Tips & Tricks: WildFire File-type Based Cloud Selection

Some security regulations may require that sensitive information not leave the Data Center, even through encrypted means, which excludes these files from being scanned for infections by the WildFire Cloud. 

The WF-500 appliance alows an organization to leverage the strength of WildFire sandbox analysis in a private cloud environment.

Sending all internal files to the private cloud, however, may waste resources if not all files are bound by strict regulations. An example would be PDF files that may potentially contain secret or sensitive information and PE files from the internet (PuTTY, pdf reader, other useful tools and so on) that may have been already scanned by the public WildFire cloud.

Starting from PAN-OS 7.0, the security profile for WildFire was split off from the File Blocking profile to give an administrator more control over which actions to take for each File Type that is of interest. This includes choosing which cloud, private or public, to send specific file types to within the same security profile.

This also allows an admin to have file types that are not supported by the WF-500 appliance, like APK files, to be forwarded to the public cloud.

The direction of the file, upload or download, can also be taken into consideration when selecting public or private cloud:

The IP or hostname of the public and private cloud can be configured individually via Device > Setup > WildFire.

And individual service routes can be created via Device > Setup > Services > Service Route Configuration > Customize, so cloud upload paths can be segregated.

I hope you found this Tips & Tricks useful. Feel free to leave comments below!

Reaper