If you want to configure rules for Saas services on the PaloAlto Firewall, you can do this using the App ID for the particular service, or you can use the IP addresses, Domains or URLs of the service in the policy.
However, since Saas services typically do not use only one IP address, domain or URL, and since these can change dynamically, it requires a dynamic list that is constantly updated automatically.
PaloAlto offers this service as «EDL hosting service». External Dynamic Lists (EDL) are dynamic lists that can contain a list of IP addresses, domains or URLs. These lists are periodically queried by the firewall and updated accordingly. These EDL lists can then be used in various policies. Due to the automatic update of the lists, they are always up to date. There is also no need to commit the configuration if the list changes.
With the possibility to include external lists from third parties via the feature «External Dynamic List EDL», this opens up many possibilities to restrict your own security policies even better and to prevent access to the TOR network.
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:
Because it’s very difficult to take exams at PearsonVUE right now, you may get in trouble regarding the timely recertification of existing certifications. Therefore some vendors have announced an extension for their recertification expiration:
PaloAltoNetworks is extending the certification expiration date by six month for Credential holders with expiration date between March 1, 2020 and July 31, 2020.
Fortinet is extending the certification expiration by one month so far. We assume that this extension will be extended again :-). Update March 27th: Fortinet will extend the expiry dates of all existing NSE certifications by 6 months as of March 16th 2020 (the date of PV’s test center closures).