The Palo Alto Networks Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.
This document provides information about the Palo Alto Networks Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Palo Alto Networks Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
PaloAlto Versions Tested on: PaloAlto Networks Panorama connector has been tested on the following: Model: Panorama version 8.0.2 Application version: 655-3816
Authored By: Fortinet.
Certified: Yes
Following enhancements have been made to the Palo Alto Networks Panorama connector in version 2.0.0:
Updated the name of the connector from PaloAlto Panorama to Palo Alto Networks Panorama.
Added the following new operations and playbooks:
Get Device Groups
Get Application Groups
Updated the sample playbooks
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-palo-alto-networks-panorama
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
Important: You must append /api
in the server URL while configuring the connector. For example, https://<serverip>/api
In FortiSOAR™ , on the connectors page, click the Palo Alto Networks Panorama connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Username | Username to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Password | Password to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Security Policy Name For Blocking IP | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block IP addresses. |
Address Group | Name of the address group that is linked to the specified security policy to block IP addresses. |
Security Policy Name For Blocking URL | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block URLs. |
URL Group | Name of the URL group that is linked to the specified security policy to block IP URLs. |
Security Policy Name For Blocking Application | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block applications. |
Application Group | Name of the application group that is linked to the specified security policy to block applications. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Block IP | Blocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_ip Containment |
Unblock IP | Unblocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_ip Remediation |
Block URL | Blocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_url Containment |
Unblock URL | Unblocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_url Remediation |
Block Application | Blocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_app Containment |
Unblock Application | Unblocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_app Remediation |
Get Connected Firewalls | Retrieves a list of all configured firewalls from Palo Alto Networks® Panorama. |
firewall_list |
Get Device Groups | Retrieves a list all of device groups or details of specific device groups from Palo Alto Networks® Panorama based on the device group name you have specified. |
get_device_groups Investigation |
Get Application Groups | Retrieves a list all of application groups or details of specific application groups from Palo Alto Networks® Panorama based on the application group name you have specified. | get_application_groups
Investigation |
Parameter | Description |
---|---|
IP Address | IP address that you want to block using Palo Alto Networks® Panorama |
Device group to configure | Device group on which you want to block the IP address. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP Address | IP address to unblock using Palo Alto Networks® Panorama |
Device group to configure | Device group on which you want to block the IP address. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
URL | URL that you want to block using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to block the URL. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
URL | URL that you want to unblock using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to unblock the URL. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Application Name | Name of application that you want to block using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to block the application. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Application Name | Name of application that you want to unblock using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to unblock the application. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"response": {
"result": {
"devices": {
"entry": {
"vsys": {
"entry": {
"@name": "",
"display-name": "",
"shared-policy-md5sum": "",
"shared-policy-status": ""
}
},
"sw-version": "",
"unsupported-version": "",
"custom-certificate-usage": "",
"connected-at": "",
"multi-vsys": "",
"av-version": "",
"vpn-disable-mode": "",
"certificate-status": "",
"threat-version": "",
"domain": "",
"hostname": "",
"connected": "",
"global-protect-client-package-version": "",
"logdb-version": "",
"model": "",
"certificate-subject-name": "",
"deactivated": "",
"wildfire-version": "",
"certificate-expiry": "",
"url-filtering-version": "",
"ip-address": "",
"serial": "",
"@name": "",
"url-db": "",
"operational-mode": "",
"family": "",
"app-version": "",
"uptime": ""
}
}
},
"@status": ""
}
}
Parameter | Description |
---|---|
Device Group Name | (Optional) Name of the device group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"@count": "",
"device-group": {
"entry": {
"address-group": {
"entry": {
"@name": "",
"static": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"address": {
"entry": [
{
"@name": "",
"ip-netmask": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"devices": {
"entry": {
"@name": ""
}
},
"profiles": {
"url-filtering": {
"entry": {
"action": "",
"@name": "",
"credential-enforcement": {
"mode": {
"disabled": ""
},
"log-severity": ""
},
"description": "",
"block-list": {
"member": []
}
}
}
},
"@admin": "",
"@name": "",
"@time": "",
"application-group": "",
"@dirtyId": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
}
},
"@code": "",
"@status": ""
}
}
Parameter | Description |
---|---|
Application Group Name | (Optional) Name of the application group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"application-group": {
"entry": {
"members": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@name": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@count": ""
},
"@code": "",
"@status": ""
}
}
The Sample - Palo Alto Networks Panorama - 2.0.0
playbook collection comes bundled with the Palo Alto Networks Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Networks Panorama connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
The Palo Alto Networks Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.
