M-600 Appliance for PAN-DB Private Cloud

Advanced URL Filtering

M-600 Appliance for PAN-DB Private Cloud

Table of Contents
End-of-Life (EoL)

M-600 Appliance for PAN-DB Private Cloud

Learn about deploying a Palo Alto Networks M-600 appliance in private cloud mode and differences between the PAN-DB public and private clouds.
Where can I use this?
What do I need?
  • PAN-OS
  • Advanced URL Filtering license (or a legacy URL filtering license)
Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
To deploy a PAN-DB private cloud, you need one or more M-600 appliances. The M-600 appliance ships in Panorama mode, and to be deployed as PAN-DB private cloud you must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB mode, the appliance provides URL categorization services for enterprises that do not want to use the PAN-DB public cloud.
The M-600 appliance when deployed as a PAN-DB private cloud uses two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The management port is used for administrative access to the appliance and for obtaining the latest content updates from the PAN-DB public cloud or from a server on your network. For communication between the PAN-DB private cloud and the firewalls on the network, you can use the MGT port or Eth1.
The M-200 appliance cannot be deployed as a PAN-DB private cloud.
The M-600 appliance in PAN-URL-DB mode:
  • Does not have a web interface, it only supports a command line interface (CLI).
  • Cannot be managed by Panorama.
  • Cannot be deployed in a high availability pair.
  • Does not require a URL Filtering license. The firewalls, must have a valid PAN-DB URL Filtering license to connect with and query the PAN-DB private cloud.
  • Ships with a set of default server certificates that are used to authenticate the firewalls that connect to the PAN-DB private cloud. You cannot import or use another server certificate for authenticating the firewalls. If you change the hostname on the M-600 appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls that it services.
  • Can be reset to Panorama mode only. If you want to deploy the appliance as a Dedicated Log Collector, switch to Panorama mode and then set it in Log Collector mode.

Recommended For You