An external dynamic list is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. To enforce policy on the entries included in the external dynamic list, you must reference the list in a supported policy rule or profile. As you modify the list, the firewall dynamically imports the list at the configured interval and enforces policy without the need to make a configuration change or a commit on the firewall. If the web server is unreachable, the firewall will use the last successfully retrieved list for enforcing policy until the connection is restored with the web server. To retrieve the external dynamic list, the firewall uses the interface attached to the service route that it uses to access the Palo Alto Updates service.
Custom Malicious DNS Query <domain name>. For details, see
On each firewall platform, you can configure a maximum of 30 unique sources for external dynamic lists; these limits are not applicable to Panorama. When using Panorama to manage a firewall that is enabled for multiple virtual systems, if you exceed the limit for the firewall, a commit error displays on Panorama. A source is a URL that includes the IP address or hostname, the path, and the filename for the external dynamic list. The firewall matches the URL (complete string) to determine whether a source is unique.