09-17-2024 06:37 PM
Hi dear all,
When I use /api/?type=op&cmd=<request><system><external-list><global-find><string></string></global-find></exte... to search EDL with entry string, I can only search with IP list, for example, <request><system><external-list><global-find><string>5.167.66.138</string></global-find></external-list></system></request>, and I can get global find result as below:
<response status="success">
<result>
<line>/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/external-list/entry[@name='blocklistde-all.list']</line>
</result>
</response>
However, when I try to find URL or domain string, it cannot return any match even though the string is in the EDL entry list. Neither can I get global find result on FW UI.
May I know if any of you have such experience?
Thanks
09-18-2024 02:22 AM
Hi @jyao ,
I believe this works for IP address only by design.
The firewall CLI also does not show the result of the command request system external-list global-find string "fqdn"
If you want to have this added as a feature request please reach out your local SE to create this feature request for you after which you and others can add their vote to it.
Kind regards,
-Kim.
09-18-2024 02:22 AM
Hi @jyao ,
I believe this works for IP address only by design.
The firewall CLI also does not show the result of the command request system external-list global-find string "fqdn"
If you want to have this added as a feature request please reach out your local SE to create this feature request for you after which you and others can add their vote to it.
Kind regards,
-Kim.
09-18-2024 02:42 AM
Hi @jyao ,
That is a great question, and the PANW documentation could be improved to make the answer more clear.
You said "Neither can I get global find result on FW UI." I assume that means the List Entries and Exceptions tab in the EDL configuration is blank. The NGFW will not retrieve the contents of an EDL until it is enforced in a policy. (An EDL will always be blank on Panorama since it doesn't perform a lookup.)
Once the EDL is enforced in a policy the NGFW will retrieve the contents at the 1st commit and then the specified interval. If the entries are still blank use the Test Source URL button to make sure it works and use a browser to verify it has entries.
This previous Live Community post is helpful. https://live.paloaltonetworks.com/t5/general-topics/external-list-not-populating/td-p/406809
If anyone in the Live Community sees that I missed something, please let me know! I will edit this post.
Thanks,
Tom
09-24-2024 03:54 PM
Hi Tom,
Thank you for your reply. I have attached EDL to a policy and enforce it, and I can EDL entries with XML api cmd=<request><system><external-list><show><type><{type}><num-records>1000</num-records><name>{name}</name></{type}></type></show></external-list></system></request>.
However, when I use '/api/?type=op&cmd=<request><system><external-list><global-find><string>{{EDLEntryString}}</string></global-find></external-list></system></request>', I can only search IP string, but not domain or URL string can be searched. According to Kim's comment, this endpoint only works for IP addresses by design.
Thanks again
Jonathan
09-24-2024 05:34 PM
Hi Tom,
May I know if I can get ip/url/domain EDL entries on Panorama? As I can only see predefined-ip amd predefined-url types on my Pamorama instance, I am sure if it relates to my Pamorama license.
When I try to get entries of my custom EDL, the API returns below error:
Thanks for your comments.
Jonathan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
