- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-18-2018 06:56 AM
Hello,
We would like to use the Dynamic list for URL filtering function but we want to pick up the list from an internal web server, the link below says the path with follow the service route for palo udpates but this for us will be out to internet, the web server we want to store the list is internal.
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/external-dynamic-list#_72960
Is there anyway to do this please?
Thanks
Ryan
04-18-2018 07:59 AM
Just to make sure, you have a URL list on an internal server and you want to have an EDL read from that?
If so, you need to run an internal web server and then put your URL list, in .txt format, on that server.
Then create a new EDL and point the source to your internal server.
04-18-2018 08:16 AM
Hi there, thanks for the response.
The question is how the Firewall gets to the .TXT file. From the link in my post, you can see it says that it will use the route configured in the service route configuration for Palo Alto updates, for us this is the internet, BUT the web server with the .TXT file is not on the internet but on an internal server, so I need to direct the Firewall internal to get the .TXT URL list file not via the servcie route configuration?
Hope this is clear
Thanks
Ryan
04-18-2018 08:30 AM
If your service route doesn't have access to the EDL that you are looking to pull, there isn't a way to grab it. You would need to address that first and get it so that it isn't just thrown out to the internet and allow it the internal access it needs to get the txt file.
You could get around this by pushing that txt file to something like Pastbin in an automated fashion so that the firewall wouldn't need access to the internal network. That's about as good of a 'solution' as possible.
04-18-2018 08:33 AM
You could try to set a custom ip based service route which routes traffic to your internal webserver out of the internal interface.
04-18-2018 08:34 AM - edited 04-18-2018 08:35 AM
Since you included a link for PanOS 7.1, I assume that's what you're using.
Another, more intrusive, option is to upgrade to PanOS 8. It has a separate service route option for EDL.
04-18-2018 08:45 AM
Is this set under the destination tab of the service route configuraiton?
04-18-2018 08:46 AM
yes we are on 7.x...we have no plans to go to 8.x as of yet but useful to know this feature is available here, thanks for the response.
Ryan
04-18-2018 08:51 AM
@RyanJohnstone wrote:Is this set under the destination tab of the service route configuraiton?
Yes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!