All Collections
Integration Guide
Palo Alto Panorama Integration
Palo Alto Panorama Integration
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

About Palo Alto

Palo Alto Networks, Inc. has pioneered the next generation of network security with an innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. Panorama™ network security management empowers you with easy-to-implement, consolidated policy creation, and centralized management features. Set up and control firewalls centrally with industry-leading functionality and an efficient rule base, and gain insight into network-wide traffic and threats.

SIRP’s integration with Palo Alto Panorama allows security teams to execute response actions right from SIRP.

Supported Actions

SIRP’s Palo Alto integration app allows you to execute the following actions:

S.no

Action

Description

1

Block IP as Source

Block an IP Address as Source on Panorama

2

Unblock IP Address as source

Unblock an IP Address as Source on Panorama

3

Block IP as Destination

Block an IP Address as Destination on Panorama

4

Unblock IP as Destination

Unblock an IP Address as Destination on Panorama

5

Block URL

Block URL on Panorama

6

Unblock URL

Unblock URL on Panorama

Enable API Access

Create an API User on Palo Alto

Select an Admin Role profile.

Go to Device > Admin Roles and select or create an admin role.

  1. Select features available to the admin role.

    • Select the XML API tab.

    • Enable or disable XML API features from the list, such as Report, Log, and Configuration.

    • Select OK to confirm your change.

  2. To Assign the admin role to an administrator account.
    See Configure an Administrative Account.

Get Your API Key

To use the API, you must generate the API key required for authenticating API calls.

To generate an API key, make a GET or POST request to the firewall’s hostname or IP addresses using the administrative credentials and type=keygen:

curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'

OR

curl -k -X POST 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'

A successful API call returns status="success" along with the API key within the key element:

<response status="success">
  <result>
    <key>gJlQWE56987nBxIqyfa62sZeRtYuIo2BgzEA9UOnlZBhU==</key>
  </result>
</response>

Copy the API key to use in the App configuration.

Enable and Configure Palo Alto App

Configure Palo Alto App

1. Next, log in to SIRP, then go to Apps from the left navigation bar

2. Locate the app named Palo Alto Panorama

3. Enable the Palo Alto app by clicking on the toggle button under the Status column.

4. As soon as you enable the App, you will get an option to add the configuration details. Add the following information and click Save:

a. IP: <IP address of Palo Alto Panorama>

b. API Key: <API Key copied from Palo Alto>

After the last step, you should be able to execute the Palo Alto actions on-demand or through Playbooks to block and unblock IP addresses and URLs.

Did this answer your question?