Hello friends, welcome back. This is Day 33 of my PCNSA Palo Alto Firewall training series, and in this video I covered one very important real-time topic: External Dynamic Lists (EDL). In my previous session I explained URL categories and how to block categories using URL filtering, and today I extended the same concept to show how EDL works as a dynamic list of IPs/URLs that the firewall can pull from a given URL. The key point is: EDL is dynamic in nature, it keeps updating automatically, and to use it you must have the proper license (I showed it with Threat/Threat Prevention type licensing) and you need to keep your dynamic updates (Applications & Threats and Antivirus) updated. In the lab, I used the same topology from my URL filtering setup and showed you where to find EDL under Objects. After updating signatures, you can see multiple high-risk/malicious IP lists maintained by Palo Alto Networks. Then I created security policies to drop traffic both inbound and outbound if the source/destination matches those EDL objects—so you can block known bad IPs without manually maintaining the list. Finally, I demonstrated the admin side: how to create my own custom URL category (admin-defined list) and allow a specific URL even when the full category (like “hacking”) is blocked. I tested it from the client PC to prove one allowed URL works while other hacking-category sites still get blocked.