For details on cookie usage on our site, read our Privacy Policy
External Dynamic Lists not working
- LIVEcommunity
- Discussions
- General Topics
- External Dynamic Lists not working
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
External Dynamic Lists not working
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2016 08:46 AM
Hi all,
I have configured EDL of type Dynamic URL Lists with the next configuration
Then in URL filtering profile the ransomwaretracker_URL category is configured as BLOCK and the Profile is applied in the Security rule.
It seems configured correctly, I can list the EDL in CLI, but if I try to go to listed URL, it does not blocked.
PAN is working with 7.1.2 version.
Thanks,
Jordi
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2016 08:51 AM - edited 10-17-2016 08:55 AM
Hi Jordi,
Can you remove the 'https://' and try that? The documentation says not to use this prefix.
Can you also check your traffic logs and security policies and see if the allowed traffic is hitting a rule above or below the rule you have configured?
Try this command to see if your EDL has populated ok:
> request system external-list show type url (EDL name)
You can add your list to a URL filtering profile and add that profile to the policy:
hope this helps,
Ben
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2016 09:28 AM
Does it work as expected if you build a Deny rule with your EBL as the source address? This list is also 4992 entries which may be pushing the number of address objects you can push in one EBL. If you have anything less than a 3050, 3060, or a 5020 and up then you aren't going to be able to use this list.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2016 11:38 AM - edited 10-17-2016 12:07 PM
It is a bit away from the original post/question but I recall a discussion here about the limit of entries :
- IP address—The PA-5000 Series and the PA-7000 Series firewalls support a maximum of 150,000 total IP addresses; all other platforms support a maximum of 50,000 total IP addresses. No limits are enforced for the number of IP addresses per list.
- URLs and domain names—a maximum of 50,000 URLs and 50,000 domains are supported on each platform, with no limits enforced on the number of entries per list.
More info here:
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-17-2016 12:01 PM
@TranceforLife I believe those limits only cover 7.1. I've always gone off of what's listed here https://live.paloaltonetworks.com/t5/Learning-Articles/Working-with-External-Block-List-EBL-Formats-... unless people actually point out that they are running 7.1.* since most people seem to be ignoring it for now.
- I need answer for this question . in Next-Generation Firewall Discussions
- Global protect VPN disconnecting multiple times in GlobalProtect Discussions
- How to get/send DNS logs to on-prem SIEM -- DNS Proxy + DNS Security in General Topics
- Cortex XDR Blockage activity in Cortex XDR Discussions
- Enforcing Global Protect only on remote sessions in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
