All the EDL entries are not displayed when using the CLI "request system external-list show" command
1974
Created On 05/05/24 01:00 AM - Last Modified 04/01/25 21:22 PM
Symptom
The number of entries seen in the CLI for the EDL is less than the total number of entries on the EDL list.
Environment
- Palo Alto Firewalls
- Supported PAN-OS
- External Dynamic List (EDL)
Cause
- By default the number of entries shown in the output is limited to 100.
- In the example below, the actual number of entries in the EDL is 959, but only 100 entries are seen.
- This may lead to confusion for the administrator checking the EDL entries via CLI and can cause a panic situation, un-necessarily.
admin@FW(active)> request system external-list show type ip name Blocklist-IP
Blocklist-IP
Total valid entries : 959
Total ignored entries : 0
Total invalid entries : 0
Total displayed entries : 100
Valid ips:
101.109.x.x
......(Output Omitted........
185.111.x.xResolution
- To avoid this, use the CLI command to list all the entries in the EDL.
- This command gives the option to list the number of records in the EDL, thus able to see the total number of records.
admin@FW(active)> request system external-list show type ip num-records <PUT_A_NUMBER_HERE> name SOC-Blocklist-IP
- Example, if an EDL has 959 entries in it, use 959 in the above command.
- The total number of the EDL is displayed in the first line of the output.
admin@FW(active)> request system external-list show type ip num-records 959 name Blocklist-IP
Blocklist-IP
Total valid entries : 959
Total ignored entries : 0
Total invalid entries : 0
Total displayed entries : 959
Valid ips:
101.109.x.x
...(Output Omitted)...
.........