Threat feedsThreat feeds dynamically import an external block lists from an HTTP server in the form of a text file. Block lists can be used to enforce special security requirements, such as long term policies to always block access to certain websites, or short term requirements to block access to known compromised locations. The lists are dynamically imported, so that any changes are immediately imported by FortiOS. Show There are four types of threat feeds:
External resources file formatFile format requirements for an external resources file:
For domain name list (type = domain):
For IP address list (type = address):
config system external-resource edit <name> set status {enable | disable} set type {category | address | domain | malware} set category <integer> set username <string> set password <string> set comments [comments] *set resource <resource-uri> *set refresh-rate <integer> set source-ip <string> next end Parameters marked with a * are mandatory and must be filled in. Other parameters either have default values or are optional. Update historyTo review the update history of a threat feed, go to Security Fabric > Fabric Connectors, select a feed, and click Edit. The Last Update field shows the date and time that the feed was last updated. Click View Entries to view the current entries in the list.
What is EDL in Palo Alto firewall?The EDL Hosting Service is a list of Software-as-a-Service (SaaS) application endpoints maintained by Palo Alto Networks.
What is the update frequency of the URL block list external dynamic list EDL?Updates can be set to 5 minutes, hourly, daily, weekly, or monthly. If a 5-minute interval is set, only changes to list content will trigger a commit, and only once-per-hour.
Which security profile type would you configure to block access to known malicious domains?Attach a URL Filtering profile to all rules that allow access to web-based applications to protect against URLs that have been observed hosting malware or exploitive content. The best practice URL Filtering profile sets all known dangerous URL categories to block.
What is dynamic block list Palo Alto?Overview. Dynamic Block Lists (Objects > Dynamic Block Lists), introduced in PAN-OS 5.0, enables externally created lists of IP addresses to be imported and used as address objects in security policies. This document describes formatting rules to consider when creating the text file for an IP address list.
|