Details
Set Applications and File Types fields to any in WildFire file blocking profiles. With a WildFire license, seven file types are supported, while only PE (Portable Executable) files are supported without a license. For web traffic, the action “continue-and-forward” can be selected. This still forwards the file to the Wildfire service, but also presents the end user with a confirmation message before they receive the file.
If there is a “continue-and-forward” rule, there should still be an “any traffic / any application / forward” rule after that in the list.
Rationale:
Selecting ‘Any’ application and file type ensures WildFire is analyzing as many files as possible.
Solution
Navigate to Objects > Security Profiles > File Blocking.
Set a rule so that Applications is set to any, File Type is set to any, and Action is set to forward.
Default Value:
Predefined Security Profiles exist for “basic” and “strict” File Blocking.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Palo_Alto.