Use Export Lists with the Palo Alto Networks Firewall

Export lists provide a way to dynamically enforce policy on a Palo Alto Networks firewall based on AutoFocus artifacts. The following workflow walks you through the process of building an export list designed specifically for the firewall.
  1. Dynamic block lists and external dynamic lists on the Palo Alto Networks firewall only support certain artifacts, so you must tailor your export list based on the PAN-OS software version running on the firewall.
    Find IP address, URL, and domain artifacts in the DNS Activity, Connection Activity, and HTTP Activity detected during the WildFire analysis of a sample.
  2. Create a CSV File formatted for the firewall.
    • Verify that the artifacts you plan to export are supported on the firewall (IP addresses only for a dynamic block list in PAN-OS 7.0 or earlier; IP addresses only, URLs only, or domains only for an external dynamic list in PAN-OS 7.1 or later).
    • Before you export the artifacts, make sure that
      Formatted for PAN-OS block list
      is selected.
    CSV files that are formatted for a PAN-OS block list might display artifacts in an order that is different from how they appear in the AutoFocus export list.
  3. Use the generated CSV file with the firewall.

Recommended For You