GCP HTTP(s) Load Balancer App-ID

Printer Friendly Page

Brief Description

1. GcpHttpLbAppID skillet to create the Palo Alto Networks App-ID for the Azure Application Gateway Health Probe.
2. move_rule_rest skillet to move the rule to its proper location above the actual application rule and commit.

 

Target Audience

The skillet is intended for anyone deploying a VM-Series firewall behind the GCP HTTP(s) Load Balancer.

 

Skillet Details

Authoring Group: Public Cloud CE
Documentationhttps://github.com/ceskillets/Cloud-GCP-HTTPS-Load-Balancer-App-ID

Github Locationhttps://github.com/ceskillets/Cloud-GCP-HTTPS-Load-Balancer-App-ID

Github Branchesmaster

PAN-OS Supported: v8.1 and v9.0
Cloud Provider(s) Supported: GCP
Type of Skillet: XML and REST
Purpose: Config

 

Detail Description

The GCP Application Load Balancer HTTP(s) Load Balancer sends an extensive amount of traffic to the firewall that can be hard to differentiate from the valid application traffic. By implementing a specific App-ID, the probe traffic can be filtered specifically to focus on either the probe traffic when troubleshooting configuration or excluded when reviewing valid application traffic. This skillet will configure the following firewall items:

 

  • App-ID specific to the GCP HTTP(s) Load Balancer
  • Objects taken as input for the subnets containing the HTTP(s) Load Balancer
  • Allow rule for traffic from the HTTP(s) Load Balancer subnet specifically utilizing the App-ID
  • 'move rule' skillet to move the rule to its proper location and perform a final commit

 

Variables for AppID Skillet

  • name: appid_name
    • description: appid name (32 total char limit)
    • default: appidname
    • type_hint: text
  • name: appid_description
    • description: appid_description
    • default: appid_description
    • type_hint: text
  • name: rule_name
    • description: security_rule_name
    • default: security_rule_name
    • type_hint: text
  • name: rule_description
    • description: security_rule_description
    • default: security_rule_description
    • type_hint: text

 

Variables for the Move Rule Skillet

  • name: TARGET_IP
    • description: Host
    • default: 127.0.0.1
    • type_hint: ip_address
  • name: TARGET_USERNAME
    • description: Username
    • default: admin
    • type_hint: text
  • name: TARGET_PASSWORD
    • description: Password
    • default: admin
    • type_hint: password
  • name: rule_name
    • description: name of security rule to move
    • default: rule1
    • type_hint: text
  • name: ref_rule
    • description: rule to move before or after
    • default: rule2
    • type_hint: text
  • name: where
    • description: move before or after other rule
    • default: top