Activate an EDL for Palo Alto Networks Next-Generation Firewall

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read

    • After the External Dynamic List (EDL) has been created in your ServiceNow AI Platform® and the URL is available, the Palo Alto Networks firewall administrator configures the EDL in the Palo Alto Networks Next-Generation Firewall. The retrieval URL is used by the Palo Alto Networks firewall administrator to configure the EDL in the Palo Alto Networks Next-Generation Firewall server. Before it can accept EDL entries, the EDL must be configured in Palo Alto Networks and activated in the ServiceNow AI Platform®.

    Before you begin

    Role required: sn_si.admin

    About this task

    After the EDL is configured, as the security incident administrator, you can activate the EDL manually, or, the EDL is automatically activated on completion of a ServiceNow AI Platform® Change Request. The EDL must be approved and moved from the inactive state to the active state before it can accept EDL entries.

    Procedure

    1. Navigate to All > Palo Alto Networks NGFW Integration > Firewall EDL Configuration and select the Firewall EDL Configuration module.
    2. In the Palo Alto Networks Firewall Dynamic Lists list that is displayed, select your new EDL in the Name column.
    3. On the record that is displayed, note the Email FW retrieval URL buttons, the active EDL Retrieval URL link, and, if configured, the ServiceNow AI Platform® change request in the Change Requests section.
      Make sure that the Active check box is cleared.
      Note:
      With Tabbed forms cleared in your system settings, the EDL Retrieval URL appears in EDL Retrieval Info section as shown in the previous figure.
    4. To complete the configuration and move the EDL from inactive to active, you must choose one of the following options to notify the firewall administrator that the retrieval URL is available.
      OptionDescription
      Select Email FW retrieval URL. Email EDL Retrieval URL directly to the firewall administrator.

      This option permits the firewall administrator to finish the configuration on the Palo Alto Networks platform. Choose this option if the firewall administrator is not using the ServiceNow AI Platform®.

      Note:
      The security incident administrator manually activates the EDL in the ServiceNow AI Platform® after receiving notice that the Palo Alto Networks Next-Generation Firewall configuration is completed. See: Activate an EDL manually.
      Complete the ServiceNow AI Platform® change request and assign the configuration tasks to the firewall administrator. This option is available only if the firewall administrator for Palo Alto Networks is also using the ServiceNow AI Platform®, and the ServiceNow AI Platform® change management and approval processes are configured.
      Note:
      Users with the sn_si.admin role can approve the ServiceNow AI Platform® change request. Once the configuration tasks are completed and the change request has been closed, the EDL is activated automatically. See: Activate an EDL for Palo Alto Networks Next-Generation Firewall with a change request.
      After you notify the firewall administrator that the retrieval URL is available and you confirm the EDL has been configured in Palo Alto Networks, as the security incident administrator, your next step is to activate the EDL. You either activate the EDL manually, or, if configured, use the ServiceNow AI Platform change request form to activate the EDL.