Objects > Security Profiles > WildFire Analysis

Use a WildFire Analysis profile to specify for WildFire file analysis to be performed locally on the WildFire appliance or in the WildFire cloud. You can specify traffic to be forwarded to the public cloud or private cloud based on file type, application, or the transmission direction of the file (upload or download). After creating a WildFire analysis profile, adding the profile to a policy (
Policies
Security
) further allows you apply the profile settings to any traffic matched to that policy (for example, a URL category defined in the policy).
Use the predefined default profile to forward all unknown files to WildFire for analysis. In addition, set up WildFire appliance content updates to download and install every minute so you always have the most recent support.
WildFire Analysis Profile Settings
Name
Enter a descriptive name for the WildFire analysis profile (up to 31 characters). This name appears in the list of WildFire Analysis profiles that you can choose from when defining a Security policy rule. The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Description
Optionally describe the profile rules or the intended use for the profile (up to 255 characters).
Shared (
Panorama only
)
Select this option if you want the profile to be available to:
  • Every virtual system (vsys) on a multi-vsys firewall. If you clear this selection, the profile will be available only to the
    Virtual System
    selected in the
    Objects
    tab.
  • Every device group on Panorama. If you clear this selection, the profile will be available only to the
    Device Group
    selected in the
    Objects
    tab.
Disable override (
Panorama only
)
Select this option to prevent administrators from overriding the settings of this Vulnerability Protection profile in device groups that inherit the profile. This selection is cleared by default, which means administrators can override the settings for any device group that inherits the profile.
Rules
Define one or more rules to specify traffic to forward to either the WildFire public cloud or the WildFire appliance (private cloud) for analysis.
  • Enter a descriptive
    Name
    for any rules you add to the profile (up to 31 characters).
  • Add an
    Application
    so that any application traffic will be matched to the rule and forwarded to the specified analysis destination.
  • Select a
    File Type
    to be analyzed at the defined analysis destination for the rule.
A WildFire private cloud (hosted by a WildFire appliance) does not support analysis of APK, Mac OS X, archive, and linux files.
  • Apply the rule to traffic depending on the transmission
    Direction
    . You can apply the rule to upload traffic, download traffic, or both.
  • Select the
    Destination
    for traffic to be forwarded for analysis:
    • Select public-cloud so that all traffic matched to the rule is forwarded to the WildFire public cloud for analysis.
    • Select private-cloud so that all traffic matched to the rule is forwarded to the WildFire appliance for analysis.

Related Documentation