About the connector
The Palo Alto Networks Panorama connector integrates with the Palo Alto Networks® Panorama and supports containment actions such as blocking URLs or IP addresses on the devices configured on Panorama.
This document provides information about the Palo Alto Networks Panorama connector, which facilitates automated interactions with Palo Alto Networks® Panorama using FortiSOAR™ playbooks. Add the Palo Alto Networks Panorama connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking or unblocking URLs, IP addresses, or applications that you have specified and retrieving a list of connected firewalls from Panorama.
Version information
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
PaloAlto Versions Tested on: PaloAlto Networks Panorama connector has been tested on the following: Model: Panorama version 8.0.2 Application version: 655-3816
Authored By: Fortinet.
Certified: Yes
Release Notes for version 2.0.0
Following enhancements have been made to the Palo Alto Networks Panorama connector in version 2.0.0:
-
Updated the name of the connector from PaloAlto Panorama to Palo Alto Networks Panorama.
-
Added the following new operations and playbooks:
-
Get Device Groups
-
Get Application Groups
-
Updated the sample playbooks
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-palo-alto-networks-panorama
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the URL of Palo Alto Networks® Panorama server to which you will connect and perform automated operations and credentials to access that server.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Important: You must append /api in the server URL while configuring the connector. For example, https://<serverip>/api
Configuration parameters
In FortiSOAR™ , on the connectors page, click the Palo Alto Networks Panorama connector row, and in the Configure tab enter the required configuration details.
| Parameter |
Description |
| Server URL |
URL of the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Username |
Username to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Password |
Password to access the Palo Alto Networks® Panorama server to which you will connect and perform automated operations. |
| Security Policy Name For Blocking IP |
Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block IP addresses. |
| Address Group |
Name of the address group that is linked to the specified security policy to block IP addresses. |
| Security Policy Name For Blocking URL |
Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block URLs. |
| URL Group |
Name of the URL group that is linked to the specified security policy to block IP URLs. |
| Security Policy Name For Blocking Application |
Name of the security policy that you have already configured on the Palo Alto Networks® Panorama server to block applications. |
| Application Group |
Name of the application group that is linked to the specified security policy to block applications. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Block IP |
Blocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
block_ip
Containment |
| Unblock IP |
Unblocks the IP address that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
unblock_ip
Remediation |
| Block URL |
Blocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
block_url
Containment |
| Unblock URL |
Unblocks the URL that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
unblock_url
Remediation |
| Block Application |
Blocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
block_app
Containment |
| Unblock Application |
Unblocks the application that you have specified on all or selected devices configured on Palo Alto Networks® Panorama. |
unblock_app
Remediation |
| Get Connected Firewalls |
Retrieves a list of all configured firewalls from Palo Alto Networks® Panorama. |
firewall_list
Investigation
|
| Get Device Groups |
Retrieves a list all of device groups or details of specific device groups from Palo Alto Networks® Panorama based on the device group name you have specified. |
get_device_groups
Investigation
|
| Get Application Groups |
Retrieves a list all of application groups or details of specific application groups from Palo Alto Networks® Panorama based on the application group name you have specified. |
get_application_groups
Investigation
|
operation: Block IP
Input parameters
| Parameter |
Description |
| IP Address |
IP address that you want to block using Palo Alto Networks® Panorama |
| Device group to configure |
Device group on which you want to block the IP address. |
Output
The output contains a non-dictionary value.
operation: Unblock IP
Input parameters
| Parameter |
Description |
| IP Address |
IP address to unblock using Palo Alto Networks® Panorama |
| Device group to configure |
Device group on which you want to block the IP address. |
Output
The output contains a non-dictionary value.
operation: Block URL
Input parameters
| Parameter |
Description |
| URL |
URL that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure |
Device group on which you want to block the URL. |
Output
The output contains a non-dictionary value.
operation: Unblock URL
Input parameters
| Parameter |
Description |
| URL |
URL that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure |
Device group on which you want to unblock the URL. |
Output
The output contains a non-dictionary value.
operation: Block Application
Input parameters
| Parameter |
Description |
| Application Name |
Name of application that you want to block using Palo Alto Networks® Panorama. |
| Device group to configure |
Device group on which you want to block the application. |
Output
The output contains a non-dictionary value.
operation: Unblock Application
Input parameters
| Parameter |
Description |
| Application Name |
Name of application that you want to unblock using Palo Alto Networks® Panorama. |
| Device group to configure |
Device group on which you want to unblock the application. |
Output
The output contains a non-dictionary value.
operation: Get Connected Firewalls
Input parameters
None.
Output
The output contains the following populated JSON schema:
{
"response": {
"result": {
"devices": {
"entry": {
"vsys": {
"entry": {
"@name": "",
"display-name": "",
"shared-policy-md5sum": "",
"shared-policy-status": ""
}
},
"sw-version": "",
"unsupported-version": "",
"custom-certificate-usage": "",
"connected-at": "",
"multi-vsys": "",
"av-version": "",
"vpn-disable-mode": "",
"certificate-status": "",
"threat-version": "",
"domain": "",
"hostname": "",
"connected": "",
"global-protect-client-package-version": "",
"logdb-version": "",
"model": "",
"certificate-subject-name": "",
"deactivated": "",
"wildfire-version": "",
"certificate-expiry": "",
"url-filtering-version": "",
"ip-address": "",
"serial": "",
"@name": "",
"url-db": "",
"operational-mode": "",
"family": "",
"app-version": "",
"uptime": ""
}
}
},
"@status": ""
}
}
operation: Get Device Groups
Input parameters
| Parameter |
Description |
| Device Group Name |
(Optional) Name of the device group for which you want to retrieve details from Palo Alto Networks® Panorama. |
Output
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"@count": "",
"device-group": {
"entry": {
"address-group": {
"entry": {
"@name": "",
"static": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"address": {
"entry": [
{
"@name": "",
"ip-netmask": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"devices": {
"entry": {
"@name": ""
}
},
"profiles": {
"url-filtering": {
"entry": {
"action": "",
"@name": "",
"credential-enforcement": {
"mode": {
"disabled": ""
},
"log-severity": ""
},
"description": "",
"block-list": {
"member": []
}
}
}
},
"@admin": "",
"@name": "",
"@time": "",
"application-group": "",
"@dirtyId": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
}
},
"@code": "",
"@status": ""
}
}
operation: Get Application Groups
Input parameters
| Parameter |
Description |
| Application Group Name |
(Optional) Name of the application group for which you want to retrieve details from Palo Alto Networks® Panorama. |
Output
The output contains the following populated JSON schema:
{
"response": {
"result": {
"@total-count": "",
"application-group": {
"entry": {
"members": {
"member": [
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
{
"#text": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
}
],
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@name": "",
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@time": "",
"@dirtyId": "",
"@admin": ""
},
"@count": ""
},
"@code": "",
"@status": ""
}
}
Included playbooks
The Sample - Palo Alto Networks Panorama - 2.0.0 playbook collection comes bundled with the Palo Alto Networks Panorama connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Networks Panorama connector.
- Block Application
- Block IP
- Block URL
- Get Application Groups
- Get Connected Firewalls
- Get Device Groups
- Unblock Application
- Unblock IP
- Unblock URL
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
