Wow, what great questions you have asked. I will take a first pass at answering a few questions and if others in the forum want to add in or correct my statements, I would welcome it, to make sure everyone has the same understanding. I am going to edit your query and break out just those questions that need comment: 1) The first question is how many layers will the file blocking inspect? For example, a zip in a zip has an exe that is malicious. If the PA doesn't inspect that far down wouldn't I be able to get through the firewall inspection? Well, I am not sure of how many layers, I am confident in my testing that trying to put a zip into a zip (with an exe) has been tested numerous times and I believe Wildfire will check this as one of the many characteristics that are run to see what a file can do inside of Wildfire's virtual environment. 2) Could I set up wildfire to forward-and-continue to block this? Yes. If you create your file blocking rule that ANY zip file was Continue and Forwarded to Wildfire, would allow your use to hit the Continue button and also have it forwarded to Wildfire service. 3) Is wildfire able to tear down a file in such a way that EVERYTHING is seen in the file and run the way the attacker wants it to? Could a file potentially be flagged benign when it's actually malware in wildfire? Well, EVERYTHING is a pretty vague statement. Malware is constantly changing, and Wildfire does its best with its 100+ characteristics that Wildfire looks for when determining what is Benign or has Malware. 4) If forward-and-continue is on and I deny the file can I get an email notification saying whether or not it was benign or malicious so that i don't have to log into the firewall and check every so often? Well, you can DENY the file download, but there is no way to determine if it had malware, because you denied the action of downloading the file. You have ability to log into the Wildfire portal or FW (but not aware of email alerting). 5) I'm thinking of an entry box with something to the affect of "Enter you email for results" and then it emails the results. I have not seen this as an action item. I think you may be able to get email based on Severity Level in your logs, but if you have the Wildfire Service, then results from your uploads will show in this log and not your Threat or Traffic Logs.
... View more