Edit Advanced IP Defense Connectivity Settings in Strata Cloud Manager

1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
2. Access the Advanced IP Defense connectivity settings in Strata Cloud Manager.

   Select ConfigurationDevice SettingsCloud Services to access connectivity settings for cloud-based security services.
3. Configure the cloud lookup timeout value.

   The cloud lookup timeout determines how long the cloud-managed infrastructure waits for a response from the Advanced IP Defense cloud service before timing out. The default timeout is 100 milliseconds.

   Enter a timeout value in milliseconds. Consider your network latency and cloud service response times when setting this value. A lower timeout reduces latency but may result in more fail-open scenarios. A higher timeout provides more time for cloud lookups but may impact traffic processing speed.

   If the cloud lookup times out, traffic is allowed by default (fail-open) to ensure business continuity. Adjust the timeout based on your network conditions and security requirements.
4. (Optional) Configure proxy server settings for cloud connectivity.

   If your cloud-managed infrastructure is deployed behind a proxy server or in an environment that requires proxy authentication, you must configure proxy settings to enable communication with the Advanced IP Defense cloud service.

   Select ConfigurationDevice SettingsServices and configure the proxy server settings:

   • Enter the proxy server IP address or FQDN
   • Specify the proxy server port number
   • Enter proxy authentication credentials if required
   • Enable the option to use proxy for inline cloud services

   The proxy server password must contain a minimum of six characters.
5. Verify network connectivity to Advanced IP Defense cloud service endpoints.

   Ensure that your cloud-managed infrastructure has network connectivity to the Advanced IP Defense cloud service endpoints. The infrastructure must be able to reach the cloud service on port 443 (HTTPS) for secure communication.

   You can verify connectivity by:

   • Checking network routing to ensure traffic to cloud service endpoints is not blocked
   • Verifying that security policies allow outbound HTTPS traffic to cloud service IPs
   • Confirming that any proxy servers or firewalls between your infrastructure and the internet allow traffic to the cloud service
6. Configure DNS resolution for cloud service endpoints.

   The cloud-managed infrastructure must be able to resolve the Advanced IP Defense cloud service domain names to IP addresses. Ensure that your infrastructure has access to DNS servers that can resolve these domain names.

   Select ConfigurationDevice SettingsServices and verify that DNS servers are configured. You can specify primary and secondary DNS servers to ensure redundancy.
7. Test connectivity to the Advanced IP Defense cloud service.

   After configuring connectivity settings, test the connection to verify that the cloud-managed infrastructure can reach the Advanced IP Defense cloud service.

   Select ConfigurationDevice SettingsServices and click Test Connectivity to verify that the infrastructure can successfully communicate with the cloud service. A successful test confirms that your connectivity settings are correct.
8. Monitor cloud service connectivity status.

   After enabling Advanced IP Defense, monitor the connectivity status to ensure the cloud-managed infrastructure maintains a stable connection to the cloud service.

   Select MonitorSystemCloud Services to view the status of cloud service connections. Check for any connectivity errors or warnings that may indicate network issues.
9. Commit your changes.

   Click Commit to apply the connectivity settings to your Strata Cloud Manager configuration.