The
Dynamic Block List (DBL) automates the blocking of the domains or websites
instead of configuring manually on each PAN Firewall. You just need to update a
list or a script in an web server.
I tried to access the said websites prior to configuring the Dynamic Block List.
To view logs, go to Monitor > Logs > Traffic.
I transferred the file block-list.txt from the client Windows machine to the web (Linux) server via WinSCP.
To configure a Dynamic Block List, go to Objects > External Dynamic Lists > Add.
Type a Name (DYNAMIC-LIST-BLOCK-1) > Type: URL List.
To apply the External Dynamic List, go to Policies > Security > click Rule #1 (Allow-Inside-Out) > Clone.
Leave the default Name selected > click OK.
Under General, type a Name (DYNAMIC-LIST-BLOCK).
Leave the other cloned settings in their default.
Under Service/URL Category > URL Category > External Dynamic Lists > select DYNAMIC-LIST-BLOCK-1 created earlier.
Under Actions tab > Action Settings > Action: Deny > click OK.
You can drag and hold the Security rules to the position you want. I dragged the DYNAMIC-LIST-BLOCK rule to position 1.
Alternatively, you can select a rule > click Move (at the bottom) > Move Top to move the selected rule to the topmost rule.
Click Commit.
If there's an update on the DBL script and can't wait for the fuve minute refresh, you can force update by using the CLI command request system external-list refresh type url name <EXTERNAL DYNAMIC LIST NAME>.
I tried visiting again the websites on the DBL but got a page can't be displayed error.
To view DBL logs, go to Monitor > Logs > Traffic.
Notice under Action column: reset-both and under Rule column: DYNAMIC-LIST-BLOCK.
Click on the magnifying glass icon to get a Detailed Log View.
Notice the Security Policy Rule: DYNAMIC-LIST-BLOCK with a Category: DYNAMIC-LIST-BLOCK-1 took effect on the URL in the DBL: www.facebook.com, www.youtube.com and www.reddit.com.
Access to other websites: Google and CNN worked just fine.
I listed
popular websites that are commonly blocked and impacts
productivity (depending on company's IT policy): Facebook, Youtube and Reddit. I saved the notepad (.txt) file and
named as block-list.
You'll
need the wildcard pattern such as the asterisk (*) and dot (.) to correctly match the URL/domain in the
Dynamic Block List.
I tried to access the said websites prior to configuring the Dynamic Block List.
To view logs, go to Monitor > Logs > Traffic.
I transferred the file block-list.txt from the client Windows machine to the web (Linux) server via WinSCP.
To configure a Dynamic Block List, go to Objects > External Dynamic Lists > Add.
Type a Name (DYNAMIC-LIST-BLOCK-1) > Type: URL List.
Type the
Source: http://192.168.50.10/block-list.txt
> Repeat: Five Minute > click OK.
I
configured the DMZ/web server (192.168.50.10) as the Source and imports the list or feed
every 5 minutes. There's no need to Commit every time the PAN Firewall
automatically retrieves the Dynamic Block List.
You need
to configure the Dynamic Block List first before you can use the Test Source URL.
Notice
the Source URL is accessible. Click Close.
To apply the External Dynamic List, go to Policies > Security > click Rule #1 (Allow-Inside-Out) > Clone.
Leave the default Name selected > click OK.
Under General, type a Name (DYNAMIC-LIST-BLOCK).
Leave the other cloned settings in their default.
Under Service/URL Category > URL Category > External Dynamic Lists > select DYNAMIC-LIST-BLOCK-1 created earlier.
Under Actions tab > Action Settings > Action: Deny > click OK.
You can drag and hold the Security rules to the position you want. I dragged the DYNAMIC-LIST-BLOCK rule to position 1.
Alternatively, you can select a rule > click Move (at the bottom) > Move Top to move the selected rule to the topmost rule.
Click Commit.
To verify
the blocked URLs, type the CLI command request
system external-list show type url name <DYNAMIC LIST OBJECT NAME>
Notice
the three domains are listed: *.facebook.com, *.youtube.com, *.reddit.com
If there's an update on the DBL script and can't wait for the fuve minute refresh, you can force update by using the CLI command request system external-list refresh type url name <EXTERNAL DYNAMIC LIST NAME>.
I tried visiting again the websites on the DBL but got a page can't be displayed error.
To view DBL logs, go to Monitor > Logs > Traffic.
Notice under Action column: reset-both and under Rule column: DYNAMIC-LIST-BLOCK.
Click on the magnifying glass icon to get a Detailed Log View.
Notice the Security Policy Rule: DYNAMIC-LIST-BLOCK with a Category: DYNAMIC-LIST-BLOCK-1 took effect on the URL in the DBL: www.facebook.com, www.youtube.com and www.reddit.com.
Access to other websites: Google and CNN worked just fine.
No comments:
Post a Comment