5.1 Ensure that WildFire file size upload limits are maximized

Information

The default file size limits on the firewall are designed to include the majority of malware in the wild (which is smaller than the default size limits) and to exclude large files that are very unlikely to be malicious and that can impact WildFire file-forwarding capacity.

Rationale:

Because the firewall has a specific capacity reserved to forward files for WildFire analysis, forwarding high numbers of large files can cause the firewall to skip forwarding of some files. This condition occurs when the maximum file size limits are configured for a file type that is traversing the firewall at a high rate. In this case, a potentially malicious file might not get forwarded for WildFire analysis. Consider this possible condition if you would like to increase the size limit for files other than PEs beyond their default size limit.

Impact:

Using larger file filtering can cause the system to skip files in the event multiple larger files are sent.

Solution

Navigate to Device > Setup > WildFire.
Click the General Settings edit icon.
Set the maximum size for each file type are larger than the defaults, to a size that is as large enough to account for 'large' files, but not large enough to affect performance of the hardware.
In PAN-OS 9.x and higher, the default file sizes for WildFire are:

pe (Portable Executable) - 16MB

apk (Android Application)- 10MB

pdf (Portable Document Format) - 3072KB

ms-office (Microsoft Office) - 16384KB

jar (Packaged Java class file) - 5MB

flash (Adobe Flash) - 5MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 20KB

In PAN-OS 9.x and higher, the maximum file sizes for Wildfire are:

pe (Portable Executable) - 50MB

apk (Android Application)- 50MB

pdf (Portable Document Format) - 51200KB

ms-office (Microsoft Office) - 51200KB

jar (Packaged Java class file) - 20MB

flash (Adobe Flash) - 10MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 50MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 4096KB

Default Value:

In PAN-OS 9.x, the default file sizes for WildFire are:

pe (Portable Executable) - 16MB

apk (Android Application)- 10MB

pdf (Portable Document Format) - 3072KB

ms-office (Microsoft Office) - 16384KB

jar (Packaged Java class file) - 5MB

flash (Adobe Flash) - 5MB

MacOSX (DMG/MAC-APP/MACH-O PKG files) - 10MB

archive (RAR and 7z files) - 50MB

linux (ELF files) - 50MB

script (JScript, VBScript, PowerShell, and Shell Script)- 20KB

See Also

https://workbench.cisecurity.org/benchmarks/17915

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8.3

Plugin: Palo_Alto

Control ID: 03b1d68a106774ed8fc2bb3b007680ecb5ba4446055b36e7a0a24402d7c4558d