This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How do you use the new predefined Dynamic IP lists?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do you use the new predefined Dynamic IP lists?

Go to solution
jsalmans
L4 Transporter

‎03-15-2018 07:15 AM

Greetings all,

 

I'm wanting to use the new Palo Alto provided dynamic IP lists to block known malicious or high risk IPs but, when creating a security policy, I can't seem to get it to appear in the list for selection.  I've tried copy/pasting the name in there and it just shows the red underline.

 

I'm doing this in 8.0.7 Panorama and both of my firewalls are on that version as well.

 

Thanks!

1 person had this problem.
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
emr_1
L5 Sessionator
In response to jsalmans

‎03-18-2018 06:25 PM - edited ‎03-18-2018 07:30 PM

Hi, 

 

Your keyword 'Palo' is not good choice. Try with blank or other word.

FYI: I could search by 'IP'.

 

Image 1.png

 

Note: I used Panorama v8.0.7 and 'Palo' did not work.

 

Note2: If I use 'Palo' on my PA-220 v8.0.8, it filtered as expected. It might be a bug on Panorama.

 

View solution in original post

1 person found this solution to be helpful.
11 REPLIES 11

Go to solution
BPry
Cyber Elite
Cyber Elite

‎03-15-2018 07:49 AM

First I would verify that under External Dynamic Lists the 'Palo Alto Networks - Known malicious IP addresses' and 'Palo Alto Networks - high risk IP addresses' are actually present. 

Then when you build out the security policy rule it should be present if you just start typing in Palo it should populate in the drop down box under 'External Dynamic List'. 

Capture.PNG

0 Likes Likes

Go to solution
jsalmans
L4 Transporter
In response to BPry

‎03-15-2018 07:52 PM

@BPry that's how I would expect it to work but the EDLs aren't showing up.  EDLs I've custom created do.

 

I can go to the EDL page and view the Palo Alto predifined lists.

0 Likes Likes

Go to solution
Remo
L7 Applicator
In response to jsalmans

‎03-15-2018 11:04 PM

Hi @jsalmans

 

Do you have installed dynamic updates on panorama and if yes maybe a reinstall of the dynamic apps and threats update?

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite
In response to Remo

‎03-16-2018 07:22 AM

@Remo,

I don't think you would get these options unless you're installing dynamic updates. Perhaps reinstalling would solve the issue for you @jsalmans? I'm not sure to be honest, its pretty weird to be presented the EDLs but not being able to utilize them. Usually people are missing them because they haven't installed the correct updates yet. 

0 Likes Likes

Go to solution
jsalmans
L4 Transporter
In response to BPry

‎03-16-2018 11:18 AM

We've done several PANOS updates on Panorama since this feature was included and I do an install of Contents and Apps updates just a few days after they come out usually.

 

Here is the lists:

lists.png

 

Here is when I try to add them to a security rule:

security_policy.png

 

I can't scroll down any further and the EDL section never appears.  If I search for something that uses one of my custom EDLs then those appear but never the predefined ones.

 

The predefined ones are also set as read-only.. I can move IPs into the exception list but I can't save the EDL after that (not sure if this is expected behavoir).

 

How do I go about completely re-installing content updates?

0 Likes Likes

Go to solution
emr_1
L5 Sessionator
In response to jsalmans

‎03-18-2018 06:25 PM - edited ‎03-18-2018 07:30 PM

Hi, 

 

Your keyword 'Palo' is not good choice. Try with blank or other word.

FYI: I could search by 'IP'.

 

Image 1.png

 

Note: I used Panorama v8.0.7 and 'Palo' did not work.

 

Note2: If I use 'Palo' on my PA-220 v8.0.8, it filtered as expected. It might be a bug on Panorama.

 

1 person found this solution to be helpful.

Go to solution
jsalmans
L4 Transporter
In response to emr_1

‎03-18-2018 07:23 PM

I've got too many objects with "IP" in the name... the bottom of this list just recommended to filter further.

 

I updated to 8.0.8 and searching for "Palo" or "Alto" still didn't work, however, searching for "known" and "risk" did. Oddly, searching for "malicious" didn't seem to work.

 

Still not sure why this is but at least I can find them by searching for those alternate key words.

0 Likes Likes

Go to solution
fjwcash
L4 Transporter
In response to jsalmans

‎03-22-2018 11:25 AM - edited ‎03-22-2018 11:27 AM

I've found the auto-complete searching to be ... interesting ... to use.

 

Some fields do a case-insensitive search for sub-strings.

 

Some fields do a case-sensitive search for complete words only (with punctuation/dashes as word separators).  Like the IPv4 field in a Network Interface configuration dialog.

 

Some fields do a case-insensitive search starting at the beginning of the field (no sub-string search).

 

Some fields do a case-sensitive search starting at the beginning.

 

Some fields will only allow a single search, so if you do a typo that results in 0 matches, it will not do any further searches until you close/re-open the dialog (the NAT Policy editor is the worst offender here).

 

It's very hit-and-miss on what kind of search is supported within each auto-completable field.  😞  And is a constant source of frustration when trying to use Address Objects everywhere.  😞

0 Likes Likes

Go to solution
Sec101
L4 Transporter
In response to fjwcash

‎03-22-2018 12:15 PM

Try to pull these up in panorama ---they don't populate---they only show on the local firewall

0 Likes Likes

Go to solution
elangeland
L1 Bithead
In response to emr_1

‎06-06-2018 07:42 PM

I am seeing the same thing with version 8.0.10 on Panorama - the EDLs show up if I type "known" or "high", but not "palo". On the firewalls (version 8.0.9) the EDL objects show up if I type "Palo".

0 Likes Likes

Go to solution
Sec101
L4 Transporter
In response to elangeland

‎06-07-2018 06:11 AM

"known" or "high" appears to be the answer here, as I do then see the list populate as expected.  Thank you for the input!

0 Likes Likes
  • 1 accepted solution
  • 7046 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks