PAN-DB Private Cloud
Focus
Focus
Advanced URL Filtering

PAN-DB Private Cloud

Table of Contents

PAN-DB Private Cloud

Learn more about PAN-DB private cloud, Palo Alto Networks URL filtering solution for your private cloud environment.
Where can I use this?What do I need?
  • NGFW (Managed by PAN-OS or Panorama)
Note: Legacy URL filtering licenses are discontinued, but active legacy licenses are still supported.
The PAN-DB private cloud provides an on-premises solution for organizations that restrict the usage of public cloud services. Notably, firewalls query PAN-DB private cloud servers during URL lookups instead of PAN-DB public cloud servers. To implement this solution, you'll need to deploy one or more M-600 or M-700 appliances as PAN-DB servers within your network or data center. Only firewalls running PAN-OS 9.1 or later versions can communicate with the PAN-DB private cloud.
PAN-DB private cloud deployments do not support the cloud-based URL analysis features of the Advanced URL Filtering subscription.
The following table describes the differences between the PAN-DB public cloud and the PAN-DB private cloud.
Differences Between the PAN-DB Public Cloud and PAN-DB Private Cloud
Differences
PAN-DB Public Cloud
PAN-DB Private Cloud
Content and Database Updates
Content (regular and critical) updates and full URL database updates are published multiple times a day. The PAN-DB public cloud updates the malware and phishing URL categories every five minutes. The firewall also checks for critical updates whenever it queries the cloud servers for URL lookups.
Content updates and full URL database updates are available once a day during the work week.
URL Categorization Requests
  • Palo Alto Networks Test A Site website.
  • A URL Filtering profile.
  • A URL Filtering log.
You can request a URL categorization change through Palo Alto Networks Test A Site website.
Unresolved URL Queries
If the firewall can't resolve a URL query, the request is sent to the servers in the public cloud.
If the firewall can't resolve a query, the request is sent to the appliances in the PAN-DB private cloud. If there isn't a match for the URL, the PAN-DB private cloud sends an unknown category response to the firewall; the request isn't sent to the public cloud unless you've configured your appliances to access the PAN-DB public cloud.
If the appliances in your PAN-DB private cloud operate completely offline, the firewall doesn't send any data or analytics to the public cloud.