Focus

Advanced URL Filtering

PAN-DB Private Cloud

Table of Contents

PAN-DB Private Cloud

Learn more about PAN-DB private cloud, Palo Alto Networks URL filtering solution for your private cloud environment.

Where can I use this?	What do I need?
PAN-OS	Advanced URL Filtering license (or a legacy URL filtering license) Note: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.

The PAN-DB private cloud is an on-premises solution for organizations that restrict the usage of public cloud services. This on-premises solution requires deployment of one or more M-600 appliances as PAN-DB servers within your network or data center. Firewalls running PAN-OS 5.0 or later versions can communicate with the PAN-DB private cloud. The firewalls query the PAN-DB private cloud to perform URL lookups, instead of accessing the PAN-DB public cloud.

PAN-DB private cloud deployments do not support the cloud-based URL analysis features of the Advanced URL Filtering subscription.

Differences Between the PAN-DB Public Cloud and PAN-DB Private Cloud
Differences	PAN-DB Public Cloud	PAN-DB Private Cloud
Content and Database Updates	Content (regular and critical) updates and full database updates are published multiple times during the day. The PAN-DB public cloud updates the URL categories malware and phishing every five minutes. The firewall checks for critical updates whenever it queries the cloud servers for URL lookups.	Content updates and full URL database updates are available once a day during the work week.
URL Categorization Requests	Submit URL categorization change requests using the following options: Palo Alto Networks Test A Site website. URL Filtering profile setup page on the firewall. URL Filtering log on the firewall.	Submit URL categorization change requests only using the Palo Alto Networks Test A Site website.
Unresolved URL Queries	If the firewall cannot resolve a URL query, the request is sent to the servers in the public cloud.	If the firewall cannot resolve a query, the request is sent to the M-600 appliance(s) in the PAN-DB private cloud. If there is no match for the URL, the PAN-DB private cloud sends a category unknown response to the firewall; the request is not sent to the public cloud unless you have configured the M-600 appliance to access the PAN-DB public cloud. If the M-600 appliance(s) that constitute your PAN-DB private cloud is configured to be completely offline, it does not send any data or analytics to the public cloud.