Configure the Firewalls to Access the PAN-DB Private Cloud
After you configure the PAN-DB private cloud, you must
give your firewalls access to the PAN-DB private cloud servers it
will use for URL lookups.
When using the PAN-DB public cloud, each firewall
accesses the PAN-DB servers in the AWS cloud to download the list
of eligible servers to which it can connect for URL lookups. With
the PAN-DB private cloud, you must configure the firewalls with
a (static) list of your PAN-DB private cloud servers that will be
used for URL lookups. The list can contain up to 20 entries; IPv4
addresses, IPv6 addresses, and FQDNs are supported. Each entry on
the list— IP address or FQDN—must be assigned to the management
port and/or eth1 of the PAN-DB server.
Pick one of the following options based on the
PAN-OS version on the firewall.
delete the entries for the private PAN-DB servers, and allow the
firewalls to connect to the PAN-DB public cloud, use the command:
set deviceconfig setting pan-url-db cloud-static-list
you delete the list of private PAN-DB servers, a re-election process
is triggered on the firewall. The firewall first checks for the
list of PAN-DB private cloud servers and when it cannot find one,
the firewall accesses the PAN-DB servers in the AWS cloud to download
the list of eligible servers to which it can connect.
To verify that the change is effective, use the following
CLI command on the firewall:
show url-cloud status
Cloud status: Up
URL database version: 20150417-220