Palo Alto Next-Gen Firewall Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article.
This article shows how to create an external block list using Palo Alto Next-Gen Firewall.
Requirements
- Palo Alto Next-Gen Firewall
- A Lumu Defender subscription.
Out-of-the-box Integrations are part of Lumu Defender. This tier was built to help organizations orchestrate and automate defense against confirmed compromise instances. To know more about Lumu Defender, visit our site.
Add Integration
1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen and select “Response”.
2. Locate the Palo Alto Next-Gen Firewall integration in the available apps area and then click "Add".
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.
4. To generate the integration URL, add a description and select the threat types you want to include in the list. You can also generate a list of compromised IPs
5. Once you create the integration, you will be provided with the Integration URL:
Deleting an integration will cause URLs to be removed. This action cannot be undone. To reintegrate you will have to generate the URLs again and update your Palo Alto Next-Gen Firewall configuration.
Set Up Palo Alto Next-Gen Firewall
Now that you have the integration URLs, it’s necessary to configure a dynamic block list on Palo Alto Next-Gen Firewall. To do this, you can add an URL or an IP External Dynamic List.
Add a URL External Dynamic List
- Under Objects > External Dynamic Lists, add a new External Dynamic List of type URL List.
- Enter the required information, including the Domains & URLs URL you obtained from Lumu on step 4. Make sure to select ‘URL List’ in the ‘Type’ parameter.
- Modify the update frequency according to your business needs. The Palo Alto Next-Gen Firewall documentation recommends setting this parameter to ‘Hourly’.
4. After creating the External Dynamic list, you must use it inside a security policy created under the URL filtering profile. The following is an example of said policy:
Add an IP External Dynamic List
- Under Objects > External Dynamic Lists, add a new External Dynamic List of type IP List.
- Enter the required information, including the Compromised IPs URL you obtained from Lumu in step 4. Make sure to select ‘IP List’ in the ‘Type’ parameter.
- Modify the update frequency according to your business needs. The Palo Alto Next-Gen Firewall documentation recommends setting this parameter to ‘Hourly’.
4. After creating the External Dynamic list, you must use it inside a firewall policy. The following is an example of said policy:
Further considerations
Bear in mind that the characteristics of the policy must be defined by your organization. For more details on External Dynamic Lists, consult Palo Alto Next-Gen Firewall’s documentation.
Related Articles
Lumu Out-of-the-box Integrations
For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration
The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...Google Cloud NGFW Out-of-the-Box Response Integration
This article describes the required procedure to integrate Google Cloud NGFW with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements Google Cloud Platform Account GCP administrator ...Juniper SRX Firewall Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. In this article, you will find out how to configure Juniper SRX Firewall to receive and block adversaries detected by Lumu and improve the detection & ...SonicWall Firewall Simplified Out-of-the-Box Response Integration
Requirements SonicWall Firewall SonicWall Operating System 6.5 or 7 For SonicOS 6.5, the integration is tested with SonicOS 6.5.4.5-53n or above. Please follow the instructions in the corresponding section to deploy it. Lumu License Lumu Defender ...