About the WildFire Appliance
| Where Can I Use
This? | What Do I Need? |
|---|
The WildFire appliance provides an on-premises WildFire private
cloud, enabling you to analyze suspicious files in a sandbox environment
without requiring the firewall to sends files out of network. To
use the WildFire appliance to host a WildFire private cloud, configure
the firewall to submit samples to the WildFire appliance for analysis.
The WildFire appliance sandboxes all files locally and analyzes
them for malicious behaviors using the same engine the WildFire
public cloud uses. Within minutes, the private cloud returns analysis
results to the firewall WildFire Submissions logs.
The WildFire Appliance Administration covers setting up
and configuring the WildFire appliance, but shares much of the operational design
and capabilities with the WildFire public cloud. For more information
about the WildFire analysis capabilities, refer to the Advanced
WildFire Administration.
You can enable a WildFire appliance to:
Locally generate antivirus and
DNS signatures for discovered malware, and to assign a
URL category to malicious
links. You can then enable connected firewalls to retrieve the latest
signatures and URL categories every five minutes.
Submit malware to the WildFire public cloud. The WildFire
public cloud re-analyzes the sample and generates a signature to
detect the malware—this signature can be made available within minutes
to protect global users
Submit locally-generated malware reports (without sending
the raw sample content) to the WildFire public cloud, to contribute
to malware statistics and threat intelligence.
You can configure up to 100 Palo Alto Networks firewalls, each
with valid WildFire subscriptions, to forward to a single WildFire
appliance. Beyond the WildFire firewall subscriptions, no additional
WildFire subscription is required to enable a WildFire private cloud
deployment.
