how are files forwarded to wildfire?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

how are files forwarded to wildfire?

L4 Transporter

Please help me understand  how  files are forwarded to wildfire public cloud and how secure is the connection between firewall and wildfire cloud?

Also, my understanding is that firewall hashes every file it encounters against its databse(local) and lookups for new hash info on cloud whenever a policy hit occurs for wildfire.Am I correct?

 

TIA 

1 accepted solution

Accepted Solutions

Hi @SThatipelly

 

the file is only stored to upload to the cloud in case there is no verdict, in case of no verdict or benign, the client will receive the file. only if the verdict is known as malicious will the packets get dropped and file will be incomplete

 

there is some overhead in the form of cached file parts but there is no computational overhead, the hash is created by the management plane (hashing requires nearly no computation)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

hi @SThatipelly

 

every file is hashed locally and first matched against the cloud database of known files to see if there's a verdict already or not. Once it is determined there's no verdict yet, the file is uploaded over TLS to the WildFire cloud

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Thanks @reaper.

 

so firewall stores the files until verdict is heard? I have over 1500 users and does enabling wildfire on their traffic would  create some computational overhead on firewall?  

Hi @SThatipelly

 

the file is only stored to upload to the cloud in case there is no verdict, in case of no verdict or benign, the client will receive the file. only if the verdict is known as malicious will the packets get dropped and file will be incomplete

 

there is some overhead in the form of cached file parts but there is no computational overhead, the hash is created by the management plane (hashing requires nearly no computation)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 2840 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!