External Feed URL Configuration

cancel
Showing results for 
Search instead for 
Did you mean: 

External Feed URL Configuration

L2 Linker

hello all,

 

I am looking for configuring my own external feed URL for blocking malicious/blacklisted domains/IP addresses. There are lots for external public feed URLs which includes blacklisted IPs/domains but somehow we do not have control on it. So i am looking to configure something which will be in my control. This is something that i can modify at any point of time.

 

Need your inputs on configuration part.

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Hello @Vikashh ,

 

You can configure simple IIS based web page on internal windows server which will be reachable to all your Palo alto gateways. The IIS page can configured on any port. Webpage will include list of IP addresses/domains that you want to make a part of the list. Once WebPage is ready, you can check accessing weburl from your LAN system. If it is properly configured, you should see contents of webpage. 

 

Once WebPage is opening properly, configure it as external feed url under EDL. Make sure it is properly configured. For example, you have configured web page on port 8080 and it is on server 10.10.10.10 then feed url will be like http://10.10.10.10:8080 etc.

 

For IIS configuration part, you can refer below video link.

 

https://www.youtube.com/watch?v=VMyMag9_vmc

 

Hope it works for you!

 

Mayur

Sutare.M

View solution in original post

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello @Vikashh ,

 

You can configure simple IIS based web page on internal windows server which will be reachable to all your Palo alto gateways. The IIS page can configured on any port. Webpage will include list of IP addresses/domains that you want to make a part of the list. Once WebPage is ready, you can check accessing weburl from your LAN system. If it is properly configured, you should see contents of webpage. 

 

Once WebPage is opening properly, configure it as external feed url under EDL. Make sure it is properly configured. For example, you have configured web page on port 8080 and it is on server 10.10.10.10 then feed url will be like http://10.10.10.10:8080 etc.

 

For IIS configuration part, you can refer below video link.

 

https://www.youtube.com/watch?v=VMyMag9_vmc

 

Hope it works for you!

 

Mayur

Sutare.M

View solution in original post

Thank you!

I will follow steps and configure same. Just once question, in any case if my windows server goes down then all the IP/domains database flushes from gateway or how it is? If it gets flush then it will be disater.

 

Please give some inputs on this.

@Vikashh ,

 

Whatever data is already synced with gateway, it will be as it is with it in any situation till next sync with the feed url. So if your windows server goes down, then data that was sync from feed url before server went down will be with firewall. And Firewall will take actions on it as per policy configured.

 

Mayur

Sutare.M

Ok then, thats Great !

 

I have configured web page as per your earlier mail and attached it to the gateway. I was able to see IP details locally on gateway. So far so good!

 

Thank you for your help!

 

@VikashhCan you please mark this question as solved please?

 

Mayur

Sutare.M
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!