1. Home
    2. PAN-OS
    3. PAN-OS® New Features Guide
    4. Content Inspection Features
    5. Built-In External Dynamic List for Bulletproof ISPs

    Built-In External Dynamic List for Bulletproof Hosts

    A new built-in external dynamic list (EDL) gives you a way to block bulletproof hosting providers, as attackers frequently use these services to host and distribute malicious, illegal, and unethical content.
    Because bulletproof hosting providers place few, if any, restrictions on content, attackers frequently use these services to host and distribute malicious, illegal, and unethical material. A Threat Prevention subscription now includes a new built-in external dynamic list (EDL) that you can use to block IP addresses supplied by a bulletproof hosting provider.
    Daily antivirus content updates refresh the list, and the latest version of the list replaces the older version. Because the bulletproof host list is built-in to the firewall, you cannot modify its contents. However, if you’d like to exclude certain list entries or add to the list, you can create a new external dynamic list that uses the bulletproof host list as a source.
    edl-predefined-bulletproof-isp.png
    To start blocking malicious hosts that use bulletproof hosting providers:
    1. Confirm that the firewall can access and update the bulletproof host external dynamic list:
      • Confirm that your Threat Prevention subscription license is active (select
        Device
        Licenses
        ).
      • Confirm that the latest Antivirus and Applications and Threats content updates are installed (
        Device
        Dynamic Updates
        ).
    2. View bulletproof IP address list contents:
      1. Select
        Objects
        External Dynamic Lists
        .
      2. Under Dynamic IP Lists, select
        Palo Alto Networks - Bulletproof IP addresses
         and then select
        List Entries and Exceptions
        . You cannot modify the contents of this list.
      edl-predefined-bulletproof-isp-list-contents.png
    3. You can exclude or add list entries by using the bulletproof IP address list as a source for a new list (you cannot directly modify the bulletproof IP address list contents):
      1. Add
         a new external dynamic list.
      2. Set the list
        Type
         to
        Predefined IP List
        .
      3. Add the bulletproof IP address list as the
        Source
         for the new list.
        edl-predefined-exclude-or-add.png
    4. To block hosts that use bulletproof hosts to provide malicious, illegal, and/or unethical content, use the bulletproof IP address list in policy.
      1. Select
        Policies
        Security
        .
      2. Add
         or modify a security policy rule.
      3. In the
        Source
        /
        Destination
         tabs, select the bulletproof IP address list to be used as the policy rule
        Source
        /
        Destination Address
        .
      4. Set the rule
        Action
         to
        Deny
        .
    5. To test the policy rule action:
      1. View the list contents and attempt to access one of the IP addresses in the list.
      2. Verify that the policy action you defined is enforced.
      3. Select
        Monitor
        Logs
        Traffic
         to view the log entry for the session.

    Related Documentation

    Built-in External Dynamic Lists

    Built-in External Dynamic Lists With an active Threat Prevention license, Palo Alto Networks provides built-in IP address EDLs that you can use to protect against ...

    Content Inspection Features

    Learn about the new content inspection features introduced in PAN-OS 9.0. ...

    Step 1: Create Rules Based on Trusted Threat Intelligence S...

    Step 1: Create Rules Based on Trusted Threat Intelligence Sources Before you allow and block traffic by application, block traffic from hosts that Palo Alto ...

    External Dynamic List

    External Dynamic List An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import ...

    Content Inspection Features

    Describes all the exciting new content inspection capabilities in PAN-OS® 9.0. ...

    Dynamic Content Updates

    Palo Alto Networks frequently publishes updates to equip the firewall with the latest threat prevention and intelligence. ...

    Use an External Dynamic List in Policy

    Use an External Dynamic List in Policy An external dynamic list (formerly called dynamic block list) is a text file that you or another source ...

    Configure the Firewall to Access an External Dynamic List

    Configure the Firewall to Access an External Dynamic List You must establish the connection between the firewall and the source that hosts the external dynamic ...

    View External Dynamic List Entries

    View External Dynamic List Entries Before you Enforce Policy on an External Dynamic List , you can view the contents of an external dynamic list ...

    Upgrade/Downgrade Considerations

    Upgrade/Downgrade Considerations The following table lists the new features that have upgrade or downgrade impact. Make sure you understand all upgrade/downgrade considerations before you upgrade ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo