WildFire Private Cloud

In a Palo Alto Networks private cloud deployment, Palo Alto Networks firewalls forward files to a WildFire appliance on your corporate network that is being used to host a private cloud analysis location. A WildFire private cloud can receive and analyze files from up to 100 Palo Alto Networks firewalls.
Because the WildFire private cloud is a local sandbox, benign, grayware, and phishing samples that are analyzed never leave your network. By default, the private cloud also does not send discovered malware outside of your network; however, you can choose to automatically forward malware to the WildFire public cloud for signature generation and distribution. In this case, The WildFire public cloud re-analyzes the sample, generates a signature to identify the sample, and distributes the signature to all Palo Alto Networks firewalls with Threat Prevention and WildFire licenses.
If you do not want the WildFire private cloud to forward even malicious samples outside of your network, you can:
  • Enable the WildFire appliance to forward the malware report (and not the sample itself) to the WildFire public cloud. WildFire reports provide statistical information that helps Palo Alto Networks assess the pervasiveness and propagation of the malware. For more details, see Submit Malware or Reports from the WildFire Appliance (PAN-OS 8.0, 8.1, 9.0).
  • Manually Upload Files to the WildFire Portal (PAN-OS 8.0, 8.1, 9.0) instead of automatically forwarding all malware, or Use the WildFire API (PAN-OS 8.0, 8.1, 9.0) to submit files to the WildFire public cloud.
You can also Enable Local Signature and URL Category Generation (PAN-OS 8.0, 8.1, 9.0)on the WildFire appliance. Signatures the WildFire appliance generates are distributed to connected firewalls so that the firewalls can effectively block the malware the next time it is detected.
Android Application Package (APK) and MAC OSX files are not supported for WildFire private cloud analysis.

Related Documentation