Supported External Dynamic Lists for Palo Alto Networks Next-Generation Firewall
The ServiceNow Palo Alto Networks Next-Generation Firewall integration supports External Dynamic Lists (EDLs) that accept IP, URL, and domain observables.
Supported EDLs and observables
An External Dynamic List is a text file that is hosted on an external web server, which for this integration is the ServiceNow AI Platform instance. The Palo Alto Networks Next-Generation Firewall can then import objects — IP addresses, URLs, domains — included in the list and enforce policy. To enforce policy on the EDL entries, the list is referenced in a policy rule or profile.
- IP (This includes a single IP Address, as well as CIDR blocks (ranges) of addresses).
- URL
- Domain
The following table lists descriptions of the observables supported by this integration and example formats for each type.
| Observable | Example formats | Description |
|---|---|---|
| IP Address |
|
Represents a single, distinct interface address. The integration supports IPv4, IPv6, and CIDR formats. Support for IP address observables includes CIDR (Classless Inter-Domain Routing) ranges, for example, 95.153.100.0/22. Note: An error message is displayed when you try to attach a single IP address to an EDL that you have already blocked as a part of a CIDR range. For example, the single address 95.153.103.54 is part of the CIDR range represented by 95.153.100.0/22 (95.153.100.0-95.153.103.255). |
| URL |
|
Wildcards are supported. The ServiceNow AI Platform reformats URL entries to comply with Palo Alto Networks EDL format requirements. |
| Domain |
|
Wildcards are not supported. |
For more information about formatting guidelines and EDLs, see "Formatting Guidelines for an External Dynamic List" in the PAN-OS 10.0 Administrator's Guide on the Palo Alto Networks website.