Skip to content

update paloalto integration doc #793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 16, 2025
Merged

update paloalto integration doc #793

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7ce8f90
update paloalto integration doc
he2ss Jun 16, 2025
1c43ebe
update image
he2ss Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added crowdsec-docs/static/img/paloalto_step1.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step2.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step3.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step4.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step5.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step6.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added crowdsec-docs/static/img/paloalto_step7.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
57 changes: 52 additions & 5 deletions crowdsec-docs/unversioned/integrations/paloalto.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ id: paloalto
title: Palo Alto
---

import ThemedImage from "@theme/ThemedImage";
import useBaseUrl from "@docusaurus/useBaseUrl";
import ThemedImage from "@theme/ThemedImage"
import useBaseUrl from "@docusaurus/useBaseUrl"

The CrowdSec Palo Alto integration allows you to block malicious IPs in your Palo Alto firewall. This guide will walk you through the steps to integrate CrowdSec blocklists with your Palo Alto firewall.

Expand Down Expand Up @@ -43,11 +43,58 @@ Once the integration is generated you will be presented with a credentials scree
<ThemedImage
alt="Palo Alto Integration Credentials Screen"
sources={{
light: useBaseUrl("/img/console_integrations_paloalto_credentials_light.png"),
dark: useBaseUrl("/img/console_integrations_paloalto_credentials_dark.png"),
light: useBaseUrl(
"/img/console_integrations_paloalto_credentials_light.png"
),
dark: useBaseUrl(
"/img/console_integrations_paloalto_credentials_dark.png"
),
}}
/>

## Palo Alto Configuration

To configure the paloalto firewall, we will:

1. Create External dynamic list and choose your update frequency.

Go to Objects > External Dynamic Lists > Add

![](/img/paloalto_step1.png)

:::info
You need to put the username and password provided by the console in the "URL" so it can use basic authentication:

```
https://<username>:<password>@admin.api.crowdsec.net/v1/integrations/<integration_id>/content
```

:::

![](/img/paloalto_step2.png)

2. Create a security policy with this dynamic list

Go to Policies > Security > Add

![](/img/paloalto_step3.png)

In General tab, add the general info about the policy.

![](/img/paloalto_step4.png)

In Source tab, select your source zone then the dynamic list created in the source address.

![](/img/paloalto_step5.png)

In Actions tab, select the action ‘Drop‘ and log the action (recommended).

![](/img/paloalto_step6.png)

You should have your policy created, don't forget to click on ‘commit‘.

![](/img/paloalto_step7.png)

[Palo Alto Documentation](https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/policy/use-an-external-dynamic-list-in-policy/external-dynamic-list#idf36cb80a-77f1-4d17-9c4b-7efe9fe426af)
[Video Tutorial](https://www.youtube.com/watch?v=QFVI4sOFoaI)

Expand All @@ -66,4 +113,4 @@ Since CrowdSec is a community-driven project, we welcome contributions to this d

## Next Steps

Now that you have integrated CrowdSec integration with your Palo Alto Firewall, you can proceed to the [Blocklist Catalog](console/blocklists/catalog.md) to find what blocklists you can subscribe too.
Now that you have integrated CrowdSec integration with your Palo Alto Firewall, you can proceed to the [Blocklist Catalog](console/blocklists/catalog.md) to find what blocklists you can subscribe too.