Focus

Disable Authentication for an External Dynamic List

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Find External Dynamic Lists That Failed Authentication

Disable Authentication for an External Dynamic List

Palo Alto Networks recommends that you enable authentication for the servers that host the external dynamic lists configured on your firewall. However, if you Find External Dynamic Lists That Failed Authentication and prefer to disable server authentication for those lists, you can do so through the CLI. The procedure below only applies to external dynamic lists secured with SSL (i.e., lists with an HTTPS URL); the firewall does not enforce server authentication on lists with an HTTP URL.

Disabling server authentication for an external dynamic list also disables client authentication. With client authentication disabled, the firewall will not be able to connect to an external dynamic list that requires a username and password for access.

Launch the CLI and switch to configuration mode as follows:
```
username@hostname> configure 
Entering configuration mode 
[edit] 
username@hostname#
```
The change from the > to the # symbol indicates that you are now in configuration mode.

Enter the appropriate CLI command for the list type:

IP Address

set external-list <external dynamic list name> type ip certificate-profile None

Domain

set external-list <external dynamic list name> type domain certificate-profile None

URL

set external-list <external dynamic list name> type url certificate-profile None

Verify that authentication is disabled for the external dynamic list.
Trigger a refresh for the list (see Retrieve an External Dynamic List from the Web Server). If the firewall retrieves the list successfully, server authentication is disabled.

Find External Dynamic Lists That Failed Authentication

Next-Generation Firewall Docs

Disable Authentication for an External Dynamic List

Next-Generation Firewall Docs

Disable Authentication for an External Dynamic List

Activation & Onboarding

Next-Generation Firewalls

Cloud-Delivered Security Services

Network Security

Visibility & Monitoring

Best Practices

Experts Corner