Advanced File Handling for Explicit Proxy (Strata Cloud Manager)

1. Configure the maximum latency for your WildFire Profile.

   1. Create a Wildfire profile.
   2. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Prisma Access, then select DeviceDevice.
   3. Select the Device tab, then select Content-ID.
   4. In the WildFire Inline Cloud Analysis section, configure the following settings:

      • Max Latency (ms) — Enter the maximum time, in milliseconds, to wait for a WildFire verdict before applying the max latency action. Configure Max latency to 300 seconds or 30000 ms.
      • Allow on Max Latency — Enable to allow files through when a verdict is not received within the max latency period. Disable to block files when the verdict is not received in time (fail-closed).
      • Log Traffic Not Scanned — Enable to generate log entries for files that the inspection pipeline does not analyze.

   1. Save to save the configuration changes.
2. Enable inline cloud analysis.

   1. With the Configuration Scope set to Explicit Proxy, go to Security ServicesWildFire and Antivirus Profile, and select your Wildfire profile.
   2. Add a new profile or edit an existing one.
   3. Enable Inline Cloud Analysis. This activates the feature's core functionality.
   4. Attach your WildFire Profile to a Profile Group. Profile groups apply security profiles consistently across multiple security policies.
   5. Attach your WildFire Profile to a Security Policy. This defines which traffic is subject to advanced file handling. For Agent proxies, select specific users to enable the feature.
   6. Save to apply the configuration changes.
3. Enable Advanced File Handling.

   1. Go to ConfigurationNGFW and Prisma Access, set the Configuration Scope to Explicit Proxy and select Setup.
   2. On the Setup tab, select Set Up Advanced Security Settings.

   3. Select the Enable Advanced File Handling checkbox to enable extended malware analysis to improve zero-day prevention.
   4. Save and Push Config to deploy your changes.
4. Check your threat logs in Strata Cloud Manager.

   1. Select Incidents & AlertsLog Viewer.
   2. For Log Type, choose Threat.
   3. Review entries where the action is block and the threat category is wildfire-virus to confirm that inline inspection blocked malicious files before delivery.