Configuring Palo Alto Panorama or Firewalls

Procedure

1. Go to Administration → Integrated Products/Services → Inline Products/Services and select Palo Alto Panorama or Firewalls.
2. Provide the following information:
   • Server address

     Note The server address must be the IPv4 address or FQDN of the inline product.

   • Server type
     • Panorama
     • Firewalls

     Note Deep Discovery Inspector supports Palo Alto Panorama and firewalls with virtual systems. On Panorama devices and firewalls with virtual systems, a policy rule must be configured to utilize the suspicious objects and C&C callback addresses.

   • User name: Existing authentication credential
   • Password: Existing authentication credential

   Valid Character Sets

   	User name	Password
   Minimum length	1 character	1 character
   Maximum length	15 characters	15 characters

3. (Optional) Click Test Connection.
4. Under Object Distribution, click Enabled.
   The Legal Statement opens.
5. Read and accept the Legal Statement.

   Note To enable integration with this inline product/service, you must accept the Legal Statement.

6. (Optional) Select a new Frequency.
7. To send object information from Deep Discovery Inspector to this inline product/service, configure the following criteria:
   • Object type:
     • C&C Callback Address
       • IPv4 address
       • Domain
       • URL
     • Suspicious Object
       • IPv4 address
       • Domain
       • URL
   • Risk level:
     • High only
     • High and medium
     • High, medium, and low
8. Under Advanced Settings, customize URL category names:
   URL category names must include a minimum of one character and a maximum of 31 characters, and may include the following characters:

   • Uppercase (A-Z)
   • Lowercase (a-z)
   • Numeric (0-9)
   • Special characters: - _
   • Space
9. Click Save.
10. For PAN-OS 7.1 or later, enable XML API access.
    1. On the Palo Alto product console, go to Device → Admin Roles and select or create an admin role.
    2. Select the XML API tab.
    3. Enable the following XML API features from the list.
       • Configuration
       • Operation Requests
       • Commit
       
    4. Click OK.
    5. Assign the admin role to an administrator account.
11. (Optional) To view suspicious objects and C&C callback addresses sent by Deep Discovery Inspector on the Palo Alto product console, go to Objects → Custom URL Category.

    

    Suspicious objects and C&C callback addresses distributed by Deep Discovery Inspector are displayed.