About Palo Alto EDL
Palo Alto Networks, Inc. has pioneered the next generation of network security with an innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. At the core of this platform is the next generation firewall, which delivers visibility and control over applications, users, and content within the firewall using a highly optimised hardware and software architecture.
Palo Alto EDL (External Dynamic List) is a platform instance through which malicious objects (IP addresses, URLs, domains) can be blocked. This instance is a text file hosted on an external web server and can be imported into the Palo Alto Firewall.
SIRP’s integration with Palo Alto Firewall allows security teams to execute response actions right from SIRP.
Supported Actions
SIRP’s Palo Alto integration app allows you to execute the following actions:
S.no | Action | Description |
1 | Block IP | Block an IP Address on Palo Alto firewall |
2 | Unblock | Unblock an IP Address on Palo Alto firewall |
3 | Block Domain | Block a domain on Palo Alto firewall |
4 | Unblock Domain | Unblock a domain on Palo Alto firewall |
5 | Block URL | Block a URL on Palo Alto firewall |
6 | Unblock URL | Unblock a URL on Palo Alto firewall |
Enable the Palo Alto EDL App in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Palo Alto Firewall.
Enable the Palo Alto app by clicking on the toggle button under the Status
Once enabled SIRP will host EDL files and return the URLs in the Action output.
Execute all the supported actions one by one:
block_ip
block_domain
block_url
block_hash
Each action will give a unique URL for you to configure in the Palo Alto Firewall. For example:
https://<sirp-ip>/Palo-Alto/2/url_list.txt
https://<sirp-ip>/Palo-Alto/2/ip_list.txt
https://<sirp-ip>/Palo-Alto/2/domain_list.txt
https://<sirp-ip>/Palo-Alto/2/hash_list.txt
You should be able to access and verify these files by pasting the URLs in your browser. The text file for the URL list will look something like this:
The text file for the IP list will look something like this:
The text file for the domain list will look something like this:
Configure Palo Alto External Dynamic Lists
Open your Palo Alto instance. Select Objects > External Dynamic Lists.
Create a New list and enter a descriptive Name for the list.
Select the list Type (IP addresses, URLs, domains).
Enter the Source for the list copied in the first step.
Click Test Source URL to verify that source URL is accessible by the web server.
Click OK to create your list.
For the URL list, the instance will look like
For the IP list, the instance will look like