Configure Palo Alto Networks v10.1
Configure Guardian firewall integration with the Palo Alto Networks v10.1 firewall.
Starting with version 10.0, PAN-OS provides a REST application programming interface (API).
The Guardian integration that relies on this new API
supports the same features as the previous Palo Alto integration, plus these:
- Commit by user: Commits the current changes required by the user, which are represented by the credentials used for the API. Global commits are no longer performed
- Dynamic Access Groups for Node Blocking: Dynamic Access Group references a tag, which is then assigned to a new internet protocol (IP) address for objects that are created on the firewall. This will automatically apply the global Guardian denylist rule to each new address without modifying the firewall ruleset
Note: This firewall integration supports IPv6 addresses.
-
In the top navigation bar, select
The administration page opens.
-
In the Settings section, select Firewall
integration.
The Firewall integration page opens.
-
In the top right section, select +
A dialog shows.
-
From the Choose firewall dropdown, select
Palo Alto Networks v10.1+.
A dialog shows.
-
If it is not populated already, in the Host (CA-Emitted TLS
Certificate) field, enter the host IP address.
- Optional: In the Virtual System name (optional) field, enter a name.
- In the User field, enter your user name.
- In the Password field, enter your password.
- Optional:
If necessary, in the Options section, select one or more
of these options:
- Select Save.