EmergingThreats.net

["Di Fabio, Andrea" <adifabio () NSU EDU>]

Experts,

 

We have been using the following for many years now
http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt on our
border CISCO ASA firewalls with great success and little to no issues. A
script pulls the new list, compares it with the old one and applies the
delta.  We are currently switching to PaloAlto FWs and it appears that
scripting/importing this large list may not be as easy as it was with the
ASA. 

 

Can those of you who use the ET list with PaloAlto give us some
feedback/scripts/API on how you implemented it? We are also considering
moving it to our border CISCO router either as an ACL or as a Null route,
any feedback with the latter and/or scripts you may be using? My primary
concern with using Null route is the fact that as far as I understand it, it
can only block outbound traffic. The router ACL can accomplish blocking
in/out, but my concern is with performance. What say you?

Attachment: smime.p7s
Description: