Palo Alto Networks® Firewall is a next-generation firewall by Palo Alto Networks®, which contains application awareness, full-stack visibility, extra-firewall intelligence, and upgrade paths in addition to the full capabilities of both traditional firewalls and intrusion prevention systems. Additionally, the company defines its firewall technology by the following abilities:
The Palo Alto Firewall connector allows the user to block and unblock both the IP and the application, thereby protecting against known and unknown threats and blocking communication with malicious IPs. Palo Alto Networks® helps security analysts turn threat data into threat intelligence. It takes indicators from the network, like domain names and IPs, and connects them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.
This document provides information about the Palo Alto Firewall connector, which facilitates automated interactions, with a Palo Alto Networks® server using FortiSOAR™ playbooks. Add the Palo Alto Firewall connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking and unblocking IPs, URLs, and applications.
Connector Version: 3.1.1
FortiSOAR™ Version Tested on: 7.5.0-4015
Palo Alto Firewall Software Version Tested On: 10.2.2-h2
Palo Alto Firewall Version Tested on: 8556-7343
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Palo Alto Firewall Connector in version 3.1.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-paloalto-firewall
To use the Palo Alto Firewall connector and call its REST APIs, you must be an Administrator or assigned an Admin role. The API supports the following types of administrators and Admin roles:
For the procedure to configure a connector, click here
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Palo Alto Firewall connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
Server URL | IP address or Hostname of the Palo Alto Firewall. |
Username | Username to access the Palo Alto Firewall. |
Password | Password to access the Palo Alto Firewall. |
Virtual System | Virtual System (vsys) ID to access the Palo Alto Firewall. By default, this is set as vsys1 . |
Security Policy Name for Blocking IP | Security Policy Name that has been pre-configured in Palo Alto for blocking an IP. |
IP Address Group | Name of the IP Address Group that is linked to the Security Policy Name for Blocking IP. |
Security Policy Name for Blocking Application | (Optional) Security Policy Name that has been pre-configured in Palo Alto for blocking an Application. |
Application Group | (Optional) Name of the Application Group that is linked to the Security Policy Name for Blocking Application. |
Security Policy Name for Blocking URL | (Optional) Security Policy Name that has been pre-configured in Palo Alto for blocking a URL. |
Custom URL Group | (Optional)Name of the URL Group that is linked to the Security Policy Name for Blocking URL. |
API Type | Type of API that you want to use to run connector actions. You can choose from following options:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True . |
NOTE: For more information on how to create policy and objects(address groups) in the Palo Alto firewall server, see the https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/web-interface-basics document.
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Block IP | Blocks the specified IP address in the Palo Alto Firewall. | block_ip Containment |
Unblock IP | Unblocks the specified IP address in the Palo Alto Firewall | unblock_ip Remediation |
Block URL | Blocks the specified URL in Palo Alto Firewall | block_url Containment |
Unblock URL | Unblocks the specified URL in Palo Alto Firewall | unblock_url Remediation |
Block Application | Blocks the specified application in Palo Alto Firewall | block_app Containment |
Unblock Application | Unblocks the specified application in Palo Alto Firewall | unblock_app Remediation |
Create Security Policy Rule | Creates a security policy rule in Palo Alto Firewall based on the input parameters that you have specified. | create_security_rule Investigation |
Get All Security Policy Rules List | Retrieves a list of all security policy rules or specific security policy rule from Palo Alto Firewall based on the input parameters that you have specified. | list_security_rule Investigation |
Update Security Policy Rule | Modifies a security policy rule in Palo Alto Firewall based on the input parameters that you have specified. | edit_security_rule Investigation |
Rename Security Policy Rule | Renames an existing security policy rule in Palo Alto Firewall based on the name of security policy rule and new name of security policy rule that you have specified. | rename_security_rule Investigation |
Move Security Policy Rule | Moves a specific security policy rule to a specified position in Palo Alto Firewall. | move_security_rule Investigation |
Delete Security Policy Rule | Removes a specific security policy rule from Palo Alto Firewall based on the name of security policy rule that you have specified. | delete_security_rule Investigation |
Create IP Address Object | Creates an IP address object in Palo Alto Firewall based on the name of IP address, address type, or other input parameters that you have specified. | create_address Investigation |
Get All Address List | Retrieves a list of all address from Palo Alto Firewall. | get_address_list Investigation |
