Detections
Analytics
5.1 Ensure that WildFire file size upload limits are maximized
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Increase WildFire file size limits to the maximum file size supported by the environment. An organization with bandwidth constraints or heavy usage of unique files under a supported file type may require lower settings. The recommendations account for the CPU load on smaller platforms. If an organization consistently has CPU to spare, it's recommended to set some or all of these values to the maximum.Rationale:
Increasing file size limits allows the devices to forward more files for WildFire analysis. This increases the chances of identifying, and later preventing, threats in larger files. The default values are configured for files small enough that the majority of files are not assessed by Wildfire.
Impact:
With the default values known, an attacker has only to send an infected file slightly over the 'maximum' size for that filetype to evade detection at the perimeter. Many of the values are significantly lower than is typical for each file size.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Navigate to Device > Setup > WildFire.Click the General Settings edit icon.
Set the maximum size for each file type are larger than the defaults, to a size that is as large enough to account for 'large' files, but not large enough to affect performance of the hardware.
In PAN-OS 9.x, the default file sizes for WildFire are:
pe (Portable Executable) - 16MB
apk (Android Application)- 10MB
pdf (Portable Document Format) - 3072KB
ms-office (Microsoft Office) - 16384KB
jar (Packaged Java class file) - 5MB
flash (Adobe Flash) - 5MB
MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB
archive (RAR and 7z files) - 50MB
linux (ELF files) - 50MB
script (JScript, VBScript, PowerShell, and Shell Script)- 20KB
In PAN-OS 9.x, the maximum file sizes for Wildfire are:
pe (Portable Executable) - 50MB
apk (Android Application)- 50MB
pdf (Portable Document Format) - 51200KB
ms-office (Microsoft Office) - 51200KB
jar (Packaged Java class file) - 20MB
flash (Adobe Flash) - 10MB
MacOSX (DMG/MAC-APP/MACH-O PKG files) - 50MB
archive (RAR and 7z files) - 50MB
linux (ELF files) - 50MB
script (JScript, VBScript, PowerShell, and Shell Script)- 4096KB
Default Value:
In PAN-OS 9.x, the default file sizes for WildFire are:
pe (Portable Executable) - 16MB
apk (Android Application)- 10MB
pdf (Portable Document Format) - 3072KB
ms-office (Microsoft Office) - 16384KB
jar (Packaged Java class file) - 5MB
flash (Adobe Flash) - 5MB
MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB
archive (RAR and 7z files) - 50MB
linux (ELF files) - 50MB
script (JScript, VBScript, PowerShell, and Shell Script)- 20KB
See Also
Item Details
Audit Name: CIS Palo Alto Firewall 10 v1.0.0 L1
References: CSCv7|8
Plugin: Palo_Alto
Control ID: 7f5e4e6c7601ff0895853ba195dfb8f4f284eaed755dccc3a59d6b5519f8e211