5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles

Information

Set Applications and File Types fields to any in WildFire file blocking profiles. With a WildFire license, seven file types are supported, while only PE (Portable Executable) files are supported without a license. For the 'web browsing' application, the action 'continue' can be selected. This still forwards the file to the Wildfire service, but also presents the end user with a confirmation message before they receive the file. Selecting 'continue' for any other application will block the file (because the end user will not see the prompt). If there is a 'continue' rule, there should still be an 'any traffic / any application / forward' rule after that in the list.

Rationale:

Selecting 'Any' application and file type ensures WildFire is analyzing as many files as possible.

Solution

Navigate to Objects > Security Profiles > File Blocking.
Set a rule so that Applications is set to any, File Type is set to any, and Action is set to forward.

Default Value:

Predefined Security Profiles exist for 'basic' and 'strict' File Blocking.

See Also

https://workbench.cisecurity.org/benchmarks/8826

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8

Plugin: Palo_Alto

Control ID: 6ccc11b08d4d06307d5e97d19a44ef069aa1791a8d4024b218f7573192b6db88