05-29-2025 08:03 PM
How we can increase the External Dynamic List (EDL) max IP limit ?
For example: PA 3420 has 50,000 IP limit, how we can increase this limit in EDL ?
05-29-2025 09:01 PM
Hi @Mitesh_Nandu ,
EDL limits are platform based so you can't increase the limit however you can review your eld list and optimise it as per your requirement.
https://www.paloaltonetworks.com/products/product-selection
06-05-2025 05:41 PM
Thanks @mshekh & @reaper for reply....
Want to understand EDL working.
In our environment we are having 3 custom edl url IP list, in each url IP list having 50000 IP entries. In this scenario what will happens ?
Will PA only read custom list 1 & block all the IPs in that list or PA will read all the custom list & block any 50000 IPs.
06-05-2025 05:41 PM
Thanks @mshekh & @reaper for reply....
Want to understand EDL working.
In our environment we are having 3 custom edl url IP list, in each url IP list having 50000 IP entries. In this scenario what will happens ?
Will PA only read custom list 1 & block all the IPs in that list or PA will read all the custom list & block any 50000 IPs.
06-06-2025 11:19 AM
Hello,
That is a lot of entries. What are you attempting to achieve? Use the Regions in the security policies to allow/block certain countries. However playing IP whack a mole is futile.
Regards,
06-06-2025 09:52 PM
I don't have an answer to your question regarding how PAN-OS handles reaching the object limit for an EDL, but I have to question if a 50,000 object EDL is actually being used efficiently. Do you actually utilize an EDL that needs to be 50,000 objects that couldn't be condensed into ranges to help cut back on the object count (IE: do you aggregate and dedupe them?) Do you just keep every single address you've identified ever in the EDL without aging anything out?
If you detail what these are actually being used for a bit more maybe collectively we would have some ideas to help you live within the limitation, or as @reaper pointed out your business requirements may just simply mandate that the 3420 wasn't a good fit and maybe your EDL usage needed a 5420 where you could have 150,000.
150,000 addresses really is the max regardless of platform as far as I'm aware however and I'm slightly concerned that you may essentially have 150,000 entries based off of your questioning. That is a big reason why I would maybe work on either trimming that down or putting something simple like an IP blocklist on your router(s) upstream from your actual firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
