Can't seem to find any solid answers out there, but can the PA automatically block files/links/etc that are determined by WildFire to be malware or phishing?
top of page
All things Palo Alto Networks
Forum: Forum
bottom of page
All things Palo Alto Networks
Makes sense, thanks for the explanation. We are interested in an on-the-fly blocking option, but we'll wait and see how that turns out. Still on 8.1.x
Yes, it already does that, but not if you're patient zero: Whenever a file is received, the hash is checked against wildfires known files. If the hash matches a known file, the verdict is immediately known and if the file is malicious (and you received the signature through dynamic updates), the session will be dropped and the file discarded before delivery. If the file has not been seen however, and it doesn't match any known signatures (day0) then it is allowed to pass and uploaded to wildfire for analysis. If it is found to be malicious, a signature is created and rolled out via content updates. But you will have received the file in full. With PAN-OS 10.0 that last bit had been addressed as now wildfire can (theoretically) analyze files on the fly I'd you have a wildfire subscription