M-600 Appliance for PAN-DB Private Cloud
Learn about deploying the M-600 appliance as a PAN-DB
private cloud and key differences between PAN-DB public cloud and
private cloud.
To deploy a PAN-DB private cloud, you need one or more
M-600 appliances. The M-600 appliance ships
in Panorama mode, and to be deployed as PAN-DB private cloud you
must set it up to operate in PAN-URL-DB mode. In the PAN-URL-DB
mode, the appliance provides URL categorization services for enterprises
that do not want to use the PAN-DB public cloud.
The M-600 appliance when deployed as a PAN-DB private cloud uses
two ports- MGT (Eth0) and Eth1; Eth2 is not available for use. The
management port is used for administrative access to the appliance
and for obtaining the latest content updates from the PAN-DB public
cloud or from a server on your network. For communication between
the PAN-DB private cloud and the firewalls on the network, you can
use the MGT port or Eth1.
The M-200 appliance cannot be deployed as a PAN-DB private
cloud.
The M-600 appliance in PAN-URL-DB mode:
- Does not have a web interface, it only supports a command-line interface (CLI).
- Cannot be managed by Panorama.
- Cannot be deployed in a high availability pair.
- Does not require a URL Filtering license. The firewalls, must have a valid PAN-DB URL Filtering license to connect with and query the PAN-DB private cloud.
- Ships with a set of default server certificates that are used to authenticate the firewalls that connect to the PAN-DB private cloud. You cannot import or use another server certificate for authenticating the firewalls. If you change the hostname on the M-600 appliance, the appliance automatically generates a new set of certificates to authenticate the firewalls that it services.
- Can be reset to Panorama mode only. If you want to deploy the appliance as a Dedicated Log Collector, switch to Panorama mode and then enable Log Collector mode.
Differences | PAN-DB Public Cloud | PAN-DB Private Cloud |
|---|---|---|
Content and Database Updates | Content (regular and critical) updates and
full database updates are published multiple times during the day.
The PAN-DB public cloud updates the URL categories malware and phishing
every five minutes. The firewall checks for critical updates whenever
it queries the cloud servers for URL lookups. | Content updates and full URL database updates
are available once a day during the work week. |
URL Categorization Requests | Submit URL categorization change requests
using the following options:
| Submit URL categorization change requests
only using the Palo Alto Networks Test A Site website. |
Unresolved URL Queries | If the firewall cannot resolve a URL query,
the request is sent to the servers in the public cloud. | If the firewall cannot resolve a query,
the request is sent to the M-600 appliance(s) in the PAN-DB private cloud.
If there is no match for the URL, the PAN-DB private cloud sends
a category unknown response to the firewall; the request
is not sent to the public cloud unless you have configured the M-600
appliance to access the PAN-DB public cloud. If the M-600
appliance(s) that constitute your PAN-DB private cloud is configured
to be completely offline, it does not send any data or analytics
to the public cloud. |
Recommended For You
Recommended Videos
Recommended videos not found.
