A Palo Alto Networks firewall configured with a WildFire analysis profile forwards samples for WildFire analysis based on file type (including email links). Additionally, the firewall decodes files that have been encoded or compressed up to four times (such as files in ZIP format); if the decoded file matches WildFire Analysis profile criteria, the firewall forwards the decoded file for WildFire analysis.
While the firewall can forward all the file types listed below, WildFire analysis support can vary depending on the WildFire cloud to which you are submitted samples. Review WildFire File Type Support to learn more.
File Types Supported for WildFire Forwarding
Android Application Package (APK) files. APK files are not supported for WildFire private cloud analysis using a WildFire appliance.
Adobe Flash applets and Flash content embedded in web pages.
Java applets (JAR/class files types).
Microsoft Office files, including documents (DOC, DOCX, RTF), workbooks (XLS, XLSX), and PowerPoint (PPT, PPTX) presentations, and Office Open XML (OOXML) 2007+ documents.
Portable Executable (PE) files. PEs include executable files, object code, DLLs, and FON (fonts). A subscription is not required to forward PE files for WildFire analysis, but is required for all other supported file types.
Portable Document Format (PDF) files.
Mach-O, DMG, and PKG files are supported with content version 599. You can also manually or programmatically submit all Mac OS X supported file types for analysis (including application bundles, for which the firewall does not support automatic forwarding).
HTTP/HTTPS links contained in SMTP and POP3 email messages. See Email Link Analysis.
Roshal Archive (RAR) and 7-Zip (7z) archive files. Password-protected and Multi-volume archives are that are split into several smaller files cannot be submitted for analysis.
Executable and Linkable Format (ELF) files.
WildFire File Type Support
WildFire File Type Support The following table lists the file types that are supported for analysis in the WildFire cloud environments. File Types Supported for ...
Archive (RAR/7z) and ELF File Analysis
Archive (RAR/7z) and ELF File Analysis To use this feature, be sure to download and install the latest PAN-OS content release. PAN-OS Applications and Threats ...
WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...
WildFire Best Practices
WildFire Best Practices Follow the best practices to secure your network from Layer 4 and Layer 7 evasions to ensure reliable content identification and analysis. ...
Compressed and Encoded File Analysis
Compressed and Encoded File Analysis By default, the firewall decodes files that have been encoded or compressed up to four times, including files that have ...
Manually or Programmatically Submit Archive/ELF Files
Manually or Programmatically Submit Archive/ELF Files Submit archive and ELF file types directly to the WildFire public cloud for analysis. With a WildFire subscription, you ...
WildFire Hybrid Cloud
WildFire Hybrid Cloud A firewall in a WildFire hybrid cloud deployment can forward certain samples to the Palo Alto Networks-hosted WildFire global cloud and other ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
Preferred Analysis for Documents or Executables
Preferred Analysis for Documents or Executables A single virtual machine (VM) image runs on the WildFire appliance; when you Upgrade the WildFire Appliance Software , ...