IP List for Dynamic Block List is Not Found on Multi-VSYS Configuration

IP List for Dynamic Block List is Not Found on Multi-VSYS Configuration

15925
Created On 09/26/18 13:55 PM - Last Modified 02/07/19 23:40 PM


Resolution


Symptom

Dynamic Block List or External Block List (EBL) does not show list of IP's. For example:

> request system external-list show name DYNAMIC_BLOCKLIST1

Server error : external list file not found

Cause

If Multi-VSYS is enabled on the Palo Alto Networks firewall and the Dynamic Block List is created on another VSYS, then the block list can be viewed by entering the appropriate VSYS. Run the following CLI commands to enter the target VSYS and view the block list:

  1. Verify that multi-vsys is turned on:
    > show system setting multi-vsys
    on
  2. Enter target VSYS
    > set system setting target-vsys vsys1
    Session target vsys changed to vsys1
  3. Display the dynamic block list
    > request system external-list show name DYNAMIC_BLOCKLIST1
    vsys1/DYNAMIC_BLOCKLIST1:
    Next update at: Mon Jul 29 15:00:24 2013
    IPs:
    2.56.0.0/14
    5.72.0.0/14
    5.180.0.0/14
    14.129.0.0/16
    14.192.48.0/21
    14.192.56.0/22
    31.11.43.0/24
    31.14.103.0/24
    31.222.200.0/21

To configure a Dynamic Block List, go tot Objects > Dynamic Block Lists and click Add.

For example:
Screen Shot 2013-09-17 at 6.08.24 PM.png

owner: jlunario
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1qCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language