Skip to main content

Setting up Palo Alto (PAN)

  • Updated

 

Summary

In order for the Check Point MDR team to monitor your Palo Alto data we will require integration with your Check Point Portal.  Please note prior to completing these steps, your Palo Alto service should be enabled, licensed, and configured. If you require assistance in completing the configuration of your service please contact your sales engineer. If you need any assistance with this procedure, please update your ticket, and we will schedule a time to assist.

 

Procedure

Enable API Access

  • Select an Admin Role profile by going to Device > Admin Roles and select or create an admin role.
  • Select features available to the admin role.
    • Select the XML API tab.
    • Enable or disable XML API features from the list, such as Report, Log, and Configuration.
    • Select OK to confirm your change.
  • Assign the admin role to an administrator account.

 

Configure a Firewall Administrator Account

  •  
  • Select Device > Administrators and Add an account.
  • Enter a user Name 

*Note: If the firewall uses a local user database to authenticate the account, enter the name that you specified for the account in the database (see Add the user group to the local database.)*

  • Select an Authentication Profile or sequence if you configured either for the administrator.

*Note: If the firewall uses Local Authentication without a local user database for the account, select None (default) and enter a Password.

  • Select the Administrator Type.

*Note: If you configured a custom role for the user, select Role Based and select the Admin Role Profile. Otherwise, select Dynamic (default) and select a dynamic role. If the dynamic role is virtual system administrator, add one or more virtual systems that the virtual system administrator is allowed to manage.

  • (Optional) Select a Password Profile for administrators that the firewall authenticates locally without a local user database. For details, see Define a Password Profile.
  • Click OK and Commit.

 

Get Your API Key

  • To generate an API key, make a GET or POST request to the firewall’s hostname or IP addresses using the administrative credentials and type=keygen:
     

mceclip0.png

or

mceclip1.png

*Note: A successful API call returns status="success" along with the API key within the key element:

mceclip2.png

 

Allowing Access

  • Add all firewall rules and NAT entries required to allow access to the PAN firewall from the Check Point MDR IP.

IP List:

  • 3.13.200.75
  • 3.129.80.210
  • 3.130.105.153
  • 3.130.218.157
  • 3.139.112.208
  • 13.58.102.105
  • 18.116.182.107
  • 18.221.166.80
  • 18.222.19.228
  • 18.223.142.133

We require both the the IP address and API key to complete your Integration. Please respond to the corresponding ticket with the appropriate credentials. Thank you.

 

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles