{"id":7067,"date":"2014-10-29T09:17:16","date_gmt":"2014-10-29T16:17:16","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=7067"},"modified":"2023-03-28T13:34:49","modified_gmt":"2023-03-28T20:34:49","slug":"web-security-tips-pan-db-works","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2014\/10\/web-security-tips-pan-db-works\/","title":{"rendered":"Web security tips: How PAN-DB works"},"content":{"rendered":"

PAN-DB is our URL and IP database, designed to fulfill an enterprise\u2019s web security needs. PAN-DB is tightly integrated into PAN-OS, providing you Advanced Persistent Threat (APT) protection with high-performance beyond traditional URL filtering.<\/p>\n

Traditional URL filtering is intended to control unwanted web surfing such as non-business or illegal sites, but it usually doesn\u2019t cover up to the minute malicious web sites such as newly discovered malware site, exploit site or command and control sites. Let me explain how PAN-DB works for you.<\/p>\n

<\/p>\n

How PAN-DB maximizes your URL lookup performance<\/h3>\n

\u00a0

\"PAN-DB\"<\/span><\/div><\/a><\/strong><\/p>\n

Figure1. PAN-DB classification and cache system<\/p>\n

\u00a0<\/strong><\/p>\n

PAN-DB Core:<\/strong> The PAN-DB Core, located in the Palo Alto Networks threat intelligence cloud, has a full URL and IP database to cover web security needs.<\/p>\n

Seed database:<\/strong> When the PAN-DB is enabled on your firewalls, a subset of the full URL database is downloaded from the Palo Alto Networks threat intelligence cloud to firewalls based on the selected geographic region. Each region contains a subset of the URL database that includes URLs most accessed for the given region. This regional subset of the URL database allows the firewalls to store a much smaller URL database, in order to greatly improve URL lookup performance. You can download a seed database by region to the each firewall from our Panorama centralized management system as well.<\/p>\n

\u00a0

\"Seed\"<\/span><\/div><\/a>Figure 2. Seed database by regions<\/p>\n

Management plane cache:<\/strong> The seed database is placed into the management plane (MP) cache to provide quick URL lookups. The MP cache will pull more URLs and categories from the PAN-DB core as users access sites that are not currently in the MP cache. If the URL requested by a user is \u201cunknown\u201d to Palo Alto Networks, the URL will be examined, categorized, and implemented as appropriate.<\/p>\n

Dataplane cache:<\/strong> A dataplane cache (DP) contains the most frequently accessed sites for quicker URL lookups.<\/p>\n

Malicious URL database delivered from WildFire<\/h3>\n

Millions of URLs and IPs are classified in a variety of ways. In addition to the \u201cMulti-language classification engine\u201d and the \u201cURL change request from users,\u201d PAN-DB receives malicious URL and IP information from WildFire. Examples of malicious URL and IP database are shown below.<\/p>\n