Configure an External Dynamic List (EDL) for Software-as-a-Service
(SaaS) applications.
Some Software-as-a-Service
(SaaS) providers publish lists of IP addresses and URLs as destination
endpoints for their SaaS applications. SaaS providers frequently update
the SaaS applications destination endpoint lists as support grows
and the service expands. This requires you to manually monitor the
SaaS application endpoints for changes and manually update your
policy configuration to ensure connectivity to these critical SaaS
applications or set up an external tool to monitor and update your
EDLs.
Configure
an EDL using the
EDL Hosting Service maintained
by Palo Alto Networks to ease the operational burden of maintaining
an EDL for a SaaS application. The EDL Hosting Service provides
publicly available Feed URLs for SaaS application endpoints published
by the SaaS application provider. Leveraging a Feed URL as the source
in an EDL allows for dynamic enforcement of SaaS application traffic
without the need for you to host and maintain your own EDL source.
Palo
Alto Networks checks the application Feed URLs published by SaaS
providers on a daily basis. For IP based feeds, Palo Alto Networks
performs optimizations to combine entries from a continuous netmask
and deduplication is performed if endpoints overlap across multiple
areas. Additionally, the endpoints for the Microsoft 365 Common
and Office Online SaaS application are always added to every Feed
URL in the EDL Hosting Service.