Import 16,024+ AI-tool domains as an External Dynamic List into PAN-OS. Enforce blocking through URL filtering and security policies — no manual list maintenance.
PAN-DB classifies the established web — not a category that barely existed three years ago and adds hundreds of new domains every month.
The long tail of AI tools remains uncategorized or scattered across generic categories:
16,024+ domains classified into 18 functional categories:
Palo Alto's External Dynamic List (EDL) imports a text file from our servers on a schedule. Once imported, the EDL works exactly like a PAN-DB category — but with a list you control that updates daily from our corpus of 102 million domains.
An EDL tells your firewall to fetch a domain list from a URL on a recurring schedule. Our feed publishes a PAN-OS-compatible EDL updated daily from 102 million scanned domains.
Navigate to Objects > External Dynamic Lists and click Add. Name it AI-Tools-Blocklist.
Set Type to Domain. Paste your subscription EDL URL in the Source field.
Set Repeat to Hourly for enterprise or Daily for standard deployments.
Optionally add approved AI domains to the Exception List. Click OK, then commit.
Enter these commands in PAN-OS configuration mode to create the EDL, set the source URL, and configure the refresh interval.
# Create an External Dynamic List of type "domain" # The firewall will fetch this URL on the configured schedule configure set objects external-list AI-Tools-Blocklist type domain \ url "https://feeds.aitoolsblocklist.com/v1/edl/domains?key=YOUR_API_KEY" \ recurring hourly # Optional: add exceptions for approved AI tools set objects external-list AI-Tools-Blocklist type domain \ exception-list [ "internal-ai.yourcompany.com" "approved-tool.example.com" ] # Verify the EDL object show objects external-list AI-Tools-Blocklist commit
Hourly is the sweet spot — frequent enough to catch new AI tools within hours, without unnecessary management-plane load. Our feed updates daily.
Add approved AI tools or dual-purpose domains to the exception list. Exceptions are evaluated before the block action, so listed domains always pass through.
PAN-OS lets you associate an EDL with a custom URL category. It then appears in URL filtering profiles exactly like a built-in PAN-DB category.
Go to Objects > Custom URL Category. Create AI-Tools-Blocked referencing your EDL.
Go to Security Profiles > URL Filtering. Create or edit a profile.
Set Site Access and User Credential Submission to block for your custom category.
# Create a custom URL category referencing the EDL set profiles custom-url-category AI-Tools-Blocked type "URL List" set profiles custom-url-category AI-Tools-Blocked list AI-Tools-Blocklist # Create a URL filtering profile with the custom category set to block set profiles url-filtering Block-AI-Profile \ credential-enforcement mode disabled set profiles url-filtering Block-AI-Profile \ action block set profiles url-filtering Block-AI-Profile \ block-list AI-Tools-Blocked # Set the block page — users see this when they hit a blocked AI domain set profiles url-filtering Block-AI-Profile \ block-page "This AI tool has been blocked by your organization's security policy." commit
The URL filtering profile is now ready but not yet enforcing traffic. It takes effect only when attached to a security policy rule (Step 3).
A custom block page reduces help-desk tickets — explain the domain is blocked because it's an AI tool, not malware. Include a link to your AI acceptable-use policy and exception request instructions. Configure under Device > Response Pages.
A URL filtering profile does nothing until attached to a security policy rule. Create a dedicated rule for outbound web traffic from your internal zones.
Set to your internal trust zone (trust, internal, or LAN). Use any for the source address.
Set to untrust or internet to match only outbound traffic headed to external AI-tool domains.
Set to web-browsing and ssl for HTTP/HTTPS, or any to also catch desktop AI-tool API calls.
Set action to Allow (URL filtering handles the block). Attach Block-AI-Profile and enable session-end logging.
# Create the security policy rule via CLI # Rule allows traffic but applies URL filtering to block AI domains set rulebase security rules Block-AI-Tools-Outbound \ from [ trust ] \ to [ untrust ] \ source [ any ] \ destination [ any ] \ application [ web-browsing ssl ] \ service [ application-default ] \ action allow \ profile-setting profiles url-filtering Block-AI-Profile \ log-end yes \ log-setting default # Move the rule above your general allow rule move rulebase security rules Block-AI-Tools-Outbound before General-Outbound-Allow # Optional: restrict to specific user groups via LDAP/AD integration set rulebase security rules Block-AI-Tools-Outbound \ source-user [ "cn=finance-dept,ou=groups,dc=company,dc=com" \ "cn=legal-dept,ou=groups,dc=company,dc=com" ] commit
PAN-OS evaluates rules top to bottom — first match wins. Your AI-blocking rule must appear above any general "allow all outbound web" rule. Use the move command or drag in the GUI to position it correctly.
Use the Source User field with User-ID (Active Directory / LDAP) for per-group policies. Create separate rules with different URL filtering profiles per department, using our 18-category taxonomy for granular control.
PAN-OS sees SNI and DNS queries only. Sufficient for domain-level blocking — matches SNI against EDL and blocks before TLS completes.
Full URL path inspection and content visibility. Block specific paths on shared domains and enable DLP to catch confidential data uploads to AI chatbots.
Inspect data sent to AI tools — detect source code, confidential documents, or database exports being pasted into generative AI interfaces.
