[BUG] EDL using wrong Service Route

Reply
Highlighted
L2 Linker

[BUG] EDL using wrong Service Route

Hello everybody!

PAN OS build 9.0.3-h3.

 

According to the PAN documentation the "External Dynamic Lists" (Object-> External Dynamic Lists) )are supposed to use "External Dynamic Lists Service Route" (Device-> Setup -> Services -> 'Service Route Configuration').

PA_ServiceRoute_EDL.PNG

 

This doen't seem to be the case since any changes in that area have no effect for EDL.

It seems that 'URLS Updates' Service Route is responsible for any entry withing an EDL.

PA_ServiceRoute_URL_Updates.PNG

 

Changing that specific Route does fix our problem but breaks the native PAN melicoious/high risk/ bulletproof IP fetching system. Which is not the way to go.

PA_ExternalListsO365.PNG

 

Our EDL needs to access an internal only host. Keeping the default settings, it tries to use an external route to access the specific host. We need to change the Route to use the internal interface but without breaking the native PAN Dynamic IP Lists.

Community Team Member

Re: [BUG] EDL using wrong Service Route

Hi @husetech ,

 

Was this bug confirmed by TAC ?

Can you confirm the PAN-OS version you're currently running ?

 

Cheers !

-Kiwi.

 
L2 Linker

Re: [BUG?] EDL using wrong Service Route

Hi @kiwi,,

 

no TAC has not approved this issue as BUG. I have not yet contacted TAC, What is TAC?

And I am very sorry to not have mentioned the version we are using.

We are using the latest PAN OS build 9.0.3-h3.

L4 Transporter

Re: [BUG?] EDL using wrong Service Route

Hi @husetech,

 

As workaround you can try to set service route based on destination:

- Revert EDL and URL filtering service route to default

- In Setup > Services > Service route > Destination put the ip address of the server that you are using in your EDL and select the desired interface

 

It is important that the service route for the service (EDL, URL filtering etc) to be set on default in order for the destination service route to work.

 

 

 

L2 Linker

Re: [BUG?] EDL using wrong Service Route

Worked perfectly, thank you!

So I guess it's not a bug after all but intendet to work like this..

Appriciate the help.

 

Best regards

husetech

L4 Transporter

Re: [BUG?] EDL using wrong Service Route

Hi @husetech,

Well it still sounds like a bug for me. It doesn't make sense to have separate service route for EDL if it using the URL filtering route.

 

Me personally prefer to define any service route using the destination tab. It is bit more flexible - for example when you define two different LDAP servers reachable via different interfaces

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!