04-26-2018 01:53 AM
Hello,
We have recently upgraded our FW to PanOS 8.x (currently running 8.0.8) and we want to use the newly added feature that enable to add exceptions in External Dynamic List.
However it doesn't seem to work since the configured IP we put in exceptions (in a IP list) are still blocked by our policy.
Did you try this and does it work for you ?
04-26-2018 06:09 AM
I don't usually use this feature as I find it easier to simply do this directly on MineMeld, but I just tested it on one of my firewalls and it seems to be functioning correctly. Just wondering if you remembered to actually commit the change for it to take effect, as it does add an exception-list entry into the configuration.
04-26-2018 06:28 AM
Thanks for your answer.
We are not using Minemeld yet but we are looking at it.
I did the commit of course also the exception has been added to the config.
04-26-2018 06:48 AM
Odd. With the exception in place I would suspect that this would allow the traffic as it should, so you might want to open a TAC case if this is something that you actually need to function so they can take a look at your particular device to see why it may not be working.
Personally I would really look at simply setting up the lists in question through minemeld and going that route. It's easy to configure and is generally more customizable and allows a lot of automation to take place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
