Formatting Guidelines for an External Dynamic List
Focus
Focus
Network Security

Formatting Guidelines for an External Dynamic List

Table of Contents

Formatting Guidelines for an External Dynamic List

Where Can I Use This?What Do I Need?
  • NGFW (Cloud Managed)
  • NGFW (PAN-OS & Panorama Managed)
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
Check for any license or role requirements for the products you're using.
An external dynamic list of one type — IP address, Domain, or URL must include entries of that type only. The entries in a predefined IP address list comply with the formatting guidelines for IP address lists.

IP Address List

The external dynamic list can include individual IP addresses, subnet addresses (address/mask), or range of IP addresses. In addition, the block list can include comments and special characters such as * , : , ; , #, or /. The syntax for each line in the list is [IP address, IP/Mask, or IP start range-IP end range] [space] [comment].
Enter each IP address/range/subnet in a new line; URLs or domains are not supported in this list. A subnet or an IP address range, such as 92.168.20.0/24 or 192.168.20.40-192.168.20.50, count as one IP address entry and not as multiple IP addresses. If you add comments, the comment must be on the same line as the IP address/range/subnet. The space at the end of the IP address is the delimiter that separates a comment from the IP address.
An example IP address list:
192.168.20.10/32 
	2001:db8:123:1::1 #test IPv6 address 
	192.168.20.0/24 ; test internal subnet 
	2001:db8:123:1::/64 test internal IPv6 range 
	192.168.20.40-192.168.20.50
For an IP address that is blocked, you can display a notification page only if the protocol is HTTP.

Domain List

You can use placeholder characters in domain lists to configure a single entry to match against multiple website subdomains, pages, including entire top-level domains, as well as matches to specific web pages.
Follow these guidelines when creating domain list entries:
  • Enter each domain name in a new line; URLs or IP addresses are not supported in this list.
  • Do not prefix the domain name with the protocol, http:// or https://.
  • You can use an asterisk (*) to indicate a wildcard value.
  • You can use a caret (^) to indicate an exact match value.
  • The following characters are considered token separators: . / ? & = ; +
    Every string separated by one or two of these characters is a token. Use wildcard characters as token placeholders, indicating that a specific token can contain any value.
  • Wildcard characters must be the only character within a token; however, an entry can contain multiple wildcards.
  • Each domain entry can be up to 255 characters in length.
When to use the asterisk (*) wildcard:
Use an asterisk (*) wildcard to indicate one or multiple variable subdomains. For example, to specify enforcement for Palo Alto Network’s website regardless of the domain extension used, which might be one or two subdomains depending on location, you would add the entry: *.paloaltonetworks.com. This entry would match to both docs.paloaltonetworks.com and support.paloaltonetworks.com.
You can also use this wildcard to indicate entire top-level domains. For example, to specify enforcement of a TLD named .work, you would add the entry *.work. This matches all websites ending with .work.
The (*) wildcard can only be prepended in domain entries.
Asterisk (*) examples
EDL Domain List EntryMatching Sites
*.company.com
eng.tools.company.com
support.tools.company.com
tools.company.com
docs.company.com
*.click
all websites ending with a top-level domain of .click.
When to use a caret (^) character:
Use carets (^) to indicate an exact match of a subdomain. For example, ^paloaltonetworks.com matches only paloaltonetworks.com. This entry does not match to any other site.
Caret (^) examples
EDL Domain List EntryMatching Site
^company.com
company.com
^eng.company.com
eng.company.com