When a user requests a URL the firewall determines the URL category by comparing the URL with the following components (in order) until it finds a match:
If a requested URL matches an expired entry in the dataplane (DP) URL cache, the cache responds with the expired category, but also sends a URL categorization query to the management plane (MP) cache. This prevents unnecessary delays in the DP, assuming that the frequency of category change is low. Similarly, in the MP URL cache, if a URL query from the DP cache matches an expired entry in the MP cache, the MP responds to the DP with the expired category and will also send a URL categorization request to the PAN-DB cloud database. Upon getting the response from the cloud, the firewall sends the updated category to the DP.
As new URLs and categories are defined or if critical updates are needed, the cloud database is updated. Each time the firewall queries the cloud for a URL lookup or if no cloud lookups have occurred for 30 minutes, the database versions on the firewall be compared and if they do not match, an incremental update will be performed.

Related Documentation