Five-Minute Updates for PAN-DB Malware and Phishing URL Categories

The Malware and Phishing URL categories in the PAN-DB cloud are now updated every five minutes based on the latest information from the Threat Intelligence cloud. Firewalls with an active PAN-DB URL Filtering license automatically benefit from these more frequent URL category updates following the upgrade to PAN-OS 8.0.
With PAN-DB URL Filtering, the firewall holds a cache of URLs and their categorizations locally; when a user accesses a website that is not in the local cache or if the local cache entry has expired, the firewall queries the PAN-DB cloud to determine the URL category of the website. At this time, the firewall will get the very latest categorization for the URL from the PAN-DB cloud, and will add the new URL to the local cache. To ensure that the firewall is configured to then block access to malware and phishing sites based on the latest URL category updates, take the following steps.
  1. Enable PAN-DB URL Filtering .
    This includes obtaining and installing a PAN-DB URL Filtering license and activating URL filtering.
  2. Restrict access to malicious and phishing sites.
    1. Select ObjectsSecurity ProfilesURL Filtering and Add or modify a URL filtering profile.
      Configure a best practice URL Filtering profile to ensure protection against URLs that have been observed hosting malware or exploitive content.
    2. Select Categories.
    3. Check that the Site Access for the malware and phishing categories is set to block.
    4. Click OK to save the profile.
  3. (Optional) You can also enable the new Credential Phishing Prevention feature to prevent users from submitting credentials to untrusted sites, without blocking their access to those sites.

Related Documentation