resources-unavailable in traffic logs after enabling Anti-Spyware Inline Cloud Analysis.

• Traffic logs show session end reason "resources-unavailable". 
• Threat logs for the same traffic show spyware drop. 
• The website is not reachable and after a few seconds, it's reachable. 

• PAN-OS: 10.2.0 or later
• Advanced Threat Prevention subscription
• Objects > Security Profiles > Anti-Spyware Profile > Inline Cloud Analysis
  • "Enable cloud inline analysis":  Checked
• Device > Setup > Content-ID > Threat Prevention Inline Cloud Analysis settings:
  • "Allow on Max Latency":  Unchecked
  • "Log Traffic Not Scanned":  Checked

• The session is discarded when we didn't receive the cloud's verdict within the "Max Latency (ms)" threshold.
• The session end reason is recorded with "resources-unavailable" rather than "threat". This is to differentiate from the regular malicious verdict discard path.
• The threat log gets generated when "Log Traffic Not Scanned" is checked. The log is generated not because the verdict is malicious but because the latency discards the session.

• pan_packet_diag.log: (with debug features enabled)

2024-03-08 04:34:31.553 -0800 debug: pan_ctd_process_ctdf_wif_pkt_mlc2_verdict(pan_ctd_wif_ace_mlc2.c:768): receive c2 verdict, but no wqe is available <<<<<< the cause of resources-unavailable
2024-03-08 04:34:31.553 -0800 debug: pan_ctd_wif_update_latency_counters(pan_ctd_feature_fwd.c:280): For Service 2 latency 410 current time 331350 start time 330940 <<<<<< 410 ms to get verdict while config was set to 400ms. 

• Cloud geographical deployments ( choose the nearest )
  • https://docs.paloaltonetworks.com/advanced-wildfire/administration/configure-advanced-wildfire-analysis/configure-the-content-cloud-fqdn-settings