the Firewalls to Access the PAN-DB Private Cloud
When using the PAN-DB public cloud, each firewall
accesses the PAN-DB servers in the AWS cloud to download the list
of eligible servers to which it can connect for URL lookups. With
the PAN-DB private cloud, you must configure the firewalls with
a (static) list of your PAN-DB private cloud servers that will be
used for URL lookups. The list can contain up to 20 entries; IPv4
addresses, IPv6 addresses, and FQDNs are supported. Each entry on
the list— IP address or FQDN—must be assigned to the management
port and/or eth1 of the PAN-DB server.
Pick one of the following options based on the
PAN-OS version on the firewall.
delete the entries for the private PAN-DB servers, and allow the
firewalls to connect to the PAN-DB public cloud, use the command:
set deviceconfig setting pan-url-db cloud-static-list <IP addresses> disable
you delete the list of private PAN-DB servers, a re-election process
is triggered on the firewall. The firewall first checks for the
list of PAN-DB private cloud servers and when it cannot find one,
the firewall accesses the PAN-DB servers in the AWS cloud to download
the list of eligible servers to which it can connect.
To verify that the change is effective, use the following
CLI command on the firewall:
Cloud status: Up
URL database version: 20150417-220