When you set up the PAN-DB private cloud, you can configure your M-600 or M-700 appliances to have direct internet access or remain offline. The appliances require database and content updates to perform URL lookups. If the appliances don't have an active internet connection, you must manually download the updates to a server on your network and import the updates into each M-600 or M-700 appliance in the PAN-DB private cloud using SCP. In addition, the appliance must be able to obtain the seed database and any other regular or critical content updates for the firewalls it services.

The URL lookup process is the same for firewalls in both private and public cloud deployments. However, in private cloud deployments, firewalls query servers in the PAN-DB private cloud. You'll need to specify the IP address or FQDN of each M-600 or M-700 server they can query to grant your firewalls access to the private cloud servers.

The M-600 and M-700 appliance use prepackaged server certificates to authenticate firewalls connecting to the PAN-DB private cloud. You can't import or use another server certificate for authentication. If you change the hostname on an appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls.