One new feature that we have available to us with Palo Alto firewalls is External Dynamic Lists. An External Dynamic List is an object that points to an external list that is maintained and updated frequently by a vendor or service, which will typically contain high risk IP addresses, network blocks, domains, or URLs. We can then use this Object in a security policy. This allows us to create rules which reference this frequently updated list so that they remain current and do not require a manual update.
We spent some extra time on this as we wanted to integrate this feature into fw.noc by mapping a Global Scope to a Palo Alto EDL. Example follows:
Here we have the EDL template in our Panorama management server:
We then map this EDL to a Global Scope in fw.noc:
Next we use this mapped Global Scope in a rule on fw.noc:
And once deployed, this rule is now in our security policy on the Palo Alto virtual firewall instance: