Use AutoFocus Custom Feeds with the Palo Alto Networks Firewall
You can use your AutoFocus custom feeds to
dynamically send new threat indicator data to an external dynamic
list on a Palo Alto Networks firewall.
- Download the PEM certificate from AutoFocus. This certificate will be used to create a firewall certificate profile for remote SSL server verification.
- Add the PEM certificate for AutoFocus to the firewall.
- On the firewall, select .
- Importthe certificate to the firewall.
- Give the certificate a descriptive name.
- Browsefor the certificate file and attach the AutoFocus certificate that you downloaded in the previous step.
- ClickOK.
- Create a certificate profile for the AutoFocus PEM certificate.
- On the firewall, select .
- Adda new certificate profile.
- Give the certificate profile a descriptive name.
- ClickAdd, select the certificate name from the PEM Certificate drop-down, and clickOK.
- ClickOK.
- Configure the firewall to access an external dynamic list based on the threat indicators from the AutoFocus custom feed.Observe the following guidelines when configuring the firewall to access an external dynamic list:
- Add the AutoFocus-generated feed link as theSourceof the external dynamic list. To find this link in AutoFocus, edit the EDL custom feed you want to receive updates from. The feed link is located at the bottom of the page, which also includes the custom feed details and configuration.
- Select theCertificate Profileyou created for the AutoFocus PEM certificate.
- SelectClient Authentication, and enter the EDL custom feed username and password used when creating the feed.You cannot recover a password used in a custom feed. If you do not remember the password, you must delete and then recreate a custom feed using the same settings.
- Verify that the firewall can receive indicators from the AutoFocus custom feed.On the firewall, retrieve entries for the external dynamic list you added and view the list entries.
