How to Use DAGPusher / DAG

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to Use DAGPusher / DAG

L2 Linker

I cannot find any documentation on these prototypes.  How does MM know what devices to push to?  It seems to me we would need to clone stdlib.nonpersistentDagPusher or stdlib.dagPusher and enter some configuration.

 

 

I also don't understand the difference between persistent and nonpersistent.  Since the output doesn't live on MM, I would hope that MM would be able to add and remove registered IPs from all configured devices or firewalls.  Is this the difference between the two?  

 

2 accepted solutions

Accepted Solutions

L7 Applicator

Hi @andrew.stanton,

the devices are added via the WebUI after you commit the config with the dag pusher node:

Screen Shot 2017-05-02 at 15.58.15.png

 

persistent and nonpersistent are related to the persistence of the IP on the PAN-OS device. nonpersistent IP are better for blacklists as they do not survive reboots.

View solution in original post

Hi @andrew.stanton,

the reboot I mentioned was the PAN-OS reboot. When you push IPs via DAG API to a PAN-OS device you can decide if the IP should survive reboot (persistent) or not (non-persistent). Default is persistent.

This is specified via a flag in the API call. The MineMeld output node called persistentDagPusher push IPs marked for persistency. The output node nonpersistentDagPusher instead mark them as non persistent.

View solution in original post

4 REPLIES 4

L7 Applicator

Hi @andrew.stanton,

the devices are added via the WebUI after you commit the config with the dag pusher node:

Screen Shot 2017-05-02 at 15.58.15.png

 

persistent and nonpersistent are related to the persistence of the IP on the PAN-OS device. nonpersistent IP are better for blacklists as they do not survive reboots.

@lmori I was half a thought away from just implementing it and poking around.  Too bad I didn't.  Thank you for the answer.  

 

I still don't get the concept of the persistence though.  😞

 

As far as I am aware, registered IP addresses on firewalls survive reboots.  The reboot you speak of is the PAN-OS device versus MineMeld, correct?  Can you elaborate any further?

 

 

Hi @andrew.stanton,

the reboot I mentioned was the PAN-OS reboot. When you push IPs via DAG API to a PAN-OS device you can decide if the IP should survive reboot (persistent) or not (non-persistent). Default is persistent.

This is specified via a flag in the API call. The MineMeld output node called persistentDagPusher push IPs marked for persistency. The output node nonpersistentDagPusher instead mark them as non persistent.

Does the DAG pusher work with the autofocus hosted minemeld/are there any differences in the way the dagpusher pushes---I would think the Firewall would have to initiate the connection to autofocus- or are people whitelisting autofocus.paloaltonetworks.com coming into their environment?

  • 2 accepted solutions
  • 6895 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!