>
    Disable Authentication for an External Dynamic List
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Policy Objects
    5. Policy Object: External Dynamic Lists
    6. Disable Authentication for an External Dynamic List
    Download PDF
    Network Security

    Disable Authentication for an External Dynamic List

    Table of Contents

    Disable Authentication for an External Dynamic List

    Where Can I Use This?What Do I Need?
    • NGFW (PAN-OS & Panorama Managed)
    • Prisma Access (Managed by Panorama)
    Check for any license or role requirements for the products you're using.
    Palo Alto Networks recommends that you enable authentication for the servers that host the external dynamic lists configured on your firewall. However, if you Find External Dynamic Lists That Failed Authentication and prefer to disable server authentication for those lists, you can do so through the CLI. The procedure below only applies to external dynamic lists secured with SSL (i.e., lists with an HTTPS URL); server authentication is not enforced on lists with an HTTP URL.
    Disabling server authentication for an external dynamic list also disables client authentication. With client authentication disabled, the firewall will not be able to connect to an external dynamic list that requires a username and password for access.
    1. Launch the CLI and switch to configuration mode as follows:
      username@hostname> configure 
Entering configuration mode 
[edit] 
username@hostname#
      The change from the > to the # symbol indicates that you are now in configuration mode.
    2. Enter the appropriate CLI command for the list type:
      • IP Address
        set external-list <external dynamic list name> type ip certificate-profile None
      • Domain
        set external-list <external dynamic list name> type domain certificate-profile None
      • URL
        set external-list <external dynamic list name> type url certificate-profile None
    3. Verify that authentication is disabled for the external dynamic list.
      Trigger a refresh for the list (see Retrieve an External Dynamic List from the Web Server). If the firewall retrieves the list successfully, server authentication is disabled.

    © 2024 Palo Alto Networks, Inc. All rights reserved.