Palo Alto Networks maintains a Content Delivery Network
(CDN) infrastructure for delivering content updates to the Palo
Alto Networks firewalls. The firewalls access the web resources
in the CDN to perform various content and application identification
The following table lists the web resources that the firewall
accesses for a feature or application:
the following URLs to your firewall allow list if your firewall
has limited access to the Internet:
a best practice, set the update server to updates.paloaltonetworks.com.
This allows the Palo Alto Networks firewall to receive content updates
from the server closest to it in the CDN infrastructure.
Palo Alto Networks ThreatVault database includes information
about vulnerabilities, exploits, viruses, and spyware threats. Firewall
features, including DNS security and the Antivirus profile, use
the following resource to retrieve threat ID information to create
the following IPv4 or IPv6 static server address sets to your firewall
— 18.104.22.168:443 and 22.214.171.124:443
— [2600:1901:0:669::]:443 and [2600:1901:0:5162::]:443
IP addresses provided for a given protocol type must be added to the
allow list for proper functionality.
PAN-DB URL Filtering
to the PAN-DB server list provider and is then redirected to one
of the regional servers used to provide PAN-DB cloud services: