Detections
Analytics

5.1 Ensure that WildFire file size upload limits are maximized

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Increase WildFire file size limits to the maximum file size supported by the environment. An organization with bandwidth constraints or heavy usage of unique files under a supported file type may require lower settings. The recommendations account for the CPU load on smaller platforms. If an organization consistently has CPU to spare, it's recommended to set some or all of these values to the maximum.

Rationale:

Increasing file size limits allows the devices to forward more files for WildFire analysis. This increases the chances of identifying, and later preventing, threats in larger files. The default values are configured for files small enough that the majority of files are not assessed by Wildfire.

Impact:

With the default values known, an attacker has only to send an infected file slightly over the 'maximum' size for that filetype to evade detection at the perimeter. Many of the values are significantly lower than is typical for each file size.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Navigate to Device > Setup > WildFire.
Click the General Settings edit icon.
Set the maximum size for each file type are larger than the defaults, to a size that is as large enough to account for 'large' files, but not large enough to affect performance of the hardware.
In PAN-OS 9.x, the default file sizes for WildFire are:

pe (Portable Executable) - 16MB

apk (Android Application)- 10MB

pdf (Portable Document Format) - 3072KB

ms-office (Microsoft Office) - 16384KB

jar (Packaged Java class file) - 5MB

flash (Adobe Flash) - 5MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 20KB

In PAN-OS 9.x, the maximum file sizes for Wildfire are:

pe (Portable Executable) - 50MB

apk (Android Application)- 50MB

pdf (Portable Document Format) - 51200KB

ms-office (Microsoft Office) - 51200KB

jar (Packaged Java class file) - 20MB

flash (Adobe Flash) - 10MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 50MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 4096KB

Default Value:

In PAN-OS 9.x, the default file sizes for WildFire are:

pe (Portable Executable) - 16MB

apk (Android Application)- 10MB

pdf (Portable Document Format) - 3072KB

ms-office (Microsoft Office) - 16384KB

jar (Packaged Java class file) - 5MB

flash (Adobe Flash) - 5MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 20KB

See Also

https://workbench.cisecurity.org/files/3750

Item Details

References: CSCv7|8

Plugin: Palo_Alto

Control ID: 7f5e4e6c7601ff0895853ba195dfb8f4f284eaed755dccc3a59d6b5519f8e211