Appliance for PAN-DB Private Cloud
To deploy a PAN-DB private cloud, you need one or more M-500 appliances. The M-500 appliance ships in Panorama mode, and to be deployed as PAN-DB private cloud you must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB mode, the appliance provides URL categorization services for enterprises that do not want to use the PAN-DB public cloud.
The M-500 appliance when deployed as a PAN-DB private cloud uses two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The management port is used for administrative access to the appliance and for obtaining the latest content updates from the PAN-DB public cloud or from a server on your network. For communication between the PAN-DB private cloud and the firewalls on the network, you can use the MGT port or Eth1.
The M-100 appliance cannot be deployed as a PAN-DB private cloud.
The M-500 appliance in PAN-URL-DB mode:
- Does not have a web interface, it only supports a command-line interface (CLI).
- Cannot be managed by Panorama.
- Cannot be deployed in a high availability pair.
- Does not require a URL Filtering license. The firewalls, must have a valid PAN-DB URL Filtering license to connect with and query the PAN-DB private cloud.
- Ships with a set of default server certificates that are used to authenticate the firewalls that connect to the PAN-DB private cloud. You cannot import or use another server certificate for authenticating the firewalls. If you change the hostname on the M-500 appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls that it services.
- Can be reset to Panorama mode only. If you want to deploy the appliance as a dedicated Log Collector, switch to Panorama mode and then set it in log collector mode.
PAN-DB Public Cloud
PAN-DB Private Cloud
Content and Database Updates
Content (regular and critical) updates and full database updates are published multiple times during the day. The PAN-DB public cloud updates the URL categories malware and phishing every five minutes. The firewall checks for critical updates whenever it queries the cloud servers for URL lookups.
Content updates and full URL database updates are available once a day during the work week.
URL Categorization Requests
Submit URL categorization change requests using the following options:
Unresolved URL Queries
If the firewall cannot resolve a URL query, the request is sent to the servers in the public cloud.
If the firewall cannot resolve a query, the request is sent to the M-500 appliance(s) in the PAN-DB private cloud. If there is no match for the URL, the PAN-DB private cloud sends a category
unknownresponse to the firewall; the request is not sent to the public cloud unless you have configured the M-500 appliance to access the PAN-DB public cloud.
If the M-500 appliance(s) that constitute your PAN-DB private cloud is configured to be completely offline, it does not send any data or analytics to the public cloud.
PAN-DB Private Cloud
PAN-DB Private Cloud The PAN-DB private cloud is an on-premise solution for organizations that restrict the usage of cloud services. With this on-premise solution, you ...
Configure the PAN-DB Private Cloud
Configure the PAN-DB Private Cloud Rack mount the M-500 appliance. Refer to the M-500 Hardware Reference Guide for instructions. Register the M-500 appliance. For instructions ...
Set Up the PAN-DB Private Cloud
Set Up the PAN-DB Private Cloud To deploy one or more M-500 appliances as a PAN-DB private cloud within your network or data center, you ...
URL Filtering Overview
About URL Filtering Palo Alto Networks URL Filtering protects against web-based threats by giving you a way to safely enable web access while controlling how ...
Configure the Firewalls to Access the PAN-DB Private Cloud
Configure the Firewalls to Access the PAN-DB Private Cloud When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud ...
How URL Filtering Works PAN-DB—the URL Filtering cloud database—classifies websites based on site content, features, and safety. A URL can have up to four URL ...
Configure Authentication with Custom Certificates on the PAN-DB Private Cloud
Use custom certificates to establish a unique chain of trust that ensures mutual authentication between your PAN-DB server and your firewalls. ...
Troubleshoot URL Filtering
Troubleshoot URL Filtering The following topics provide troubleshooting guidelines for diagnosing and resolving common URL filtering problems. Problems Activating PAN-DB PAN-DB Cloud Connectivity Issues URLs ...
Enable Local Signature and URL Category Generation
Enable Local Signature and URL Category Generation The WildFire appliance can generate signatures locally based on the samples received from connected firewalls and the WildFire ...