I'm wanting to use the new Palo Alto provided dynamic IP lists to block known malicious or high risk IPs but, when creating a security policy, I can't seem to get it to appear in the list for selection. I've tried copy/pasting the name in there and it just shows the red underline.
I'm doing this in 8.0.7 Panorama and both of my firewalls are on that version as well.
First I would verify that under External Dynamic Lists the 'Palo Alto Networks - Known malicious IP addresses' and 'Palo Alto Networks - high risk IP addresses' are actually present.
Then when you build out the security policy rule it should be present if you just start typing in Palo it should populate in the drop down box under 'External Dynamic List'.
I don't think you would get these options unless you're installing dynamic updates. Perhaps reinstalling would solve the issue for you @jsalmans? I'm not sure to be honest, its pretty weird to be presented the EDLs but not being able to utilize them. Usually people are missing them because they haven't installed the correct updates yet.
We've done several PANOS updates on Panorama since this feature was included and I do an install of Contents and Apps updates just a few days after they come out usually.
Here is the lists:
Here is when I try to add them to a security rule:
I can't scroll down any further and the EDL section never appears. If I search for something that uses one of my custom EDLs then those appear but never the predefined ones.
The predefined ones are also set as read-only.. I can move IPs into the exception list but I can't save the EDL after that (not sure if this is expected behavoir).
How do I go about completely re-installing content updates?
I've got too many objects with "IP" in the name... the bottom of this list just recommended to filter further.
I updated to 8.0.8 and searching for "Palo" or "Alto" still didn't work, however, searching for "known" and "risk" did. Oddly, searching for "malicious" didn't seem to work.
Still not sure why this is but at least I can find them by searching for those alternate key words.
I've found the auto-complete searching to be ... interesting ... to use.
Some fields do a case-insensitive search for sub-strings.
Some fields do a case-sensitive search for complete words only (with punctuation/dashes as word separators). Like the IPv4 field in a Network Interface configuration dialog.
Some fields do a case-insensitive search starting at the beginning of the field (no sub-string search).
Some fields do a case-sensitive search starting at the beginning.
Some fields will only allow a single search, so if you do a typo that results in 0 matches, it will not do any further searches until you close/re-open the dialog (the NAT Policy editor is the worst offender here).
It's very hit-and-miss on what kind of search is supported within each auto-completable field. 😞 And is a constant source of frustration when trying to use Address Objects everywhere. 😞
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!