|
|
|
|
|
Document:PAN-OS® New Features Guide
Support for URLs in an External Dynamic List
Last Updated:
Mon Jul 06 14:59:42 PDT 2020
Current Version:
7.1 (EoL)
Instead of statically defining a URL allow list, block list, or custom URL category on a firewall, the external dynamic list (formerly called a Dynamic Block List) is enhanced in PAN-OS 7.1 to include support for URLs, which enhances your agility to protect your network from new sources of threat and malware.
An
external dynamic list
is a text file that you host on an external web server. In addition to IP addresses and
domains , you can now use this list to import URLs into the firewall so that you can enforce policy—block, alert, continue, override, or allow—for the objects you include in the list. The firewall dynamically imports the list at the configured interval and enforces policy for the included URLs without requiring a configuration change or commit on the firewall.
On each firewall platform, you can configure a maximum of 30 unique sources for external dynamic lists. Each firewall platform supports a maximum of 50,000 URLs combined in one or more external dynamic lists but no maximum limit is enforced for any one list. A source is a URL that includes the IP address or hostname, the path, and the filename for the external dynamic list. The firewall matches the URL (complete string) to determine whether a source is unique.