09-11-2017 07:52 AM - edited 09-13-2017 09:22 AM
I need to create O365 IP/URL EDLs but when I try to access the output nodes I get "Unauthorised" message unless I sign into AutoFocus in the browser. Needless to say I cannot do the same on a firewall. How do I allow anonymous connections to a feed in Autofocus MineMeld or use authentication when configuring EDL on a firewall?
09-13-2017 09:32 AM - edited 11-02-2017 10:38 PM
You have to create a "feeduser" and attach it as a TAG to the output node
In the PANOS device:
09-27-2017 08:17 AM
Hi, I'm new working on Minemeld. I have an issue, I want to enable authentication for an output node, but above the
FEEDS USERS manager i had the following message: Warning! authentication for output feeds is disabled
How to enable it?
Thank you
09-28-2017 02:20 AM
@jonnynux : are you using MineMeld hosted in AutoFocus? AFAIK MM in AutoFocus has Authentication for Output feeds enabled by default.
10-31-2017 03:07 PM
I'm trying to do this, but I must be missing something. I have created a feed user and I have added a tag to the user. I've associated that tab with my feed and that looks good so far. My questions pertains to the modification of the URL.
In the PANOS device use the basic auth URL syntax (https://<user>:<password>@domain.com/url)
My firewall is running 7.1, and I cannot figure out the right syntax to use here. https://user:password@example.com/rest-of-url-copied-from-autofocus generates an unauthorized errror. I can't test the URL now with a browser because the browser believes I am connecting to a site in example.com.
Could you show an actual URL that I could mimick in my configuration? That would be a huge help.
-Mike
10-31-2017 04:02 PM
@msemaniuk : I just tested the syntax in a 7.1 PANOS NGFW and it works in my case.
https://sxxxxxpp:sxxxxx6@dxxxxxff.paloaltonetworksapp.com/feeds/office365_IPv4s
Are you using MineMeld in AutoFocus?
10-31-2017 07:18 PM
Yes, it's in autofocus. I believe I see my syntax problem. I will give it a try in the morning!
-Mike
11-01-2017 12:43 PM
I have fixed my formatting issue, but I'm not sure that it is resolving things. I can test the URL with an 8.1 firewall. My customer however, cannot get this to work with a 7.1 firewall. I am going to rebuild my PA-200 as 7.1 so that I can try it personally.
This is my format I am using.
https://user:pass@f******.paloaltonetworks-app.com/feeds/the-rest-of-the-url
I've also checked it in a browser and I receive an unauthorized notification.
-Mike
11-01-2017 05:31 PM
Turns out my customer was testing in a browser, and not with the firewall. He's good to go with the correct formatting of the URL. Thanks for the help!
-Mike
11-28-2017 10:03 AM
We are trying to get our firewalls to work with Minemeld using Autofocus to load into the firewall via EDLs both URLs and IP lists. All is configured corretly on the AutoFocus Mimemeld including the username and password and tag for the feeder and this tag is also configured in the output processor. We do not have an Admin user configured (just the Feed username and password).
The problem is the firewall in my opinion:
We have the Godaddy cert installed and imported as a 'CA' per the AutoFocus Minemeld techncial documentation (https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_admin_guide/autofocus-a... We have the username and password corectedly installed with the cert in the EDL object. However we get URL errors when hit the "test" button and cannot pull down the Minemeld list. We tried re-configuring multipe times to make sure we did not mistype the username and password. We do not see any errors in the firewall system log. Software is PAN-OS 8.0.5.
Any ideas?
Thank you, Rich (rschunk@paloaltonetworks.com)
11-29-2017 06:56 AM
After a bit of testing this is what I have found:
- setting the Minemeld output processor tag to anonymous allows any access whether the EDL is configured with or w/o client authentication.
- setting the Minemeld output processor tag to any results in firewall EDL failure with a URL access error. Client authentication in EDL profile is correct (there is not much to confgure...), wget shows Minemeld rejecting the request with a 401.
- setting the Minemeld output processor to a specic tag mapped to a spefifc Feed user also fails. Ciient authentication is corectly configured in the EDL object, wget shows Minemeld rejecting the request with a 401.
My testing is with a standalone Minemeld (since I can not make edits to the SE demo system) but the customer Minemeld is integrated into AutoFocus per my previous message. I am having the customer change to anonymous for now but this is not what they want to do for production.
Rich
11-29-2017 08:55 AM
@rschunk : Are you using the EDL object anywhere in the PANOS configuration? The device will fail to fetch the feed if you're not using it. Even the "test" button reports failure which is confusing.
11-29-2017 09:04 AM
Yes, the EDL is assigned to a security rule and committed in the firewall.
11-29-2017 09:22 AM
@rschunk, could you, please, dig into the ms.log file in the PANOS device (tail follow yes mp-log ms.log while clicking on the "test" button) and into the MM's web server ( minemeld-web.log ) ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
