Advanced File Handling for Explicit Proxy (Panorama)

1. Configure the maximum latency for your WildFire Profile.

   1. Create a Wildfire profile.
   2. On Panorama, go to TemplatesDeviceContent-ID, and select the settings icon of Wildfire Inline Cloud Analysis.
   3. In the WildFire Inline Cloud Analysis section, configure the following settings:

      • Max Latency (ms) — Enter the maximum time, in milliseconds, to wait for a WildFire verdict before applying the max latency action. Configure Max latency to 300 seconds or 30000 ms.

      • Allow on Max Latency — Enable to allow files through when a verdict is not received within the max latency period. Disable to block files when the verdict is not received in time (fail-closed).
      • Log Traffic Not Scanned — Enable to generate log entries for files that the inspection pipeline does not analyze.
   4. Select OK to save the configuration.
2. Enable inline cloud analysis.

   1. Go to ObjectsSecurity ProfilesWildFire Analysis with the Device Group set to Explicit_Proxy_Device_Group.
   2. Add a new profile or edit an existing one.
   3. Select your Wildfire Profile, and the Inline Cloud Analysis tab and Enable cloud inline analysis. This activates the feature's core functionality. Configure the inline WildFire profile and select OK.

   4. Attach your WildFire Profile to a Profile Group. Profile groups apply security profiles consistently across multiple security policies.
   5. Attach your WildFire Profile to a Security Policy. This defines which traffic is subject to advanced file handling. For Agent proxies, select specific users to enable the feature.
   6. Save to apply the configuration changes.
3. Enable Advanced File Handling.

   1. On Panorama, go to Cloud ServicesConfigurationMobile Users - Explicit Proxy, and then select the settings icon.
   2. Enable Advanced File Handling.
   3. Select the Advanced tab to enable the feature for extended malware analysis.
   4. Select the Enable Advance File Handling checkbox to enable extended malware analysis to improve zero-day prevention and select OK.

   5. Commit and Push to Explicit_Proxy_Device_Group.
4. Check your threat logs in Panorama. Review entries where the action is block and the threat category is wildfire-virus to confirm that inline inspection blocked malicious files before delivery.