Enter wildfire.paloaltonetworks.com to send files to the WildFire global cloud (U.S.), hosted in the United States, for analysis. Alternatively, you can instead send files to a WildFire regional cloud for analysis. Regional clouds are designed to adhere to the data privacy expectations you might have depending on your location.

Specify the IPv4/IPv6 address or FQDN of the WildFire appliance.

The firewall sends files for analysis to the specified WildFire appliance.

Panorama collects threat IDs from the WildFire appliance to enable the addition of threat exceptions in Anti-Spyware profiles (for DNS signatures only) and Antivirus profiles that you configure in device groups. Panorama also collects information from the WildFire appliance to populate fields that are missing in the WildFire Submissions logs received from firewalls running software versions earlier than PAN-OS 7.0.

Specify the maximum file size that will be forwarded to the WildFire server. For all best practice recommendations about file size limits, if the limit is too large and prevents the firewall from forwarding multiple large zero-day files at the same time, lower and tune the maximum limit based on the amount of available firewall buffer space. If more buffer space is available, you can increase the file size limit above the best practice recommendation. The best practice recommendations are a good starting place for setting effective limits that don’t overtax firewall resources. Available ranges are:

When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be benign will appear in the MonitorWildFire Submissions log.

Even if this option is enabled on the firewall, email links that WildFire deems benign will not be logged because of the potential quantity of links processed.

When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be grayware will appear in the MonitorWildFire Submissions log.