Use Export Lists with the Palo Alto Networks Firewall
Export lists provide a way to dynamically
enforce policy on a Palo Alto Networks firewall based on AutoFocus
artifacts. The following workflow walks you through the process
of building an export list designed specifically for the firewall.
Dynamic block lists and external dynamic lists on the Palo
Alto Networks firewall only support certain artifacts, so you must
tailor your export list based on the PAN-OS software version running
on the firewall.
(PAN-OS 7.0
or earlier) Dynamic Block List—Build an export list
that only contains IP addresses.
(PAN-OS 7.1 or later) External Dynamic List—Build an export
list that contains only IP addresses, only domains, or only URLs.
Learn more about how the firewall supports the three external block list types.
Verify that the artifacts
you plan to export are supported on the firewall (IP addresses only
for a dynamic block list in PAN-OS 7.0 or earlier; IP addresses
only, URLs only, or domains only for an external dynamic list in
PAN-OS 7.1 or later).
Before you export the artifacts, make sure that Formatted
for PAN-OS block list is selected.
CSV
files that are formatted for a PAN-OS block list might display artifacts
in an order that is different from how they appear in the AutoFocus
export list.
