Content Delivery Network Infrastructure

Palo Alto Networks maintains a Content Delivery Network (CDN) infrastructure for delivering content updates to the Palo Alto Networks firewalls. The firewalls access the web resources in the CDN to perform various content and application identification functions.
The following table lists the web resources that the firewall accesses for a feature or application:
Static Addresses (If a static server is required)
Application Database
  • (Global, excluding mainland China)
  • (Mainland China only)
Add the following URLs to your firewall allow list if your firewall has limited access to the Internet:
As a best practice, set the update server to This allows the Palo Alto Networks firewall to receive content updates from the server closest to it in the CDN infrastructure.
If you want additional reference information or are experiencing connectivity and update download issues, please refer to:
The Palo Alto Networks ThreatVault database includes information about vulnerabilities, exploits, viruses, and spyware threats. Firewall features, including DNS security and the Antivirus profile, use the following resource to retrieve threat ID information to create exceptions:
Add the following IPv4 or IPv6 static server address sets to your firewall allow list:
  • IPv4
    — and
  • IPv6
    — [2600:1901:0:669::]:443 and [2600:1901:0:5162::]:443
Both IP addresses provided for a given protocol type must be added to the allow list for proper functionality.
Threat/Antivirus Database
PAN-DB URL Filtering | Advanced URL Filtering
Resolves to the primary URL and is then redirected to the regional server that is closest:
Static IP addresses are not available. However, you can manually resolve a URL to an IP address and allow access to the regional server IP address.
Cloud Services
Resolves to and is then redirected to the regional server that is closest:
  • US—
  • EU—
  • UK—
  • APAC—
Static IP addresses are not available.
DNS Security
  • Cloud—
  • Telemetry—
When downloading an allow list, resolves to the following server:
  • (used to create DNS exceptions)
Static IP addresses are not available.
Firewall-based inline ML:
  • URL Filtering Inline ML
  • WildFire Inline ML
Static IP addresses are not available.
  • Cloud (report retrieval)—
WildFire cloud regions:
  • Global—
  • European Union—
  • Japan—
  • Singapore—
  • United Kingdom—
  • Canada—
  • Australia—
  • Germany—
  • India—
Static IP addresses are not available.

Recommended For You