GCP HTTP(s) Load Balancer App-ID

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L4 Transporter
No ratings

Brief Description

1. GcpHttpLbAppID skillet to create the Palo Alto Networks App-ID for the Azure Application Gateway Health Probe.
2. move_rule_rest skillet to move the rule to its proper location above the actual application rule and commit.


Target Audience

The skillet is intended for anyone deploying a VM-Series firewall behind the GCP HTTP(s) Load Balancer.


Skillet Details

Authoring Group: Public Cloud CE

Github Locationhttps://github.com/ceskillets/Cloud-GCP-HTTPS-Load-Balancer-App-ID

Github Branchesmaster

PAN-OS Supported: v8.1 and v9.0
Cloud Provider(s) Supported: GCP
Type of Skillet: XML and REST
Purpose: Config


Detail Description

The GCP Application Load Balancer HTTP(s) Load Balancer sends an extensive amount of traffic to the firewall that can be hard to differentiate from the valid application traffic. By implementing a specific App-ID, the probe traffic can be filtered specifically to focus on either the probe traffic when troubleshooting configuration or excluded when reviewing valid application traffic. This skillet will configure the following firewall items:


  • App-ID specific to the GCP HTTP(s) Load Balancer
  • Objects taken as input for the subnets containing the HTTP(s) Load Balancer
  • Allow rule for traffic from the HTTP(s) Load Balancer subnet specifically utilizing the App-ID
  • 'move rule' skillet to move the rule to its proper location and perform a final commit


Variables for AppID Skillet

  • name: appid_name
    • description: appid name (32 total char limit)
    • default: appidname
    • type_hint: text
  • name: appid_description
    • description: appid_description
    • default: appid_description
    • type_hint: text
  • name: rule_name
    • description: security_rule_name
    • default: security_rule_name
    • type_hint: text
  • name: rule_description
    • description: security_rule_description
    • default: security_rule_description
    • type_hint: text


Variables for the Move Rule Skillet

  • name: TARGET_IP
    • description: Host
    • default:
    • type_hint: ip_address
    • description: Username
    • default: admin
    • type_hint: text
    • description: Password
    • default: admin
    • type_hint: password
  • name: rule_name
    • description: name of security rule to move
    • default: rule1
    • type_hint: text
  • name: ref_rule
    • description: rule to move before or after
    • default: rule2
    • type_hint: text
  • name: where
    • description: move before or after other rule
    • default: top
Rate this article:
  • 112 Subscriptions
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎07-08-2021 05:19 PM
Updated by: