How to add address from .json file

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to add address from .json file

L2 Linker

Hi

I need to whitelist some ip address and the Service provider has provided me dest. address in .json file

IP addresses for the firewall allowlist - Genesys Cloud Resource Center (mypurecloud.com)

 

How can i add these address from .json files to my object>Address?

I have created 2 EDL(for AWS and Goolge). and created policy suing the EDL. it shows source URL is reachable in EDL but when i tested the traffic, the logs shows it hits the default policy. So, EDL is not working. 

 

I know , Paloalto has its own, EDL.I hope it covers all. I just want to know if we can import address from .JSON file

 

Regards

ARIQ

1 accepted solution

Accepted Solutions

Hi @Ariq_Aziz ,

Just to clarify what you want to achieve - you want to use EDL (external dynamic list) of IP addresses that firewall will use in security rule?

 

Importing/adding addresses from file is little different from using EDL. If you expect the contect of this json file to be static you can create all of the addresses as static objects and add them to static group and use it in rule.

 

I assume you want to use the link to the json file as EDL, so when vendor updates this file (add, remove or modifies and address) you firewall rule to be updated automatically.

 

Unfortunately Palo Alto expect EDL to be formatted in very specific format. You can check details here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...

So you cannot tell the firewall to consume the json file directly. You will need to parse the JSON with another system - external for the firewall. Then the output of the parsed data to be consumed by the firewall.

 

 

View solution in original post

3 REPLIES 3

Hi @Ariq_Aziz ,

Just to clarify what you want to achieve - you want to use EDL (external dynamic list) of IP addresses that firewall will use in security rule?

 

Importing/adding addresses from file is little different from using EDL. If you expect the contect of this json file to be static you can create all of the addresses as static objects and add them to static group and use it in rule.

 

I assume you want to use the link to the json file as EDL, so when vendor updates this file (add, remove or modifies and address) you firewall rule to be updated automatically.

 

Unfortunately Palo Alto expect EDL to be formatted in very specific format. You can check details here - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/use-an-external-dynamic-list-in-pol...

So you cannot tell the firewall to consume the json file directly. You will need to parse the JSON with another system - external for the firewall. Then the output of the parsed data to be consumed by the firewall.

 

 

L2 Linker

Hi 

Thanks for the reply. I couldnt find any other solution. I have checked the Google .json file and put it in to the excel. The Paloalto's EDL and This .json file contains almost same IP lists.There are some changes in the Subnet Masks but I have checked randomly and found that it covers all due to supernetting/subnetting.

 

Im using PALOALTO's EDL to complete my task. However, I didnt check AWS IP list, but I hope it will be the same. Thanks a lot for replying me.

 

 

 

Hi @Ariq_Aziz ,

After reading you last reply I took a look closer look at link you shared in first post.

I can see that the article is referring to the original JSON files that Google and AWS host by themself. Since those are the original source of us information (google and aws public ranges) you can fully trust them.

 

If by "PaloAlto EDL" you refer to EDL Hosting Service (paloaltonetworks.com) you are absolutely right - If you already use EDLs hosted by Palo Alto you already consume the exact same information.

 

EDL Hosting Service is amazing service which needs more recognition. With this service Palo Alto is performing exactly the same which I explained earlier, but they are doing it free of charge for you.

- They are monitoring the original feeds (hosted by AWS, Google, Azure etc)

- They do the computing to process those feed and format them in format that is suitable for Palo Alto FW to consume as EDL

- They host the EDL feed, so you only need to point your firewall at the link provided by EDL Hosting Service and not bother what format

is used by the original vendor

 

  • 1 accepted solution
  • 4732 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!