About the WildFire Appliance

The WildFire appliance provides an on-premises WildFire private cloud, enabling you to analyze suspicious files in a sandbox environment without requiring the firewall to sends files out of network. To use the WildFire appliance to host a WildFire private cloud, configure the firewall to submit samples to the WildFire appliance for analysis. The WildFire appliance sandboxes all files locally and analyzes them for malicious behaviors using the same engine the WildFire public cloud uses. Within minutes, the private cloud returns analysis results to the firewall WildFire Submissions logs.
You can enable a WildFire appliance to:
  • Locally generate antivirus and DNS signatures for discovered malware, and to assign a URL category to malicious links. You can then enable connected firewalls to retrieve the latest signatures and URL categories every five minutes.
  • Submit malware to the WildFire public cloud. The WildFire public cloud re-analyzes the sample and generates a signature to detect the malware—this signature can be made available within minutes to protect global users
  • Submit locally-generated malware reports (without sending the raw sample content) to the WildFire public cloud, to contribute to malware statistics and threat intelligence.
You can configure up to 100 Palo Alto Networks firewalls, each with valid WildFire subscriptions, to forward to a single WildFire appliance. Beyond the WildFire firewall subscriptions, no additional WildFire subscription is required to enable a WildFire private cloud deployment.
You can manage WildFire appliances using the local appliance CLI, or you can centrally Manage WildFire Appliances with Panorama. Starting with PAN-OS 8.0.1, you can also group WildFire appliances into WildFire Appliance Clusters and manage the clusters locally or from Panorama.

Related Documentation