Palo Alto Networks DBL Configuration Guide

The DBL is sized at approximately 40,000 URLs. Should memory exhaustion occur due to multiple Profile usage, ensure to manage your device(s) to avoid such a situation by performance and log monitoring.

Submit a ticket###

To continue with this configuration guide you must first submit a ticket via the Samurai MDR portal. Add the following information within your request:

Ticket fieldInformation
TitleDBL Onboarding Request for Palo Alto Networks device(s)
DescriptionAdd hostname and IP address (internet facing) of your Palo Alto Networks NGFW(s). For example: mysecureproxy1.acme.org, 19.16*.2*.2 If enrolling multiple gateways please add each gateway on individual lines.*

Submit the ticket and you will hear back from us with additional information (e.g DBL URL) to continue with the configuration below.

Connection Requirements

You will need to ensure your Palo Alto Networks device(s) can reach a specific URL to obtain the DBL. This information will be provided to you once subscribed.

ParameterNote
Connection PortTCP / 80
DBL URLNTT will provide a unique URL to you to download the DBL URL list

Table 1: Connections requirements

To complete this configuration you will need to:

From your Palo Alto Networks device:

Configure an External Dynamic List (EDL)

Follow the steps outlined within the Palo Alto Networks documentation:

Use the following parameters when completing the steps:

Field NameParameter
NameWhatever you want, however we suggest NTT_DBL
TypeURL List
SourceDBL URL will be provided to you upon enablement of the add-on
Certificate ProfileNone
Check for updateshourly

Table 2: EDL Configuration

Tips:

  • Select your specific PAN OS version when reviewing Palo Alto Networks documentation (we have linked version 10.2)
  • To find out more information about EDL’s refer to Palo Alto Networks documentation External Dynamic Lists
  • Once completed, follow the Palo Alto Networks documentation linked to y’Test Source URL’ to ensure the DBL can be accessed

Configure a URL Filtering Profile

Follow the steps outlined within the Palo Alto Networks documentation:

Use the following parameters for the EDL created in Configure an External Dynamic List when completing the steps:

Field NameParameter
Profile NameWe suggested NTT_DBL
Site AccessBlock
User Credential SubmissionBlock

Table 3: URL filtering profile

Configure security policy rule

Follow the steps outlined within the Palo Alto Networks documentation:

Use the following parameters in the Actions tab when completing the steps:

Field NameParameter
Profile Setting TypeProfiles
URL Filtering Profilewe suggested NTT_DBL
Log at Session StartDisabled
Log at Session EndEnabled

Table 4: Security policy rule

Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by *raising a ticket in the Samurai MDR portal and we shall get it updated.