BGP ROA and RPKI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

BGP ROA and RPKI

L0 Member

Does BGP on PAN-OS, any version, support Route Origin Authorization (ROA) or Resource Public Key Infrastructure (RPKI)?  I find nothing in the docs or in the web interface that would indicate it is supported.

2 accepted solutions

Accepted Solutions

Community Team Member

Hi @Kevin_Somers ,

 

I have no experience with this unfortunately but if I'm not mistaken this is discussed in a very interesting article on Linkedin where Gonzalez Diaz used scripts to do this:

 

https://www.linkedin.com/pulse/automate-firewall-policies-dropping-traffic-invalid-gonzalez-diaz/

 

Hope this helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

Excellent!  Thank you.  So it's not yet a feature of the firewall, but the article you provided would be an acceptable work-around.

View solution in original post

3 REPLIES 3

Community Team Member

Hi @Kevin_Somers ,

 

I have no experience with this unfortunately but if I'm not mistaken this is discussed in a very interesting article on Linkedin where Gonzalez Diaz used scripts to do this:

 

https://www.linkedin.com/pulse/automate-firewall-policies-dropping-traffic-invalid-gonzalez-diaz/

 

Hope this helps,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Excellent!  Thank you.  So it's not yet a feature of the firewall, but the article you provided would be an acceptable work-around.

Community Team Member

Hi @Kevin_Somers ,

 

Exact - I wasn't able to find an existing feature request for it either. 

 

You might want to reach out to your local sales rep and have him add the feature request for you after which you can add your vote to it.  Others can then also add their votes to the FR# to give it more traction:

 

https://live.paloaltonetworks.com/t5/blogs/how-to-use-palo-alto-networks-new-feature-request/ba-p/40...

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 2 accepted solutions
  • 1227 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!