Block Dynamic Domain from Security Rulebase

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block Dynamic Domain from Security Rulebase

L4 Transporter

Already the specified Malicious URL getting a block from URL Filtering and detected in Threat Prevention with action.

it’s a dynamic FQDN/IP that has to block from the security rule base too, but the does not want to add each IP to block as he received every time.

looking for a solution where the dynamic IP can be blocked from the firewall itself so that adding the dynamic IPs or FQDN can be avoided.


apart from EDL there any other option to block the dynamic IP and URL can be block.


As the URL receives example.. / / / / with

dynamic IPs, only common is rest of are keep on change.


Cyber Elite
Cyber Elite


Depending on what the domain is, a custom vulnerability signature could work. 

Thanks for the update.


It's a public domain website. and already firewall see has a vulnerability for this site.


If the URL filter is flagging it and blocking it, why would you want to block the IP as well? Most sites are hosted by a provider and can we attached to many different sites. Just follow the best practice for URL filtering and DNS sinkhole and let the firewall send telemetry back to PAN so they can update their data bases.


Hope that makes sense.

L2 Linker

DNS Security feature can detect similar domain

  • 4 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!