M-500 Appliance for PAN-DB Private Cloud
To deploy a PAN-DB private cloud, you need one or more M-500 appliances. The M-500 appliance ships in Panorama mode, and to be deployed as PAN-DB private cloud you must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB mode, the appliance provides URL categorization services for enterprises that do not want to use the PAN-DB public cloud.
The M-500 appliance when deployed as a PAN-DB private cloud uses two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The management port is used for administrative access to the appliance and for obtaining the latest content updates from the PAN-DB public cloud or from a server on your network. For communication between the PAN-DB private cloud and the firewalls on the network, you can use the MGT port or Eth1.
The M-100 appliance cannot be deployed as a PAN-DB private cloud.
The M-500 appliance in PAN-URL-DB mode:
- Does not have a web interface, it only supports a command-line interface (CLI).
- Cannot be managed by Panorama.
- Cannot be deployed in a high availability pair.
- Does not require a URL Filtering license. The firewalls, must have a valid PAN-DB URL Filtering license to connect with and query the PAN-DB private cloud.
- Ships with a set of default server certificates that are used to authenticate the firewalls that connect to the PAN-DB private cloud. You cannot import or use another server certificate for authenticating the firewalls. If you change the hostname on the M-500 appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls that it services.
- Can be reset to Panorama mode only. If you want to deploy the appliance as a dedicated Log Collector, switch to Panorama mode and then set it in log collector mode.
PAN-DB Public Cloud
PAN-DB Private Cloud
Content and Database Updates
Content (regular and critical) updates and full database updates are published multiple times during the day. The PAN-DB public cloud updates the URL categories malware and phishing every five minutes. The firewall checks for critical updates whenever it queries the cloud servers for URL lookups.
Content updates and full URL database updates are available once a day during the work week.
URL Categorization Requests
Submit URL categorization change requests using the following options:
Submit URL categorization change requests only using the Palo Alto Networks Test A Site website.
Unresolved URL Queries
If the firewall cannot resolve a URL query, the request is sent to the servers in the public cloud.
If the firewall cannot resolve a query, the request is sent to the M-500 appliance(s) in the PAN-DB private cloud. If there is no match for the URL, the PAN-DB private cloud sends a category unknown response to the firewall; the request is not sent to the public cloud unless you have configured the M-500 appliance to access the PAN-DB public cloud.
If the M-500 appliance(s) that constitute your PAN-DB private cloud is configured to be completely offline, it does not send any data or analytics to the public cloud.
PAN-DB Private Cloud
PAN-DB Private Cloud The PAN-DB private cloud is an on-premise solution that is suitable for organizations that prohibit or restrict the use of the PAN-DB ...
Configure the PAN-DB Private Cloud
Configure the PAN-DB Private Cloud Rack mount the M-500 appliance. Refer to the M-500 Hardware Reference Guide for instructions. Register the M-500 appliance. For instructions ...
Set Up the PAN-DB Private Cloud
Set Up the PAN-DB Private Cloud To deploy one or more M-500 appliances as a PAN-DB private cloud within your network or data center, you ...
URL Filtering Overview
URL Filtering Overview The Palo Alto Networks URL filtering solution complements App-ID by enabling you to configure the firewall to identify and control access to ...
PAN-DB Categorization When a user requests a URL the firewall determines the URL category by comparing the URL with the following components (in order) until ...
Configure the Firewalls to Access the PAN-DB Private Cloud
Configure the Firewalls to Access the PAN-DB Private Cloud When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud ...
URL Categories Each website defined in the URL filtering database is assigned a URL category. Here are a few ways to leverage URL categories: Block ...
Configure Authentication with Custom Certificates on the PAN-DB Private Cloud
Use custom certificates to establish a unique chain of trust that ensures mutual authentication between your PAN-DB server and your firewalls. ...
URL Filtering The Palo Alto Networks URL filtering solution allows you to monitor and control the sites users can access, to prevent phishing attacks by ...