I need to create O365 IP/URL EDLs but when I try to access the output nodes I get "Unauthorised" message unless I sign into AutoFocus in the browser. Needless to say I cannot do the same on a firewall. How do I allow anonymous connections to a feed in Autofocus MineMeld or use authentication when configuring EDL on a firewall?
We are trying to get our firewalls to work with Minemeld using Autofocus to load into the firewall via EDLs both URLs and IP lists. All is configured corretly on the AutoFocus Mimemeld including the username and password and tag for the feeder and this tag is also configured in the output processor. We do not have an Admin user configured (just the Feed username and password).
The problem is the firewall in my opinion:
We have the Godaddy cert installed and imported as a 'CA' per the AutoFocus Minemeld techncial documentation (https://www.paloaltonetworks.com/documentation/autofocus/autofocus/autofocus_admin_guide/autofocus-a... We have the username and password corectedly installed with the cert in the EDL object. However we get URL errors when hit the "test" button and cannot pull down the Minemeld list. We tried re-configuring multipe times to make sure we did not mistype the username and password. We do not see any errors in the firewall system log. Software is PAN-OS 8.0.5.
Thank you, Rich (firstname.lastname@example.org)
After a bit of testing this is what I have found:
- setting the Minemeld output processor tag to anonymous allows any access whether the EDL is configured with or w/o client authentication.
- setting the Minemeld output processor tag to any results in firewall EDL failure with a URL access error. Client authentication in EDL profile is correct (there is not much to confgure...), wget shows Minemeld rejecting the request with a 401.
- setting the Minemeld output processor to a specic tag mapped to a spefifc Feed user also fails. Ciient authentication is corectly configured in the EDL object, wget shows Minemeld rejecting the request with a 401.
My testing is with a standalone Minemeld (since I can not make edits to the SE demo system) but the customer Minemeld is integrated into AutoFocus per my previous message. I am having the customer change to anonymous for now but this is not what they want to do for production.
At the moment I can do a test URL and everything works with anoynomous as the setting in Minemeld. What is not working is populating the EDLs. I do not see any errors in the tail log, just no update to the firewall.
All EDLs are in a security rule and committed.
Prefer to see everything working with no anoynomous before trying true authentication again.
If you want to jump on a conference bridge we can look at this. Just let me now. Thanks, Rich
I ran into this issue with all the correct parameters set and also had a security rule defined to reference the EDL. Though the 'Test Source URL' link returned an error, clicking on the 'List Entries And Exceptions' Tab, all the entries were there, so might be worth checking that as well. I am running 8.0.12.
In addition you can also run 'show running security-policy <policy_name>' to validate if the entries have populated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!