PAN-DB Cloud Connectivity Issues
To check connectivity between the firewall and the PAN-DB cloud:
show url-cloud status
If the cloud is accessible, the expected response is similar to the following:
show url-cloud status PAN-DB URL Filtering License : valid Current cloud server : s0000.urlcloud.paloaltonetworks.com Cloud connection : connected URL database version - device : 2013.11.18.000 URL database version - cloud : 2013.11.18.000 ( last update time 2013/11/19 13:20:51 ) URL database status : good URL protocol version - device : pan/0.0.2 URL protocol version - cloud : pan/0.0.2 Protocol compatibility status : compatible
If the cloud is not accessible, the expected response is similar to the following:
show url-cloud status PAN-DB URL Filtering License : valid Cloud connection : not connected URL database version - device : 2013.11.18.000 URL database version - cloud : 2013.11.18.000 ( last update time 2013/11/19 13:20:51 ) URL database status : good URL protocol version - device : pan/0.0.2 URL protocol version - cloud : pan/0.0.2 Protocol compatibility status : compatible
Use the following checklist to identify and resolve connectivity issues:
- Does the PAN-DB URL Filtering license field shows as invalid? Obtain and install a valid PAN-DB license.
- Does the URL database status show as out of date? Download a new seed database by running the following command:
request url-filtering download paloaltonetworks region <region>
- Does the URL protocol version show as not compatible? Upgrade PAN-OS to the latest version.
- Can you ping the PAN-DB cloud server from the firewall? Run the following command to check:
ping source <ip-address> host s0000.urlcloud.paloaltonetworks.com <For example, if your management interface IP address is 10.1.1.5, run the following command:
ping source 10.1.1.5 host s0000.urlcloud.paloaltonetworks.com
- Is the firewall in an HA configuration? Verify that the HA state of the firewalls is in the active, active-primary, or active-secondary state. Access to the PAN-DB cloud will be blocked if the firewall is in a different state. Run the following command on each firewall in the pair to see the state:
show high-availability state
If you still have problems with connectivity between the firewall and the PAN-DB cloud, contact Palo Alto Networks support.
Problems Activating PAN-DB
Problems Activating PAN-DB Use the following workflow to troubleshoot PAN-DB activation issues. Access the PAN-OS CLI . Verify whether PAN-DB has been activated by running ...
Troubleshoot URL Filtering
Troubleshoot URL Filtering The following topics provide troubleshooting guidelines for diagnosing and resolving common URL filtering problems. Problems Activating PAN-DB PAN-DB Cloud Connectivity Issues URLs ...
URLs Classified as Not-Resolved
URLs Classified as Not-Resolved Use the following workflow to troubleshoot why some or all of the URLs being identified by PAN-DB are classified as Not-resolved: ...
Configure the Firewalls to Access the PAN-DB Private Cloud
Configure the Firewalls to Access the PAN-DB Private Cloud When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud ...
URL Database Out of Date
URL Database Out of Date If you have observed through the syslog or the CLI that PAN-DB is out-of-date, it means that the connection from ...
PAN-DB Categorization When a user requests a URL the firewall determines the URL category by comparing the URL with the following components (in order) until ...
Enable PAN-DB URL Filtering
Enable PAN-DB URL Filtering Obtain and install a PAN-DB URL filtering license and confirm that it is installed. If the license expires, the firewall ceases ...
M-500 Appliance for PAN-DB Private Cloud
M-500 Appliance for PAN-DB Private Cloud To deploy a PAN-DB private cloud, you need one or more M-500 appliances. The M-500 appliance ships in Panorama ...
PAN-DB Private Cloud
PAN-DB Private Cloud The PAN-DB private cloud is an on-premise solution that is suitable for organizations that prohibit or restrict the use of the PAN-DB ...