As you view the entries of an external dynamic list,
you can exclude up to 100 entries from the list. The ability to
exclude entries from an external dynamic list gives you the option
to enforce policy on some (but not all) of the entries in a list.
This is helpful if you cannot edit the contents of an external dynamic
list (such as the Palo Alto Networks High-Risk IP Addresses feed)
because it comes from a third-party source.
Select up to 100 entries to exclude from the list and click
) or manually
You cannot save your changes to the external dynamic
list if you have duplicate entries in the Manual Exceptions list.
To identify duplicate entries, look for entries with a red underline.
A manual exception must match a list entry exactly. For example,
if an IP address range is included as a list entry and you manually
enter a single IP address within the range as a list exception,
the firewall will continue to enforce policy on all the IP addresses
in the range. So, to exclude that single IP address, you must first
make sure that it’s a standalone external dynamic list entry, and
then manually add the same IP address to the list of exceptions.