5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles

Information

Set Applications and File Types fields to any in WildFire file blocking profiles. With a WildFire license, seven file types are supported, while only PE (Portable Executable) files are supported without a license. For web traffic, the action "continue-and-forward" can be selected. This still forwards the file to the Wildfire service, but also presents the end user with a confirmation message before they receive the file.
If there is a "continue-and-forward" rule, there should still be an "any traffic / any application / forward" rule after that in the list.
Rationale:
Selecting 'Any' application and file type ensures WildFire is analyzing as many files as possible.

Solution

Navigate to Objects > Security Profiles > File Blocking.
Set a rule so that Applications is set to any, File Type is set to any, and Action is set to forward.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|8.5

Plugin: Palo_Alto

Control ID: 14dbe3c42210dd585e2b44c845335ac37d0aae030ee2aad5dc42a1a7e6cf10a8