How to Use DAGPusher / DAG

Reply
L2 Linker

How to Use DAGPusher / DAG

I cannot find any documentation on these prototypes.  How does MM know what devices to push to?  It seems to me we would need to clone stdlib.nonpersistentDagPusher or stdlib.dagPusher and enter some configuration.

 

 

I also don't understand the difference between persistent and nonpersistent.  Since the output doesn't live on MM, I would hope that MM would be able to add and remove registered IPs from all configured devices or firewalls.  Is this the difference between the two?  

 

L7 Applicator

Re: How to Use DAGPusher / DAG

Hi @andrew.stanton,

the devices are added via the WebUI after you commit the config with the dag pusher node:

Screen Shot 2017-05-02 at 15.58.15.png

 

persistent and nonpersistent are related to the persistence of the IP on the PAN-OS device. nonpersistent IP are better for blacklists as they do not survive reboots.

L2 Linker

Re: How to Use DAGPusher / DAG

@lmori I was half a thought away from just implementing it and poking around.  Too bad I didn't.  Thank you for the answer.  

 

I still don't get the concept of the persistence though.  :(

 

As far as I am aware, registered IP addresses on firewalls survive reboots.  The reboot you speak of is the PAN-OS device versus MineMeld, correct?  Can you elaborate any further?

 

 

L7 Applicator

Re: How to Use DAGPusher / DAG

Hi @andrew.stanton,

the reboot I mentioned was the PAN-OS reboot. When you push IPs via DAG API to a PAN-OS device you can decide if the IP should survive reboot (persistent) or not (non-persistent). Default is persistent.

This is specified via a flag in the API call. The MineMeld output node called persistentDagPusher push IPs marked for persistency. The output node nonpersistentDagPusher instead mark them as non persistent.

L4 Transporter

Re: How to Use DAGPusher / DAG

Does the DAG pusher work with the autofocus hosted minemeld/are there any differences in the way the dagpusher pushes---I would think the Firewall would have to initiate the connection to autofocus- or are people whitelisting autofocus.paloaltonetworks.com coming into their environment?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!