Configure Firewalls to Access the PAN-DB Private Cloud
Follow these steps to configure firewall access to the
PAN-DB private cloud servers from your CLI or the firewall’s web
Where can I use
What do I need?
Advanced URL Filtering license (or a legacy URL filtering
Legacy URL filtering licenses are
discontinued, but active legacy licenses are still
When using the PAN-DB public cloud, each firewall
accesses the PAN-DB servers in the AWS cloud to download the list
of eligible servers to which it can connect for URL lookups. With
the PAN-DB private cloud, you must configure the firewalls with
a (static) list of your PAN-DB private cloud servers that will be
used for URL lookups. The list can contain up to 20 entries; IPv4
addresses, IPv6 addresses, and FQDNs are supported. Each entry on
the list— IP address or FQDN—must be assigned to the management
port and/or eth1 of the PAN-DB server.
you delete the list of private PAN-DB servers, a re-election process
is triggered on the firewall. The firewall first checks for the
list of PAN-DB private cloud servers and when it cannot find one,
the firewall accesses the PAN-DB servers in the AWS cloud to download
the list of eligible servers to which it can connect.
to save your changes.
To verify that the change is effective, use the following
CLI command on the firewall:
> show url-cloud status
Cloud status: Up
URL database version: 20150417-220