Palo Alto Next-Gen Firewall Out-of-the-box Response Integration

Palo Alto Next-Gen Firewall Out-of-the-box Response Integration

To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
This article shows how to create an external block list using Palo Alto Next-Gen Firewall. 

Requirements

  1. Palo Alto Next-Gen Firewall 
  2. A Lumu Defender subscription.
Out-of-the-box Integrations are part of Lumu Defender. This tier was built to help organizations orchestrate and automate defense against confirmed compromise instances. To know more about Lumu Defender,  visit our site.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen and select “Response”.
2. Locate the Palo Alto Next-Gen Firewall integration in the available apps area and then click "Add".

3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
4. To generate the integration URL, add a description and select the threat types you want to include in the list. You can also generate a list of compromised IPs

5. Once you create the integration, you will be provided with the Integration URL:


Deleting an integration will cause URLs to be removed. This action cannot be undone. To reintegrate you will have to generate the URLs again and update your Palo Alto Next-Gen Firewall configuration.

Set Up Palo Alto Next-Gen Firewall

Now that you have the integration URLs, it’s necessary to configure a dynamic block list on Palo Alto Next-Gen Firewall. To do this, you can add an URL or an IP External Dynamic List.

Add a URL External Dynamic List

  1. Under Objects > External Dynamic Lists, add a new External Dynamic List of type URL List.
  2. Enter the required information, including the Domains & URLs URL you obtained from Lumu on step 4. Make sure to select ‘URL List’ in the ‘Type’ parameter.
  3. Modify the update frequency according to your business needs. The Palo Alto Next-Gen Firewall documentation recommends setting this parameter to ‘Hourly’.


      4. After creating the External Dynamic list, you must use it inside a security policy created under the URL filtering profile. The following is an example of said policy:


Add an IP External Dynamic List

  1. Under Objects > External Dynamic Lists, add a new External Dynamic List of type IP List. 
  2. Enter the required information, including the Compromised IPs URL you obtained from Lumu in step 4. Make sure to select ‘IP List’ in the ‘Type’ parameter.
  3. Modify the update frequency according to your business needs. The Palo Alto Next-Gen Firewall documentation recommends setting this parameter to ‘Hourly’.


      4. After creating the External Dynamic list, you must use it inside a firewall policy. The following is an example of said policy:







Further considerations 
Bear in mind that the characteristics of the policy must be defined by your organization. For more details on External Dynamic Lists, consult Palo Alto Next-Gen Firewall’s documentation.

    Still can’t find an answer?
    Send a message to our experts.
    Contact Us