Policy Object: External Dynamic Lists

Network Security

Policy Object: External Dynamic Lists

Table of Contents

Policy Object: External Dynamic Lists

Where Can I Use This?
What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Cloud Managed)
  • Prisma Access (Panorama Managed)
Check for any license or role requirements for the products you're using:
  • Prisma Access license or AIOps for NGFW license
An external dynamic list is an address object based on an imported list of IP addresses, URLs, domain names, International Mobile Equipment Identities (IMEIs), or International Mobile Subscriber Identities (IMSIs) that you can use in policy rules to block or allow traffic. This list must be a text file saved to a web server that is accessible. By default, the management (MGT) interface is used to retrieve this list.
With an active Threat Prevention license, Palo Alto Networks provides multiple built-in dynamic IP lists that you can use to block malicious hosts. We update the lists daily based on our latest threat research.
You can use an IP address list as an address object in the source and destination of your policy rules; you can use a URL List in a URL Filtering profile or as a match criteria in Security policy rules; and you can use a domain list (Anti-Spyware Profile) as a sinkhole for specified domain names.
You can use up to 30 external dynamic lists with unique sources across all Security policy rules. The maximum number of entries that are supported for each list type varies based on the model (refer to the different limits for each external dynamic list type). List entries count toward the maximum limit only if the external dynamic list is used in a policy rule. If you exceed the maximum number of entries that are supported, a System log is generated and skips the entries that exceed the limit.
The external dynamic lists are shown in the order they are evaluated from top to bottom. Use the directional controls at the bottom of the page to change the list order. This enables you to reorder the lists to make sure that the most important entries in an external dynamic list are committed before you reach capacity limits.
You cannot change the external dynamic list order when lists are grouped by type.
You cannot delete, clone, or edit the settings of the Palo Alto Networks malicious IP address feeds.

Recommended For You