- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- EDL problem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-27-2019 03:30 PM
Hi,
I find this error: EDL(my list) Entry not referenced by a rule.
What does it mean? How can I resolve it?
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 07:24 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 02:40 AM
In Objects > External Dynamic Lists you defined an EDL (e.g. you read a list of malicious addresses from some feed), but none of your policies is referencing it. An EDL would probably end up in the Destination Address part of some policy.
Nothing bad, anyway, your firewall is basically just reading an external list of addresses but it's not using that information anywhere.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 06:37 AM
Hi,
I have a rule with many denies IPs. Is maybe for this reason?
Have I to create a special policy for EDL?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 06:53 AM
No. A rule with a statically defined list of IPs is not an "external dynamic list". Your configuration is pointing to an external source of addresses, it is reading it, but it's not using it. You can either remove the list from Objects > External Dynamic lists or use it in a policy (if appropriate, of course).
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 07:21 AM
How can I use it in a policy? In which part of configuration have I to enter?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 07:24 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-28-2019 07:48 AM
I thought it was enough to insert the EDL instead we also need the security rule. Thaks a lot! Only one last question. Why in the standard Paloalto EDL do you see all the IPs in detail, while in my personalized rules I don't see IPs? In this manner I can't insert any exceptions.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-29-2019 01:42 AM
My firewalls exhibit the same behaviour (PanOS 8.1.10), the list is valid, but the GUI shows no addresses in it. Maybe it's a bug?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-29-2019 04:01 AM
Yes that's the problem I meant.
Do you know some good lists to use for blocking malicious IPs?
I found http://plonkatronix.com/plonkatronixBL.txt and this URL https://panwdbl.appspot.com/ (I'm investiganting about this).
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-29-2019 06:08 AM
Not really, I'm sorry. It's something I plan to do, but it's low on my priority list at the moment.
- IPSec VPN certificates in General Topics
- Internet keep disconnect for USERS in GlobalProtect Discussions
- Unusual Issues in Hosted ESXI Environment in General Topics
- Failed to delete Certificate due to references - but I don't want to delete those references in General Topics
- MAC addresses for HA interfaces in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
