EBL can be seen by PA3020 in GUI, but cannot be read in CLI

Showing results for 
Show  only  | Search instead for 
Did you mean: 

EBL can be seen by PA3020 in GUI, but cannot be read in CLI

L1 Bithead

I have a pair of 3020s (configured for Active-Passive availability) and I'm trying to build an External Block List. I followed the documentation at Working with External Block List (EBL) Formats and Limitations. My EBL text file looks like this:

nnn.nnn.nnn.nnn 20140514 144338

where nnn is the octet of an IP address. There are several lines like that. None contain any of the special characters mentioned in the documentation.

When I go into the Dynamic Block List area of the GUI, and click the Test Source URL button, I get a pop-up message saying that the "Source URL is accessible". However, when I run an Import job to load the file, and use the CLI to check the output of the job, it show:

Enqueued                 ID         TypeStatus Result Completed


2014/05/14 15:40:15    1792   EBLRefresh   FIN   FAIL 15:41:10


Details:EBL(vsys1/Web Server Attackers) Unable to fetch external list.  Using old copy for refresh.

EBL(vsys1/Web Server Attackers) EBLRefresh job failed. No valid IPs found in list

I have tried added "/32" subnet masks after the IP addresses, and that makes no difference.

Hopefully I'm not missing something obvious. Any suggestions?


If you are using the management interface for this connection, you can also do a tcpdump there to see what's going on.

> tcpdump snaplen 65533 filter "xxxxxxxxxx"

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!