What Is the Maximum Size of .exe Files Uploaded From the Next Generation Firewall to Wildfire?

WildFire Best Practices

Follow the best practices (PAN-Os 8.1, 9.0, ix.1, 10.0, 10.1) to secure your network from Layer iv and Layer 7 evasions to ensure reliable content identification and assay. Specifically, make sure that you implement the best practices for TCP settings () and Content-ID™ settings ().

Also make sure that you accept an active Threat Prevention subscription (PAN-OS 8.one, 9.0, 9.1, ten.0, 10.i). Together, WildFire

®

and Threat Prevention enable comprehensive threat detection and prevention.

Download and install content updates (PAN-Bone eight.ane, 9.0, 9.1, 10.0, 10.i) on a daily basis to receive the latest product updates and threat protections generated by Palo Alto Networks. Review the instructions for installing content and software updates (PAN-OS viii.1, 9.0, 9.ane, 10.0, 10.1) for more information nigh what is included in the update packages.

If you configured your firewall to decrypt SSL traffic (PAN-OS 8.one, 9.0, 9.1, ten.0, x.1), and so enable the firewall to

Forward Decrypted SSL Traffic for WildFire Analysis

(PAN-Bone 8.1, ix.0, 9.1, 10.0, 10.1). Only a superuser tin can enable this choice.

Use the default WildFire Analysis profile to ascertain the traffic that the firewall should forward for WildFire analysis (). The default WildFire Analysis profile ensures complete WildFire coverage for all traffic that your Security policy allows—information technology specifies that all supported file types across all applications are forwarded for WildFire analysis regardless whether the files are uploaded or downloaded.

If y'all choose to create a custom WildFire Analysis profile, it is a best practice to however ready the profile to forrard

any

file blazon. This enables the firewall to automatically begin forwarding file types as they become supported for WildFire analysis.

For details on applying a WildFire Assay profile to firewall traffic, review how to

Forrad Files for WildFire Analysis

(PAN-OS 8.1, 9.0, ix.one, 10.0, 10.i).

WildFire Activity settings in the Antivirus profile may impact traffic if the traffic generates a WildFire signature that results in a reset or a drib action. You tin exclude internal traffic, such as software distribution applications through which you deploy custom-built programs, to transition safely (PAN-OS 9.0, 9.ane, x.0, 10.1)to best practices because WildFire may place custom-built programs equally malicious and generate a signature for them. Bank check to see if any internal custom-built programs trigger WildFire signatures.

While you are configuring the firewall to forward files for WildFire analysis (PAN-OS viii.1, nine.0, 9.1, 10.0, 10.1), review the file

Size Limit

for all supported file types. Prepare the

Size Limit

for all file types to the default limits. (Select and edit the Full general Settings to adjust file size limits based on file blazon. Y'all can view the Assist information to detect the default size limit for each file type).

About the Default File Size Limits for WildFire Forwarding

The default file size limits on the firewall are designed to include the majority of malware in the wild (which is smaller than the default size limits) and to exclude large files that are very unlikely to be malicious and that can impact WildFire file-forwarding chapters. Considering the firewall has a specific capacity reserved to frontward files for WildFire analysis, forwarding loftier numbers of big files can cause the firewall to skip forwarding of some files. This condition occurs when the maximum file size limits are configured for a file blazon that is traversing the firewall at a high rate. In this instance, a potentially malicious file might not get forwarded for WildFire analysis. Consider this possible condition if you would similar to increase the size limit for files other than PEs beyond their default size limit.

The following graph is a representative illustration of the distribution of file sizes for malware as observed by the Palo Alto Networks threat research team. You can increment the firewall default file size settings to the maximum file size setting to gain a relatively small increase in the malware take hold of rate for each file type.

Recommended File Size Limits to Catch Uncommonly Large Malicious Files



If you lot are concerned specifically near uncommonly large malicious files, then you tin increase file size limits beyond the default settings. In these cases, the following settings are recommended to catch rare, very large malicious files.

Select and edit General Settings to adjust the

Size Limit

for each file type:

File Blazon	PAN-Os nine.0 and after File-Forwarding Maximum Size Recommendations	PAN-Os 8.one File-Forwarding Maximum Size Recommendations
pe	16MB	10MB
apk	10MB	10MB
pdf	3,072KB	1,000KB
ms-office	16,384KB	2,000KB
jar	5MB	5MB
wink	5MB	5MB
MacOSX	10MB	1MB
archive	50MB	10MB
linux	50MB	10MB
script	20KB	20KB

guentherbelve1987.blogspot.com

Source: https://docs.paloaltonetworks.com/wildfire/9-1/wildfire-admin/wildfire-deployment-best-practices/wildfire-best-practices

Share this post