External list not populating

cancel
Showing results for 
Search instead for 
Did you mean: 

External list not populating

L4 Transporter

I have a simple ask to pull a list of IPs from an external txt file into a PAN.   I can reach the URL and its simply a text file with CIDRs separated by lines.  However, when looking at the list entries and exceptions its blank.   I seem to have the same problem with a domain list as well.  Has anyone done this before and can point me in the right direction? 

 

The formatting is like below: 

drewdown_0-1621012597299.png

 

7 REPLIES 7

Cyber Elite
Cyber Elite

@drewdown,

PAN actually publishes documentation on how you should be formatting EDLs so that the firewall can read it properly. I'd also recommend looking into MineMeld. 

Formatting Guidelines for an External Dynamic List (paloaltonetworks.com)

L4 Transporter

Hi @drewdown ,

 

Make sure you are using this EDL in the policy, else PA will not fetch the EDL. If it present in the policy already , checking the ms.log might help.

I use minemeld already for o365 and the like but its a pain to setup.  

That is one thing I didn't have, a policy referencing the EDL so I will set one up and see if it works. 

Ok so now I can't seem to reference the external domain list in an policy.  It doesn't show up as a destination or source.  Anyone know why? 

@drewdown,

That usually points towards one of two issues:

1. The EDL isn't actually configured correctly and you aren't using the proper type so it's not showing where you expect it to.

2. The GUI is bugged out and it's just not filling the autocomplete. This can usually be resolved by clearing the cache, and potentially restarting management. You can also try just manually specifying the entry in the XML or CLI and see if the configuration validates properly. Sometimes that's all you need to do to kinda "force" it.

I figured it out by trial and error. 

 

So an EDL for DOMAINS can only be attached to an anti-spyware profile and after you do that it will populate the list of domains on the EDL itself.  Until you do that it will complain about it not being referenced by a policy but you don't reference in a policy per se, its attached to anti-spyware profile on a policy.

 

PAN documentation is so convoluted that it took me a couple days to figure out the difference between an EDL for IPs for DOMAINS and how to implement them correctly. 

 

drewdown_0-1621432318040.png

 

drewdown_1-1621433257902.png

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!