>
    Configure Firewalls to Access the PAN-DB Private Cloud
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. PAN-DB Private Cloud
    4. Set Up PAN-DB Private Cloud
    5. Configure Firewalls to Access the PAN-DB Private Cloud
    Download PDF
    Advanced URL Filtering

    Configure Firewalls to Access the PAN-DB Private Cloud

    Table of Contents

    Configure Firewalls to Access the PAN-DB Private Cloud

    Follow these steps to configure firewall access to the PAN-DB private cloud servers from your CLI or the firewall’s web interface.
    Where can I use this?What do I need?
    • NGFW (Managed by PAN-OS or Panorama)
    Note: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
    When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect for URL lookups. With the PAN-DB private cloud, you must configure the firewalls with a (static) list of your PAN-DB private cloud servers that will be used for URL lookups. The list can contain up to 20 entries; IPv4 addresses, IPv6 addresses, and FQDNs are supported. Each entry on the list— IP address or FQDN—must be assigned to the management port or eth1 of the PAN-DB server.
    1. From the PAN-OS CLI, add a list of static PAN-DB private cloud servers used for URL lookups.
      • Use the following CLI command to add the IP addresses of the private PAN-DB servers:
        > configure
        # set deviceconfig setting pan-url-db cloud-static-list <IP addresses>
        Alternatively, in the web interface for each firewall, select DeviceSetupContent-ID, edit the URL Filtering section, and then enter the IP addresses or FQDNs of the PAN-DB servers. The list must be comma-separated.
      • To delete the entries for the private PAN-DB servers, use the following CLI command:
        # delete deviceconfig setting pan-url-db cloud-static-list <IP addresses>
        Deleting the list of private PAN-DB servers triggers a reelection process on the firewall. The firewall first checks for the list of PAN-DB private cloud servers and when it can't find one, the firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect.
    2. Enter # commit to save your changes.
    3. To verify that the change is effective, use the following CLI command on the firewall:
      > show url-cloud status 
Cloud status:            Up 
URL database version:    20150417-220

    © 2024 Palo Alto Networks, Inc. All rights reserved.