Use AutoFocus Custom Feeds with the Palo Alto Networks Firewall
You can use your AutoFocus custom feeds to
dynamically send new threat indicator data to an external dynamic
list on a Palo Alto Networks firewall.
Download the PEM certificate from AutoFocus. This
certificate will be used to create a firewall certificate profile
for remote SSL server verification.
Add the PEM certificate for AutoFocus to the firewall.
On the firewall, select
Device
Certificate Management
Certificates
.
Import
the certificate to the
firewall.
Give the certificate a descriptive
name.
Browse
for the certificate file and
attach the AutoFocus certificate that you downloaded in the previous
step.
Click
OK
.
Create a certificate profile for the AutoFocus PEM certificate.
On the firewall, select
Device
Certificate Management
Certificate Profile
.
Add
a new certificate profile.
Give the certificate profile
a descriptive name.
Click
Add
, select the certificate
name from the PEM Certificate drop-down, and click
Observe the following guidelines when configuring the firewall
to access an external dynamic list:
Add the AutoFocus-generated
feed link as the
Source
of the external dynamic
list. To find this link in AutoFocus, edit the EDL custom feed you
want to receive updates from. The feed link is located at the bottom
of the page, which also includes the custom feed details and configuration.
Select the
Certificate Profile
you created
for the AutoFocus PEM certificate.
Select
Client Authentication
, and enter
the EDL custom feed username and password used when creating the
feed.
You cannot recover a password used in a custom feed.
If you do not remember the password, you must delete and then recreate
a custom feed using the same settings.
Verify that the firewall can receive indicators from
the AutoFocus custom feed.