Importing list of Blocked IP's and URL's into EDL

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Importing list of Blocked IP's and URL's into EDL

L0 Member

Hi,

  I want to be able to quickly blacklist a bunch of URL's and IP's from internal uers going out to the internet. 

  What is the best way to achieve this? Would I just place them all in a file text file, and just import them to a custom External Dynamic List? 

 

Thanks for the help in advanced. 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

lo,

If you really want to setup your own:

https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/use-an-external-dynamic-list-in-po...

However what I typically do is configure the URL filtering to block the not so good sites as well as advertising. Then also use the built-in EDL lists PAN already has. These are dynamically updated and you can test them by attempting to go to those sites, etc.

 

Rolling your own is like the whack-a-mole game and its not much fun.

Regards,

Thank you for the reply. I will try to do that and see how everything works. 

 

 

Cyber Elite
Cyber Elite

@ITSMC24,

I would personally have an EDL for blocked domains and blocked IPs already configured on the firewall so that they can be utilized when you actually need to, not as a replacement for the built-in lists and categorization that @OtakarKlier mentioned but simply in addition to.

This will allow you to quickly block a domain or IP address when needed/requested without actually having to force a commit on the firewall, as the EDL will be updated on whatever schedule you have configured and can be refreshed manually on the firewall outside of that schedule without triggering an actual configuration commit.

  • 275 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!