Use an External Dynamic List in a URL Filtering Profile

An
external dynamic list
is a text file that is hosted on an external web server. You can use this list to import URLs and enforce policy on these URLs. When you update the list on the web server, the firewall retrieves the changes and applies policy to the modified list without requiring a commit on the firewall.
  1. Create the external dynamic list for URLs and host it on a web server.
    Create a text file and enter the URLs in the file; each URL must be on a separate line. For example:
    financialtimes.co.in www.wallaby.au/joey www.exyang.com/auto-tutorials/How-to-enter-Data-for-Success.aspx *.example.com/* abc?*/abc.com *&*.net
    See URL Category Exception Lists for formatting guidelines.
    Use MineMeld to generate an external dynamic list based on the contents of multiple threat feeds.
  2. Configure the firewall to access the external dynamic list.
    1. Select
      Objects
      External Dynamic Lists
      .
    2. Click
      Add
      and enter a descriptive
      Name
      for the list.
    3. (
      Optional
      ) Select
      Shared
      to share the list with all virtual systems on a device that is enabled for multiple virtual systems. By default, the object is created on the virtual system that is currently selected in the
      Virtual Systems
      drop-down.
    4. In the Type drop-down, select
      URL List
      . Ensure that the list does not include IP addresses or domain names; the firewall skips non-URL entries.
    5. Enter the
      Source
      for the list you just created on the web server. The source must include the full path to access the list. For example, https://1.2.3.4/EDL_IP_2016.
    6. Click
      Test Source URL
      to verify that the firewall can connect to the web server.
      If the web server is unreachable after the connection is established, the firewall uses the last successfully retrieved list for enforcing policy until the connection is restored with the web server.
    7. (
      Optional
      ) Specify the
      Repeat
      frequency at which the firewall retrieves the list. By default, the firewall retrieves the list once every hour.
    8. Click
      OK
      .
  3. Use the external dynamic list in a URL Filtering profile.
    1. Select
      Objects
      Security Profiles
      URL Filtering
      .
    2. Add
      or modify an existing URL Filtering profile.
    3. Name
      the profile and, in the
      Categories
      tab, select the external dynamic list from the Category list.
    4. Click Action to select a more granular action for the URLs in the external dynamic list.
      If a URL that is included in an external dynamic list is also included in a custom URL category, or URL Category Exception Lists, the action specified in the custom category or the block and allow list will take precedence over the external dynamic list.
    5. Click
      OK
      .
    6. Attach the URL Filtering profile to a Security policy rule.
      1. Select
        Policies
        Security
        .
      2. Select the
        Actions
        tab and, in the Profile Setting section, select the new profile in the
        URL Filtering
        drop-down.
      3. Click
        OK
        and
        Commit
        .
  4. Test that the policy action is enforced.
    1. Attempt to access a URL that is included in the external dynamic list.
    2. Verify that the action you defined is enforced in the browser.
    3. To monitor the activity on the firewall:
      1. Select
        ACC
        and add a URL Domain as a global filter to view the Network Activity and Blocked Activity for the URL you accessed.
      2. Select
        Monitor
        Logs
        URL Filtering
        to access the detailed log view.
  5. Verify whether entries in the external dynamic list were ignored or skipped.
    In a list of type URL, the firewall skips non-URL entries as invalid and ignores entries that exceed the maximum limit for the platform.
    Use the following CLI command on a firewall to review the details for a list.
    request system external-list show type url <list_name>
    For example:
    request system external-list show type url EBL_ISAC_Alert_List

Recommended For You