04-05-2020 09:43 PM
hello all,
I am looking for configuring my own external feed URL for blocking malicious/blacklisted domains/IP addresses. There are lots for external public feed URLs which includes blacklisted IPs/domains but somehow we do not have control on it. So i am looking to configure something which will be in my control. This is something that i can modify at any point of time.
Need your inputs on configuration part.
04-05-2020 11:23 PM
Hello @Vikashh ,
You can configure simple IIS based web page on internal windows server which will be reachable to all your Palo alto gateways. The IIS page can configured on any port. Webpage will include list of IP addresses/domains that you want to make a part of the list. Once WebPage is ready, you can check accessing weburl from your LAN system. If it is properly configured, you should see contents of webpage.
Once WebPage is opening properly, configure it as external feed url under EDL. Make sure it is properly configured. For example, you have configured web page on port 8080 and it is on server 10.10.10.10 then feed url will be like http://10.10.10.10:8080 etc.
For IIS configuration part, you can refer below video link.
https://www.youtube.com/watch?v=VMyMag9_vmc
Hope it works for you!
Mayur
04-05-2020 11:23 PM
Hello @Vikashh ,
You can configure simple IIS based web page on internal windows server which will be reachable to all your Palo alto gateways. The IIS page can configured on any port. Webpage will include list of IP addresses/domains that you want to make a part of the list. Once WebPage is ready, you can check accessing weburl from your LAN system. If it is properly configured, you should see contents of webpage.
Once WebPage is opening properly, configure it as external feed url under EDL. Make sure it is properly configured. For example, you have configured web page on port 8080 and it is on server 10.10.10.10 then feed url will be like http://10.10.10.10:8080 etc.
For IIS configuration part, you can refer below video link.
https://www.youtube.com/watch?v=VMyMag9_vmc
Hope it works for you!
Mayur
04-06-2020 04:04 AM
Thank you!
I will follow steps and configure same. Just once question, in any case if my windows server goes down then all the IP/domains database flushes from gateway or how it is? If it gets flush then it will be disater.
Please give some inputs on this.
04-06-2020 04:55 AM
@Vikashh ,
Whatever data is already synced with gateway, it will be as it is with it in any situation till next sync with the feed url. So if your windows server goes down, then data that was sync from feed url before server went down will be with firewall. And Firewall will take actions on it as per policy configured.
Mayur
04-06-2020 10:31 PM
Ok then, thats Great !
I have configured web page as per your earlier mail and attached it to the gateway. I was able to see IP details locally on gateway. So far so good!
Thank you for your help!
04-06-2020 11:07 PM
@VikashhCan you please mark this question as solved please?
Mayur
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
