topic Re: Advanced threat protection_Deep Learning in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-threat-protection-deep-learning/m-p/529356#M834 <P>By default the Palo Alto firewall will alow traffic while waiting for verdict as to not cause performance issues that ICAP causes. You can use dynamic tags to quarantine source ip/user when the verdict is returned <A href="https://www.youtube.com/watch?v=WgG6Hi0T73g" target="_blank">https://www.youtube.com/watch?v=WgG6Hi0T73g</A> or also enable the inline ML learning on the firewall that can block the attack even without verdict from the cloud as extra security <A href="https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/configure-wildfire-inline-ml" target="_blank">https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/configure-wildfire-inline-ml</A> .</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also you have reports on the firewall <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&amp;lang=en_US%E2%80%A9" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&amp;lang=en_US%E2%80%A9</A> and a GUI portal <A href="https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the-wildfire-portal-to-monitor-malware" target="_blank">https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the-wildfire-portal-to-monitor-malware</A> where you can see what happened.</P> <P>&nbsp;</P> <P>I have forgoten this but if the connection to the cloud is impacted I think that the files will be allowed if not blocked by the other Antivirus, Spyware or Vunrability profiles.</P> Tue, 31 Jan 2023 20:20:22 GMT nikoolayy1 2023-01-31T20:20:22Z Advanced threat protection_Deep Learning https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-threat-protection-deep-learning/m-p/528669#M818 <P><STRONG>Hi,</STRONG></P> <P>PAN OS Version 10.2 support Advanced threat protection and its seems like , for any unknowns the metadata will be forwarded to cloud for deep learning mechanism (Correct me if i am wrong). My coroners are </P> <UL> <LI>how can we check what details has been uploaded to cloud for deep learning?</LI> <LI>what action that firewall will take until the verdict is returned back to the firewall ( what if internet is down after uploading the data, it may take time to retrieve the verdict)</LI> </UL> <P>&nbsp;</P> <P>Also regarding the wildfire inspection, if the verdict is unknown to the firewall, the data will be uploaded to cloud for further analysis, until the verdict is returned back to the firewall, how does the firewall will treat that particular flow ( block or hold or allow)?</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 26 Jan 2023 05:06:03 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-threat-protection-deep-learning/m-p/528669#M818 Marsooq_A 2023-01-26T05:06:03Z Re: Advanced threat protection_Deep Learning https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-threat-protection-deep-learning/m-p/529356#M834 <P>By default the Palo Alto firewall will alow traffic while waiting for verdict as to not cause performance issues that ICAP causes. You can use dynamic tags to quarantine source ip/user when the verdict is returned <A href="https://www.youtube.com/watch?v=WgG6Hi0T73g" target="_blank">https://www.youtube.com/watch?v=WgG6Hi0T73g</A> or also enable the inline ML learning on the firewall that can block the attack even without verdict from the cloud as extra security <A href="https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/configure-wildfire-inline-ml" target="_blank">https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-100/configure-wildfire-inline-ml</A> .</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also you have reports on the firewall <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&amp;lang=en_US%E2%80%A9" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004N9oCAE&amp;lang=en_US%E2%80%A9</A> and a GUI portal <A href="https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the-wildfire-portal-to-monitor-malware" target="_blank">https://docs.paloaltonetworks.com/advanced-wildfire/administration/monitor-wildfire-activity/use-the-wildfire-portal-to-monitor-malware</A> where you can see what happened.</P> <P>&nbsp;</P> <P>I have forgoten this but if the connection to the cloud is impacted I think that the files will be allowed if not blocked by the other Antivirus, Spyware or Vunrability profiles.</P> Tue, 31 Jan 2023 20:20:22 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/advanced-threat-protection-deep-learning/m-p/529356#M834 nikoolayy1 2023-01-31T20:20:22Z