Skip to content

paloalto-Probe

Palo Alto

Introduction

InfraSonar monitors Palo Alto firewalls using the rest API.

Also available as probe

We also offer a probe to monitor Palo Alto firewalls, this allows you to monitor firewalls using your own InfraSonar appliance.

Features

Configuration

When the GlobalProtect Portal or Gateway is enabled the probe needs to use a different TCP port number 4443 instead of 443. You can toggle this behavior when configuring the service.

IPv4 addresses

Ensure you authorize the IPv4 addresses we use for our services.

Credentials

The Palo Alto rest API uses a key which can be generated for a user.

Don't use an admin account

We strongly recommend creating a read only account specific for monitoring.

Get your API key

source

To generate an API key, make a GET or POST request to the firewall’s hostname or IP addresses using the administrative credentials and type=keygen:

curl -k -X GET 'https://<firewall>/api/?type=keygen&user=<username>&password=<password>'

Ensure to change

  • <firewall> with your firewall IP or FQDN
  • <username> with the username of your readl-only monitoring user
  • <password> with the password of your readl-only monitoring user

A successful API call returns status="success" along with the API key within the key element:

<response status="success">
  <result>
    <key>Your_secret_key_is_here</key>
  </result>
</response>

You can test your API key using the following command:

curl -k 'https://<firewall>//api/?type=op&cmd=<show><system><info></info></system></show>&key=<apikey>'

Ensure to change:

  • <firewall> with your firewall IP or FQDN
  • <apikey with the previously generated API key

Revoke API keys

You can revoke all currently valid API keys, in the event one or more keys are compromised. To change an API key associated with an administrator account change the password associated with the administrator account. API keys that were generated before you expired all keys, or a key that was created using the previous credentials will no longer be valid.

Configure API Key Lifetime

Source

An optional step is to configure the API Key Lifetime.

Be aware though that monitoring fails when the API key is expired!

Service configuration

  1. Add the paloaltosvc service on your asset
  2. Open the paloaltosvc configuration tab
  3. Enter the address and API key
  4. The API key is encrypted before it is send to the InfraSonar backend
  5. Click save

Known issues

XML API Issue With Passwords Containing Special Characters

Passwords containing special characters can cause problems retrieving the API key.

source