12-04-2015 10:25 AM
We currently use Wildfire on "PE Executable" filetypes on our PA-500.
I'm interested in using it against Office documents and PDFs as those are clearly a major threat vector.
Thing is, whatever model of Palo Alto I look at, they all seem to show low WildFire limits which makes me question how they cope with things like SMTP where there may be lots of emails with attachments passing through the firewall?
PA-500 10 files/minute
PA-3020 50 files/minute
PA-7050 100 files/minute
This just doesn't seem like much given how many emails might be flowing so I'm wondering if I've missed something fundamental?
12-07-2015 01:05 AM - edited 12-07-2015 01:06 AM
Hi
These rates are actually the number of unique file uploads per minute per chassis. An important detail is that an upload will only occur for a file that has not been seen before. Whenever the firewall sees a file passing through it will check with the cloud if this file has been seen before and will only initiate an upload if the file is unknown. Consecutive sessions containing that same file will no longer trigger an upload.
This process is also independent of any hits on the AV and WildFire threat databases, who will function in-line (and at an unlimited rate) in blocking infectious files
hope this helps
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
