Device > Server Profiles > HTTP
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Device > Server Profiles > HTTP
Select DeviceServer ProfilesHTTP or PanoramaServer ProfilesHTTP to configure a server profile
for forwarding logs. You can configure the firewall to forward logs
to an HTTP(S) destination, or to integrate with any HTTP-based service
that exposes an API, and modify the URL, HTTP header, parameters,
and the payload in the HTTP request to meet your needs. You can
also use the HTTP server profile to access firewalls running the
PAN-OS integrated User-ID agent and register one or more tags to
a source or destination IP address on logs that a firewall generated.
To use the HTTP server profile to forward logs:
- See Device > Log Settings for System, Config, User-ID, HIP Match, and Correlation logs.
- See Objects > Log Forwarding for Traffic, Threat, WildFire, URL Filtering, Data Filtering, Tunnel Inspection, Authentication, and GTP logs.
You
cannot delete an HTTP server profile if it is used to forward logs.
To delete a server profile on the firewall or Panorama, you must
delete all references to the profile from the DeviceLog settings or ObjectsLog Forwarding profile.
To define an HTTP server profile, Add a
new profile and configure the settings in the following table.
HTTP Server Settings | Description |
---|---|
Name | Enter a name for the server profile (up
to 31 characters). The name is case-sensitive and must be unique.
A valid name must start with an alphanumeric character and can contain
zeros, alphanumeric characters, underscores, hyphens, dots, or spaces. |
Location | Select the scope in which the server profile
is available. In the context of a firewall that has more than one
virtual system (vsys), select a vsys or select Shared (all
virtual systems). In any other context, you can’t select the Location;
its value is predefined as Shared (firewalls) or as Panorama.
After you save the profile, you can’t change the Location. |
Tag Registration | Tag registration allows you to add or remove
a tag on a source or destination IP address in a log entry and register
the IP address and tag mapping to the User-ID agent on a firewall
using HTTP(S). You can then define dynamic address groups that use
these tags as a filtering criteria to determine its members, and
enforce policy rules to an IP address based on tags. Add the
connection details to enable HTTP(S) access to the User-ID agent
on a firewall. To register tags to the User-ID agent on Panorama,
you do not need a server profile. Additionally, you cannot use the
HTTP server profile to register tags to a User-ID agent running
on a Windows server. |
Servers Tab | |
Name | Add an HTTP(s) server
and enter a name (up to 31 characters) or remote User-ID agent.
A valid name must be unique and start with an alphanumeric character;
the name can contain zeros, alphanumeric characters, underscores,
hyphens, dots, or spaces. A server profile can include up
to four servers. |
Address | Enter the IP address of the HTTP(S) server. For
tag registration, specify the IP address of the firewall configured
as a User-ID agent. |
Protocol | Select the protocol: HTTP or HTTPS. |
Port | Enter the port number on which to access
the server or firewall. The default port for HTTP is 80 and for
HTTPS is 443. For tag registration, the firewall uses HTTP
or HTTPS to connect to the web server on the firewalls that are
configured as User-ID agents. |
TLS Version | Select the TLS version supported for SSL
on the server. The default is 1.2. |
Certificate Profile | Select the certificate profile to use for
the TLS connection with the server. The firewall uses the
specified certificate profile to validate the server certificate
when establishing a secure connection to the server. |
HTTP Method | Select the HTTP method that the server supports.
The options are GET, PUT, POST (default), and DELETE. For
the User-ID agent, use the GET method. |
Username | Enter the username that has access privileges
to complete the HTTP method you selected. If you are registering
tags to the User-ID agent on a firewall, the username must be that
of an administrator with a superuser role. |
Password | Enter the password to authenticate to the
server or the firewall. |
Test Server Connection | Select a server and Test Server Connection to
test network connectivity to the server. This test does not
test connectivity to a server that is running the User-ID agent. |
Payload Format Tab | |
Log Type | The log type available for HTTP forwarding
displays. Click the log type to open a dialog box that allows you
to specify a custom log format. |
Format | Displays whether the log type uses the default
format, a predefined format, or a custom payload format that you
defined. |
Pre-defined Formats | Select the format for your service or vendor
for sending logs. Predefined formats are pushed through content
updates and can change each time you install a new content update
on the firewall or Panorama. |
Name | Enter a name for the custom log format. |
URI Format | Specify the resource to which you want to
send logs using HTTP(S). If you create a custom format, the URI is
the resource endpoint on the HTTP service. The firewall appends
the URI to the IP address you defined earlier to construct the URL
for the HTTP request. Ensure that the URI and payload format matches
the syntax that your third-party vendor requires. You can use any attribute
supported on the selected log type within the HTTP Header, Parameter,
and Value pairs, and the request payload. |
HTTP Headers | Add a Header and its corresponding value. |
Parameters | Include the optional parameters and values. |
Payload | Select the log attributes you want to include
as the payload in the HTTP message to the external web server. |
Send Test Log | Click this button to validate that the external
web server receives the request and in the correct payload format. |