Commit Validation Error Referring To Built-In EDL Objects "panw-highrisk-ip-list" & "panw-known-ip-list"
56028
Created On 11/20/19 10:45 AM - Last Modified 09/05/25 09:36 AM
Symptom
- Configuration validation error referring to built-in External Dynamic List [EDL] Objects "panw-highrisk-ip-list" & "panw-known-ip-list" during local firewall commit or while pushing configuration from Panorama to the managed firewalls.
- CLI Output:
Validation Error:
rulebase -> security -> rules -> EDL-Test -> destination 'panw-highrisk-ip-list' is not an allowed keyword
rulebase -> security -> rules -> EDL-Test -> destination panw-highrisk-ip-list is an invalid ipv4/v6 address
rulebase -> security -> rules -> EDL-Test -> destination panw-highrisk-ip-list invalid range start IP
rulebase -> security -> rules -> EDL-Test -> destination 'panw-highrisk-ip-list' is not a valid reference
rulebase -> security -> rules -> EDL-Test -> destination 'panw-known-ip-list' is not an allowed keyword
rulebase -> security -> rules -> EDL-Test -> destination panw-known-ip-list is an invalid ipv4/v6 address
rulebase -> security -> rules -> EDL-Test -> destination panw-known-ip-list invalid range start IP
rulebase -> security -> rules -> EDL-Test -> destination 'panw-known-ip-list' is not a valid reference
rulebase -> security -> rules -> EDL-Test -> destination is invalid
- WebUI Output:
Environment
- Firewalls [Hardware and VM]
- Panorama
Cause
- "Panw-highrisk-ip-list" & "Panw-known-ip-list" are built-in External Dynamic List [EDL] Objects and this will appear on the firewall only when Dynamic Updates like "Applications and Threats" and "Antivirus" are installed on the firewall.
Resolution
Download and install below dynamic Updates on the firewall to resolve this issue.
- "Applications and Threats" - WebUI login >> Device >> Dynamic Updates >> Download & Install "Applications and Threats".
- "Antivirus" - WebUI login >> Device >> Dynamic Updates >> Download & Install "Antivirus".
https://docs.paloaltonetworks.com/ngfw/help/11-1/device/device-dynamic-updates