Palo Alto malicious address lists

Palo Alto firewalls have pre-defined address lists of public IP addresses with bad reputation, which are available if you have a valid threat prevention license.

There’s an issue, that these lists are not available in EDL section of configuration after initial setup of device. Therefore they couldn’t be used in security policy rules. The cause of the problem is, that the firewall doesn’t have dynamic updates for antivirus signatures yet, which include PAN EDL feeds. There’s no option to add antivirus update schedule, until you manually check for updates.

Make sure to add schedule for updates of EDLs on desired frequency.

After downloading and installing the latest antivirus definition update, EDL show up and are available to use in policy rules.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s