Configure the Firewalls to Access the PAN-DB Private Cloud
When using the PAN-DB public cloud, each firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect for URL lookups. With the PAN-DB private cloud, you must configure the firewalls with a (static) list of your PAN-DB private cloud servers that will be used for URL lookups. The list can contain up to 20 entries; IPv4 addresses, IPv6 addresses, and FQDNs are supported. Each entry on the list— IP address or FQDN—must be assigned to the management port and/or eth1 of the PAN-DB server.
- Pick one of the following options based on the
PAN-OS version on the firewall.
- For firewalls running PAN-OS 7.0, access the PAN-OS CLI or the web interface on the firewall.Use the following CLI command to configure access to the private cloud:
set deviceconfig setting pan-url-db cloud-static-list <IP addresses> enableOr, in the web interface for each firewall, select DeviceSetupContent-ID, edit the URL Filtering section and enter the PAN-DB Server IP address(es) or FQDN(s). The list must be comma separated.
- For firewalls running PAN-OS 5.0, 6.0, or 6.1, use the following CLI command to configure access to the private cloud:
debug device-server pan-url-db cloud-static-list-enable <IP addresses> enableTo delete the entries for the private PAN-DB servers, and allow the firewalls to connect to the PAN-DB public cloud, use the command:
set deviceconfig setting pan-url-db cloud-static-list <IP addresses> disableWhen you delete the list of private PAN-DB servers, a re-election process is triggered on the firewall. The firewall first checks for the list of PAN-DB private cloud servers and when it cannot find one, the firewall accesses the PAN-DB servers in the AWS cloud to download the list of eligible servers to which it can connect.
- Commit your changes.
- To verify that the change is effective, use the following
CLI command on the firewall:
show url-cloud-status Cloud status: Up URL database version: 20150417-220
PAN-DB Private Cloud
PAN-DB Private Cloud The PAN-DB private cloud is an on-premise solution for organizations that restrict the usage of cloud services. With this on-premise solution, you ...
Configure the PAN-DB Private Cloud
Configure the PAN-DB Private Cloud Rack mount the M-500 appliance. Refer to the M-500 Hardware Reference Guide for instructions. Register the M-500 appliance. For instructions ...
M-500 Appliance for PAN-DB Private Cloud
M-500 Appliance for PAN-DB Private Cloud To deploy a PAN-DB private cloud, you need one or more M-500 appliances. The M-500 appliance ships in Panorama ...
Set Up the PAN-DB Private Cloud
Set Up the PAN-DB Private Cloud To deploy one or more M-500 appliances as a PAN-DB private cloud within your network or data center, you ...
Configure Authentication with Custom Certificates on the PAN-DB Private Cloud
Use custom certificates to establish a unique chain of trust that ensures mutual authentication between your PAN-DB server and your firewalls. ...
URL Filtering Overview
About URL Filtering Palo Alto Networks URL Filtering protects against web-based threats by giving you a way to safely enable web access while controlling how ...
PAN-DB Cloud Connectivity Issues
PAN-DB Cloud Connectivity Issues To check connectivity between the firewall and the PAN-DB cloud: show url-cloud status If the cloud is accessible, the expected response ...
About PAN-DB PAN-DB—the URL Filtering cloud database—classifies websites based on site content, features, and safety. A URL can have up to four URL Categories , ...
Problems Activating PAN-DB
Problems Activating PAN-DB Use the following workflow to troubleshoot PAN-DB activation issues. Access the PAN-OS CLI . Verify whether PAN-DB has been activated by running ...