A Palo Alto Networks firewall configured with a WildFire analysis profile forwards samples for WildFire analysis based on file type (including email links). Additionally, the firewall decodes files that have been encoded or compressed up to four times (such as files in ZIP format); if the decoded file matches WildFire Analysis profile criteria, the firewall forwards the decoded file for WildFire analysis.
While the firewall can forward all the file types listed below, WildFire analysis support can vary depending on the WildFire cloud to which you are submitted samples. Review WildFire File Type Support to learn more.
File Types Supported for WildFire Forwarding
Android Application Package (APK) files.
DEX files contained within APK files are analyzed as part of the APK file analysis.
Adobe Flash applets and Flash content embedded in web pages.
Java applets (JAR/class files types).
Microsoft Office files, including documents (DOC, DOCX, RTF), workbooks (XLS, XLSX), and PowerPoint (PPT, PPTX) presentations, and Office Open XML (OOXML) 2007+ documents.
Portable Executable (PE) files. PEs include executable files, object code, DLLs, and FON (fonts). A subscription is not required to forward PE files for WildFire analysis, but is required for all other supported file types.
Portable Document Format (PDF) files.
Mach-O, DMG, and PKG files are supported with content version 599. You can also manually or programmatically submit all Mac OS X supported file types for analysis (including application bundles, for which the firewall does not support automatic forwarding).
HTTP/HTTPS links contained in SMTP and POP3 email messages. See Email Link Analysis.
Roshal Archive (RAR) and 7-Zip (7z) archive files. Password-protected and Multi-volume archives are that are split into several smaller files cannot be submitted for analysis.
Executable and Linkable Format (ELF) files.
Jscript (JS), VBScript (VBS), and PowerShell Script (PS1) files are supported with content version 8101.
WildFire File Type Support
WildFire File Type Support The following table lists the file types that are supported for analysis in the WildFire cloud environments. File Types Supported for ...
Compressed and Encoded File Analysis
Compressed and Encoded File Analysis By default, the firewall decodes files that have been encoded or compressed up to four times, including files that have ...
WildFire Appliance Archive Support
The WildFire appliance running PAN-OS 9.0 or later can now analyze and classify RAR and 7-Zip archives, which can be used by an adversary to ...
WildFire Best Practices
WildFire Best Practices Follow the best practices to secure your network from Layer 4 and Layer 7 evasions to ensure reliable content identification and analysis. ...
WildFire Subscription The basic WildFire service is included as part of the Palo Alto Networks next generation firewall and does not require a WildFire subscription. ...
Forward Files for WildFire Analysis
Forward Files for WildFire Analysis Configure Palo Alto Networks firewalls to forward unknown files or email links and blocked files that match existing antivirus signatures ...
WildFire Hybrid Cloud
WildFire Hybrid Cloud A firewall in a WildFire hybrid cloud deployment can forward certain samples to the Palo Alto Networks-hosted WildFire global cloud and other ...
Submit Files for WildFire Analysis
Submit Files for WildFire Analysis The following topics describe how to submit files for WildFire™ analysis. You can set up Palo Alto Networks firewalls to ...
Device > Setup > WildFire
Device > Setup > WildFire Select Device Setup WildFire to configure WildFire settings on the firewall and Panorama. You can enable both the WildFire cloud ...