Activate an EDL for Palo Alto Networks Next-Generation Firewall

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 2 min. de leitura

    • After the External Dynamic List (EDL) has been created in your ServiceNow AI Platform® and the URL is available, the Palo Alto Networks firewall administrator configures the EDL in the Palo Alto Networks Next-Generation Firewall. The retrieval URL is used by the Palo Alto Networks firewall administrator to configure the EDL in the Palo Alto Networks Next-Generation Firewall server. Before it can accept EDL entries, the EDL must be configured in Palo Alto Networks and activated in the ServiceNow AI Platform®.

    Antes de Iniciar

    Role required: sn_si.admin

    Por Que e Quando Desempenhar Esta Tarefa

    After the EDL is configured, as the security incident administrator, you can activate the EDL manually, or, the EDL is automatically activated upon completion of a ServiceNow AI Platform® Change Request. The EDL must be approved and moved from the inactive state to the active state before it can accept EDL entries.

    Procedimento

    1. Navigate to All > Palo Alto Networks NGFW Integration > Firewall EDL Configuration and select the Firewall EDL Configuration module.
      Select Firewall EDL Configuration module.
    2. In the Palo Alto Networks Firewall Dynamic Lists list that is displayed, select your new EDL in the Name column.
    3. On the record that is displayed, note the Email FW retrieval URL buttons, the active EDL Retrieval URL link, and, if configured, the ServiceNow AI Platform® change request in the Change Requests section.
      Make sure that the Active check box is cleared.
      Malware IP EDL not activated.
      Nota:
      With Tabbed forms cleared in your system settings, the EDL Retrieval URL appears in EDL Retrieval Info section as shown in the previous figure.

      The following figure shows the EDL Retrieval Info displayed as a tab with Tabbed forms selected in your system settings. Click the EDL Retrieval Info tab to display the retrieval URL. The link to the change request (CH0030015) is also displayed.

      Change request link highlighted.
    4. To complete the configuration and move the EDL from inactive to active, you must choose one of the following options to notify the firewall administrator that the retrieval URL is available.
      OptionDescription
      Click Email FW retrieval URL. Email EDL Retrieval URL directly to the firewall administrator.

      This option permits the firewall administrator to finish the configuration on the Palo Alto Networks platform. Choose this option if the firewall administrator is not using the ServiceNow AI Platform® .

      Nota:
      The security incident administrator manually activates the EDL in the ServiceNow AI Platform® after receiving notice that the Palo Alto Networks Next-Generation Firewall configuration is completed. See: Activate an EDL manually.
      Complete the ServiceNow AI Platform® change request and assign the configuration tasks to the firewall administrator. This option is available only if the firewall administrator for Palo Alto Networks is also using the ServiceNow AI Platform®, and the ServiceNow AI Platform® change management and approval processes are configured.
      Nota:
      Users with the sn_si.admin role can approve the ServiceNow AI Platform® change request. Once the configuration tasks are completed and the change request has been closed, the EDL is activated automatically. See: Activate an EDL for Palo Alto Networks Next-Generation Firewall with a change request.
      After you notify the firewall administrator that the retrieval URL is available and you confirm the EDL has been configured in Palo Alto Networks, as the security incident administrator, your next step is to activate the EDL. You either activate the EDL manually, or, if configured, use the ServiceNow AI Platform change request form to activate the EDL.