Palo Alto Networks DBL Configuration Guide
The DBL is sized at approximately 40,000 URLs. Should memory exhaustion occur due to multiple Profile usage, ensure to manage your device(s) to avoid such a situation by performance and log monitoring.
Submit a ticket###
To continue with this configuration guide you must first submit a ticket via the Samurai MDR portal. Add the following information within your request:
Ticket field | Information |
---|---|
Title | DBL Onboarding Request for Palo Alto Networks device(s) |
Description | Add hostname and IP address (internet facing) of your Palo Alto Networks NGFW(s). For example: mysecureproxy1.acme.org, 19.16*.2*.2 If enrolling multiple gateways please add each gateway on individual lines.* |
Submit the ticket and you will hear back from us with additional information (e.g DBL URL) to continue with the configuration below.
Connection Requirements
You will need to ensure your Palo Alto Networks device(s) can reach a specific URL to obtain the DBL. This information will be provided to you once subscribed.
Parameter | Note |
---|---|
Connection Port | TCP / 80 |
DBL URL | NTT will provide a unique URL to you to download the DBL URL list |
Table 1: Connections requirements
To complete this configuration you will need to:
From your Palo Alto Networks device:
- Configure an External Dynamic List (EDL)
- Configure a URL Filtering Profile
- Configure security policy rule
Configure an External Dynamic List (EDL)
Follow the steps outlined within the Palo Alto Networks documentation:
Use the following parameters when completing the steps:
Field Name | Parameter |
---|---|
Name | Whatever you want, however we suggest NTT_DBL |
Type | URL List |
Source | DBL URL will be provided to you upon enablement of the add-on |
Certificate Profile | None |
Check for updates | hourly |
Table 2: EDL Configuration
Tips:
- Select your specific PAN OS version when reviewing Palo Alto Networks documentation (we have linked version 10.2)
- To find out more information about EDL’s refer to Palo Alto Networks documentation External Dynamic Lists
- Once completed, follow the Palo Alto Networks documentation linked to y’Test Source URL’ to ensure the DBL can be accessed
Configure a URL Filtering Profile
Follow the steps outlined within the Palo Alto Networks documentation:
Use the following parameters for the EDL created in Configure an External Dynamic List when completing the steps:
Field Name | Parameter |
---|---|
Profile Name | We suggested NTT_DBL |
Site Access | Block |
User Credential Submission | Block |
Table 3: URL filtering profile
Configure security policy rule
Follow the steps outlined within the Palo Alto Networks documentation:
Use the following parameters in the Actions tab when completing the steps:
Field Name | Parameter |
---|---|
Profile Setting Type | Profiles |
URL Filtering Profile | we suggested NTT_DBL |
Log at Session Start | Disabled |
Log at Session End | Enabled |
Table 4: Security policy rule
Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by *raising a ticket in the Samurai MDR portal and we shall get it updated.