Use an External Dynamic List in a URL Filtering Profile
To protect your network from newly-discovered threats and malware, you can use External Dynamic Lists in a URL Filtering profiles. External dynamic lists give you the ability to update the list without a configuration change or commit on the firewall. An External Dynamic List is a text file that is hosted on an external web server. You can use this list to import URLs and enforce policy on these URLs. When the list is updated on the web server, the firewall retrieves the changes and applies policy to the modified list without requiring a commit on the firewall.
The firewall dynamically imports the list at the configured interval and enforces policy for the URLs (IP addresses or domains are ignored) in the list. For URL formatting guidelines, see URL Category Exceptions.
For more information, see External Dynamic List.
- Ensure that the list does not include IP addresses or domain names; the firewall skips non-URL entries.
- Verify the formatting of the list (see ).
- SelectURL Listfrom the Type drop-down.
- Use the external dynamic list in a URL Filtering profile.
- Select.ObjectsSecurity ProfilesURL Filtering
- Addor modify an existing URL Filtering profile.
- Namethe profile and, in theCategoriestab, select the external dynamic list from the Category list.
- Click Action to select a more granular action for the URLs in the external dynamic list.If a URL that is included in an external dynamic list is also included in a custom URL category, or Block and Allow Lists, the action specified in the custom category or the block and allow list will take precedence over the external dynamic list.
- Attach the URL Filtering profile to a Security policy rule.
- Select theActionstab and, in the Profile Setting section, select the new profile in theURL Filteringdrop-down.
- Test that the policy action is enforced.
- View External Dynamic List Entries for the URL list, and attempt to access a URL from the list.
- Verify that the action you defined is enforced in the browser.
- To monitor the activity on the firewall:
- SelectACCand add a URL Domain as a global filter to view the Network Activity and Blocked Activity for the URL you accessed.
- Selectto access the detailed log view.MonitorLogsURL Filtering
- Verify whether entries in the external dynamic list were ignored or skipped.In a list of type URL, the firewall skips non-URL entries as invalid and ignores entries that exceed the maximum limit for the firewall model.To check whether you have reached the limit for an external dynamic list type, selectand clickObjectsExternal Dynamic ListsList Capacities.Use the following CLI command on a firewall to review the details for a list.request system external-list show type url name<list_name>For example:request system external-list show type url name My_URL_Listvsys5/My_URL_List: Next update at: Tue Jan 3 14:00:00 2017 Source: http://example.com/My_URL_List.txt Referenced: Yes Valid: Yes Auth-Valid: Yes Total valid entries: 3 Total invalid entries: 0 Valid urls: www.URL1.com www.URL2.com www.URL3.com