Exclude Entries from an External Dynamic List
Focus
Focus

Exclude Entries from an External Dynamic List

Table of Contents
End-of-Life (EoL)

Exclude Entries from an External Dynamic List

As you view the entries of an external dynamic list, you can exclude up to 100 entries from the list. The ability to exclude entries from an external dynamic list gives you the option to enforce policy on some (but not all) of the entries in a list. This is helpful if you cannot edit the contents of an external dynamic list (such as the Palo Alto Networks High-Risk IP Addresses feed) because it comes from a third-party source.
  1. View External Dynamic List Entries.
  2. Select up to 100 entries to exclude from the list and click Submit (
    ) or manually Add a list exception.
    • You cannot save your changes to the external dynamic list if you have duplicate entries in the Manual Exceptions list. To identify duplicate entries, look for entries with a red underline.
    • A manual exception must match a list entry exactly. Additionally, you cannot exclude a specific IP address from within an IP address range. To exclude a specific IP address from an IP address range, you must add each IP address in the range as a list entry and then exclude the desired IP address.
      The firewall does not support excluding an individual IP address from an IP address range.
  3. Click OK and Commit to save your changes.
  4. (Optional) Enforce Policy on an External Dynamic List.