This document provides information about the Palo Alto Networks Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Palo Alto Networks Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
PaloAlto Versions Tested on: PaloAlto Networks Panorama connector has been tested on the following: Model: Panorama version 8.0.2 Application version: 655-3816
Authored By: Fortinet.
Certified: Yes
Following enhancements have been made to the Palo Alto Networks Panorama connector in version 2.0.0:
Updated the name of the connector from PaloAlto Panorama to Palo Alto Networks Panorama.
Added the following new operations and playbooks:
Get Device Groups
Get Application Groups
Updated the sample playbooks
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-palo-alto-networks-panorama
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
Important: You must append /api
in the server URL while configuring the connector. For example, https://<serverip>/api
In FortiSOAR™ , on the connectors page, click the Palo Alto Networks Panorama connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Server URL | URL of the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Username | Username to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Password | Password to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
Security Policy Name For Blocking IP | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block IP addresses. |
Address Group | Name of the address group that is linked to the specified security policy to block IP addresses. |
Security Policy Name For Blocking URL | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block URLs. |
URL Group | Name of the URL group that is linked to the specified security policy to block IP URLs. |
Security Policy Name For Blocking Application | Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block applications. |
Application Group | Name of the application group that is linked to the specified security policy to block applications. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Block IP | Blocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_ip Containment |
Unblock IP | Unblocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_ip Remediation |
Block URL | Blocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_url Containment |
Unblock URL | Unblocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_url Remediation |
Block Application | Blocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | block_app Containment |
Unblock Application | Unblocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. | unblock_app Remediation |
Get Connected Firewalls | Retrieves a list of all configured firewalls from Palo Alto Networks® Panorama. |
firewall_list |
Get Device Groups | Retrieves a list all of device groups or details of specific device groups from Palo Alto Networks® Panorama based on the device group name you have specified. |
get_device_groups Investigation |
Get Application Groups | Retrieves a list all of application groups or details of specific application groups from Palo Alto Networks® Panorama based on the application group name you have specified. | get_application_groups
Investigation |
Parameter | Description |
---|---|
IP Address | IP address that you want to block using Palo Alto Networks® Panorama |
Device group to configure | Device group on which you want to block the IP address. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP Address | IP address to unblock using Palo Alto Networks® Panorama |
Device group to configure | Device group on which you want to block the IP address. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
URL | URL that you want to block using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to block the URL. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
URL | URL that you want to unblock using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to unblock the URL. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Application Name | Name of application that you want to block using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to block the application. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Application Name | Name of application that you want to unblock using Palo Alto Networks® Panorama. |
Device group to configure | Device group on which you want to unblock the application. |
The output contains a non-dictionary value.
None.
The output contains the following populated JSON schema:
{
"response": {
"result": {
"devices": {
"entry": {
"vsys": {
"entry": {
"@name": "",
"display-name": "",
"shared-policy-md5sum": "",
"shared-policy-status": ""
}
},
"sw-version": "",
"unsupported-version": "",
"custom-certificate-usage": "",
"connected-at": "",
"multi-vsys": "",
"av-version": "",
"vpn-disable-mode": "",
"certificate-status": "",
"threat-version": "",
"domain": "",
"hostname": "",
"connected": "",
"global-protect-client-package-version": "",
"logdb-version": "",
"model": "",
"certificate-subject-name": "",
"deactivated": "",
"wildfire-version": "",
"certificate-expiry": "",
"url-filtering-version": "",
"ip-address": "",
"serial": "",
"@name": "",
"url-db": "",
"operational-mode": "",
"family": "",
"app-version": "",
"uptime": ""
}
}
},
"@status": ""
}
}
Parameter | Description |
---|---|
Device Group Name | (Optional) Name of the device group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"@count": "",
"device-group": {
"entry": {
"address-group": {
"entry": {
"@name": "",
"static": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"address": {
"entry": [
{
"@name": "",
"ip-netmask": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"devices": {
"entry": {
"@name": ""
}
},
"profiles": {
"url-filtering": {
"entry": {
"action": "",
"@name": "",
"credential-enforcement": {
"mode": {
"disabled": ""
},
"log-severity": ""
},
"description": "",
"block-list": {
"member": []
}
}
}
},
"@admin": "",
"@name": "",
"@time": "",
"application-group": "",
"@dirtyId": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
}
},
"@code": "",
"@status": ""
}
}
Parameter | Description |
---|---|
Application Group Name | (Optional) Name of the application group for which you want to retrieve details from Palo Alto Networks® Panorama. |
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"application-group": {
"entry": {
"members": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@name": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@count": ""
},
"@code": "",
"@status": ""
}
}
The Sample - Palo Alto Networks Panorama - 2.0.0
playbook collection comes bundled with the Palo Alto Networks Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Networks Panorama connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.