Edit Advanced IP Defense Connectivity Settings in Strata Cloud Manager

1. Use the credentials associated with your Palo Alto Networks support account and log in to the Strata Cloud Manager on the hub.
2. Access the Advanced IP Defense connectivity settings in Strata Cloud Manager.

   Select ConfigurationDevice SettingsCloud Services to access connectivity settings for cloud-based security services.
3. Verify Advanced IP Defense cloud service connectivity status.

   The cloud-managed infrastructure uses an asynchronous fail-open model for cloud lookups. On a cache miss, traffic is allowed to pass and the system queries the Advanced IP Defense cloud service asynchronously. Once the verdict is returned, the local cache is populated and the policy is enforced on subsequent sessions. If the Advanced IP Defense cloud service becomes unreachable, the system fails open to prevent a network outage.

   Ensure that network connectivity to the Advanced IP Defense cloud service endpoints on port 443 is stable. Verify DNS servers are configured and can resolve Advanced IP Defense cloud service domain names.
4. (Optional) Configure proxy server settings for cloud connectivity.

   If your cloud-managed infrastructure is deployed behind a proxy server or in an environment that requires proxy authentication, you must configure proxy settings to enable communication with the Advanced IP Defense cloud service.

   Select ConfigurationDevice SettingsServices and configure the proxy server settings:

   • Enter the proxy server IP address or FQDN
   • Specify the proxy server port number
   • Enter proxy authentication credentials if required
   • Enable the option to use proxy for inline cloud services

   The proxy server password must contain a minimum of six characters.
5. Verify network connectivity to Advanced IP Defense cloud service endpoints.

   Ensure that your cloud-managed infrastructure has network connectivity to the Advanced IP Defense cloud service endpoints. The infrastructure must be able to reach the Advanced IP Defense cloud service on port 443 (HTTPS) for secure communication.

   You can verify connectivity by:

   • Checking network routing to ensure traffic to Advanced IP Defense cloud service endpoints is not blocked
   • Verifying that security policies allow outbound HTTPS traffic to Advanced IP Defense cloud service IPs
   • Confirming that any proxy servers or firewalls between your infrastructure and the internet allow traffic to the Advanced IP Defense cloud service
6. Configure DNS resolution for Advanced IP Defense cloud service endpoints.

   The cloud-managed infrastructure must be able to resolve the Advanced IP Defense cloud service domain names to IP addresses. Ensure that your infrastructure has access to DNS servers that can resolve these domain names.

   Select ConfigurationDevice SettingsServices and verify that DNS servers are configured. You can specify primary and secondary DNS servers to ensure redundancy.
7. Test connectivity to the Advanced IP Defense cloud service.

   After configuring connectivity settings, test the connection to verify that the cloud-managed infrastructure can reach the Advanced IP Defense cloud service.

   Select ConfigurationDevice SettingsServices and click Test Connectivity to verify that the infrastructure can successfully communicate with the Advanced IP Defense cloud service. A successful test confirms that your connectivity settings are correct.
8. Monitor Advanced IP Defense cloud service connectivity status.

   After enabling Advanced IP Defense, monitor the connectivity status to ensure the cloud-managed infrastructure maintains a stable connection to the Advanced IP Defense cloud service.

   Select MonitorSystemCloud Services to view the status of Advanced IP Defense cloud service connections. Check for any connectivity errors or warnings that may indicate network issues.
9. Commit your changes.

   Click Commit to apply the connectivity settings to your Strata Cloud Manager configuration.