08-29-2017 07:41 AM
I'm not positive if you can directly from the PA itself or if you'll have to incorporate MineMeld to get it to read the RSS feeds and output into something usable by your PA. You can give it a try on your PA and see if it can do so directly without MineMeld fairly easily through CLI commands, if you're running 8.0 it's even easier since you can look at listings directly from the GUI
08-30-2017 02:14 PM
Pretty sure the Dynamic Lists need to be just IP/netmask, one per line, which means RSS won't work (too much XML crap in the way). You'd need to do all the RSS downloading, processing, and whatnot to generate a text file of the proper format for use with Dynamic Lists on a separate server, than make that file available for download from the firewall.
There's also a limitation (at least in PanOS 6.1.x) on the number of lines in a Dynamic List, so if it's longer than that, you need to manually split it into multiple files, and configure the firewall to download each one separately.
We have a process that grabs a "active hack attempts from these IPs/subnets in the past week" list from the Internet, massages it into the correct form, and splits it into multiple files. The firewall is configured to download up to 9 files, add them all to a group, and use that group in the Security Policies.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!