End-of-Life (EoL)
Instead of statically defining a URL allow list, block list, or custom URL category on a firewall, the external dynamic list (formerly called a Dynamic Block List) is enhanced in PAN-OS 7.1 to include support for URLs, which enhances your agility to protect your network from new sources of threat and malware.
An external dynamic list is a text file that you host on an external web server. In addition to IP addresses and domains, you can now use this list to import URLs into the firewall so that you can enforce policy—block, alert, continue, override, or allow—for the objects you include in the list. The firewall dynamically imports the list at the configured interval and enforces policy for the included URLs without requiring a configuration change or commit on the firewall.
The firewall handles an external dynamic list that includes URLs like a custom URL category and you can use this list in two ways:
As a match criteria in Security policy rules, Decryption policy rules, and QoS policy rules to allow, deny, decrypt, not decrypt, or allocate bandwidth for the URLs in the custom category. In a URL Filtering profile where you can define more granular actions, such as continue, alert, or override, before you attach the profile to a Security policy rule.
On each firewall platform, you can configure a maximum of 30 unique sources for external dynamic lists. Each firewall platform supports a maximum of 50,000 URLs combined in one or more external dynamic lists but no maximum limit is enforced for any one list. A source is a URL that includes the IP address or hostname, the path, and the filename for the external dynamic list. The firewall matches the URL (complete string) to determine whether a source is unique.
Enforce Policy on URLs in an External Dynamic List
Create the external dynamic list and host it on a web server that the firewall can access. Use the formatting guidelines for the list.
Configure the firewall to access the external dynamic list.
Select one of the following options: Use an external dynamic list of Type URL as Match Criteria in a Security Policy Rule. Use an external dynamic list in a URL Filtering profile to enforce policy .

Recommended For You