Domain list EDL is not visible in the Destination IP address field in Security policy rule

Domain list EDL is not visible in the Destination IP address field in Security policy rule

23521
Created On 02/07/20 21:20 PM - Last Modified 04/27/20 21:59 PM


Question


Is there is a way we can apply dynamic domain list from EDL to be used in security policy as destination address?

Environment


  • All PAN-OS
  • Panorama
  • Next Generation firewall

Answer


  1. Destination Address field in security policy is only for the IP address list EDL. 
  2. Domain List EDL cannot be used instead of destination IP. 
  3. In order to enforce a security policy based on Domain list EDL we can create a DNS sinkhole in Anti-Spyware security profile and associate this with a security policy:
ObjectsSecurity Profiles > Anti-Spyware - Under DNS Signatures tab, 
Add and select Domain List External Dynamic Lists in the drop-down

Additional Information


For more information regarding EDL Domain please refer to the following link:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/external-dynamic-list

For more information on DNS sinkholing refer to the following link:

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/configure-dns-sinkholing-for-a-list-of-custom-domains.html#idee646cf9-2db8-4033-8cbb-6ef9bdbf6a5c
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POc7CAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language