Firewall Forwarding

The firewall forwards unknown samples, as well as blocked files that match antivirus signatures, for WildFire analysis based on the configured WildFire Analysis profile settings (ObjectsSecurity ProfilesWildFire Analysis). In addition to detecting links included in emails, files that are attached to emails, and browser-based file downloads, the firewall leverages the App-ID to detect file transfers within applications. For samples that the firewall detects, the firewall analyzes the structure and content of the sample and compares it against existing signatures. If the sample matches a signature, the firewall applies the default action defined for the signature (allow, alert, or block). If the sample matches an antivirus signature or if the sample remains unknown after comparing it against WildFire signatures, the firewall forwards it for WildFire analysis.
By default, the firewall also forwards information about the session in which an unknown sample was detected. To manage the session information that the firewall forwards, select DeviceSetupWildFire and edit Session Information Settings.

Related Documentation