Configuring Palo Alto Panorama or Firewalls Parent topic

Procedure

  1. Go to AdministrationIntegrated Products/ServicesInline Products/Services and select Palo Alto Panorama or Firewalls.
  2. Provide the following information:
    • Server address
      Note
      Note
      The server address must be the IPv4 address or FQDN of the inline product.
    • Server type
      • Panorama
      • Firewalls
      Note
      Note
      Deep Discovery Inspector supports Palo Alto Panorama and firewalls with virtual systems.
      On Panorama devices and firewalls with virtual systems, a policy rule must be configured to utilize the suspicious objects and C&C callback addresses.
    • User name: Existing authentication credential
    • Password: Existing authentication credential

    Valid Character Sets

     
    User name
    Password
    Minimum length
    1 character
    1 character
    Maximum length
    15 characters
    15 characters
  3. (Optional) Click Test Connection.
  4. Under Object Distribution, click Enabled.
    The Legal Statement opens.
  5. Read and accept the Legal Statement.
    Note
    Note
    To enable integration with this inline product/service, you must accept the Legal Statement.
  6. (Optional) Select a new Frequency.
  7. To send object information from Deep Discovery Inspector to this inline product/service, configure the following criteria:
    • Object type:
      • C&C Callback Address
        • IPv4 address
        • Domain
        • URL
      • Suspicious Object
        • IPv4 address
        • Domain
        • URL
    • Risk level:
      • High only
      • High and medium
      • High, medium, and low
  8. Under Advanced Settings, customize URL category names:
    URL category names must include a minimum of one character and a maximum of 31 characters, and may include the following characters:
    • Uppercase (A-Z)
    • Lowercase (a-z)
    • Numeric (0-9)
    • Special characters: - _
    • Space
  9. Click Save.
  10. For PAN-OS 7.1 or later, enable XML API access.
    1. On the Palo Alto product console, go to DeviceAdmin Roles and select or create an admin role.
    2. Select the XML API tab.
    3. Enable the following XML API features from the list.
      • Configuration
      • Operation Requests
      • Commit
      paloalto-enable-xml-.png
    4. Click OK.
    5. Assign the admin role to an administrator account.
  11. (Optional) To view suspicious objects and C&C callback addresses sent by Deep Discovery Inspector on the Palo Alto product console, go to ObjectsCustom URL Category.
    admin-intgr-prods-se.jpg
    Suspicious objects and C&C callback addresses distributed by Deep Discovery Inspector are displayed.