How to create IPv4 list from a text file

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to create IPv4 list from a text file

L2 Linker

Hi community,

 

I am encountering decrypt-err with Anydesk application after deploying SSL Decryption. In order to fix that, I am going to create a list of Public IPv4 that Anydesk use to excludes them from the decryption. Currently I collected an IPv4 list and want to create an EDL so I can simply add them to exclusion list. I have created and using Minemeld EDL for Office365 but it is dynamic list. 

 

Could anyone please guide me how to create a custom EDL IPv4 list from a text file please?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@tienngo ,

 

You can configure IIS based webpage on any windows server and add list of IPV4 address in it. Once your webpage is ready, you can call it under IP type of EDL under Palo Alto to fetch those list of addresses.

 

Make sure, there is communication between firewall and Windows server IP.

 

You can refer below post which talks about same use case.

 

https://live.paloaltonetworks.com/t5/minemeld-discussions/external-feed-url-configuration/m-p/320864...

 

Hope it helps!

Mayur

M

View solution in original post

9 REPLIES 9

Cyber Elite
Cyber Elite

@tienngo ,

 

You can configure IIS based webpage on any windows server and add list of IPV4 address in it. Once your webpage is ready, you can call it under IP type of EDL under Palo Alto to fetch those list of addresses.

 

Make sure, there is communication between firewall and Windows server IP.

 

You can refer below post which talks about same use case.

 

https://live.paloaltonetworks.com/t5/minemeld-discussions/external-feed-url-configuration/m-p/320864...

 

Hope it helps!

Mayur

M

Hi Sutare,

 

Thank you for your recomendation. I have deployed an IIS server then can access the URL from the LAN and can see the IP list content.

 

But.. When I export the certificate on the IIS I have a .pfx file but I cannot import the certificate to the PA. Could you please share your experience configuring the certificate between IIS and the PA?

@tienngo,

 

If your webpage is ready on 443 port and you are able to access it from LAN. Now on PA, you need to import certificate and add it under certificate profile. Then you need to map this certificate profile under EDL. Once this is done, you can just test connectivity using 'Test Source URL' option.

 

Hope it helps!

Mayur

M

Hi @SutareMayur 

 

I know the procedure with the certification since I am using Minemeld for EDL. The issue I am encountering is that when I generate self CA in the IIS then export to the .pfx then import the file to PA and failed. 

How can I import the pfx file which generated by ISS to PA? I tried to genrated self CA on PA then import to ISS but got the same result. 

@tienngo,

 

Can you please give details on error that you are getting? if possible, please attach error snap. In my environment, I've generated self-signed certificate on PA and it is imported on windows server. Everything was smooth.

 

Mayur

M

Hi @SutareMayur 

 

I tried to generate self CA on PA as the following

2020-05-11_21-34-32.png

 

Then I exported the generated self CA to a PEM file with a security key. Please note that since the ISS can only read the .pfx file and the PA can export CA in the file type PEM, DER, PKCS12 so I don't know which file type I should generate.

2020-05-11_21-39-36.png

 

I imported the generated self CA to the ISS using import button in Server Certificate

2020-05-11_21-50-19.png

 

Enter the password I have set at the export self CA step then I got the error

2020-05-11_21-52-09.png

 

Could you please show me where I was wrong and share me how did you do it?

 

Thank you

@tienngo,

 

First of all, while generating certificate Common Name (CN) should be either IP address of server where your web page is configured or the FQDN you will be used for accessing webpage. Whatever you will put here that will appear on the certificate.

 

Once certificate is generated, export is as below file and put passphrase. Once exported, import file with same passphrase on your server. This should work for you.

 

SutareMayur_0-1589220080588.png

 

Hope it helps!

Mayur

 

M

Dear @SutareMayur 

 

Thanks for your guidance, Certificate between IIS and PA is done!

 

From the web browser in the LAN network I can access and see the IP content in the web URL I have configured in ISS.

 

On PA when I create a rule using the EDL from the IIS I got the message as below and cannot verify the content of the EDL as well

 

Screenshot_49.png

 

Screenshot_50.png

 

Do you have any idea please...

Hi @SutareMayur 

 

The issue is resolved!

 

Since the log is very clear, I change the URL to access a text file hosted by IIS, everything is good now. It seems for the EDL, PA communicates with the IIS the different way than Minemeld

 

Thank you for your help!

  • 1 accepted solution
  • 7827 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!