Get Specific IP Address Object Details | Retrieves a specific address details from Palo Alto Firewall based on the name of IP address that you have specified. | get_address_details Investigation |
Update IP Address Object | Modifies a specific IP address object in Palo Alto Firewall based on the name of IP address, address type, or other input parameters that you have specified. | edit_address Investigation |
Rename IP Address Object Name | Renames an existing IP address object name in Palo Alto Firewall based on the name of IP address and new name of IP address that you have specified. | rename_address Investigation |
Delete IP Address Object | Removes a specific IP address object from Palo Alto Firewall based on the name of IP address that you have specified. | delete_address Investigation |
Create Address Group | Creates an address group in Palo Alto Firewall based on the name of address group, address group type, or other input parameters that you have specified. | create_address_group Investigation |
Get All Address Group List | Retrieves a list of all address groups from Palo Alto Firewall. | get_address_group_list Investigation |
Get Address Group Details | Retrieves a specific address group details from Palo Alto Firewall based on the name of address group that you have specified. | get_address_group Investigation |
Rename Specific Address Group | Renames an existing address group in Palo Alto Firewall based on the name of address group and new name of address group that you have specified. | rename_address_group Investigation |
Add IP Address to Address Group | Adds IP address to specific address group in Palo Alto Firewall based on the name of address group and name of IP address. | add_address_to_specific_group Investigation |
Remove IP Address from Address Group | Removes IP address from specific address group in Palo Alto Firewall based on the name of address group and name of IP address. | remove_address_from_specific_group Investigation |
Delete Address Group | Removes a specific address group from Palo Alto Firewall based on the name of the address group that you have specified. | delete_address_group Investigation |
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "@status": "", "msg": "" }
Parameter | Description |
---|---|
URL | Specify the URL that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
URL | Specify the URL that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Application Name | Specify the name of the application that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Application Name | Specify the name of the application that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to create in Palo Alto Firewall. |
Source Security Zone | Specify the source security zone of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified security zone.
A |
Destination Security Zone | Specify the destination security zone of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified security zone.
A |
Source IP Address | Specify the source IP address of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified IP address. |
Destination IP Address | Specify the destination IP address of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified IP address. |
Service | Specify the service of the security policy rule being created in Palo Alto Firewall. Default value is application-default to ensure that any application that the rule allows are allowed only on their standard ports. |
Application | Specify the application being allowed or blocked in the security policy rule being created in Palo Alto Firewall. Adding the application, safely enables it on the created security policy rule. |
Action | Select the action option of the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Category | (Optional) Specify the URL Category of the security policy rule being created in Palo Alto Firewall. If you select a URL category, only web traffic will match the rule and only if the traffic is destined for that specified category. |
Source User | (Optional) Specify the users and groups to match in the security policy rule being created in Palo Alto Firewall. Mapped users or groups at the source of the traffic can be allowed or blocked. |
Rule Type | (Optional) Select the rule type of the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Disabled | (Optional) Select whether to disable the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Custom Properties | (Optional) Specify the additional properties, in the JSON format, that you want to specify for the security policy rule being created in Palo Alto Firewall. The additional properties signify additional fields associated with the security policy rule. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | (Optional) Specify the name of the security policy rule to retrieve from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "to": { "member": [] }, "from": { "member": [] }, "@name": "", "@uuid": "", "@vsys": "", "action": "", "source": { "member": [] }, "service": { "member": [] }, "category": { "member": [] }, "disabled": "", "@location": "", "source-hip": { "member": [] }, "application": { "member": [] }, "destination": { "member": [] }, "source-user": { "member": [] }, "destination-hip": { "member": [] } } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to update in Palo Alto Firewall. |
Source Security Zone | Specify the source security zone of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified security zone.
