EDL in vsys environment

Reply
L4 Transporter

EDL in vsys environment

Hello,

 

We have a pair of 5250 running PANOS 8.1 with 125 vsys.  We want to deploy EDL to block well known attackers.  My understand is the EDL has a limit of 150000 entries for IP list.

 

If I create a shared EDL (type IP list) with 10 entieres and create 2 panorama shared security rules for inbound and outbound for all 125 vsys.  Is that count as 1250 entries or 10 entries? 

 

Thanks,

 

E

L4 Transporter

Re: EDL in vsys environment

Hello there

 

I believe your 150,000 limit is total across the appliance itself, regardless of vsys.

 

so your 10 entries x 125 vsys = 1250 of the total 150,000.

 

 

L7 Applicator

Re: EDL in vsys environment

Hello,

Also try to stay away from IP's unless you know they are super bad. This will reduce the number in your EDL hopefully. For inbound traffic, try a whitelist or blacklist to sites you are hosting and do it by country, do you really need some countries connecting in? For outbound traffic utilize the URL filtering as well as the DNS sinkhole feature. PAN also has a new secure DNS feature or you can use other ones to help in filtering out known bad places.

 

Regards,

L4 Transporter

Re: EDL in vsys environment

I agree with your points.   The logic is to use well known blacklisted IPs and create EDL to load to the firewall.

 

E

L7 Applicator

Re: EDL in vsys environment

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!