You can set up a Palo Alto Networks firewall to submit unknown samples to the Palo Alto Networks-hosted WildFire global cloud, to a locally-hosted WildFire private cloud, or you can enable the firewall to forward certain samples to a WildFire global cloud and certain samples to a WildFire private cloud:
WildFire Global Cloud
A Palo Alto Networks firewall with can forward unknown files and email links to the WildFire global cloud or to one of three WildFire regional clouds that Palo Alto Networks owns and maintains. Choose the WildFire cloud to which you want to submit samples for analysis based on your location and your organization’s needs:
WildFire Global Cloud
The WildFire global cloud is a public cloud environment hosted in the United States.
Use the following URL to submit files to the WildFire global cloud for analysis and to access the WildFire global portal: wildfire.paloaltonetworks.com.
WildFire EU Cloud
The WildFire EU cloud is a regional public cloud environment hosted in The Netherlands. It is designed to adhere to European Union (EU) data privacy regulations and samples submitted to the WildFire Europe cloud remain within EU borders.
Use the following URL to submit files to the WildFire Europe cloud for analysis and to access the WildFire Europe cloud portal: eu.wildfire.paloaltonetworks.com.
WildFire Japan Cloud
The WildFire Japan cloud is a regional public cloud environment hosted in Japan.
Use the following URL to submit files to the WildFire Japan cloud for analysis and to access the WildFire Japan cloud portal: jp.wildfire.paloaltonetworks.com.
WildFire Singapore Cloud
The WildFire Singapore cloud is a regional public cloud environment hosted in Singapore.
Use the following URL to submit files to the WildFire Singapore cloud for analysis and to access the WildFire Singapore cloud portal: sg.wildfire.paloaltonetworks.com.
Each WildFire cloud—global and regional—analyzes samples and generates malware signatures independently of the other WildFire clouds. WildFire signatures are then shared globally, enabling WildFire users worldwide to benefit from malware coverage regardless of the location the malware was first detected. Review WildFire File Type Support to learn more about the file types that each cloud analyzes. If you have a WF-500 appliance, you can enable a WildFire Hybrid Cloud deployment, where the firewall can forward certain files to a WildFire public cloud, and other files to a WildFire private cloud for local analysis.
WildFire Private Cloud
In a Palo Alto Networks private cloud deployment, Palo Alto Networks firewalls forward files to a WF-500 appliance on your corporate network that is being used to host a private cloud analysis location. A WildFire private cloud can receive and analyze files from up to 100 Palo Alto Networks firewalls.
Because the WildFire private cloud is a local sandbox, benign and grayware files it analyzes never leave your network. By default, the private cloud also does not send discovered malware outside of your network; however, you can choose to automatically forward malware to the WildFire public cloud for signature generation and distribution. In this case, The WildFire public cloud re-analyzes the sample, generates a signature to identify the sample, and distributes the signature to all Palo Alto Networks firewalls with Threat Prevention and WildFire licenses.
If you do not want the WildFire private cloud to forward even malicious samples outside of your network, you can:
Enable the WF-500 appliance to forward the malware report (and not the sample itself) to the WildFire public cloud. WildFire reports provide statistical information that helps Palo Alto Networks assess the pervasiveness and propagation of the malware. For more details, see Submit Malware or Reports from the WF-500 Appliance. Manually Upload Files to the WildFire Portal (instead of automatically forwarding all malware) or Use the WildFire API to submit files to the WildFire public cloud.
You can also Enable Local Signature and URL Category Generation on the WF-500 appliance. Signatures the WF-500 appliance generates are distributed to connected firewalls so that the firewalls can effectively block the malware the next time it is detected.
Android Application Package (APK) files are not supported for WildFire private cloud analysis.
WildFire Hybrid Cloud
A firewall in a WildFire hybrid cloud deployment can forward certain samples to the Palo Alto Networks-hosted WildFire global cloud and other samples to a WildFire private cloud hosted by a WF-500 appliance. A WildFire hybrid cloud deployment allows the flexibility to analyze private documents locally and inside your network, while the WildFire public cloud analyzes files from the Internet. For example, forward Payment Card Industry (PCI) and Protected Health Information (PHI) data exclusively to the WildFire private cloud for analysis, while forwarding Portable Executables (PEs) to the WildFire public cloud for analysis. In a WildFire hybrid cloud deployment, offloading files to the public cloud for analysis allows you benefit from a prompt verdict for files that have been previously processed in the WildFire public cloud, and also frees up the WF-500 appliance capacity to process sensitive content. Additionally, you can forward certain file types to the WildFire public cloud that are not currently supported for WF-500 appliance analysis, such as Android Application Package (APK) files.
In a WildFire hybrid cloud deployment, there might be some cases where a single file matches your criteria for both public cloud analysis and private cloud analysis; in these cases, the file is submitted only to the private cloud for analysis as a cautionary measure.
To set up hybrid cloud forwarding, see Forward Files for WildFire Analysis.

Related Documentation