A |
Destination Security Zone | Specify the destination security zone of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified security zone.
A |
Source IP Address | Specify the source IP address of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified IP address. |
Destination IP Address | Specify the destination IP address of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified IP address. |
Service | Specify the service of the security policy rule being updated in Palo Alto Firewall. |
Application | Specify the application being allowed or blocked in the security policy rule being updated in Palo Alto Firewall. Adding the application, safely enables it on the updated security policy rule. |
Action | Select the action option of the security policy rule being updated in Palo Alto Firewall. You can choose from the following options:
|
Category | (Optional) Specify the URL Category of the security policy rule being updated in Palo Alto Firewall. If you select a URL category, only web traffic will match the rule and only if the traffic is destined for that specified category. |
Source User | (Optional) Specify the users and groups to match in the security policy rule being updated in Palo Alto Firewall. Mapped users or groups at the source of the traffic can be allowed or blocked. |
Rule Type | (Optional) Select the rule type of the security policy rule being updated in Palo Alto Firewall. You can choose from the following options:
|
Disabled | (Optional) Select whether to disable the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Custom Properties | (Optional) Specify the additional properties, in the JSON format, that you want to specify for the security policy rule being updated in Palo Alto Firewall. The additional properties signify additional fields associated with the security policy rule. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Existing Security Policy Rule Name | Specify the name of the existing security policy rule to rename in Palo Alto Firewall. |
New Security Policy Rule Name | Specify the new name of the security policy rule being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to move to a specified position in Palo Alto Firewall. |
Move To | Select the policy position from the options to move the security policy rule in Palo Alto Firewall. You can choose from the following options:
|
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to create in Palo Alto Firewall. |
Address Type | Select the type of the address to create in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) (Not available for IP Wildcard Address Type) Specify the tag to create address object in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify a brief description for the address object being created in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
None.
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "@location": "", "ip-netmask": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to retrieve its details from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "@location": "", "ip-netmask": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to update in Palo Alto Firewall. |
Address Type | Select the type of the address to update in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) Specify the tag to update address object in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify a brief description for the address object being updated in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Existing IP Address Name | Specify the name of an existing IP address object to rename it in Palo Alto Firewall. |
New IP Address Name | Specify the new name of the IP Address object being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Name of IP Address | Specify the name of the IP address object to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to create in Palo Alto Firewall. |
Address Group Type | Select the type of the address group to create in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) Specify the tag associated with the address group being created in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify the brief description associated with the address group being created in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
None.
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "static": { "member": [] }, "dynamic": { "filter": "" }, "@location": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to retrieve its details from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "static": { "member": [] }, "dynamic": { "filter": "" }, "@location": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Existing Address Group Name | Specify the name of the existing address group to rename in Palo Alto Firewall. |
New Address Group Name | Specify a new name of the address group being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to add IP address names in Palo Alto Firewall. |
Member IP Name | Specify the name of the IP address to add in the specified address group in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "result": { "msg": { "line": "" } }, "@status": "" } }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group from which to remove IP address name in Palo Alto Firewall. |
Member IP Name | Specify the name of the IP address to remove from the specified address group in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "result": { "msg": { "line": "" } }, "@status": "" } }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
The Sample - Palo Alto Firewall - 3.1.1
playbook collection comes bundled with the Palo Alto Firewall connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Firewall connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Palo Alto Networks® Firewall is a next-generation firewall by Palo Alto Networks®, which contains application awareness, full-stack visibility, extra-firewall intelligence, and upgrade paths in addition to the full capabilities of both traditional firewalls and intrusion prevention systems. Additionally, the company defines its firewall technology by the following abilities:
The Palo Alto Firewall connector allows the user to block and unblock both the IP and the application, thereby protecting against known and unknown threats and blocking communication with malicious IPs. Palo Alto Networks® helps security analysts turn threat data into threat intelligence. It takes indicators from the network, like domain names and IPs, and connects them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.
