Hi PerTenggren, Thanks for posting in the community forums! I tested this out. Verify if the firewall is also running 8.0. I can replicate this behavior if the Panorama is 8.0 while the firewall is pre-8.0. Secondly, check from the firewall itself, if you are able to create a EDL(with https link) and associate a certificate profile. This is an excerpt from the Admin Guide of the Panorama: If the external dynamic list has an HTTPS URL, select an existing certificate profile (firewall and Panorama) or create a new Certificate Profile (firewall only) for authenticating the web server that hosts the list. For more information on configuring a certificate profile, see Device > Certificate Management > Certificate Profile. Default: None (Disable Cert profile) To maximize the number of external dynamic lists that you can use to enforce policy, use the same certificate profile to authenticate external dynamic lists that use the same source URL so that the lists count as only one external dynamic list. External dynamic lists from the same source URL that use different certificate profiles are counted as unique external dynamic lists. Hope this helps. Regards, Anurag
... View more