https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67969#M39749 <P>Hi there...This is extracted from the 7.0 admin guide. &nbsp;You can have 10 DBL lists.</P> <P><IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/1134iE849D815652BCBF6/image-size/medium?v=mpbl-1&amp;px=-1" border="0" alt="DBL.JPG" title="DBL.JPG" /></P> <P>&nbsp;</P> <P>2) Yes, the maximum number of entries (in your case 25,000) is for the entire device, and is shared across the allow list, block list, and custom URL categories.</P> <P>3) The DBL is separate from the max address.</P> <P>&nbsp;</P> <P>Thanks.</P> Wed, 11 Nov 2015 21:23:37 GMT rmonvon 2015-11-11T21:23:37Z https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67834#M39686 <P>Hello.</P> <P>&nbsp;</P> <P>I want to know my question what address and EBL maximum from you.</P> <P>&nbsp;</P> <P>1.</P> <P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411</A></P> <P>The above documnet describes&nbsp;"<SPAN> Each imported </SPAN><SPAN class="lia-search-match-lithium">list</SPAN><SPAN> can contain up to 5,000 IP addresses (IPv4 and/or IPv6), IP ranges, or subnets."&nbsp;</SPAN></P> <P><SPAN>How many can FW creat&nbsp;lists? What are Miximum?</SPAN></P> <P>&nbsp;</P> <P><SPAN>2.&nbsp;</SPAN></P> <P>I checked the result of the following CLI output,</P> <P>show system state filter cfg.general.max*</P> <P>-&gt;<SPAN>cfg.general.max-blacklist : 25000</SPAN></P> <P>&nbsp;</P> <P>Is the above black list about URL Filtering?&nbsp;</P> <P>I found a below discussiton</P> <P><A href="https://live.paloaltonetworks.com/t5/General-Topics/Size-limit-for-URL-block-list/m-p/27631/highlight/true#M20144" target="_blank">https://live.paloaltonetworks.com/t5/General-Topics/Size-limit-for-URL-block-list/m-p/27631/highlight/true#M20144</A></P> <P>Right?</P> <P>&nbsp;</P> <P>3.&nbsp;</P> <P>This question is important.</P> <P>PA-3020 can have miximum 5000 address.</P> <P>"<SPAN class="s1">cfg.general.max-address: 5000"</SPAN></P> <P>I want to know whether this vaule inculde EBL list or exclude it.</P> <P>And</P> <P>PA can make security rules without address objects.</P> <P>When FW can create to write IP on security rules, How many can I make IPs without address object?&nbsp;</P> <P>What are maximum? Are this maximum &nbsp;included "max-address : 5000"?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>KC Lee</P> Mon, 09 Nov 2015 10:17:15 GMT https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67834#M39686 KiCheon.Lee 2015-11-09T10:17:15Z https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67969#M39749 <P>Hi there...This is extracted from the 7.0 admin guide. &nbsp;You can have 10 DBL lists.</P> <P><IMG src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/1134iE849D815652BCBF6/image-size/medium?v=mpbl-1&amp;px=-1" border="0" alt="DBL.JPG" title="DBL.JPG" /></P> <P>&nbsp;</P> <P>2) Yes, the maximum number of entries (in your case 25,000) is for the entire device, and is shared across the allow list, block list, and custom URL categories.</P> <P>3) The DBL is separate from the max address.</P> <P>&nbsp;</P> <P>Thanks.</P> Wed, 11 Nov 2015 21:23:37 GMT https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67969#M39749 rmonvon 2015-11-11T21:23:37Z https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67991#M39762 <P>Hi,</P> <P>&nbsp;</P> <P>Thanks for your anwer.</P> <P>May I ask you question more further?</P> <P>&nbsp;</P> <P>About No.3 question I asked.</P> <P>I heard from someone what one DBL list place in one of &nbsp;all address object.</P> <P>You meaned one DBL list does not equal one address object. Right?</P> <P>&nbsp;</P> <P>And a new question.</P> <P>Please look at the following document.</P> <P><A href="https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411" target="_blank">https://live.paloaltonetworks.com/t5/Configuration-Articles/Using-IP-Address-Lists-on-Palo-Alto-Networks-Policies/ta-p/57411</A></P> <P>This doc describes "<SPAN> Each imported </SPAN><SPAN class="lia-search-match-lithium">list</SPAN><SPAN> can contain up to </SPAN><SPAN class="lia-search-match-lithium">5,000</SPAN><SPAN> IP addresses (IPv4 and/or IPv6), IP ranges, or subnets."</SPAN></P> <P><SPAN>But It is different between the above sentence and a result I tested.</SPAN></P> <P><SPAN>PA-200 can have 2200 lines of one DBL list [2500(max addresses) - 300(system register IPs)]</SPAN></P> <P><SPAN>PA-3020 can have 4700 lines of one DBL list&nbsp;<SPAN>[5000(max addresses) - 300(system register IPs)]</SPAN></SPAN></P> <P>What is the truth between all platform can have 5,000 or each models can have each other mas address without 300?</P> <P>&nbsp;</P> <P>I hope let me know it.</P> <P>Thanks.</P> Thu, 12 Nov 2015 01:12:04 GMT https://live.paloaltonetworks.com/t5/general-topics/about-address-and-ebl-limitation-for-maximum/m-p/67991#M39762 KiCheon.Lee 2015-11-12T01:12:04Z