5.3 Ensure a WildFire file blocking profile is enabled for all security policies allowing Internet traffic flows

Information

Apply a WildFire file blocking profile to all security policies allowing Internet traffic flows. In the following example, the 'WildFire' blocking profile is included in the 'Inside to Outside' profile group. In a production setting, both inbound and outbound traffic should be inspected and have a Wildfire blocking policy applied.
Rationale:
Traffic matching security policies that do not include a WildFire file blocking profile will not utilize WildFire for file analysis. Wildfire analysis is one of the key security measures available on this platform. Without Wildfire analysis enabled, inbound malware can only be analyzed by signature - which industrywide is roughly 40-60% effective. In a targeted attack, the success of signature-based-only analysis drops even further.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To Set File Blocking Profile:
Navigate to Objects > Security Profiles > File Blocking > File Blocking Profile.
To Set File Blocking Rules:
Navigate to Policies > Security > Security Policy Rule > Actions > Profile Setting > File Blocking.
Set a WildFire file blocking profile with Source Zone INSIDE, Address any, and User any; with Destination Zone OUTSIDE, Address any, Service any, and Application set to all denied applications; and with Action set to Deny.
Set a WildFire file blocking profile with Source Zone INSIDE, Address any, and User any; with Destination Zone OUTSIDE, Address any, Application any, and Service set to all denied service ports; and with Action set to Deny.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|8.5

Plugin: Palo_Alto

Control ID: 4a11b347ab99be398b241ab7a01e790a4a707f283100f98d61a62b62022fe935