To deploy a PAN-DB private cloud, you need one or more
M-500 appliances. The M-500 appliance ships
in Panorama mode, and to be deployed as PAN-DB private cloud you
must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB
mode, the appliance provides URL categorization services for enterprises
that do not want to use the PAN-DB public cloud.
The M-500 appliance when deployed as a PAN-DB private cloud uses
two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The
management port is used for administrative access to the appliance
and for obtaining the latest content updates from the PAN-DB public
cloud or from a server on your network. For communication between
the PAN-DB private cloud and the firewalls on the network, you can
use the MGT port or Eth1.
The M-100 appliance cannot be deployed as a PAN-DB private
The M-500 appliance in PAN-URL-DB mode:
Does not have a web interface, it only supports a command-line
Cannot be managed by Panorama.
Cannot be deployed in a high availability pair.
Does not require a URL Filtering license. The firewalls,
must have a valid PAN-DB URL Filtering license to connect with and
query the PAN-DB private cloud.
Ships with a set of default server certificates that are
used to authenticate the firewalls that connect to the PAN-DB private
cloud. You cannot import or use another server certificate for authenticating
the firewalls. If you change the hostname on the M-500 appliance,
the appliance automatically generates a new set of certificates
to authenticate the firewalls that it services.
Can be reset to Panorama mode only. If you want to deploy
the appliance as a dedicated Log Collector, switch to Panorama mode
and then set it in log collector mode.