>
    Strata Copilot
    PAN-DB Cloud Connectivity Issues
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced URL Filtering
    3. Troubleshooting
    4. PAN-DB Cloud Connectivity Issues
    Download PDF
    Advanced URL Filtering

    PAN-DB Cloud Connectivity Issues

    Table of Contents

    PAN-DB Cloud Connectivity Issues

    Use this checklist to diagnose and troubleshoot connection issues between your firewall and the PAN-DB cloud.
    Where can I use this?What do I need?
    • NGFW (Managed by PAN-OS or Panorama)
    Note: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
    To ensure connectivity to the PAN-DB cloud, create a dedicated Security policy rule that allows all Palo Alto Management Service traffic. This rule prevents management traffic from being classified as not-resolved and blocked when routed through the dataplane.
    To check connectivity between the firewall and the PAN-DB cloud:
    show url-cloud status
    If the cloud is accessible, the expected response is similar to the following:
    show url-cloud status
PAN-DB URL Filtering
License :                          valid
Current cloud server :             serverlist.urlcloud.paloaltonetworks.com
Cloud connection :                 connected
Cloud mode :                       public
URL database version - device :    20200624.20296
URL database version - cloud :     20200624.20296  ( last update time 2020/06/24 12:39:19 )
URL database status :              good
URL protocol version - device :    pan/2.0.0
URL protocol version - cloud :     pan/2.0.0
Protocol compatibility status :    compatible
    If the cloud is not accessible, the expected response is similar to the following:
    show url-cloud status 
PAN-DB URL Filtering 
License :                          valid 
Cloud connection :                 not connected 
URL database version - device :    0000.00.00.000 
URL protocol version - device :    pan/0.0.2
    Use the following checklist to identify and resolve connectivity issues:
    • Does the PAN-DB URL Filtering license field shows as invalid? Obtain and install a valid PAN-DB license.
    • Does the URL protocol version show as not compatible? Upgrade PAN-OS to the latest version.
    • Can you ping the PAN-DB cloud server from the firewall? Run the following command to check:
      ping source <ip-address> host serverlist.urlcloud.paloaltonetworks.com <
      For example, if your management interface IP address is 10.1.1.5, run the following command:
      ping source 10.1.1.5 host serverlist.urlcloud.paloaltonetworks.com
    • Is the firewall in an HA configuration? Verify that the HA state of the firewalls is in the active, active-primary, or active-secondary state. Access to the PAN-DB cloud will be blocked if the firewall is in a different state. Run the following command on each firewall in the pair to see the state:
      show high-availability state
    If you still have problems with connectivity between the firewall and the PAN-DB cloud, contact Palo Alto Networks support.

    © 2025 Palo Alto Networks, Inc. All rights reserved.