topic Re: Custom Dynamic Block List in General Topics

Custom Dynamic Block List

lewis — Thu, 02 Apr 2015 13:37:10 GMT

Does anyone know how long a custom dynamic block list take to refresh? Is it suppose to refresh\pull every 15 minutes? And if you do a commit does that make the change immediate?

Here is my scenario, we are using a custom dynamic block list to add xp pcs to restrict the internet. When the pc is upgraded to Win7 we than remove the ip from the block list. It is now closing in on an hour and multiple commits and the ips are still acting as if they are still part of this list.

Anyone one know how long before they will not be read as if they are part of the block list?

Re: Custom Dynamic Block List

lewis — Thu, 02 Apr 2015 13:42:44 GMT

Sorry got a head of myself, On the actual list I can set the pulling times but I guess my question does a commit override the pulling time?

Re: Custom Dynamic Block List

ibaxter — Mon, 16 Nov 2015 15:25:18 GMT

Yes, a commit will cause an EBL refresh. I just tested this on my box and saw the Pan(w)achrome message pop up saying the EBL refresh was successful.

I also use panxapi.py to refresh the list and also to show what addresses are being blocked whenever I want using these two commands in a script. The IP address and my API key are already included in the panrc file so don't need to be included in these commands:

./panxapi.py -Xo 'request system external-list refresh name "DShield_Top_20"'
./panxapi.py -Xo 'request system external-list show name "DShield_Top_20"'

Hope this helps.

Re: Custom Dynamic Block List

RC-BHF — Mon, 16 Nov 2015 16:49:46 GMT

I would be intrested to know , do many people use this list ?

Informaiton as to who updates this list is a little sparse

Re: Custom Dynamic Block List

Raido_Rattameister — Mon, 16 Nov 2015 23:08:28 GMT

Very handy to block well known scanners to bring down noise coming from internet (OpenBL for example).

In big environments can be used as whitelist instead.

For example script will generate list of (physical) domain controllers to a file and firewalls allow active directory specific applications towards this dynamic block list etc.

Re: Custom Dynamic Block List

Gun-Slinger — Tue, 17 Nov 2015 13:53:20 GMT

This list was not practicle for our use so I leveraged the API and the dynamic object group for blocks as changes to these are immediate.

One work around for the dynamic block list is to clone the list 4-5 times and config each list with a different update time interval. This will mitigate the issue of updates once each hour.

There is a feature request in to add additional granularity to the timers and to add an authentication feature as most reptuable black lists subscriptions require authentication.

Once PAN delivers this functionality, the dynamic block list will be of more use.

Re: Custom Dynamic Block List

Brandon_Wertz — Tue, 17 Nov 2015 15:52:11 GMT

EBLs or DBLs that I know of can only be refreshed "Dynamically" once an hour. Via CLI you can manually update them:

" request system external-list refresh name (then the name of your custom list)." The idea to use 4 separare EBLs might be a good idea if you're needing something refreshed more quickly than an hour.

--edit-- didn't see ibaxter's post already describing the above commands.