# Configure SSL Forward Proxy decryption for AI-tool traffic # Requires a CA certificate installed on the firewall and trusted by clients # Step 1: Create a decryption profile set profiles decryption AI-Decryption-Profile \ ssl-forward-proxy block-expired-certificate yes \ ssl-forward-proxy block-untrusted-issuer yes \ ssl-forward-proxy block-unknown-cert no \ ssl-forward-proxy restrict-cert-exts yes # Step 2: Create a decryption policy rule targeting AI-tool domains set rulebase decryption rules Decrypt-AI-Traffic \ from [ trust ] \ to [ untrust ] \ source [ any ] \ destination [ any ] \ service [ any ] \ category [ AI-Tools-Blocked ] \ type ssl-forward-proxy \ action decrypt \ decryption-profile AI-Decryption-Profile commit
Deploy the firewall's signing CA certificate to all clients via Group Policy (Windows), MDM (macOS/iOS), or config management. Certificate-pinned AI desktop clients may need a decryption exclusion list.
Without it, EDL-based domain blocking still works via SNI matching. SSL decryption adds URL-path granularity and content inspection — it's an enhancement, not a prerequisite.
Your primary audit trail. Every block event records timestamp, source IP, source user (with User-ID), destination domain, matched category, and action taken.
Use the Application Command Center to visualize blocked AI traffic by volume, user, zone, and time period.
# View URL filtering logs for blocked AI-tool domains show log url-filtering direction equal backward \ action equal block \ category equal AI-Tools-Blocked # Count blocked sessions by destination domain (top 20) show log url-filtering direction equal backward \ action equal block \ category equal AI-Tools-Blocked \ group-by url | head 20 # Show which users are hitting blocked AI domains most often show log url-filtering direction equal backward \ action equal block \ category equal AI-Tools-Blocked \ group-by srcuser | head 10 # Verify the EDL is refreshing successfully request system external-list show type domain name AI-Tools-Blocklist # Force an immediate EDL refresh (useful after initial setup) request system external-list refresh type domain name AI-Tools-Blocklist
Configure log forwarding under Device > Log Settings to send AI-related block events to Splunk, QRadar, or Microsoft Sentinel. Build dashboards and alert on high-volume users attempting to find unblocked AI alternatives.
Trigger SIEM alerts when users repeatedly attempt AI tool access. High-frequency attempts signal policy circumvention.
Create custom ACC widgets for the AI-Tools-Blocked category. Ideal for executive reporting.
Set up weekly/monthly PDF reports under Monitor > PDF Reports. Auto-distribute to compliance officers.
Define the EDL, URL filtering profile, and security policy once in Panorama. Push to all managed firewalls simultaneously — branch offices, data centers, and cloud VM-Series instances.
Each firewall fetches the updated EDL on its own refresh schedule. No Panorama push required for daily content updates — only policy changes need a push.
Create base AI-blocking policy at the parent level. Add department-specific overrides (e.g., allow code assistants for engineering) in child Device Groups.
Use for per-site settings like SSL decryption certificates and log forwarding. Templates handle site differences while Device Groups handle shared policy.
Panorama aggregates URL filtering logs from all firewalls. Generate a single weekly compliance report covering every location — no per-firewall exports to stitch together.
Engineering may need code assistants. Marketing may need image tools. Legal may need everything blocked. Our 18-category taxonomy enables this granularity.
Subscribe to per-category feeds instead of a single EDL. Create separate EDLs, custom URL categories, and URL filtering profiles. Apply different profiles per security policy rule based on user group, zone, or address.
# Example: Block AI writing tools for finance, allow code tools for engineering # Create category-specific EDLs set objects external-list AI-Text-Language type domain \ url "https://feeds.aitoolsblocklist.com/v1/edl/domains?category=text-language&key=YOUR_API_KEY" \ recurring hourly set objects external-list AI-Code-Dev type domain \ url "https://feeds.aitoolsblocklist.com/v1/edl/domains?category=code-development&key=YOUR_API_KEY" \ recurring hourly set objects external-list AI-Image-Visual type domain \ url "https://feeds.aitoolsblocklist.com/v1/edl/domains?category=image-visual&key=YOUR_API_KEY" \ recurring hourly # Create custom URL categories per EDL set profiles custom-url-category AI-Text-Blocked list AI-Text-Language set profiles custom-url-category AI-Code-Blocked list AI-Code-Dev set profiles custom-url-category AI-Image-Blocked list AI-Image-Visual # Apply different profiles to different user groups # Finance: block text, code, and image AI tools set rulebase security rules Block-AI-Finance \ source-user [ "cn=finance,ou=groups,dc=corp,dc=com" ] \ profile-setting profiles url-filtering Block-All-AI-Profile # Engineering: block text and image, allow code set rulebase security rules Block-AI-Engineering \ source-user [ "cn=engineering,ou=groups,dc=corp,dc=com" ] \ profile-setting profiles url-filtering Block-Text-Image-AI-Profile commit
Requires User-ID integration with Active Directory or LDAP. Without User-ID, use source IP ranges or source zones as the differentiator in security policy rules.
Quick resolutions for the most common EDL deployment problems.
Verify the management interface has outbound HTTPS access. Run request system external-list refresh type domain name AI-Tools-Blocklist and check system logs for errors.
Run show user ip-user-mapping all to verify User-ID is operational. Check LDAP DN format vs. domain\username format — a common mismatch source.
Verify rule order — AI-blocking must appear before the general allow rule. Test with test url-info-cloud url openai.com to check which category matches.
The firewall's signing CA is not trusted by the client. Deploy via Group Policy or MDM. Certificate-pinned AI desktop clients need a decryption exclusion.
Download the free sample EDL to test on your PAN-OS firewall today. Or tell us your deployment details and we will send a ready-to-import feed within 24 hours.
Tell us your PAN-OS version, number of firewalls, and whether you use Panorama. We will send a ready-to-import EDL URL within 24 hours.