https://live.paloaltonetworks.com/t5/general-topics/dynamic-block-lists-access-groups-with-fqdn-support/m-p/51505#M37891 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>if changing the security policy each time is not an option you could either try to set up a dynamic address group which you can alter by using API calls:</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-6672">How to Add an IP Address to a Dynamic Address Group using API</A></P><P></P><P>or set up a domain on your internal DNS server where you can change/add the IP addresses as needed (each fqdn object can contain up to 10 ip addresses)</P><P></P><P>the dynamic address group will probably be the best solution</P><P></P><P></P><P>regards</P><P>Tom</P></BODY></HTML> Tue, 03 Jun 2014 14:57:36 GMT reaper 2014-06-03T14:57:36Z https://live.paloaltonetworks.com/t5/general-topics/dynamic-block-lists-access-groups-with-fqdn-support/m-p/51504#M37890 <HTML><HEAD></HEAD><BODY><P>Currently we have this security policy to allow FTP access. A user who needs FTP access must be part of a special AD group and the FTP server must be part of an address group.</P><P><IMG __jive_id="13757" alt="FTP.png" class="image-0 jive-image" height="75" src="https://live.paloaltonetworks.com/legacyfs/online/13757_FTP.png" style="height: 75px; width: 1500px;" width="1500" /></P><P>The problem is that there are a lot of changes and the responsible person does not have access to the firewall. This should not be changed.</P><P></P><P>So my idea was to use dynamic block lists or dynamic address groups. But I think they support only IPs. Is there a possibility to use FQDN? If not can you tell me another alternative how to reach my goal?</P></BODY></HTML> Tue, 03 Jun 2014 13:46:11 GMT https://live.paloaltonetworks.com/t5/general-topics/dynamic-block-lists-access-groups-with-fqdn-support/m-p/51504#M37890 LCMember17002 2014-06-03T13:46:11Z https://live.paloaltonetworks.com/t5/general-topics/dynamic-block-lists-access-groups-with-fqdn-support/m-p/51505#M37891 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>if changing the security policy each time is not an option you could either try to set up a dynamic address group which you can alter by using API calls:</P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-6672">How to Add an IP Address to a Dynamic Address Group using API</A></P><P></P><P>or set up a domain on your internal DNS server where you can change/add the IP addresses as needed (each fqdn object can contain up to 10 ip addresses)</P><P></P><P>the dynamic address group will probably be the best solution</P><P></P><P></P><P>regards</P><P>Tom</P></BODY></HTML> Tue, 03 Jun 2014 14:57:36 GMT https://live.paloaltonetworks.com/t5/general-topics/dynamic-block-lists-access-groups-with-fqdn-support/m-p/51505#M37891 reaper 2014-06-03T14:57:36Z