https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-wildfire-inline-ml-processing-flow/m-p/553375#M1706 <P>Hello John_J,</P> <P>&nbsp;</P> <P>Assuming you are referring to the Wildfire Inline ML (configured in the AV profile), I am not aware of some size limit : the file is checked real time by the firewall against its ML model.<BR />Then a file blocked would still be sent to Wildfire to check (update ML model if needed). At that stage, I guess you can have the size limit.<BR /><BR />Regarding the email, I guess you are more referring to the inline URL categorisation.<BR />I am not sure if the email is inspected, but the actual query (once someone click on the link) to the URL would be blocked by the firewall thanks to the URL filtering.<BR />Also, we have prepared a PANCast episode to discuss about phishing and the countermeasure on PAN-OS.</P> <P>&nbsp;</P> <P>Update :&nbsp;<A href="https://live.paloaltonetworks.com/t5/pancast/pancast-episode-25-phishing-emails-and-relevant-threat/ta-p/550121" target="_blank">https://live.paloaltonetworks.com/t5/pancast/pancast-episode-25-phishing-emails-and-relevant-threat/ta-p/550121</A></P> <P>&nbsp;</P> <P>Olivier</P> Mon, 04 Sep 2023 08:10:18 GMT ozheng 2023-09-04T08:10:18Z https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-wildfire-inline-ml-processing-flow/m-p/553130#M1691 <P>Does anyone know where in this processing flow does Advanced WildFire Inline ML take place.&nbsp; It would be before the file is sent to WildFire Cloud but would the file be inspected before or after checking the file size?</P> <P>&nbsp;</P> <P>Also, are email links inspected by Advanced WildFire Inline ML?&nbsp; From my understanding email links use dynamic analysis in WildFire Cloud which isn't the same as Inline ML.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="WildFire Flow Diagram.png" style="width: 703px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/52627i4ED356F18C86BCFD/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="WildFire Flow Diagram.png" alt="WildFire Flow Diagram.png" /></span></P> <P>&nbsp;</P> <P>Thanks,</P> <P>John</P> Wed, 09 Aug 2023 19:00:46 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-wildfire-inline-ml-processing-flow/m-p/553130#M1691 John_J 2023-08-09T19:00:46Z https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-wildfire-inline-ml-processing-flow/m-p/553375#M1706 <P>Hello John_J,</P> <P>&nbsp;</P> <P>Assuming you are referring to the Wildfire Inline ML (configured in the AV profile), I am not aware of some size limit : the file is checked real time by the firewall against its ML model.<BR />Then a file blocked would still be sent to Wildfire to check (update ML model if needed). At that stage, I guess you can have the size limit.<BR /><BR />Regarding the email, I guess you are more referring to the inline URL categorisation.<BR />I am not sure if the email is inspected, but the actual query (once someone click on the link) to the URL would be blocked by the firewall thanks to the URL filtering.<BR />Also, we have prepared a PANCast episode to discuss about phishing and the countermeasure on PAN-OS.</P> <P>&nbsp;</P> <P>Update :&nbsp;<A href="https://live.paloaltonetworks.com/t5/pancast/pancast-episode-25-phishing-emails-and-relevant-threat/ta-p/550121" target="_blank">https://live.paloaltonetworks.com/t5/pancast/pancast-episode-25-phishing-emails-and-relevant-threat/ta-p/550121</A></P> <P>&nbsp;</P> <P>Olivier</P> Mon, 04 Sep 2023 08:10:18 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-wildfire-inline-ml-processing-flow/m-p/553375#M1706 ozheng 2023-09-04T08:10:18Z