I've been experimenting with MineMeld and love it - brilliant product :)
That said, I'm struggling to get a clear idea what the size limit is of each blocklist.
https://live.paloaltonetworks.com/t5/Learning-Articles/How-are-Dynamic-Block-List-Entries-Counted-on... suggests even a PA200 can handle a list with 50k entries but in the same article it suggests a PA3020 has a limit of just 5k entries.
What is the limit please? For exampel the Alienvault reputation feed is approximately 16k entries.
I am reviving this since i have the problem and seems hard to find the correct answer. But PA support told me to run on my 3020 the following command:
admin@PA3020PRI(active-primary)> request system external-list list-capacities
List Type Currently used in policy Total Capacity
IP 50000 50000
Domain 954 50000
URL 50000 50000
Predefined-IP 613 20000
as you can see there is a limit of 50000 ip whether you have 1 or 10 EDLs created you could have 1 EDL with 10000IPs and another with 40000 and you would hit your limit. seems shortsighted in my opinion since most of us would want to ingest threat intelligence from different providers we might be in business with, ALienVault for example had 80000IPs and i could only ingest 50000.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!