I've been experimenting with MineMeld and love it - brilliant product 🙂
That said, I'm struggling to get a clear idea what the size limit is of each blocklist.
https://live.paloaltonetworks.com/t5/Learning-Articles/How-are-Dynamic-Block-List-Entries-Counted-on... suggests even a PA200 can handle a list with 50k entries but in the same article it suggests a PA3020 has a limit of just 5k entries.
What is the limit please? For exampel the Alienvault reputation feed is approximately 16k entries.
Thanks, but that article doesn't make sense unless I'm totally misreading it.
When running PAN-OS 7.0.x on a PA-200, it can have:
OK so a PA200 can have 1 list with 50,000 IP's that's great but:
|Hardware||Maximum Address Entries|
So a PA3020 can only have 5000 entries whilst that table also states that a PA200 can only have 2500 entries.
Some of the reputation feeds out there can be 20k entries and it's hard to believe that a PA200 could use that but a PA3020 could not.
I am with you but cannot confirm as do not have any PA-200 on 7.0.X PAN-OS
Below output from our lab firewall:
BAS-LAB-PA-3050> show system state | match cfg.general.max-address
YOu are confusing what the two graphs are actually saying. A PA firewall regardless of version can have 10 external block lists that compose no more than 50000 IPs in total. The graph at the very bottom states how many anddress groups can be on any one device. The EBL that you configure counts as one of these address groups, regardless of how many entries it actually has.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!