- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-30-2023 02:22 AM
Hi
I need to whitelist some ip address and the Service provider has provided me dest. address in .json file
IP addresses for the firewall allowlist - Genesys Cloud Resource Center (mypurecloud.com)
How can i add these address from .json files to my object>Address?
I have created 2 EDL(for AWS and Goolge). and created policy suing the EDL. it shows source URL is reachable in EDL but when i tested the traffic, the logs shows it hits the default policy. So, EDL is not working.
I know , Paloalto has its own, EDL.I hope it covers all. I just want to know if we can import address from .JSON file
Regards
ARIQ
01-30-2023 02:23 PM
Hi @Ariq_Aziz ,
Just to clarify what you want to achieve - you want to use EDL (external dynamic list) of IP addresses that firewall will use in security rule?
Importing/adding addresses from file is little different from using EDL. If you expect the contect of this json file to be static you can create all of the addresses as static objects and add them to static group and use it in rule.
I assume you want to use the link to the json file as EDL, so when vendor updates this file (add, remove or modifies and address) you firewall rule to be updated automatically.
Unfortunately Palo Alto expect EDL to be formatted in very specific format. You can check details here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...
So you cannot tell the firewall to consume the json file directly. You will need to parse the JSON with another system - external for the firewall. Then the output of the parsed data to be consumed by the firewall.
01-30-2023 02:23 PM
Hi @Ariq_Aziz ,
Just to clarify what you want to achieve - you want to use EDL (external dynamic list) of IP addresses that firewall will use in security rule?
Importing/adding addresses from file is little different from using EDL. If you expect the contect of this json file to be static you can create all of the addresses as static objects and add them to static group and use it in rule.
I assume you want to use the link to the json file as EDL, so when vendor updates this file (add, remove or modifies and address) you firewall rule to be updated automatically.
Unfortunately Palo Alto expect EDL to be formatted in very specific format. You can check details here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...
So you cannot tell the firewall to consume the json file directly. You will need to parse the JSON with another system - external for the firewall. Then the output of the parsed data to be consumed by the firewall.
01-30-2023 02:32 PM
Hi
Thanks for the reply. I couldnt find any other solution. I have checked the Google .json file and put it in to the excel. The Paloalto's EDL and This .json file contains almost same IP lists.There are some changes in the Subnet Masks but I have checked randomly and found that it covers all due to supernetting/subnetting.
Im using PALOALTO's EDL to complete my task. However, I didnt check AWS IP list, but I hope it will be the same. Thanks a lot for replying me.
01-30-2023 11:26 PM
Hi @Ariq_Aziz ,
After reading you last reply I took a look closer look at link you shared in first post.
I can see that the article is referring to the original JSON files that Google and AWS host by themself. Since those are the original source of us information (google and aws public ranges) you can fully trust them.
If by "PaloAlto EDL" you refer to EDL Hosting Service (paloaltonetworks.com) you are absolutely right - If you already use EDLs hosted by Palo Alto you already consume the exact same information.
EDL Hosting Service is amazing service which needs more recognition. With this service Palo Alto is performing exactly the same which I explained earlier, but they are doing it free of charge for you.
- They are monitoring the original feeds (hosted by AWS, Google, Azure etc)
- They do the computing to process those feed and format them in format that is suitable for Palo Alto FW to consume as EDL
- They host the EDL feed, so you only need to point your firewall at the link provided by EDL Hosting Service and not bother what format
is used by the original vendor
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!