When you set up PAN-DB private cloud, you can either configure the M-600 appliance(s) to have direct internet access or keep it completely offline. The M-600 appliance requires database and content updates to perform URL lookups. If the appliance does not have an active internet connection, you must manually download the updates to a server on your network and then, import the updates using SCP into each M-600 appliance in the PAN-DB private cloud. In addition, the appliances must be able to obtain the seed database and any other regular or critical content updates for the firewalls that it services.

The process for performing URL lookups, in both the private and the public cloud is the same for the firewalls on the network. By default, the firewall is configured to access the public PAN-DB cloud. If you deploy a PAN-DB private cloud, you must configure the firewalls with a list of IP addresses or FQDNs to access the server(s) in the private cloud.

To authenticate the firewalls that connect to the PAN-DB private cloud, a set of default server certificates are packaged with the appliance; you cannot import or use another server certificate for authenticating the firewalls. If you change the hostname on the M-600 appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls.