Configure Firewalls to Access the PAN-DB Private Cloud

Follow these steps to configure firewall access to the PAN-DB private cloud servers from your CLI or the firewall’s web interface.
Where can I use this?
What do I need?
  • PAN-OS
  • Advanced URL Filtering license
When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect for URL lookups. With the PAN-DB private cloud, you must configure the firewalls with a (static) list of your PAN-DB private cloud servers that will be used for URL lookups. The list can contain up to 20 entries; IPv4 addresses, IPv6 addresses, and FQDNs are supported. Each entry on the list— IP address or FQDN—must be assigned to the management port and/or eth1 of the PAN-DB server.
  1. From the PAN-OS CLI, add a list of static PAN-DB private cloud servers used for URL lookups.
    • Use the following CLI command to add private PAN-DB server IP addresses:
      > configure
      # set deviceconfig setting pan-url-db cloud-static-list
      <IP addresses>
      Or, in the web interface for each firewall, select
      Device
      Setup
      Content-ID
      , edit the URL Filtering section and enter the
      PAN-DB Server
      IP address(es) or FQDN(s). The list must be comma separated.
    • To delete the entries for the private PAN-DB servers, use the following command:
      # delete deviceconfig setting pan-url-db cloud-static-list
      <IP addresses>
      When you delete the list of private PAN-DB servers, a re-election process is triggered on the firewall. The firewall first checks for the list of PAN-DB private cloud servers and when it cannot find one, the firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect.
  2. Enter
    # commit
    to save your changes.
  3. To verify that the change is effective, use the following CLI command on the firewall:
    > show url-cloud status
    Cloud status: Up URL database version: 20150417-220

Recommended For You