Error message: "EDL is either not referenced in policy, not downloaded, or empty" when checking EDL entries in CLI

Error message: "EDL is either not referenced in policy, not downloaded, or empty" when checking EDL entries in CLI

5376
Created On 04/01/22 03:46 AM - Last Modified 05/11/24 01:10 AM


Symptom


  • Firewall configured with External Dynamic List (EDL) on a multi-vsys environment.
  • When using "request system external-list show type url name <name>" error message "EDL is either not referenced in policy, not downloaded, or empty" is displayed.
admin@LAB-FW01> request system external-list show type url name "Malicious URLs"
Malicious URLs
EDL is either not referenced in policy, not downloaded, or empty
      Total valid entries      : 0
      Total ignored entries    : 0
      Total invalid entries    : 0
      Total displayed entries  : 0

 

Environment


  • Palo Alto NGFW Firewalls
  • Supported PAN-OS
  • Any multi-vsys environment

Cause


The command references "vsys1" by default.

Resolution


  1. Note the vsys on which the EDL is configured.
  2. Change the target vsys to desired vsys using "set system setting target-vsys <vsys#>".
  3. Run the EDL command again. The actual entries are now displayed. Example below using "vsys2".
admin@LAB-FW01> set system setting target-vsys vsys2
Session target vsys changed to vsys2
admin@LAB-FW01> request system external-list show type url <EDL name> 
 

 

Additional Information


Server Error when Viewing List of Entries in External Dynamic List




 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NuGCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail