If you enabled WildFire forwarding on your firewall, the firewall now submits blocked files that match antivirus signatures for WildFire analysis, in addition to unknown files. This allows WildFire to extract valuable information from new malware variants. Malware signatures often match multiple variants of the same malware family, and as such, block new malware variants that the firewall has never seen before. Sending these blocked malware samples for WildFire analysis allows WildFire to analyze them for additional URLs, domain names, and IP addresses that must be blocked. Since all WildFire analysis data is also available on AutoFocus, you can now use WildFire and AutoFocus to get a more complete perspective of all threats targeting your network, including blocked threats; this improves the efficacy of your security operations, incident response, and threat analysis.

Because blocked files are now forwarded to WildFire for analysis, you now have visibility into files that the firewall has successfully blocked. On the firewall, you can now view WildFire Submissions log details for blocked files, which include the threat log entry for a file and the threat ID matched to a file (for more information, refer to Globally Unique Threat IDs). Both the firewall and the WildFire portal also provide access to the WildFire analysis report for a blocked file so you can learn about its behavior when it executed in a WildFire analysis environment.

The firewall forwards blocked files to the WildFire public cloud based on your existing WildFire forwarding settings (ObjectsSecurity ProfilesWildFire Analysis). The firewall doesn’t forward files that are blocked based on your file blocking settings.