EDL Capacity Increases
EDL enhancements in PAN-OS 9.0 include increased EDL capacity limits, list prioritization, and the ability to include subdomains and use exact matches and top-level entries.
An external dynamic list is a text file of IP addresses, domains, or URLs hosted on an external web server. You can configure the firewall to import an external dynamic list and to block or allow traffic based on the entries listed in the file. The following enhancements provide increased EDL capacity limits for select appliances and the flexibility to prioritize the list in order to make sure your most important EDLs are committed before capacity limits are met. Moreover, you can now configure domain EDLs to expand domain names to include subdomains, as well as the ability to use exact matches and top-level domain entries, to help you create more comprehensive domain lists.
- As a best practice, Palo Alto Networks recommends using shared EDLs when multiple virtual systems are used. Using individual EDLs with duplicate entries for each vsys uses more memory, which might over-utilize firewall resources.
- EDL entry counts on firewalls operating multi-virtual systems take additional factors into account (such as DAGs, number of vsys, rules bases) to generate a more accurate capacity consumption listing. This might result in a discrepancy in capacity usage after upgrading from PAN-OS 8.x releases.
- Depending on the features enabled on the firewall, memory usage limits might be exceeded before EDL capacity limits are met due to memory allocation changes. As a best practice, Palo Alto Networks recommends reviewing EDL capacities and, when necessary, removing or consolidating EDLs into shared lists to minimize memory usage.
External Dynamic List Enhancement
Increased Domain and URL EDL capacities.
The capacity limits for domain and URL EDLs have been substantially increased across the board for supported platforms. This increases the
totalnumber of allowable entries for domain and URL lists.
Prioritization of EDLs.
The EDLs in the
Objects > External Dynamic Listsmenu are shown top to bottom, in order of evaluation. Use the directional controls at the bottom of the page to change the list order. This allows you to reorder the lists to make sure the most important EDLs are committed before capacity limits are reached.
You cannot change the EDL order when
Group By Typehas been selected.
Automatically Expand Domains on a Per-List Basis
When enabled, this feature allows you to configure your domain EDLs to automatically include the subdomains of a specified domain. For example, if your domain list includes paloaltonetworks.com, all lower level components of the domain name (e.g., *.paloaltonetworks.com) will also be included as part of the list.
When this setting is enabled, each domain in a given list requires an additional entry, effectively doubling the number of entries that are consumed. You can check your capacity usage by clicking on
Domain List Enhancements
Domain lists now support use of exact matches and top-level domain entries.
This allows you to specify a single specific entry to match against a website, subdomains, and pages. You can also match against entire top-level domains, allowing you to add TLDs associated with malicious content to your EDLs.
User Interface Enhancement
The description for the dropdown used to specify the frequency at which the firewall retrieves the EDL on the
Objects > External Dynamic Lists >page has been changed from
Check for updates.
External Dynamic List
External Dynamic List An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import ...
Content Inspection Features
Learn about the new content inspection features introduced in PAN-OS 9.0. ...
Configure the Firewall to Access an External Dynamic List
Configure the Firewall to Access an External Dynamic List You must establish the connection between the firewall and the source that hosts the external dynamic ...
Enforce Policy on an External Dynamic List
Enforce Policy on an External Dynamic List Block or allow traffic based on IP addresses or URLs in an external dynamic list, or use an ...
Objects > External Dynamic Lists
Objects > External Dynamic Lists An external dynamic list is an address object based on an imported list of IP addresses, URLs, or domain names ...
Domain List You can use placeholder characters in domain lists to configure a single entry to match against multiple website subdomains, pages, including entire top-level ...
Content Inspection Features
Describes all the exciting new content inspection capabilities in PAN-OS® 9.0. ...
Built-in External Dynamic Lists
Built-in External Dynamic Lists With an active Threat Prevention license, Palo Alto Networks provides built-in IP address EDLs that you can use to protect against ...
Data Center Best Practice Methodology
Inspect all traffic, reduce the data center attack surface, and prevent known and unknown threats. Phase in protection starting with your most valuable assets. ...