04-02-2015 06:37 AM
Does anyone know how long a custom dynamic block list take to refresh? Is it suppose to refresh\pull every 15 minutes? And if you do a commit does that make the change immediate?
Here is my scenario, we are using a custom dynamic block list to add xp pcs to restrict the internet. When the pc is upgraded to Win7 we than remove the ip from the block list. It is now closing in on an hour and multiple commits and the ips are still acting as if they are still part of this list.
Anyone one know how long before they will not be read as if they are part of the block list?
11-16-2015 07:25 AM
Yes, a commit will cause an EBL refresh. I just tested this on my box and saw the Pan(w)achrome message pop up saying the EBL refresh was successful.
I also use panxapi.py to refresh the list and also to show what addresses are being blocked whenever I want using these two commands in a script. The IP address and my API key are already included in the panrc file so don't need to be included in these commands:
./panxapi.py -Xo 'request system external-list refresh name "DShield_Top_20"'
./panxapi.py -Xo 'request system external-list show name "DShield_Top_20"'
Hope this helps.
11-16-2015 08:49 AM
I would be intrested to know , do many people use this list ?
Informaiton as to who updates this list is a little sparse
11-16-2015 03:07 PM - edited 11-16-2015 03:08 PM
Very handy to block well known scanners to bring down noise coming from internet (OpenBL for example).
In big environments can be used as whitelist instead.
For example script will generate list of (physical) domain controllers to a file and firewalls allow active directory specific applications towards this dynamic block list etc.
11-17-2015 05:53 AM
This list was not practicle for our use so I leveraged the API and the dynamic object group for blocks as changes to these are immediate.
One work around for the dynamic block list is to clone the list 4-5 times and config each list with a different update time interval. This will mitigate the issue of updates once each hour.
There is a feature request in to add additional granularity to the timers and to add an authentication feature as most reptuable black lists subscriptions require authentication.
Once PAN delivers this functionality, the dynamic block list will be of more use.
11-17-2015 07:50 AM - edited 11-17-2015 07:52 AM
EBLs or DBLs that I know of can only be refreshed "Dynamically" once an hour. Via CLI you can manually update them:
" request system external-list refresh name (then the name of your custom list)." The idea to use 4 separare EBLs might be a good idea if you're needing something refreshed more quickly than an hour.
--edit-- didn't see ibaxter's post already describing the above commands.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
