Already the specified Malicious URL getting a block from URL Filtering and detected in Threat Prevention with action.
it’s a dynamic FQDN/IP that has to block from the security rule base too, but the does not want to add each IP to block as he received every time.
looking for a solution where the dynamic IP can be blocked from the firewall itself so that adding the dynamic IPs or FQDN can be avoided.
apart from EDL there any other option to block the dynamic IP and URL can be block.
dynamic IPs, only common is abc.com rest of are keep on change.
If the URL filter is flagging it and blocking it, why would you want to block the IP as well? Most sites are hosted by a provider and can we attached to many different sites. Just follow the best practice for URL filtering and DNS sinkhole and let the firewall send telemetry back to PAN so they can update their data bases.
Hope that makes sense.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!