In a Palo Alto Networks private cloud deployment, Palo Alto Networks firewalls forward files to a WildFire appliance on your corporate network that is being used to host a private cloud analysis location. A WildFire private cloud can receive and analyze files from up to 100 Palo Alto Networks firewalls.

Because the WildFire private cloud is a local sandbox, benign, grayware, and phishing samples that are analyzed never leave your network. By default, the private cloud also does not send discovered malware outside of your network; however, you can choose to automatically forward malware to the WildFire public cloud for signature generation and distribution. In this case, The WildFire public cloud re-analyzes the sample, generates a signature to identify the sample, and distributes the signature to all Palo Alto Networks firewalls with Threat Prevention and WildFire licenses.

If you do not want the WildFire private cloud to forward even malicious samples outside of your network, you can:

You can also Enable Local Signature and URL Category Generation on the WildFire appliance. Signatures the WildFire appliance generates are distributed to connected firewalls so that the firewalls can effectively block the malware the next time it is detected.

Android Application Package (APK) and MAC OSX files are not supported for WildFire private cloud analysis.