>
    Strata Copilot
    Advanced IP Defense on PAN-OS 11.1 and PAN-OS 12.1
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced IP Defense
    3. Advanced IP Defense on PAN-OS 11.1 and PAN-OS 12.1
    Download PDF
    Advanced IP Defense

    Advanced IP Defense on PAN-OS 11.1 and PAN-OS 12.1

    Table of Contents

    Advanced IP Defense on PAN-OS 11.1 and PAN-OS 12.1

    Learn how enforcement points running PAN-OS 11.1 or PAN-OS 12.1 can receive a subset of Advanced IP Defense intelligence through predefined external dynamic lists (EDLs).
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • VM-Series
    • Cloud NGFW for AWS
    • Cloud NGFW on Azure
    • Prisma Access
    • Advanced IP Defense license
    • PAN-OS 11.1 through 12.1.x
    Enforcement points running PAN-OS 11.1 through 12.1.x cannot use the cloud-based Advanced IP Defense profiles introduced in PAN-OS 12.2. However, you can still protect these enforcement points against high-risk IP-based threats using predefined External Dynamic Lists (EDL) that deliver curated subsets of Advanced IP Defense intelligence. If you are running PAN-OS 12.2 or later release, use the full Advanced IP Defense profile-based controls instead. Enforcement points running PAN-OS 11.0 or earlier do not support Advanced IP Defense EDLs.

    How It Works

    The Advanced IP Defense cloud service generates ranked lists of malicious IP addresses organized by threat category. The AV content package compiles these lists into predefined EDLs and delivers them automatically through the same update channel your enforcement points already use for threat signatures. After you install the content update, the EDL objects appear alongside your existing predefined EDLs and you can reference them in Security policy rules.

    What Is Supported

    • Predefined EDLs covering: C2 infrastructure, malware (hardcoded in samples), commercial VPNs, proxies (open and private), scanners and brute-force, and exposed vulnerable services
    • Automatic EDL sizing (Standard and Full tiers) based on hardware platform capacity — determined at install time with no manual selection required
    • Logging via standard threat logs with the EDL name in the source/destination EDL columns
    • Standard EDL workflows for HA, reporting, REST API, and Open Config

    What Is Not Supported on Earlier Versions

    • Direct-to-IP detection
    • Real-time cloud lookups for IP attributes
    • Granular profile-based controls (zone-based profiles, match rules, actions per category)
    • Enhanced logging with the ip-defense threat log subtype
    • Advanced IP Defense dashboard and reporting in Strata Cloud Manager

    Licensing

    Enforcement points running PAN-OS 11.1 through 12.1.x require an Advanced IP Defense license to receive the full predefined EDLs through the AV content package. Without a valid Advanced IP Defense license, the EDL files contain only stub records and provide no protection. If your license expires, your enforcement point retains the last-known-good EDL content until you renew.

    Platform Support

    Not all platforms support the backward compatibility EDLs due to EDL capacity limits. See the Advanced IP Defense predefined EDLs reference for the full list of supported platforms and EDL sizes.

    PAN-OS Upgrade and Downgrade Behavior

    When you upgrade an enforcement point to PAN-OS 12.2 or later release and activate the Advanced IP Defense license, the Advanced IP Defense configuration becomes available. When you downgrade the enforcement point below PAN-OS 12.2, the system automatically removes the Advanced IP Defense configuration. The license remains active, and the configuration becomes available again when you upgrade back to PAN-OS 12.2 or later release.
    Adding new IP attribute categories or tags to Advanced IP Defense does not require a PAN-OS upgrade. Content updates deliver new attributes, and they become available on the enforcement point after you install the update.

    © 2026 Palo Alto Networks, Inc. All rights reserved.