In a Palo Alto Networks private cloud deployment, Palo
Alto Networks firewalls forward files to a WildFire appliance on
your corporate network that is being used to host a private cloud
analysis location. A WildFire private cloud can receive and analyze
files from up to 100 Palo Alto Networks firewalls.
Because the WildFire private cloud is a local sandbox, benign,
grayware, and phishing samples that are analyzed never leave your
network. By default, the private cloud also does not send discovered
malware outside of your network; however, you can choose to automatically
forward malware to the WildFire public cloud for signature generation
and distribution. In this case, The WildFire public cloud re-analyzes
the sample, generates a signature to identify the sample, and distributes
the signature to all Palo Alto Networks firewalls with Threat Prevention
and WildFire licenses.
If you do not want the WildFire private cloud to forward even
malicious samples outside of your network, you can:
Enable the WildFire appliance to forward the malware
report (and not the sample itself) to the WildFire public cloud.
WildFire reports provide statistical information that helps Palo
Alto Networks assess the pervasiveness and propagation of the malware.
For more details, see
Submit Malware or Reports from the WildFire
(PAN-OS 8.1, 9.0, 9.1) instead of automatically
forwarding all malware, or
Use the WildFire API
(PAN-OS 8.1, 9.0, 9.1) to submit files to
the WildFire public cloud.
You can also
Enable Local Signature and URL Category Generation
(PAN-OS 8.1, 9.0, 9.1) on the WildFire appliance.
Signatures the WildFire appliance generates are distributed to connected
firewalls so that the firewalls can effectively block the malware
the next time it is detected.
Android Application Package (APK) and MAC OSX files are not supported
for WildFire private cloud analysis.