This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

EDL object not showing up on dropdown list in policy rule

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

EDL object not showing up on dropdown list in policy rule

Jonathanct
L1 Bithead

‎11-16-2020 03:13 AM

Hi,

PAN version 9.1.0, no Panorama.

I created two EDL - one of type IP List and one of type Domain List.

Both EDL point to an internal webserver which holds the lists.

Both EDL pass the "Test Source URL" check.

 

The IP list works fine, we put it an a policy rule and it blocks as excpected.

I tried to create a rule with the Domain list but it doesn't even show in the selection options in the rule, not for source or destination address.

Only the IP list object shows.

Any ideas?

 

Thanks

0 Likes Likes
4 REPLIES 4

JoergSchuetter
L4 Transporter

‎11-16-2020 03:31 AM

Hello @Jonathanct 

Since it's a URL based edl, you have to use it with "Service/URL Category".

0 Likes Likes

Jonathanct
L1 Bithead
In response to JoergSchuetter

‎11-16-2020 03:47 AM - edited ‎11-16-2020 04:52 AM

Hi @JoergSchuetter ,

So both Domain List EDL and URL List EDL should be put in the "Service/URL Category"?

And just to make sure, my blocking rule would look like that:

 

Source zone: LAN

Source address: any

Dest Zone: WAN

Dest address: any

Application: any

Service/URL Category: my EDL Domain List

Action: Drop

0 Likes Likes

Jonathanct
L1 Bithead
In response to Jonathanct

‎11-16-2020 05:13 AM - edited ‎11-16-2020 05:27 AM

 @JoergSchuetter 

 

Actually, I just tried what you suggested but I can't see my EDL Domain LIst on the "Service/URL Category" tab as well.

 

Also, I'll explain why I wanted to doube check about how to create the rule: 

I tried to create a URL Category object which contains only one URL (let's say example.com)  and I put it in a policy rule like this:

Source zone: LAN

Source address: any

Dest Zone: WAN

Dest address: any

Application: any

Service/URL Category: my URL Category Object

Action: ALLOW

(I put it on Allow because for starters, I just wanted to check who is hitting this rule)

When I followed the rule logs I noticed it is getting loads of hits that doesn't relate to example.com
I'm affraid if I put this rule to Block it will block my outgoing traffic.
 
So same question for thecase of using EDL Domain List.
0 Likes Likes

gshameem
L0 Member
In response to Jonathanct

‎03-24-2021 12:36 AM

 I think for domain based EDL we need to create anti spyware profile and call that profile in security policy.

0 Likes Likes
  • 3009 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks