The Palo Alto Networks network security platform requires access to a few specific services in order to perform Dynamic Updates and WildFire functions. When deployed behind existing firewalls or proxy servers, these external resources and services must be accessible from the management interface of the Palo Alto Networks platform. If traffic flows are traversing a Palo Alto Networks platform, the following applications may need to be included in the security rulebase: paloalto-updates, pan-db-cloud, paloalto-wildfire-cloud, and brightcloud.
Application, Threat and Anti-Virus database updates
Note: The updates.paloaltonetworks.com FQDN resolve to CDN-based IP addresses. If static IP addresses are required, staticupdates.paloaltonetworks.com may be used instead.