Device > Setup > WildFire
Select DeviceSetupWildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud and a WildFire appliance to be used to perform file analysis. You can also set file size limits and session information that will be reported. After populating WildFire settings, you can specify what files to forward to the WildFire cloud or the WildFire appliance by creating a WildFire Analysis profile (ObjectsSecurity ProfilesWildFire Analysis).
To forward decrypted content to WildFire, you need to select Allow Forwarding of Decrypted Content in DeviceSetupContent-IDURL Filtering Settings.
WildFire Public Cloud
Enter wildfire.paloaltonetworks.com to send files to the WildFire global cloud, hosted in the United States, for analysis. Alternatively, you can instead send files to a WildFire regional cloud for analysis. Regional clouds are designed to adhere to the data privacy expectations you might have depending on your location.
WildFire Private Cloud
Specify the IP address or FQDN of the WildFire appliance.
The firewall sends files for analysis to the specified WildFire appliance.
Panorama collects threat IDs from the WildFire appliance to enable the addition of threat exceptions in Anti-Spyware profiles (for DNS signatures only) and Antivirus profiles that you configure in device groups. Panorama also collects information from the WildFire appliance to populate fields that are missing in the WildFire Submissions logs received from firewalls running software versions earlier than PAN-OS 7.0.
File Size Limits
Specify the maximum file size that will be forwarded to the WildFire server. Available ranges are:
The preceding values might differ based on the current version of PAN-OS or the content release. To see valid ranges, click in the Size Limit field; a pop-up displays the available range and default value.
Report Benign Files
When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be benign will appear in the MonitorWildFire Submissions log.
Even if this option is enabled on the firewall, email links that WildFire deems benign will not be logged because of the potential quantity of links processed.
Report Grayware Files
When this option is enabled (disabled by default), files analyzed by WildFire that are determined to be grayware will appear in the MonitorWildFire Submissions log.
Even if this option is enabled on the firewall, email links that WildFire determines to be grayware will not be logged because of the potential quantity of links processed.
Session Information Settings
Specify the information to be forwarded to the WildFire server. By default, all are selected:
Verify File Forwarding
Verify File Forwarding After the firewall is set up to Forward Files for WildFire Analysis , use the following options to verify the connection between ...
Enable Logging for Benign and Grayware Samples
Enable Logging for Benign and Grayware Samples Logging for benign and grayware samples is disabled by default. Email links that receive benign or grayware verdicts ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...
WildFire Features PAN-OS 8.0.1 is the base image for WF-500 appliances (not PAN-OS 8.0.0). New WildFire Features Description WildFire Appliance Clusters In environments where you ...
Verdicts When WildFire analyzes a previously unknown sample in the Palo Alto Networks-hosted WildFire global cloud or a locally-hosted WildFire private cloud, a verdict is ...
About the WildFire API
About the WildFire API The WildFire™ API extends the malware detection capabilities of WildFire through a RESTful XML-based API. Using the API, you can get ...
Email Link Analysis
Email Link Analysis A Palo Alto Networks firewall can extract HTTP/HTTPS links contained in SMTP and POP3 email messages and forward the links for WildFire ...
Submit Files and Links through the WildFire API
Submit Files and Links through the WildFire API You can use the WildFire™ API to automate submission of files and links to the WildFire public ...