WildFire Features
PAN-OS 8.0.1 is the base image for WF-500 appliances (not PAN-OS 8.0.0).
New WildFire Features Description
WildFire Appliance Clusters In environments where you cannot use the WildFire public cloud, you can now configure up to twenty WF-500 appliances in a cluster on a single network. Creating WildFire appliance clusters helps you scale analytical and storage capabilities to support a much larger network of firewalls, increases reliability by allowing you to configure high availability (HA) to provide fault tolerance, and provides single signature package distribution for all connected firewalls based on the activity in your cluster. You can manage WildFire clusters and standalone WF-500 appliances from Panorama.
Preferred Analysis for Documents or Executables You can now choose to dedicate WildFire appliance analysis resources to either documents or executables. If you are using the WildFire appliance to analyze specific file types (for example, Word documents and PDFs), this allows you to utilize all analysis resources for those file types. Previously, analysis environments were statically allocated and the resources available for document and executable analysis were evenly divided.
Verdict Changes You can now modify the verdict that the WildFire appliance applies to a sample. Verdict changes are applied only to locally-analyzed samples.
Verdict Checks with the WildFire Global Cloud The WildFire appliance can now look up sample verdicts in the WildFire global cloud before locally-analyzing the sample. The WildFire appliance can then deliver a quick verdict for samples known to the WildFire global cloud, and direct analysis resources toward files that are truly unknown to both your private network and the WildFire global community.
WildFire Analysis of Blocked Files The new WildFire Analysis of Blocked Files enables the firewall to submit blocked files that match existing antivirus signatures for WildFire analysis, in addition to unknown files, so that WildFire can extract valuable information from new malware variants. Malware signatures often match multiple variants of the same malware family, and as such, block new malware variants that the firewall has never seen before. Sending these blocked malware samples for WildFire analysis allows WildFire to analyze them for additional URLs, domain names, and IP addresses that must be blocked. Since all WildFire analysis data is also available on AutoFocus, you can now use WildFire and AutoFocus together to get a more complete perspective of all threats targeting your network, improving the efficacy of your security operations, incident response, and threat intelligence functions.
WildFire Phishing Verdict The new WildFire Phishing Verdict classifies phishing links detected in emails separately from other emailed links found to be exploits or malware. The firewall logs WildFire submissions that are phishing links to indicate that such a link has been detected in an email. With both a WildFire license and a PAN-DB license, you can block access to phishing sites within 5 minutes of initial discovery. The WF-500 appliance does not support the new phishing verdict, and continues to classify suspected phishing sites as malicious.

Related Documentation