Disable Authentication for an External Dynamic List
Palo Alto Networks recommends that you enable authentication for the servers that host the external dynamic lists configured on your firewall. However, if you Find External Dynamic Lists That Failed Authentication and prefer to disable server authentication for those lists, you can do so through the CLI. The procedure below only applies to external dynamic lists secured with SSL (i.e., lists with an HTTPS URL); the firewall does not enforce server authentication on lists with an HTTP URL.
Disabling server authentication for an external dynamic list also disables client authentication. With client authentication disabled, the firewall will not be able to connect to an external dynamic list that requires a username and password for access.
- Launch the CLI and switch
to configuration mode as follows:
username@hostname> configure Entering configuration mode  username@hostname#The change from the > to the # symbol indicates that you are now in configuration mode.
- Enter the appropriate CLI command for the list type:
- IP Address
set external-list <external dynamic list name> type ip certificate-profile None
set external-list <external dynamic list name> type domain certificate-profile None
set external-list <external dynamic list name> type url certificate-profile None
- Verify that authentication is disabled for the external
dynamic list.Trigger a refresh for the list (see Retrieve an External Dynamic List from the Web Server). If the firewall retrieves the list successfully, server authentication is disabled.
Use an External Dynamic List in Policy
Use an External Dynamic List in Policy An external dynamic list (formerly called dynamic block list) is a text file that you or another source ...
Configure the Firewall to Access an External Dynamic List
Configure the Firewall to Access an External Dynamic List You must establish the connection between the firewall and the source that hosts the external dynamic ...
Objects > External Dynamic Lists
Objects > External Dynamic Lists An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names ...
Find External Dynamic Lists That Failed Authentication
Find External Dynamic Lists That Failed Authentication When an external dynamic list that requires SSL fails client or server authentication, the firewall generates a system ...
Use an External Dynamic List in a URL Filtering Profile
Use an External Dynamic List in a URL Filtering Profile An External Dynamic List is a text file that is hosted on an external web ...
Enforce Policy on an External Dynamic List
Enforce Policy on an External Dynamic List Block or allow traffic based on IP addresses or URLs in an external dynamic list, or use an ...
Configure DNS Sinkholing for a List of Custom Domains
Configure DNS Sinkholing for a List of Custom Domains To enable DNS Sinkholing for a custom list of domains, you must create an External Dynamic ...
View External Dynamic List Entries
View External Dynamic List Entries Before you Enforce Policy on an External Dynamic List , you can view the contents of an external dynamic list ...
Configure Appliance-to-Appliance Encryption Using Custom Certificates Through the CLI
Configure Appliance-to-Appliance Encryption Using Custom Certificates Through the CLI When configuring appliance-to-appliance encryption using the CLI, you must issue all commands from the WildFire appliance ...