PAN-DB URL Filtering CLI Command Reference
107233
Created On 09/25/18 19:24 PM - Last Modified 12/07/22 06:19 AM
Environment
- Palo Alto Firewall.
- Any PAN-OS.
- URL Filtering.
- PAN-DB or Brightcloud URL Database.
Resolution
The below table describes some of the CLI commands associated with URL filtering, including those that are specific to PAN-DB only.
Commands
| URL Vendor | Comments | |||
| CLI Command | Description | BrightCloud | PAN-DB | |
| "clear" Commands | ||||
|---|---|---|---|---|
| clear url-cache url <url> | Clears specified URL from data plane cache | N/A | New | Please note that the URL will not removed from the DP cache however will set to not-resolved and expired. |
| delete url-database all | Clears entire MP cache | N/A | New | |
| delete url-database url <url> | Clears specified URL from MP cache | N/A | New | Please note that the URL will not removed from the TRIE however will be expired. |
| "configure" Commands | ||||
| set deviceconfig setting url dynamic-url-timeout | Dynamic URL entry timeout in hours | Same | N/A | Disabled because dynamic URL timeout only applies to BrightCloud |
| set deviceconfig system update-schedule url-database | Schedule for downloading/installing updates | Same | N/A | Disabled as there are no scheduled updates for Pandora |
| set profiles url-filtering profile_name action | action for block list items | Same | Same | |
| set profiles url-filtering profile_name alert | categories to alert on | Same | Same | |
| set profiles url-filtering profile_name allow | categories to allow | Same | Same | |
| set profiles url-filtering profile_name allow-list | host or ip address to pass | Same | Same | |
| set profiles url-filtering profile_name block | categories to block | Same | Same | |
| set profiles url-filtering profile_name block-list | host or ip address to block | Same | Same | |
| set profiles url-filtering profile_name continue | categories to block/continue | Same | Same | |
| set profiles url-filtering profile_name description | description | Same | Same | |
| set profiles url-filtering profile_name dynamic-url | Dynamic URL filtering | Same | N/A | Disabled as this is enabled by default for Pandora. |
| set profiles url-filtering profile_name enable-container-page | Track container page | Same | Same | |
| set profiles url-filtering profile_name license-expired allow | action when URL filtering license expires | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| set profiles url-filtering profile_name license-expired block | action when URL filtering license expires | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| set profiles url-filtering profile_name log-container-page-only | Log container page only | Same | Same | |
| set profiles url-filtering profile_name override | categories to admin override | Same | Same | |
| run test url | Test URL categorization | Same | Same | |
| "delete" Commands | ||||
| delete license key | Remove license keys on disk | Same | Same | |
| delete dynamic-url host all | Delete all dynamic database entries | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| delete dynamic-url host name | Delete a dynamic database entry | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| delete url-database url | Clears a specified URL from management plane | N/A | New | |
| delete url-database brightcloud | Deletes the Brightcloud URL DB on the firewall | Same | N/A | The Brightcloud URL DB is not automatically deleted after migration to PAN-DB. This was done to make it is easy to revert back in case needed. This command was introduced to clear the Brightcloud DB if there is no need to revert |
| "set" Commands (not configure mode) | ||||
| set system setting url-database | Set URL database | Same | Same | |
| set system setting url-filtering-feature cache | Enable/disable optional MP URL cache feature for URL filtering | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| set system setting url-filtering-feature filter | Enable/disable optional Bloom Filter feature for URL filtering | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| "show" Commands | ||||
| show system info | Displays current URL Filtering DB version number among other system info. | Same | Same | |
| show system state | Displays system configurations | Same | Same | |
| show running top-urls | Same | Disabled | ||
| show running url <url> | Displays the category of the URL in the dataplane cache | N/A | New | |
| show running url-cache statistics | Displays URL cache statistics | Same | Same | |
| show running url-info | Show categorization details of the URL as in the url-cache | N/A | New | |
| show running url-license | Displays URL license information | Same | Same | |
| show system setting url-cache statistics | Displays URL cache statistics | Same | Same | |
| show system setting url-database | Displays URL database | Same | Same | |
| show system setting url-filtering-feature | Displays URL filtering feature settings | Same | Disabled | |
| show url-cloud status | Shows the cloud status | N/A | New | |
| "request" Commands | ||||
| request url-filtering download paloaltonetworks | Requests Pandora URL database seed download. | N/A | N/A | Older PAN-OS only. Refer note in the additional section |
| request url-filtering download paloaltonetworks region | Requests regional Pandora URL database seed download. | N/A | N/A | Older PAN-OS only. Refer note in the additional section |
| request url-filtering download status vendor | Shows status of information download for URL filtering based on vendor name. | Changed | Changed | For BrightCloud, this command replaces the command: "request url-filtering download status" |
| request url-filtering install database major-version | Installs Major BrightCloud database version | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering install database md5 | Installs MD5 of BrightCloud database | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering install database minor-version | Installs Minor BrightCloud database version | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering install signed-database | Install signed uploaded BrightCloud database | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering install pandb-database | Install PANDB Database | N/A | New | Applicable to PAN-DB only |
| request url-filtering revert | Revert last url database | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering save url-database | Saves the Pandora database cache in the management plane | N/A | New | |
| request url-filtering update url <url> | Updates the specified URL category from the cloud | N/A | New | |
| request url-filtering upgrade Brightcloud | Upgrade BrightCloud database(where present) | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request url-filtering upgrade Brightcloud test | Capture initial download in filter-pcap test_bc_download.pcap | Same | N/A | Disabled as this is no longer applicable for PAN-DB. |
| request license fetch auth-code | Authentication code for URL vendor license | Same | Same | |
| request license info | Show information about owned license(s) | Same | Same | |
| request license install | Install a license key | Same | Same | |
| "test" Commands | ||||
| test url | Test URL categorization (MP and Cloud. No DP) | Same | Changed | PAN-DB will provide answers from both device and cloud DB, while BC provides an answer from the cloud DB only if there is no answer in the base DB. |
| test url-info-cloud | Return detailed information about the URL in the cloud | N/A | New | |
| test url-info-host | Return detailed information about the URL in the host | N/A | New | |
Additional Information
Note1: In PAN-OS 9.0, the command "request url-filtering download" only supports BrightCloud URL Filtering
Note2: BrightCloud was removed as a URL filtering vendor starting PAN-OS 9.1. Refer Documentation. Consequently, the commands "request URL filtering download", "request URL filtering revert" and "set system setting url-database" are also removed.