5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles

Information

Set Applications and File Types fields to any in WildFire file blocking profiles. With a WildFire license, seven file types are supported, while only PE (Portable Executable) files are supported without a license. For web traffic, the action "continue-and-forward" can be selected. This still forwards the file to the Wildfire service, but also presents the end user with a confirmation message before they receive the file.
If there is a "continue-and-forward" rule, there should still be an "any traffic / any application / forward" rule after that in the list.
Rationale:
Selecting 'Any' application and file type ensures WildFire is analyzing as many files as possible.

Solution

Navigate to Objects > Security Profiles > File Blocking.
Set a rule so that Applications is set to any, File Type is set to any, and Action is set to forward.
Default Value:
Predefined Security Profiles exist for "basic" and "strict" File Blocking.

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv6|8.5, CSCv7|8

Plugin: Palo_Alto

Control ID: de6808ca3f8e3e04cba503561386eb3e4dcd0acc1ff15899c39da77ac279546b