Network Security: Security Policy
  • Network Security: Security Policy
  • Network Security Documentation
  • All Documentation
>
View External Dynamic List Entries (Strata Cloud Manager)
Focus
Download PDF
Focus
  1. Home
  2. Network Security
  3. Network Security: Security Policy
  4. Policy Objects
  5. Policy Object: External Dynamic Lists
  6. View External Dynamic List Entries
  7. View External Dynamic List Entries (Strata Cloud Manager)
Download PDF
Network Security

View External Dynamic List Entries (Strata Cloud Manager)

Table of Contents
View the contents of an external dynamic list to check if it contains certain IP addresses, domains, or URLs.
  1. Select ManageConfigurationNGFW and Prisma AccessObjectsExternal Dynamic Lists.
  2. Select the external dynamic list you want to view.
  3. Check the List Entries and Exceptions and view the objects that were retrieved from the list.
    The list might be empty if:
  4. Enter an IP address, domain, or URL (depending on the type of list) in the search field to check if it’s in the list. Exclude entries from an external dynamic list based on which IP addresses, domains, and URLs you need to block or allow.

Exclude Entries from an External Dynamic List

As you view the entries of an external dynamic list, you can exclude up to 100 entries from the list. The ability to exclude entries from an external dynamic list gives you the option to enforce policy on some (but not all) of the entries in a list. This is helpful if you cannot edit the contents of an external dynamic list (such as the Palo Alto Networks High-Risk IP Addresses feed) because it comes from a third-party source.
Follow these steps to exclude entries from an external dynamic list to enforce policy on some (but not all) of the entries in a list.
  1. View External Dynamic List Entries.
  2. Select up to 100 entries to manually exclude from the list or manually add a list exception.
    • You cannot save your changes to the external dynamic list if you have duplicate entries in the Manual Exceptions list. To identify duplicate entries, look for entries with a red underline.
    • A manual exception must match a list entry exactly. Additionally, you cannot exclude a specific IP address from within an IP address range. To exclude a specific IP address from an IP address range, you must add each IP address in the range as a list entry and then exclude the desired IP address.
      Exclusion of an individual IP address from an IP address range is not supported.
  3. Save your changes.
  4. (Optional) Enforce Policy on an External Dynamic List.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.