Fortinet Document Library

Version:


Table of Contents

Palo Alto Networks Panorama

1.0.1
Copy Link

About the connector

The Paloalto Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.

This document provides information about the Paloalto Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Paloalto Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.

Version information

Connector Version: 1.0.1

Authored By: Fortinet

Certified: No

Release Notes for version 1.0.1

Following enhancements have been made to the PaloAlto Panorama connector in version 1.0.1:

  • Updated the name of the connector from Panorama to PaloAlto Panorama.

  • Renamed the List of Connected Firewalls operation to Get Connected Firewalls.

  • Updated the configuration parameter name Address Group to IP Address Group.

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-paloalto-panorama

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the URL of Palo Alto Networks® Panorama server to which you will connect and perform automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Block IP Blocks the IP address that you have specified on all or selected devices configured on Panorama. block_ip
Containment
Unblock IP Unblocks the IP address that you have specified on all or selected devices configured on Panorama. unblock_ip
Remediation
Block URL Blocks the URL that you have specified on all or selected devices configured on Panorama. block_url
Containment
Unblock URL Unblocks the URL that you have specified on all or selected devices configured on Panorama. unblock_url
Remediation
Block Application Blocks the application that you have specified on all or selected devices configured on Panorama. block_app
Containment
Unblock Application Unblocks the application that you have specified on all or selected devices configured on Panorama. unblock_app
Remediation
Get Connected Firewalls Retrieves a list of all configured firewalls from Panorama.  

operation: Block IP

Input parameters

Parameter Description
IP Address IP address that you want to block using Panorama.
Device group to configure Device group on which you want to block the IP address.

Output

The output contains a non-dictionary value.

operation: Unblock IP

Input parameters

Parameter Description
IP Address IP address to unblock using Panorama.
Device group to configure Device group on which you want to block the IP address.

Output

The output contains a non-dictionary value.

operation: Block URL

Input parameters

Parameter Description
URL URL to block using Panorama.
Device group to configure Device group on which you want to block the URL.

Output

The output contains a non-dictionary value.

operation: Unblock URL

Input parameters

Parameter Description
URL URL to unblock using Panorama.
Device group to configure Device group on which you want to unblock the URL.

Output

The output contains a non-dictionary value.

operation: Block Application

Input parameters

Parameter Description
Application Name Name of application to block using Panorama.
Device group to configure Device group on which you want to block the application.

Output

The output contains a non-dictionary value.

operation: Unblock Application

Input parameters

Parameter Description
Application Name Name of application to unblock using the Panorama.
Device group to configure Device group on which you want to unblock the application.

Output

The output contains a non-dictionary value.

operation: Get Connected Firewalls

Input parameters

None.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Paloalto-Panorama - 1.0.1 playbook collection comes bundled with the Paloalto Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Paloalto Panorama connector.

  • Block Application
  • Block IP
  • Block URL
  • Get Connected Firewalls
  • Unblock Application
  • Unblock IP
  • Unblock URL

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

The Paloalto Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.

This document provides information about the Paloalto Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Paloalto Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.

Version information

Connector Version: 1.0.1

Authored By: Fortinet

Certified: No

Release Notes for version 1.0.1

Following enhancements have been made to the PaloAlto Panorama connector in version 1.0.1:

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-paloalto-panorama

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Block IP Blocks the IP address that you have specified on all or selected devices configured on Panorama. block_ip
Containment
Unblock IP Unblocks the IP address that you have specified on all or selected devices configured on Panorama. unblock_ip
Remediation
Block URL Blocks the URL that you have specified on all or selected devices configured on Panorama. block_url
Containment
Unblock URL Unblocks the URL that you have specified on all or selected devices configured on Panorama. unblock_url
Remediation
Block Application Blocks the application that you have specified on all or selected devices configured on Panorama. block_app
Containment
Unblock Application Unblocks the application that you have specified on all or selected devices configured on Panorama. unblock_app
Remediation
Get Connected Firewalls Retrieves a list of all configured firewalls from Panorama.  

operation: Block IP

Input parameters

Parameter Description
IP Address IP address that you want to block using Panorama.
Device group to configure Device group on which you want to block the IP address.

Output

The output contains a non-dictionary value.

operation: Unblock IP

Input parameters

Parameter Description
IP Address IP address to unblock using Panorama.
Device group to configure Device group on which you want to block the IP address.

Output

The output contains a non-dictionary value.

operation: Block URL

Input parameters

Parameter Description
URL URL to block using Panorama.
Device group to configure Device group on which you want to block the URL.

Output

The output contains a non-dictionary value.

operation: Unblock URL

Input parameters

Parameter Description
URL URL to unblock using Panorama.
Device group to configure Device group on which you want to unblock the URL.

Output

The output contains a non-dictionary value.

operation: Block Application

Input parameters

Parameter Description
Application Name Name of application to block using Panorama.
Device group to configure Device group on which you want to block the application.

Output

The output contains a non-dictionary value.

operation: Unblock Application

Input parameters

Parameter Description
Application Name Name of application to unblock using the Panorama.
Device group to configure Device group on which you want to unblock the application.

Output

The output contains a non-dictionary value.

operation: Get Connected Firewalls

Input parameters

None.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - Paloalto-Panorama - 1.0.1 playbook collection comes bundled with the Paloalto Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Paloalto Panorama connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.