Home
Guardian
Administrator Guide
Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
Administration
Settings
Firewall integration
The Firewall integrations page shows all the firewall integrations and lets you add new ones.
Configure Palo Alto Networks v10.1
Configure Guardian firewall integration with the Palo Alto Networks v10.1 firewall.

Guardian
- Introduction
  An overview of Guardian.
- Installation Guide
  Information and resources on how to install Guardian, and the different options and settings that are available.
- Administrator Guide
  Information and resources about the Administration section of Guardian, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - Settings
      - Security control panel
        The Security control panel page shows an overview of the current status of the learning process and lets you configure the features that manage the: learning, security profile, zones, alerts tuning, and alert closing options.
      - Features control panel
        The Features control panel page shows an overview of the current status of system features configuration and lets you fine tune specific values.
      - Users management
        The Users management page shows all the pages that you need to let you manage authentication and authorization policies for users and groups.
      - CLI
        The CLI page lets you change configuration parameters and perform troubleshooting activities.
      - Dashboards
        The Dashboards page lets you create and configure widget-based dashboards that provide information about your network. The dashboards created here will show on the Guardian home page, and give an overview of the monitored environment.
      - Threat Intelligence
        The Threat Intelligence page lets you manage packet rules, YARA rules, Sigma rules, structured threat information expression (STIX) indicators and vulnerabilities to provide detailed threat information.
      - Data model
        The Data model page lets you create a custom field to the Nodes (All-In-One CMC only) and Assets tables. A custom field lets you add information that might be relevant to your organization, and cannot be extracted from network traffic.
      - Data integration
      - Firewall integration
        The Firewall integrations page shows all the firewall integrations and lets you add new ones.
        Configure Barracuda
        Configure Guardian firewall integration with the Barracuda firewall.
        Configure Cisco ASA
        Configure Guardian firewall integration with the Cisco ASA firewall.
        Configure Cisco FTD
        Configure Guardian firewall integration with the Cisco FTD firewall.
        Configure Cisco ISE
        Configure Guardian firewall integration with the Cisco ISE firewall.
        Configure Fortinet FortiGate
        Configure Guardian firewall integration with the Fortinet FortiGate firewall.
        Configure Palo Alto Networks v10.1
        Configure Guardian firewall integration with the Palo Alto Networks v10.1 firewall.
        Configure Stormshield SNS
        Configure Guardian firewall integration with the Stormshield SNS firewall.
        Configure TXone OT Defense Console
        Configure Guardian firewall integration with the TXone OT Defense Console firewall.
        Configure Check Point R81.20
        Configure Guardian firewall integration with the Check Point R81.20 firewall.
      - Credentials manager
        The Credentials manager is a tool that lets you centralize the management of monitored endpoints to make it easier to create, delete, or update the credentials that are needed to access those endpoints.
      - Zone configurations
        The Zone configurations page shows all the zone configurations in your environment and lets you add new zone configurations and edit them.
      - Synchronization settings
        The Synchronization settings page lets you customize the parameters related to Vantage or Central Management Console (CMC).
      - Alert playbooks
    - System
- User Guide
  Information and resources about the main features of Guardian, and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Guardian, to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for Guardian.

Configure Palo Alto Networks v10.1

Configure Guardian firewall integration with the Palo Alto Networks v10.1 firewall.

Make sure that you have administrator privileges.

Starting with version 10.0, PAN-OS provides a REST application programming interface (API). The Guardian integration that relies on this new API supports the same features as the previous Palo Alto integration, plus these:

Commit by user: Commits the current changes required by the user, which are represented by the credentials used for the API. Global commits are no longer performed
Dynamic Access Groups for Node Blocking: Dynamic Access Group references a tag, which is then assigned to a new internet protocol (IP) address for objects that are created on the firewall. This will automatically apply the global Guardian denylist rule to each new address without modifying the firewall ruleset

Note: This firewall integration supports IPv6 addresses.

In the top navigation bar, select
The administration page opens.
In the Settings section, select Firewall integration.
The Firewall integration page opens.
In the top right section, select +
A dialog shows.
From the Choose firewall dropdown, select Palo Alto Networks v10.1+.
A dialog shows.
If it is not populated already, in the Host (CA-Emitted TLS Certificate) field, enter the host IP address.
Optional: In the Virtual System name (optional) field, enter a name.
In the User field, enter your user name.
In the Password field, enter your password.
Optional: If necessary, in the Options section, select one or more of these options:
1. For Firewall rules strategy, select one of these options:
  - Block active alerts
  - Block unlearned
2. Select Enable nodes blocking.
3. Select Enable links blocking.
4. Select Enable session kill. Then select the specific alert type(s).
5. Select Keep on selecting sessions.
6. Select Policies are sent as enabled.
Select Save.

The firewall integration has been configured.