I just wanted to check with anyone that can answer, that when the URL license expires, the whole feature is disabled in PanOS 8.0.1. It used to be different, the URL filtering would still work, but there were no more updates of the database.
As you probably know, Palo Alto offers two types of URL filtering solutions, PAN-DB and BrightCloud.
I personally always recommend to customers PAN-DB instead of BrightCloud. The reason is because PAN-DB has tight integration with WildFire, in order to update URL categories such as: Malware, Phishing, and Hacking. If you are on BrightCloud, you don’t get the benefit of this integration to feed this categories from WildFire.
I hope this helps.
i think the default use is PAN-DB rather than brightcloud.
the experiment shows that if there is no url record on data plane this url would be allowed. when url license expired Managment plane replication to data plane was disabled . so after the cache on data plane went away , ALL urls check would be disabled / and be allowed to pass the firewall.
that is what i saw.
you can use CLI command to check
show running url xxxxxxx (for data plane)
test url xxxxxxx (for managment plane)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!