Content Delivery Network Infrastructure
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
-
- Upgrade Panorama with an Internet Connection
- Upgrade Panorama Without an Internet Connection
- Install Content Updates Automatically for Panorama without an Internet Connection
- Upgrade Panorama in an HA Configuration
- Migrate Panorama Logs to the New Log Format
- Upgrade Panorama for Increased Device Management Capacity
- Upgrade Panorama and Managed Devices in FIPS-CC Mode
- Downgrade from Panorama 11.1
- Troubleshoot Your Panorama Upgrade
-
- What Updates Can Panorama Push to Other Devices?
- Schedule a Content Update Using Panorama
- Panorama, Log Collector, Firewall, and WildFire Version Compatibility
- Upgrade Log Collectors When Panorama Is Internet-Connected
- Upgrade Log Collectors When Panorama Is Not Internet-Connected
- Upgrade a WildFire Cluster from Panorama with an Internet Connection
- Upgrade a WildFire Cluster from Panorama without an Internet Connection
- Upgrade Firewalls When Panorama Is Internet-Connected
- Upgrade Firewalls When Panorama Is Not Internet-Connected
- Upgrade a ZTP Firewall
- Revert Content Updates from Panorama
-
Content Delivery Network Infrastructure
Palo Alto Networks maintains a Content Delivery Network
(CDN) infrastructure for delivering content updates to the Palo
Alto Networks firewalls. The firewalls access the web resources
in the CDN to perform various content and application identification
functions.
The following table lists the web resources that the firewall
accesses for a feature or application:
Resource | URL | Static Addresses
(If a static server is required) |
---|---|---|
Application Database |
Add
the following URLs to your firewall allow list if your firewall
has limited access to the Internet:
If
you want additional reference information or are experiencing connectivity and
update download issues, please refer to: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001UtRCAU The
Palo Alto Networks ThreatVault database includes information
about vulnerabilities, exploits, viruses, and spyware threats. Firewall
features, including DNS security and the Antivirus profile, use
the following resource to retrieve threat ID information to create
exceptions:
| us-static.updates.paloaltonetworks.com Add
the following IPv4 or IPv6 static server address sets to your firewall allow
list:
Both
IP addresses provided for a given protocol type must be added to
the allow list for proper functionality. |
Threat/Antivirus Database | ||
PAN-DB URL Filtering | Advanced URL Filtering | *.urlcloud.paloaltonetworks.com Resolves
to the primary URL s0000.urlcloud.paloaltonetworks.com and is then redirected
to the regional server that is closest:
| Static IP addresses are not available. However, you
can manually resolve a URL to an IP address and allow access to
the regional server IP address. |
Cloud Services | Resolves to hawkeye.services-edge.paloaltonetworks.com and
is then redirected to the regional server that is closest:
| Static IP addresses are not available. |
DNS Security |
When
downloading an allow list, dns.service.paloaltonetworks.com resolves
to the following server:
| Static IP addresses are not available. |
Firewall-based inline ML:
|
| Static IP addresses are not available. |
WildFire |
WildFire
cloud regions:
| Static IP addresses are not available. |