This document provides information about the Palo Alto Firewall connector, which facilitates automated interactions, with a Palo Alto Networks® server using FortiSOAR™ playbooks. Add the Palo Alto Firewall connector as a step in FortiSOAR™ playbooks and perform automated operations, such as blocking and unblocking IPs, URLs, and applications.
Connector Version: 3.1.1
FortiSOAR™ Version Tested on: 7.5.0-4015
Palo Alto Firewall Software Version Tested On: 10.2.2-h2
Palo Alto Firewall Version Tested on: 8556-7343
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Palo Alto Firewall Connector in version 3.1.1:
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-paloalto-firewall
To use the Palo Alto Firewall connector and call its REST APIs, you must be an Administrator or assigned an Admin role. The API supports the following types of administrators and Admin roles:
For the procedure to configure a connector, click here
In FortiSOAR™, on the Content Hub (or Connector Store) page, click the Manage tab, and then click the Palo Alto Firewall connector card. On the connector popup, click the Configurations tab to enter the required configuration details.
Parameter | Description |
---|---|
Server URL | IP address or Hostname of the Palo Alto Firewall. |
Username | Username to access the Palo Alto Firewall. |
Password | Password to access the Palo Alto Firewall. |
Virtual System | Virtual System (vsys) ID to access the Palo Alto Firewall. By default, this is set as vsys1 . |
Security Policy Name for Blocking IP | Security Policy Name that has been pre-configured in Palo Alto for blocking an IP. |
IP Address Group | Name of the IP Address Group that is linked to the Security Policy Name for Blocking IP. |
Security Policy Name for Blocking Application | (Optional) Security Policy Name that has been pre-configured in Palo Alto for blocking an Application. |
Application Group | (Optional) Name of the Application Group that is linked to the Security Policy Name for Blocking Application. |
Security Policy Name for Blocking URL | (Optional) Security Policy Name that has been pre-configured in Palo Alto for blocking a URL. |
Custom URL Group | (Optional)Name of the URL Group that is linked to the Security Policy Name for Blocking URL. |
API Type | Type of API that you want to use to run connector actions. You can choose from following options:
|
Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True . |
NOTE: For more information on how to create policy and objects(address groups) in the Palo Alto firewall server, see the https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/web-interface-basics document.
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Block IP | Blocks the specified IP address in the Palo Alto Firewall. | block_ip Containment |
Unblock IP | Unblocks the specified IP address in the Palo Alto Firewall | unblock_ip Remediation |
Block URL | Blocks the specified URL in Palo Alto Firewall | block_url Containment |
Unblock URL | Unblocks the specified URL in Palo Alto Firewall | unblock_url Remediation |
Block Application | Blocks the specified application in Palo Alto Firewall | block_app Containment |
Unblock Application | Unblocks the specified application in Palo Alto Firewall | unblock_app Remediation |
Create Security Policy Rule | Creates a security policy rule in Palo Alto Firewall based on the input parameters that you have specified. | create_security_rule Investigation |
Get All Security Policy Rules List | Retrieves a list of all security policy rules or specific security policy rule from Palo Alto Firewall based on the input parameters that you have specified. | list_security_rule Investigation |
Update Security Policy Rule | Modifies a security policy rule in Palo Alto Firewall based on the input parameters that you have specified. | edit_security_rule Investigation |
Rename Security Policy Rule | Renames an existing security policy rule in Palo Alto Firewall based on the name of security policy rule and new name of security policy rule that you have specified. | rename_security_rule Investigation |
Move Security Policy Rule | Moves a specific security policy rule to a specified position in Palo Alto Firewall. | move_security_rule Investigation |
Delete Security Policy Rule | Removes a specific security policy rule from Palo Alto Firewall based on the name of security policy rule that you have specified. | delete_security_rule Investigation |
Create IP Address Object | Creates an IP address object in Palo Alto Firewall based on the name of IP address, address type, or other input parameters that you have specified. | create_address Investigation |
Get All Address List | Retrieves a list of all address from Palo Alto Firewall. | get_address_list Investigation |
Get Specific IP Address Object Details | Retrieves a specific address details from Palo Alto Firewall based on the name of IP address that you have specified. | get_address_details Investigation |
Update IP Address Object | Modifies a specific IP address object in Palo Alto Firewall based on the name of IP address, address type, or other input parameters that you have specified. | edit_address Investigation |
Rename IP Address Object Name | Renames an existing IP address object name in Palo Alto Firewall based on the name of IP address and new name of IP address that you have specified. | rename_address Investigation |
