New Palo Alto User - Dynamic Block List

Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Palo Alto User - Dynamic Block List

Not applicable

Hi there,

I just got a new Palo Alto and I would like to load some IPs in a Dynamic Block List.  I have set up a Windows IIS Webserver on an old Server 2003 box with an IP  I have the site up and working and anoymous users can connect to it by going to  The document test.txt and is formatted like so:

When I configure the Dynamic Block List and click "Test URL"  I get URL Access Error.  If I use a non-domain account or computer on the network and type the URL as above I get access to the site.  Can anyone advise what I am missing to get this to work?  I have tried turning off the firewall, I can connect with anoymous users, there are no error logs on the server, wireshark doesn't show any attempt or traffic from the firewall IP when I click test URL.

Thanks for any advice!


My problem was fixed by adding a service route under device, service tab and then clicking add service route.  In this section I had to add info specifying that the PA use internal interface to reach my web server rather than the management IP.  This was pretty easy and it worked immediately after the commit.

Thanks to everyone who responded.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!