We have already configured the EDL feature in Palo Alto but the following behavior of Palo Alto has been observed while accessing the digital App and digital.com from the internet using 03 different blacklisted public IPs by Spamhaus (which is also used by Palo Alto).
Two of them are allowed while one IP is blocked, while the Palo Alto Spamhaus list (panwdbl.appspot.com) showing only 01 blacklist IP from below 03 IP,
why those IPs are not included in the PANWDB List which is already listed by Spamhaus as a blacklisted IP
when we checked the IPs on their website (https://www.spamhaus.org/lookup/) they are showing the IP are in blocked list lookup results. Imaged are pasted in the below table for review.
Per the other response I provided, I believe this information should be created in a web ticket, and have TAC forward this information over to Unit 42, which the group responsible for Threat Intelligence.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!