Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Templates

kzettel · ‎05-25-2018

Hello,

We are excited to announce the availability of Infoblox integration with Palo Alto Networks Firewalls.

The integration of DNS security and vulnerability scanners enables security and incident response teams to enhance visibility, manage assets, and automate remediation. You can improve your security posture while maximizing the ROI from both products. This integration is built with the Infoblox Outbound REST API.

Don’t forget to watch the quick demo video shown below:

In the attached documents you will find the templates for the Palo Alto integration in PDF and txt format. The templates are provided “as-is” and should be tested in your lab environment and modified as needed before implementing them into production.

The templates require extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level:

Extensible Attribute	Description
PaloAlto_Asset_Sync	Serves as toggle to turn off sync for Asset events. Set default as true to turn on sync. Enable Inheritance in the setup wizard.
PaloAlto_Asset_SyncedAt	Updated with timestamp on an asset event. This attribute is created on the specific IP by the WAPI call when not present.
PaloAlto_Security_Sync	Serves as toggle to turn on/off sync for Security events. Enable “Inheritance” in the setup wizard and the external attribute from the network level is inherited and used. Default value can be set true.
PaloAlto_Security_SyncedAt	Updated with timestamp on a security event. This attribute is created on the specific IP by the WAPI call when not present.

the templates require Session variables described in the table below:

Session Variable	Description
PaloAlto_Host_Allow	The address group object which needs to be populated on the firewall for allowed hosts. This should be the same as the address group object created through the Palo Alto configuration. Set a default value (eg: Iblox_Host_Allow).
PaloAlto_Host_Deny	The address group object which needs to be populated on the firewall for denied hosts. This should be the same as the address group object created through the Palo Alto configuration. Set a default value (eg: Iblox_Host_Deny).

Vadim · ‎10-10-2018

Atteched a template which supports networks IPv4 notification (NETWORK_IPV4)

The template is ugly (should be cleaned up or just recreated) but works.

Vadim

apilotti · ‎03-15-2019

Hello,
did you try the integration with Palo Alto firewalls without Multi System Virtual Capability like PA-220?
Did you start with Palo Alto firewalls with Multi System Virtual Capability to simplify WAPI calls or are there some other technical reasons?
Thanks in advance
Regards
Alessandro

kzettel · ‎04-17-2019

Hello Alessandro,

Nope the simple reason was because this was the appliance that Palo Alto provided to us to use. that's why we used it. Also, it hasn't been tested on any other appliances from my knowledge. let me know if you run into any troubles.

Thank you,

Kevin Zettel

API & Integration

Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Templates

Re: Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Template

Re: Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Template

Re: Infoblox Integration with Palo Alto Network Firewall – Demo Video, Deployment Guide and Template