Exclude Entries from an External Dynamic List

As you view the entries of an external dynamic list, you can exclude up to 100 entries from the list. The ability to exclude entries from an external dynamic list gives you the option to enforce policy on some (but not all) of the entries in a list. This is helpful if you cannot edit the contents of an external dynamic list (such as the Palo Alto Networks High-Risk IP Addresses feed) because it comes from a third-party source.
  1. View External Dynamic List Entries.
  2. Select up to 100 entries to exclude from the list and click Submit ( Submit_icon.png ) or manually Add a list exception.
    • You cannot save your changes to the external dynamic list if you have duplicate entries in the Manual Exceptions list. To identify duplicate entries, look for entries with a red underline.
    • A manual exception must match a list entry exactly. For example, if an IP address range is included as a list entry and you manually enter a single IP address within the range as a list exception, the firewall will continue to enforce policy on all the IP addresses in the range. So, to exclude that single IP address, you must first make sure that it’s a standalone external dynamic list entry, and then manually add the same IP address to the list of exceptions.
  3. Click OK and Commit to save your changes.
  4. (Optional) Enforce Policy on an External Dynamic List.

Related Documentation