https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/488539#M104827 <P>With the new feature -&nbsp;Advanced Threat Prevention in PAN-OS 10.2</P><P>&nbsp;</P><P>There are Inline Cloud Analysis in PAN-OS 10.2</P><P>I found a new setup - Threat Prevention Inline Cloud Analysis under&nbsp;Device &gt; Setup &gt; Content-ID</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JoeKwok_0-1652954864578.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/41066i852DD5F92100AFCA/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="JoeKwok_0-1652954864578.png" alt="JoeKwok_0-1652954864578.png" /></span></P><P>&nbsp;</P><P>I would like to know what is the different with enable or not on "Allow on Max Latency".</P><P>Is it means that exceed the Latency of Inline Cloud Analysis, the packet will be bypass or drop?</P><P>enable means bypass or drop? Where can I find the document related to this?</P><P>&nbsp;</P><P>I take a look of below link, but no mention on this.</P><P><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-setup-content-id" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-setup-content-id</A></P><P>&nbsp;</P> Thu, 19 May 2022 10:14:08 GMT JoeKwok 2022-05-19T10:14:08Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/488539#M104827 <P>With the new feature -&nbsp;Advanced Threat Prevention in PAN-OS 10.2</P><P>&nbsp;</P><P>There are Inline Cloud Analysis in PAN-OS 10.2</P><P>I found a new setup - Threat Prevention Inline Cloud Analysis under&nbsp;Device &gt; Setup &gt; Content-ID</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JoeKwok_0-1652954864578.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/41066i852DD5F92100AFCA/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="JoeKwok_0-1652954864578.png" alt="JoeKwok_0-1652954864578.png" /></span></P><P>&nbsp;</P><P>I would like to know what is the different with enable or not on "Allow on Max Latency".</P><P>Is it means that exceed the Latency of Inline Cloud Analysis, the packet will be bypass or drop?</P><P>enable means bypass or drop? Where can I find the document related to this?</P><P>&nbsp;</P><P>I take a look of below link, but no mention on this.</P><P><A href="https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-setup-content-id" target="_blank">https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/device/device-setup-content-id</A></P><P>&nbsp;</P> Thu, 19 May 2022 10:14:08 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/488539#M104827 JoeKwok 2022-05-19T10:14:08Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/488713#M104847 <P>Palo Alto Networks now operates a series of ML-based detection engines in the Advanced Threat Prevention cloud to analyze traffic for advanced C2 (command-and-control) and spyware threats in real-time to protect users against zero-day threats. By operating cloud-based detection engines, you can access a wide array of detection mechanisms that are updated and deployed automatically without requiring the user to download update packages or operate process intensive, firewall-based analyzers which can sap resources. The cloud-based detection engine logic is continuously monitored and updated using C2 traffic datasets from WildFire, with additional support through manual updates by Palo Alto Networks threat researchers, who provide human intervention for highly accurized detection enhancements. Inline cloud analysis supports five analysis engines for C2-based threats over HTTP, HTTP2, SSL, unknown-UDP, and unknown-TCP. Additional analysis models are delivered through content updates, however, enhancements to existing models are performed as a cloud-side update, requiring no firewall update. Inline cloud analysis is enabled and configured using the anti-spyware profile and requires an active Advanced Threat Prevention license.</P> Fri, 20 May 2022 01:51:58 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/488713#M104847 S.Cantwell 2022-05-20T01:51:58Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/491723#M104965 <P>&nbsp;</P><P>Per regulation, we must monitor the outgoing GW traffic. this undocumented feature is not clear for us too.</P><P>there are 2 "fail open" settings for URL &amp; TP cloud analysis as mentioned above. when this is actually used? what is the flow of traffic in that case?</P><P>each http request (when we use aURLF) is going to palo alto for additional inspection?</P><P>&nbsp;</P> Wed, 25 May 2022 15:13:28 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/491723#M104965 support_jmfo 2022-05-25T15:13:28Z https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/523903#M108446 <P>Is there any license requirement that we should be on version 10.2 for ATP.&nbsp;</P> Tue, 13 Dec 2022 08:32:20 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-prevention-inline-cloud-analysis-allow-on-max-latency/m-p/523903#M108446 Sujanya 2022-12-13T08:32:20Z