Disable Authentication for an External Dynamic List
Focus
Focus
Network Security

Disable Authentication for an External Dynamic List

Table of Contents

Disable Authentication for an External Dynamic List

Where Can I Use This?What Do I Need?
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Managed by Panorama)
Check for any license or role requirements for the products you're using.
Palo Alto Networks recommends that you enable authentication for the servers that host the external dynamic lists configured on your firewall. However, if you Find External Dynamic Lists That Failed Authentication and prefer to disable server authentication for those lists, you can do so through the CLI. The procedure below only applies to external dynamic lists secured with SSL (i.e., lists with an HTTPS URL); server authentication is not enforced on lists with an HTTP URL.
Disabling server authentication for an external dynamic list also disables client authentication. With client authentication disabled, the firewall will not be able to connect to an external dynamic list that requires a username and password for access.
  1. Launch the CLI and switch to configuration mode as follows:
    username@hostname> configure 
    Entering configuration mode 
    [edit] 
    username@hostname#
    The change from the > to the # symbol indicates that you are now in configuration mode.
  2. Enter the appropriate CLI command for the list type:
    • IP Address
      set external-list <external dynamic list name> type ip certificate-profile None
    • Domain
      set external-list <external dynamic list name> type domain certificate-profile None
    • URL
      set external-list <external dynamic list name> type url certificate-profile None
  3. Verify that authentication is disabled for the external dynamic list.
    Trigger a refresh for the list (see Retrieve an External Dynamic List from the Web Server). If the firewall retrieves the list successfully, server authentication is disabled.