Downloading PAN-DB via Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Downloading PAN-DB via Panorama

L0 Member

Hi team,

 

I've had a customer inquire about downloading PAN-DB on their firewalls via the use of their Panorama, problem is I can't find any documentation that would cover this.

 

The use case of this would be for a deployment that is completely offline in terms of the firewalls, and they only have access to Dynamic/Software updates via the Panorama.

 

I'm in the process of trying to replicate this in my lab environment with some VMs, but if anyone could provide additional insight or any documentation they're aware of, then that would be greatly appreciated.

 

Kind regards,

Lauchlan

1 accepted solution

Accepted Solutions

L4 Transporter

@Lauchlan I don't want to be sarcastic, but if  it is completely offline, why do they need URL filtering? 

PanDB is not "downloaded" and it would have been impractical to do so, because of the size and the constant change of its content.

You download a small seed database and then URLs are dynamically categorised by the firewall as required and then cached for a period of time. 

The firewall will need access to internet for this to work and you can't get that from Panorama. 

View solution in original post

2 REPLIES 2

L4 Transporter

@Lauchlan I don't want to be sarcastic, but if  it is completely offline, why do they need URL filtering? 

PanDB is not "downloaded" and it would have been impractical to do so, because of the size and the constant change of its content.

You download a small seed database and then URLs are dynamically categorised by the firewall as required and then cached for a period of time. 

The firewall will need access to internet for this to work and you can't get that from Panorama. 

Hi BatD,

 

Thank you for your response.

Interesting I had posed the same question to my colleague working with the customer, why need URL filtering if this is an offline east-west deployment, but I've not heard back on this yet.

 

After a while trying to replicate this, and seeing that only the BC database can be done through Panorama via Dynamic Updates, I found the following snippet:

"The URL scheduling feature is only for the Brightcloud URL filtering solution. When using the PAN-DB URL filtering database, the scheduling is done automatically.
If you have a PAN-DB license, scheduled updates are not required as firewalls remain in-sync with the servers automatically."

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLV8CAO

 

Needless to say, I'm happy to say your statement is a solid answer and resolution to this query.

 

Kind regards,
Lauchlan

  • 1 accepted solution
  • 4696 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!