We have a pair of 5250 running PANOS 8.1 with 125 vsys. We want to deploy EDL to block well known attackers. My understand is the EDL has a limit of 150000 entries for IP list.
If I create a shared EDL (type IP list) with 10 entieres and create 2 panorama shared security rules for inbound and outbound for all 125 vsys. Is that count as 1250 entries or 10 entries?
Also try to stay away from IP's unless you know they are super bad. This will reduce the number in your EDL hopefully. For inbound traffic, try a whitelist or blacklist to sites you are hosting and do it by country, do you really need some countries connecting in? For outbound traffic utilize the URL filtering as well as the DNS sinkhole feature. PAN also has a new secure DNS feature or you can use other ones to help in filtering out known bad places.
I agree with you. Palo Alto has built in ones you can use. Here is also a list of ones I use. However I rarely get hits on these policies.
Source on PAN support:
Sans notes on this:
Others listed on this site:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!