Information
Apply a WildFire file blocking profile to all security policies allowing Internet traffic flows. In the following example, the 'WildFire' blocking profile is included in the 'Inside to Outside' profile group.
Rationale:
Traffic matching security policies that do not include a WildFire file blocking profile will not utilize WildFire for file analysis. Wildfire analysis is one of the key security measures available on this platform. Without Wildfire analysis enabled, inbound malware can only be analyzed by signature - which industrywide is roughly 40-60% effective. In a targeted attack, the success of signature-based-only analysis drops even further.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To Set File Blocking Profile
Navigate to Objects > Security Profiles > File Blocking > File Blocking Profile
To Set File Blocking Rules
Navigate to Policies > Security > Security Policy Rule > Actions > Profile Setting > File Blocking.
Set a WildFire file blocking profile with Source Zone INSIDE, Address any, and User any; with Destination Zone OUTSIDE, Address any, Service any, and Application set to all denied applications; and with Action set to Deny.
Set a WildFire file blocking profile with Source Zone INSIDE, Address any, and User any; with Destination Zone OUTSIDE, Address any, Application any, and Service set to all denied service ports; and with Action set to Deny.
Default Value:
Not Configured