Delete IP Address Object | Removes a specific IP address object from Palo Alto Firewall based on the name of IP address that you have specified. | delete_address Investigation |
Create Address Group | Creates an address group in Palo Alto Firewall based on the name of address group, address group type, or other input parameters that you have specified. | create_address_group Investigation |
Get All Address Group List | Retrieves a list of all address groups from Palo Alto Firewall. | get_address_group_list Investigation |
Get Address Group Details | Retrieves a specific address group details from Palo Alto Firewall based on the name of address group that you have specified. | get_address_group Investigation |
Rename Specific Address Group | Renames an existing address group in Palo Alto Firewall based on the name of address group and new name of address group that you have specified. | rename_address_group Investigation |
Add IP Address to Address Group | Adds IP address to specific address group in Palo Alto Firewall based on the name of address group and name of IP address. | add_address_to_specific_group Investigation |
Remove IP Address from Address Group | Removes IP address from specific address group in Palo Alto Firewall based on the name of address group and name of IP address. | remove_address_from_specific_group Investigation |
Delete Address Group | Removes a specific address group from Palo Alto Firewall based on the name of the address group that you have specified. | delete_address_group Investigation |
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
IP Address | Specify the IP address that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "@status": "", "msg": "" }
Parameter | Description |
---|---|
URL | Specify the URL that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
URL | Specify the URL that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Application Name | Specify the name of the application that you want to block in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Application Name | Specify the name of the application that you want to unblock in the Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "@status": "", "result": { "msg": { "line": "" } } } }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to create in Palo Alto Firewall. |
Source Security Zone | Specify the source security zone of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified security zone.
A |
Destination Security Zone | Specify the destination security zone of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified security zone.
A |
Source IP Address | Specify the source IP address of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified IP address. |
Destination IP Address | Specify the destination IP address of the security policy rule being created in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified IP address. |
Service | Specify the service of the security policy rule being created in Palo Alto Firewall. Default value is application-default to ensure that any application that the rule allows are allowed only on their standard ports. |
Application | Specify the application being allowed or blocked in the security policy rule being created in Palo Alto Firewall. Adding the application, safely enables it on the created security policy rule. |
Action | Select the action option of the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Category | (Optional) Specify the URL Category of the security policy rule being created in Palo Alto Firewall. If you select a URL category, only web traffic will match the rule and only if the traffic is destined for that specified category. |
Source User | (Optional) Specify the users and groups to match in the security policy rule being created in Palo Alto Firewall. Mapped users or groups at the source of the traffic can be allowed or blocked. |
Rule Type | (Optional) Select the rule type of the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Disabled | (Optional) Select whether to disable the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Custom Properties | (Optional) Specify the additional properties, in the JSON format, that you want to specify for the security policy rule being created in Palo Alto Firewall. The additional properties signify additional fields associated with the security policy rule. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | (Optional) Specify the name of the security policy rule to retrieve from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "to": { "member": [] }, "from": { "member": [] }, "@name": "", "@uuid": "", "@vsys": "", "action": "", "source": { "member": [] }, "service": { "member": [] }, "category": { "member": [] }, "disabled": "", "@location": "", "source-hip": { "member": [] }, "application": { "member": [] }, "destination": { "member": [] }, "source-user": { "member": [] }, "destination-hip": { "member": [] } } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to update in Palo Alto Firewall. |
Source Security Zone | Specify the source security zone of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified security zone.
A |
Destination Security Zone | Specify the destination security zone of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified security zone.
