Even though the Palo Alto Networks firewall is not configured with the WildFire feature, it automatically does WildFire public cloud registration when passive DNS monitoring is enabled in the Anti-Spyware profile.
Diagnosis
Passive DNS is an opt-in feature that enables the firewall to act as a passive DNS sensor and send selected DNS information to Palo Alto Networks for analysis in order to improve threat intelligence and threat prevention capabilities.
Please refer the below document to know more about Passive DNS monitoring feature,
The firewall uses WildFire public cloud to send selected DNS information to Palo Alto Networks, so when we enable the Passive DNS monitoring feature, the firewall automatically does WildFire public cloud registration even though the feature is not configured on the Firewall.
Resolution
To opt-out from this feature or to avoid WildFire public cloud registration, the user must disable passive DNS monitoring in the Anti-Spyware profile.
Please follow the steps below to disable Passive DNS monitoring,