Understanding the structure of the WildFire Cloud and the Associated URLs

The WildFire Cloud is composed of 19 different WildFire public Clouds and 1 Federal Government Cloud:

• United States: wildfire.paloaltonetworks.com
• Europe: eu.wildfire.paloaltonetworks.com
• Japan: jp.wildfire.paloaltonetworks.com
• Singapore: sg.wildfire.paloaltonetworks.com
• United Kingdom: uk.wildfire.paloaltonetworks.com
• Canada: ca.wildfire.paloaltonetworks.com
• Australia: au.wildfire.paloaltonetworks.com
• Germany: de.wildfire.paloaltonetworks.com
• India: in.wildfire.paloaltonetworks.com
• Switzerland: ch.wildfire.paloaltonetworks.com
• Poland: pl.wildfire.paloaltonetworks.com
• Indonesia: id.wildfire.paloaltonetworks.com
• Taiwan: tw.wildfire.paloaltonetworks.com
• France: fr.wildfire.paloaltonetworks.com
• Qatar: qatar.wildfire.paloaltonetworks.com
• South Korea: kr.wildfire.paloaltonetworks.com
• Israel: il.wildfire.paloaltonetworks.com
• Saudi Arabia: sa.wildfire.paloaltonetworks.com
• Spain: es.wildfire.paloaltonetworks.com
• Fedramp / Gov: wildfire.gov.paloaltonetworks.com

This interactive map will show you all the locations for Palo Alto Networks infrastructure to include where the Wildfire Cloud locations are.

A few things to keep in mind about the various WildFire Cloud instances include:

• The Federal Risk and Authorization Management Program (FedRAMP) approved WildFire cloud instance is only available to US government entities and has no connection to the WildFire public clouds.
• The EU public cloud is designed to adhere to European Union (EU) data privacy regulations and samples submitted to the WildFire Europe cloud remain within the EU borders.
• WildFire reports are not synchronized among the clouds. In order to see the report on the WildFire portal, you need to log into the WildFire cloud which you (or the firewall) uploaded the file to.
• Analysis of macOS files and bare metal analysis is not supported in regional clouds hosted in Australia, Canada, Germany, and the United Kingdom etc, as this is only supported only in US, EU, JP and SG clouds.

Regardless as to which cloud instance customers decide to send samples — with the exception of the EU and Federal WildFire — metadata (described in the Privacy Datasheet) is fed back into the Global Cloud benefiting all customers.   

Each WildFire cloud—global and regional—analyzes samples and generates malware signatures and verdicts independently of the other WildFire clouds. WildFire signatures and verdicts are then shared globally, enabling WildFire users worldwide to benefit from malware coverage regardless of the location in which the malware was first detected.
 

References:

• https://docs.paloaltonetworks.com/advanced-wildfire/wildfire-appliance/set-up-and-manage-a-wildfire-appliance/forward-files-for-wildfire-appliance-analysis
• https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-deployments/advanced-wildfire-global-cloud
• https://docs.paloaltonetworks.com/advanced-wildfire/administration/advanced-wildfire-overview/advanced-wildfire-deployments/advanced-wildFire-government-cloud