received
from firewalls running software versions earlier than PAN-OS 7.0. |
File Size Limits | Specify the maximum file size that will
be forwarded to the WildFire server. For all best practice recommendations
about file size limits, if the limit is too large and prevents the
firewall from forwarding multiple large zero-day files at the same
time, lower and tune the maximum limit based on the amount of available
firewall buffer space. If more buffer space is available, you can
increase the file size limit above the best practice recommendation.
The best practice recommendations are a good starting place for
setting effective limits that don’t overtax firewall resources.
Available ranges are:
The
preceding values might differ based on the current version of PAN-OS
or the content release. To see valid ranges, click in the Size
Limit field; a pop-up displays the available range and
default value. |
Report Benign Files | When this option is enabled (disabled by
default), files analyzed by WildFire that are determined to be benign
will appear in the MonitorWildFire Submissions log. Even
if this option is enabled on the firewall, email links that WildFire
deems benign will not be logged because of the potential quantity
of links processed. |
Report Grayware Files | When this option is enabled (disabled by
default), files analyzed by WildFire that are determined to be grayware
will appear in the MonitorWildFire Submissions log. Even
if this option is enabled on the firewall, email links that WildFire
determines to be grayware will not be logged because of the potential
quantity of links processed. Enable
reporting grayware files to log session information, network activity,
host activity, and other information that helps with analytics. |
Session Information Settings | |
Settings | Specify the information to be forwarded
to the WildFire server. By default, all are selected and the best
practice is to forward all session information to provide statistics
and other metrics that enable you to take actions to prevent threat
events:
|
Inline Cloud Analysis Settings
| |
File Size Limits
|
View the maximum file sizes that Advanced WildFire Inline Cloud
Analysis can submit and analyze for malware. File sizes larger than
the limit are not processed by the Advanced WildFire cloud.
The maximum file size values are determined by Palo Alto Networks
and are periodically updated to provide maximum performance and
coverage. |
Inline Session Information Settings
| |
Settings
|
Specify the information to be forwarded to the Advanced WildFire
cloud when samples are sent for processing through Advanced WildFire
Inline Cloud Analysis. By default, all are selected and the best
practice is to forward all session information to provide statistics
and other metrics that enable you to take actions to prevent threat
events:
|