Built-In External Dynamic List for Bulletproof Hosts
A new built-in external dynamic list (EDL) gives you
a way to block bulletproof hosting providers, as attackers frequently
use these services to host and distribute malicious, illegal, and
unethical content.
Because bulletproof hosting providers place
few, if any, restrictions on content, attackers frequently use these
services to host and distribute malicious, illegal, and unethical
material. A Threat Prevention subscription now includes a new built-in
external dynamic list (EDL) that you can use to block IP addresses
supplied by a bulletproof hosting provider.
Daily antivirus
content updates refresh the list, and the latest version of the
list replaces the older version. Because the bulletproof host list
is built-in to the firewall, you cannot modify its contents. However,
if you’d like to exclude certain list entries or add to the list,
you can create a new external dynamic list that uses the bulletproof
host list as a source.

To start
blocking malicious hosts that use bulletproof hosting providers:
- Confirm that the firewall can access and update the bulletproof host external dynamic list:
- Confirm that your Threat Prevention subscription license is active (select).DeviceLicenses
- Confirm that the latest Antivirus and Applications and Threats content updates are installed ().DeviceDynamic Updates
- View bulletproof IP address list contents:
- Select.ObjectsExternal Dynamic Lists
- Under Dynamic IP Lists, selectPalo Alto Networks - Bulletproof IP addressesand then selectList Entries and Exceptions. You cannot modify the contents of this list.
- You can exclude or add list entries by using the bulletproof IP address list as a source for a new list (you cannot directly modify the bulletproof IP address list contents):
- Adda new external dynamic list.
- Set the listTypetoPredefined IP List.
- Add the bulletproof IP address list as theSourcefor the new list.
- To block hosts that use bulletproof hosts to provide malicious, illegal, and/or unethical content, use the bulletproof IP address list in policy.
- Select.PoliciesSecurity
- Addor modify a security policy rule.
- In theSource/Destinationtabs, select the bulletproof IP address list to be used as the policy ruleSource/Destination Address.
- Set the ruleActiontoDeny.
- To test the policy rule action:
- View the list contents and attempt to access one of the IP addresses in the list.
- Verify that the policy action you defined is enforced.
- Selectto view the log entry for the session.MonitorLogsTraffic
Recommended For You
Recommended Videos
Recommended videos not found.