Configure Firewalls to Access the PAN-DB Private Cloud
Focus
Focus
Advanced URL Filtering

Configure Firewalls to Access the PAN-DB Private Cloud

Table of Contents

Configure Firewalls to Access the PAN-DB Private Cloud

Follow these steps to configure firewall access to the PAN-DB private cloud servers from your CLI or the firewall’s web interface.
Where can I use this?What do I need?
  • NGFW (Managed by PAN-OS or Panorama)
Note: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect for URL lookups. With the PAN-DB private cloud, you must configure the firewalls with a (static) list of your PAN-DB private cloud servers that will be used for URL lookups. The list can contain up to 20 entries; IPv4 addresses, IPv6 addresses, and FQDNs are supported. Each entry on the list— IP address or FQDN—must be assigned to the management port or eth1 of the PAN-DB server.
  1. From the PAN-OS CLI, add a list of static PAN-DB private cloud servers used for URL lookups.
    • Use the following CLI command to add the IP addresses of the private PAN-DB servers:
      > configure
      # set deviceconfig setting pan-url-db cloud-static-list <IP addresses>
      Alternatively, in the web interface for each firewall, select DeviceSetupContent-ID, edit the URL Filtering section, and then enter the IP addresses or FQDNs of the PAN-DB servers. The list must be comma-separated.
    • To delete the entries for the private PAN-DB servers, use the following CLI command:
      # delete deviceconfig setting pan-url-db cloud-static-list <IP addresses>
      Deleting the list of private PAN-DB servers triggers a reelection process on the firewall. The firewall first checks for the list of PAN-DB private cloud servers and when it can't find one, the firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect.
  2. Enter # commit to save your changes.
  3. To verify that the change is effective, use the following CLI command on the firewall:
    > show url-cloud status 
    Cloud status:            Up 
    URL database version:    20150417-220