How often do EDLRefresh and EDLFetch happen and what are their purpose?
Question
How often do EDLRefresh and EDLFetch happen?
How is the refresh timer set to 5 minutes for the EDLObject?
Environment
- Palo Alto Firewall
- External Dynamic List ( EDL)
- PANOS 8.1 and above.
Answer
1. Immediately after configuring the EDLObject (commit) the list is fetched using EDLFetch and the list is committed using EDLRefresh.
2. Once the EDLRefresh (commit) is done, the interval is set to 60 minutes, which means no EDLFetch or EDLRefresh will happen for the next 60 minutes.
3. After 1 hr, upon timer expiry, the firewall will poll for an update from the remote server, using EDLFetch. If there is no change identified in the newly downloaded list file, EDLFetch timer is set to 5 minutes.
4. Subsequently every 5 minutes we will see an EDLFetch happen, until a change in the list is encountered.
5. If there is a change, commit will be issued(EDLRefresh) and timer is again set to 60 minutes, and the cycle continues.
Additional Information
In PAN-OS 9.0 and above this information is changed"
- The name "Repeat" is changed to "Check for updates"
- This "check for updates' is set to 5 minute as default.
- See the screenshots below for the difference
PAN-OS 9.0 and above: (GUI: Objects > External Dynamic List)