In this short blog post, we'll explore what the EDL (External Dynamic List) hosting service is and how it solves problems for us. An External Dynamic List is a text file that is hosted on an external server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. To enforce policy on the entries included in the external dynamic list, you can reference the list in a security policy.
EDL Hosting Service
The EDL Hosting Service is a list of SaaS application endpoints maintained by Palo Alto. Each Feed URL contains an external dynamic list (EDL) that is checked daily for any new endpoints added to the publicly available Feed URLs published by the SaaS provider.
When a SaaS provider adds a new endpoint for a SaaS application the corresponding Feed URL is updated. Leveraging the EDL Hosting Service allows for dynamic enforcement of traffic to and from your SaaS application without the need for you to host and maintain your own EDL.
GitHub Example
For an example, imagine you want to let users SSH into GitHub repositories. Without EDL, you'd either risk security by allowing SSH to 'all IP addresses' or manually collect GitHub's IP addresses and keep them updated—a tedious task.
With the EDL service, you simply copy GitHub's URL into Palo Alto, and the list updates automatically.
Navigate to EDL hosting service and copy the URL of GitHub and add it to the EDL list in the Palo Alto Firewall.
Now, all you have to do is reference this list as a 'Destination Address' in your security policy.
That's all, now the IP addresses of GitHub are dynamically updated and you don't need to worry about updating them manually.
References
https://docs.paloaltonetworks.com/resources/edl-hosting-service