A |
Source IP Address | Specify the source IP address of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic originating from the specified IP address. |
Destination IP Address | Specify the destination IP address of the security policy rule being updated in Palo Alto Firewall. Once specified, the Palo Alto firewall implements the rule on all traffic destined to the specified IP address. |
Service | Specify the service of the security policy rule being updated in Palo Alto Firewall. |
Application | Specify the application being allowed or blocked in the security policy rule being updated in Palo Alto Firewall. Adding the application, safely enables it on the updated security policy rule. |
Action | Select the action option of the security policy rule being updated in Palo Alto Firewall. You can choose from the following options:
|
Category | (Optional) Specify the URL Category of the security policy rule being updated in Palo Alto Firewall. If you select a URL category, only web traffic will match the rule and only if the traffic is destined for that specified category. |
Source User | (Optional) Specify the users and groups to match in the security policy rule being updated in Palo Alto Firewall. Mapped users or groups at the source of the traffic can be allowed or blocked. |
Rule Type | (Optional) Select the rule type of the security policy rule being updated in Palo Alto Firewall. You can choose from the following options:
|
Disabled | (Optional) Select whether to disable the security policy rule being created in Palo Alto Firewall. You can choose from the following options:
|
Custom Properties | (Optional) Specify the additional properties, in the JSON format, that you want to specify for the security policy rule being updated in Palo Alto Firewall. The additional properties signify additional fields associated with the security policy rule. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Existing Security Policy Rule Name | Specify the name of the existing security policy rule to rename in Palo Alto Firewall. |
New Security Policy Rule Name | Specify the new name of the security policy rule being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to move to a specified position in Palo Alto Firewall. |
Move To | Select the policy position from the options to move the security policy rule in Palo Alto Firewall. You can choose from the following options:
|
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Security Policy Rule Name | Specify the name of the security policy rule to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to create in Palo Alto Firewall. |
Address Type | Select the type of the address to create in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) (Not available for IP Wildcard Address Type) Specify the tag to create address object in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify a brief description for the address object being created in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
None.
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "@location": "", "ip-netmask": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to retrieve its details from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "@location": "", "ip-netmask": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
IP Address Name | Specify the name of the IP address object to update in Palo Alto Firewall. |
Address Type | Select the type of the address to update in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) Specify the tag to update address object in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify a brief description for the address object being updated in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Existing IP Address Name | Specify the name of an existing IP address object to rename it in Palo Alto Firewall. |
New IP Address Name | Specify the new name of the IP Address object being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Name of IP Address | Specify the name of the IP address object to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to create in Palo Alto Firewall. |
Address Group Type | Select the type of the address group to create in Palo Alto Firewall. You can choose from the following options:
|
Tag | (Optional) Specify the tag associated with the address group being created in Palo Alto Firewall. Tags on objects help group related items. |
Description | (Optional) Specify the brief description associated with the address group being created in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
None.
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "static": { "member": [] }, "dynamic": { "filter": "" }, "@location": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to retrieve its details from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "@code": "", "result": { "entry": [ { "tag": { "member": [] }, "@name": "", "@vsys": "", "static": { "member": [] }, "dynamic": { "filter": "" }, "@location": "", "description": "" } ], "@count": "", "@total-count": "" }, "@status": "" }
Parameter | Description |
---|---|
Existing Address Group Name | Specify the name of the existing address group to rename in Palo Alto Firewall. |
New Address Group Name | Specify a new name of the address group being renamed in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to add IP address names in Palo Alto Firewall. |
Member IP Name | Specify the name of the IP address to add in the specified address group in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "result": { "msg": { "line": "" } }, "@status": "" } }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group from which to remove IP address name in Palo Alto Firewall. |
Member IP Name | Specify the name of the IP address to remove from the specified address group in Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "response": { "@code": "", "result": { "msg": { "line": "" } }, "@status": "" } }
Parameter | Description |
---|---|
Address Group Name | Specify the name of the address group to delete from Palo Alto Firewall. |
The output contains the following populated JSON schema:
{ "msg": "", "@code": "", "@status": "" }
The Sample - Palo Alto Firewall - 3.1.1
playbook collection comes bundled with the Palo Alto Firewall connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Palo Alto Firewall connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.