| Where Can I Use This? | What Do I Need? |
|---|
You can specify the cloud content Fully Qualified Domain Name (FQDN) used by the NGFW
to handle Advanced WildFire service requests, based on the region you are located
in. Because this feature functions by performing real-time queries against the
Advanced WildFire cloud service, it requires a persistent, active cloud connection
to analyze and mitigate threats effectively. Without a continuous connection to the
cloud service, the system cannot perform the live lookups necessary to identify and
prevent advanced malware in real-time.
When the Advanced WildFire license is enabled, the firewall performs PAN-DB URL
categorization lookups as part of its internal processing, independent of any URL
Filtering license or explicit cloud inline configuration. This is facilitated by the
Cloud Content FQDN, which is enabled by default to connect to
hawkeye.services-edge.paloaltonetworks.com and then resolve to the closest cloud
services server.
You can override the automatic server selection by specifying a regional cloud
content server that best meets your data residency and performance requirements.
Keep in mind, the cloud content FQDN is a globally used resource and affects how
other services that rely on this connection sends traffic payloads.
In some cases, the cloud content FQDN might not fully
support the functionality of a particular Palo Alto Networks product in certain
regions. Verify that the product is fully supported before changing the cloud
content FQDN.
Depending on which services you use, the cloud content FQDN facilitates analysis
service requests, including traffic payloads, which sends data to the servers in the
selected region. If you specify a content cloud FQDN that is outside of your region
(for example, if you are in the EU region but you specify the APAC region FQDN), you
may be in violation of your organization’s privacy and legal regulations. Please
refer to the specific product documentation for information about how the cloud
content FQDN is used by your Palo Alto Networks products.
If you are experience service connectivity issues, verify
that the configured cloud content FQDN is not being blocked.
