1. Home
    2. PAN-OS
    3. PAN-OS 7.1 Web Interface Reference Guide
    4. Device
    5. Device > Setup > WildFire
    Previous
    Next
    Select Device > Setup > WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud and a WildFire appliance to be used to perform file analysis. You can also set file size limits and session information that will be reported. After populating WildFire settings, you can specify what files to forward to the WildFire cloud or the WildFire appliance by creating a WildFire Analysis profile ( Objects > Security Profiles > WildFire Analysis).
    		 To forward decrypted content to WildFire, you need to select Allow Forwarding of Decrypted Content in Device > Setup > Content-ID > URL Filtering Settings.
    WildFire Setting Description
    General Settings
    WildFire Public Cloud Enter wildfire.paloaltonetworks.com to use the WildFire cloud hosted in the United States to analyze files. To use the WildFire cloud hosted in Japan, enter wildfire.paloaltonetworks.jp. You may want to use the Japan server if you do not want benign files forwarded to the U.S. cloud servers. If a file sent to the Japan cloud is determined to be malicious, the Japan cloud system forwards it to the U.S. servers where the file is reanalyzed and a signature is generated. If you are in the Japan region, you might also experience faster response times for sample submissions and report generation.
    WildFire Private Cloud Specify the IP address or FQDN of the WildFire appliance. The firewall sends files for analysis to the specified WildFire appliance. Panorama collects threat IDs from the WildFire appliance to enable the addition of threat exceptions in Anti-Spyware profiles (for DNS signatures only) and Antivirus profiles that you configure in device groups. Panorama also collects information from the WildFire appliance to populate fields that are missing in the WildFire Submissions logs received from firewalls running software versions earlier than PAN-OS 7.0.
    File Size Limits Specify the maximum file size that will be forwarded to the WildFire server. Available ranges are: pe (Portable Executable)—Range is 1–10MB; default 10MB apk (Android Application)—Range is 1–50MB; default 10MB pdf (Portable Document Format)—Range is 100KB–1,000KB; default 500KB ms-office (Microsoft Office)—Range is 200KB–10,000KB; default 500KB jar (Packaged Java class file)—Range is 1–10MB; default 1MB flash (Adobe Flash)—Range is 1–10MB; default is 5MB MacOSX (DMG/MAC-APP/MACH-O PKG files)—Range is 1–50MB; default 1MB archive (RAR/7z archive files)—Range is 1–50MB; default 10MB The preceding values might differ based on the current version of PAN-OS or the content release. To see the valid ranges, click in the Size Limit field; a pop-up displays the available range and default value.
    Report Benign Files When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be benign will appear in the Monitor > WildFire Submissions log. Even if this option is enabled on the firewall, email links that WildFire deems benign will not be logged because of the potential quantity of links processed.
    Report Grayware Files When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be grayware will appear in the Monitor > WildFire Submissions log. Even if this option is enabled on the firewall, email links that WildFire determines to be grayware will not be logged because of the potential quantity of links processed.
    Session Information Settings
    Settings Specify the information to be forwarded to the WildFire server. By default, all are selected: Source IP —Source IP address that sent the suspected file. Source Port —Source port that sent the suspected file. Destination IP —Destination IP address for the suspected file. Destination Port —Destination port for the suspected file. Vsys —Firewall virtual system that identified the possible malware. Application —User application that was used to transmit the file. User —Targeted user. URL —URL associated with the suspected file. Filename —Name of the file that was sent. Email sender —Provides the sender name in WildFire logs and WildFire detailed reports when a malicious email link is detected in SMTP and POP3 traffic. Email recipient —Provides the recipient name in WildFire logs and WildFire detailed reports when a malicious email link is detected in SMTP and POP3 traffic. Email subject —Provides the email subject in WildFire logs and WildFire detailed reports when a malicious email link is detected in SMTP and POP3 traffic.
    Previous
    Next

    Related Documentation

    Verify File Forwarding

    Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...

    Forward Files for WildFire Analysis

    Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links for analysis. Use the WildFire Analysis profile to ...

    WildFire Concepts

    WildFire Concepts Samples Firewall Forwarding Session Information Sharing Virtual Environment Verdicts File Analysis Email Link Analysis Compressed and Encoded File Analysis WildFire Signatures Samples Samples ...

    WildFire Deployments

    WildFire Deployments You can set up a Palo Alto Networks firewall to submit unknown samples to the Palo Alto Networks-hosted WildFire global cloud, to a ...

    Configure WildFire Submissions Log Settings

    Configure WildFire Submissions Log Settings Enable the following options for WildFire Submissions logs: Enable Logging for Benign and Grayware Samples Include Email Header Information in ...

    WildFire Subscription

    WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...

    Submit Files for WildFire Analysis

    Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire® analysis. You can set up Palo Alto Networks firewalls to ...

    WildFire File Type Support

    WildFire File Type Support The following table lists the file types that are supported for analysis in the WildFire cloud environments. File Types Supported for ...

    WildFire® API Reference

    The WildFire™ API extends the malware detection capabilities of WildFire through a RESTful XML-based API. Using the WildFire API, you can automate the submission of ...

    About the WildFire API

    About the WildFire API The WildFire® API extends the malware detection capabilities of WildFire through a RESTful XML-based API. Using the API, you can get ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo