Use an External Dynamic List in a URL Filtering Profile
An External Dynamic List is a text file that is hosted on an external web server. You can use this list to import URLs and enforce policy on these URLs. When the list is updated on the web server, the firewall retrieves the changes and applies policy to the modified list without requiring a commit on the firewall.
For more information, see External Dynamic List.
the Firewall to Access an External Dynamic List.
- Ensure that the list does not include IP addresses or domain names; the firewall skips non-URL entries.
- Verify the formatting of the list (see Block and Allow Lists).
- Select URL List from the Type drop-down.
- Use the external dynamic list in a URL Filtering profile.
- Select ObjectsSecurity ProfilesURL Filtering.
- Add or modify an existing URL Filtering profile.
- Name the profile and, in the Categories tab, select the external dynamic list from the Category list.
- Click Action to select a more granular action for
the URLs in the external dynamic list.If a URL that is included in an external dynamic list is also included in a custom URL category, or Block and Allow Lists, the action specified in the custom category or the block and allow list will take precedence over the external dynamic list.
- Click OK.
- Attach the URL Filtering profile to a Security policy
- Select PoliciesSecurity.
- Select the Actions tab and, in the Profile Setting section, select the new profile in the URL Filtering drop-down.
- Click OK and Commit.
- Test that the policy action is enforced.
- View External Dynamic List Entries for the URL list, and attempt to access a URL from the list.
- Verify that the action you defined is enforced in the browser.
- To monitor the activity on the firewall:
- Select ACC and add a URL Domain as a global filter to view the Network Activity and Blocked Activity for the URL you accessed.
- Select MonitorLogsURL Filtering to access the detailed log view.
- Verify whether entries in the external dynamic list were
ignored or skipped.In a list of type URL, the firewall skips non-URL entries as invalid and ignores entries that exceed the maximum limit for the firewall model.To check whether you have reached the limit for an external dynamic list type, select ObjectsExternal Dynamic Lists and click List Capacities.Use the following CLI command on a firewall to review the details for a list.
request system external-list show type url name <list_name>For example:
request system external-list show type url name My_URL_List vsys5/My_URL_List: Next update at: Tue Jan 3 14:00:00 2017 Source: http://example.com/My_URL_List.txt Referenced: Yes Valid: Yes Auth-Valid: Yes Total valid entries: 3 Total invalid entries: 0 Valid urls: www.URL1.com www.URL2.com www.URL3.com
Enforce Policy on an External Dynamic List
Enforce Policy on an External Dynamic List Block or allow traffic based on IP addresses or URLs in an external dynamic list, or use an ...
External Dynamic List for URLs
External Dynamic List for URLs To protect your network from new sources of threat or malware, you can use External Dynamic Lists in URL Filtering ...
Objects > External Dynamic Lists
Objects > External Dynamic Lists An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names ...
View External Dynamic List Entries
View External Dynamic List Entries Before you Enforce Policy on an External Dynamic List , you can view the contents of an external dynamic list ...
Configure DNS Sinkholing for a List of Custom Domains
Configure DNS Sinkholing for a List of Custom Domains To enable DNS Sinkholing for a custom list of domains, you must create an External Dynamic ...
Use an External Dynamic List in Policy
Use an External Dynamic List in Policy An external dynamic list (formerly called dynamic block list) is a text file that you or another source ...
External Dynamic List
External Dynamic List An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import ...
Configure the Firewall to Access an External Dynamic List
Configure the Firewall to Access an External Dynamic List You must establish the connection between the firewall and the source that hosts the external dynamic ...
URL Filtering Overview
About URL Filtering Palo Alto Networks URL Filtering protects against web-based threats by giving you a way to safely enable web access while controlling how ...