Learn about deploying a Palo Alto Networks M-600 appliance
in private cloud mode and differences between the PAN-DB public
and private clouds.
Where can I use
What do I need?
Advanced URL Filtering license (or a legacy URL filtering
Legacy URL filtering licenses are discontinued,
but active legacy licenses are still supported.
To deploy a PAN-DB private cloud, you need one or more M-600
appliances. The M-600 appliance ships
in Panorama mode, and to be deployed as PAN-DB private cloud you
must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB
mode, the appliance provides URL categorization services for enterprises
that do not want to use the PAN-DB public cloud.
The M-600 appliance when deployed as a PAN-DB private cloud uses
two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The
management port is used for administrative access to the appliance
and for obtaining the latest content updates from the PAN-DB public
cloud or from a server on your network. For communication between
the PAN-DB private cloud and the firewalls on the network, you can
use the MGT port or Eth1.
The M-200 appliance cannot be deployed as a PAN-DB private cloud.
The M-600 appliance in PAN-URL-DB mode:
Does not have a web interface, it only supports a command
line interface (CLI).
Cannot be managed by Panorama.
Cannot be deployed in a high availability pair.
Does not require a URL Filtering license. The firewalls,
must have a valid PAN-DB URL Filtering license to connect with and
query the PAN-DB private cloud.
Ships with a set of default server certificates that are
used to authenticate the firewalls that connect to the PAN-DB private
cloud. You cannot import or use another server certificate for authenticating
the firewalls. If you change the hostname on the M-600 appliance,
the appliance automatically generates a new set of certificates
to authenticate the firewalls that it services.
Can be reset to Panorama mode only. If you want to deploy
the appliance as a Dedicated Log Collector, switch to Panorama mode
and then set it in Log Collector mode.