On a new Palo Alto firewall, the “Brightcloud URL Filtering” feature is not licensed by default, and users will not be able to create policies using Brightcloud categories, nor will categories appear in any logs or reports.
The “Brightcloud URL Filtering” feature must be licensed, downloaded, and activated for categories to be used on a Palo Alto Firewall.
See https://live.paloaltonetworks.com/docs/DOC-1193 for details from Palo Alto.
Note Bene: Activation will require a reboot.
First, make sure the URL Filtering license is enabled by Palo Alto. This requires a Palo Alto support account and that the device is registered to the website.
Now you can use a PuTTY (SSH) session, to run this sequence of commands:
request license fetch request url-filtering upgrade brightcloud (If you see "Server error : Not licensed", double-check that the device is licensed!!!)
tail follow yes mp-log pan_bc_download.log (press CTRL-C when you see the job has completed) request content upgrade download latest request content upgrade info (Repeat this 'info' command until you see 'downloaded...yes' for the latest version) request content upgrade install version latest
(This will print 'Content install job enqueued with jobid ##. Remember the ##) show jobs id ## (Where ## is the jobid from the previous command) (Repeat the above until the job status shows 'FIN')
Congratulations, you’ve installed and updated the Brightcloud URL Filtering database.
The last step is to go back to the WebUI. Onder device then Licenses, you will see an “Activate” button for URL Filtering. Activation will require a reboot.
Leave A Comment?
You must be logged in to post a comment.