Please help me understand how files are forwarded to wildfire public cloud and how secure is the connection between firewall and wildfire cloud?
Also, my understanding is that firewall hashes every file it encounters against its databse(local) and lookups for new hash info on cloud whenever a policy hit occurs for wildfire.Am I correct?
Solved! Go to Solution.
every file is hashed locally and first matched against the cloud database of known files to see if there's a verdict already or not. Once it is determined there's no verdict yet, the file is uploaded over TLS to the WildFire cloud
so firewall stores the files until verdict is heard? I have over 1500 users and does enabling wildfire on their traffic would create some computational overhead on firewall?
the file is only stored to upload to the cloud in case there is no verdict, in case of no verdict or benign, the client will receive the file. only if the verdict is known as malicious will the packets get dropped and file will be incomplete
there is some overhead in the form of cached file parts but there is no computational overhead, the hash is created by the management plane (hashing requires nearly no computation)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!