Use AutoFocus Custom Feeds with the Palo Alto Networks Firewall

1. Download the PEM certificate from AutoFocus. This certificate will be used to create a firewall certificate profile for remote SSL server verification.
2. Add the PEM certificate for AutoFocus to the firewall.
   1. On the firewall, select DeviceCertificate ManagementCertificates.
   2. Import the certificate to the firewall.
      1. Give the certificate a descriptive name.
      2. Browse for the certificate file and attach the AutoFocus certificate that you downloaded in the previous step.
      3. Click OK.
3. Create a certificate profile for the AutoFocus PEM certificate.
   1. On the firewall, select DeviceCertificate ManagementCertificate Profile.
   2. Add a new certificate profile.
      1. Give the certificate profile a descriptive name.
      2. Click Add, select the certificate name from the PEM Certificate drop-down, and click OK.
      3. Click OK.
4. Configure the firewall to access an external dynamic list based on the threat indicators from the AutoFocus custom feed.
   Observe the following guidelines when configuring the firewall to access an external dynamic list:

   • Add the AutoFocus-generated feed link as the Source of the external dynamic list. To find this link in AutoFocus, edit the EDL custom feed you want to receive updates from. The feed link is located at the bottom of the page, which also includes the custom feed details and configuration.
   • Select the Certificate Profile you created for the AutoFocus PEM certificate.
   • Select Client Authentication, and enter the EDL custom feed username and password used when creating the feed.
     You cannot recover a password used in a custom feed. If you do not remember the password, you must delete and then recreate a custom feed using the same settings.
5. Verify that the firewall can receive indicators from the AutoFocus custom feed.
   On the firewall, retrieve entries for the external dynamic list you added and view the list entries.