WildFire & Office Documents/PDFs - Limitations?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

WildFire & Office Documents/PDFs - Limitations?

L4 Transporter

We currently use Wildfire on "PE Executable" filetypes on our PA-500.


I'm interested in using it against Office documents and PDFs as those are clearly a major threat vector.


Thing is, whatever model of Palo Alto I look at, they all seem to show low WildFire limits which makes me question how they cope with things like SMTP where there may be lots of emails with attachments passing through the firewall?


PA-500 10 files/minute

PA-3020 50 files/minute

PA-7050 100 files/minute


This just doesn't seem like much given how many emails might be flowing so I'm wondering if I've missed something fundamental?


Cyber Elite
Cyber Elite



These rates are actually the number of unique file uploads per minute per chassis. An important detail is that an upload will only occur for a file that has not been seen before. Whenever the firewall sees a file passing through it will check with the cloud if this file has been seen before and will only initiate an upload if the file is unknown. Consecutive sessions containing that same file will no longer trigger an upload.

This process is also independent of any hits on the AV and WildFire threat databases, who will function in-line (and at an unlimited rate) in blocking infectious files


hope this helps



Tom Piens
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!