Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Dynamic List for URL Filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Dynamic List for URL Filtering

L2 Linker

Hello,

 

We would like to use the Dynamic list for URL filtering function but we want to pick up the list from an internal web server, the link below says the path with follow the service route for palo udpates but this for us will be out to internet, the web server we want to store the list is internal.

 

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/external-dynamic-list#_72960

 

Is there anyway to do this please?

 

Thanks

 

Ryan

8 REPLIES 8

L5 Sessionator

Just to make sure, you have a URL list on an internal server and you want to have an EDL read from that?

If so, you need to run an internal web server and then put your URL list, in .txt format, on that server. 

Then create a new EDL and point the source to your internal server.

Hi there, thanks for the response.

 

The question is how the Firewall gets to the .TXT file.  From the link in my post, you can see it says that it will use the route configured in the service route configuration for Palo Alto updates, for us this is the internet, BUT the web server with the .TXT file is not on the internet but on an internal server, so I need to direct the Firewall internal to get the .TXT URL list file not via the servcie route configuration?

 

Hope this is clear

 

Thanks


Ryan

@RyanJohnstone,

If your service route doesn't have access to the EDL that you are looking to pull, there isn't a way to grab it. You would need to address that first and get it so that it isn't just thrown out to the internet and allow it the internal access it needs to get the txt file. 

You could get around this by pushing that txt file to something like Pastbin in an automated fashion so that the firewall wouldn't need access to the internal network. That's about as good of a 'solution' as possible. 

L7 Applicator

@RyanJohnstone

You could try to set a custom ip based service route which routes traffic to your internal webserver out of the internal interface.

@RyanJohnstone

Since you included a link for PanOS 7.1, I assume that's what you're using.

Another, more intrusive, option is to upgrade to PanOS 8. It has a separate service route option for EDL.

Is this set under the destination tab of the service route configuraiton?

yes we are on 7.x...we have no plans to go to 8.x as of yet but useful to know this feature is available here, thanks for the response.

 

Ryan


@RyanJohnstone wrote:

Is this set under the destination tab of the service route configuraiton?


Yes

  • 3986 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!