PAN-DB Private Cloud
Learn about Palo Alto Networks private cloud URL filtering
solution and how to deploy PAN-DB private cloud.
The PAN-DB private cloud is an on-premise solution for
organizations that restrict the usage of public cloud services.
With this on-premise solution, you can deploy one or more M-600
appliances as PAN-DB servers within your network or data center.
The firewalls query the PAN-DB private cloud to perform URL lookups,
instead of accessing the PAN-DB public cloud.
The process for performing URL lookups, in both the private and
the public cloud is the same for the firewalls on the network. By
default, the firewall is configured to access the public PAN-DB
cloud. If you deploy a PAN-DB private cloud, you must configure
the firewalls with a list of IP addresses or FQDNs to access the
server(s) in the private cloud.
Firewalls running PAN-OS 5.0 or later versions can communicate
with the PAN-DB private cloud.
When you
set up the PAN-DB
private cloud, you can either configure the M-600 appliance(s)
to have direct internet access or keep it completely offline. Because
the M-600 appliance requires database and content updates to perform
URL lookups, if the appliance does not have an active internet connection,
you must manually download the updates to a server on your network
and then, import the updates using SCP into each M-600 appliance
in the PAN-DB private cloud. In addition, the appliances must be
able to obtain the seed database and any other regular or critical
content updates for the firewalls that it services.
To authenticate the firewalls that connect to the PAN-DB private
cloud, a set of default server certificates are packaged with the
appliance; you cannot import or use another server certificate for
authenticating the firewalls. If you change the hostname on the
M-600 appliance, the appliance automatically generates a new set
of certificates to authenticate the firewalls.