Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-04-2021 07:43 AM - edited 01-04-2021 08:02 AM
Hi Tom,
First of all, I'd like to thank you for your wonderful book 'Mastering the Palo Alto networks' which is very informative and helpful for the beginners like me to nourish our skills on Palo Alto.
Under Monitor -> Wild fire submissions, I see Malicious is being marked as 'blocked'. From the below, I believe AV is the one which is going to block the viruses and not the Wild Fire. Please correct me if I'm wrong.
1. Assuming no wildfire license in place and through AV updates, will it be automatically blocked in next 24hours?
2. Will it block only if it's set to 'reset-both' under AV/Wildfire action or it'll block automatically if the action is set to 'default or alert' in the AV profile?
3. In AV profile, I see only HTTP, FTP, SMB, SMTP and POP3. What if any files which are malicious are transferred through SFTP and so on, which isn't part of the AV decoders?
