Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

EDL Capacity of NGFW Firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

EDL Capacity of NGFW Firewalls

L2 Linker

I have a PA-220 that appears to have maxed out it's EDL capacity for URLs.  In looking for a replacement as the PA-220 hits EOL, I need to be able to check the EDL capacity of each model, but the two EDL capacity articles I found don't reference the 1400 series firewalls.  Does anyone know if the URL EDL capacity of a PA-1410 is larger than the EDL capacity of a PA-440/PA-445?   (Noting specific models since the PA-410 has lower capacity than the PA-440).

 

Thanks!

1 accepted solution

Accepted Solutions

6 REPLIES 6

L2 Linker

Oh, I'd also be interested in approximate or comparable reboot times for the PA-1410 and the PA-400 series (except the PA-410).  The 25 minutes for a PA-220 to reboot is enough to consider going to a slightly more expensive model if it boots in half the time of another model.

L5 Sessionator

There's a limit of 30 distinct EDLs for all models. The number of entries allowed in the EDLs varies by model.

External Dynamic List (paloaltonetworks.com)

 

I guess I need to be more explicit.  I am getting an error that an EDL has exceeded its 25000 URL limit on the PA-220.  I have plenty of room for more EDLs, but not for URLs in those EDLs.  The link you provided does not list the number of entries allowed on the 1400 series.  

 

The information I am explicitly looking for is the number of URL entries allowed on a PA-1410. 

What happens if 30 EDLs are pushed to the FW, but the FW policies are only using 15 of those EDLs.  Technically, the FW doesn't pull the EDL if the EDL is not used in a policy anywhere.  So if the FW is only using 15 of the 30, can it actually take 15 more (that are used in other policies)....or is the limit simply just 30 objects regardless of whether or not they are used?

In my experience if you define more than 30 some or all of them will not read the external list.  I'd stay under the limit!

 

Eric

  • 1 accepted solution
  • 1943 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!