Palo Alto Networks गाइड

Is guide ka upyog karke Palo Alto Networks firewalls me Cybora ko External Dynamic List (EDL) ke roop me register karein. EDL native threat-intelligence integrations me se ek strong option hai, kyunki firewall list ko automatically refresh karke updated entries ko enforce kar sakta hai bina har update par naya commit kiye.

What Palo Alto can do with a Cybora feed

• IP-based Cybora feeds ko Security policy rules me source ya destination match objects ke roop me use kiya ja sakta hai.
• Domain-based feeds ko supported security profiles aur domain-based controls me use kiya ja sakta hai.
• URL-based feeds ko URL-aware policy aur profile workflows me enforce kiya ja sakta hai.
• EDL configure aur commit hone ke baad baad ke updates firewall dwara dynamically retrieve kiye jate hain, bina kisi extra policy commit ke.

Before you start

• Aisi PAN-OS release use karein jo External Dynamic Lists support karti ho.
• Ensure karein ki firewall configured service route ke through Cybora feed URL tak pahunch sakta ho.
• Feed ke hisab se sahi EDL type chunen: IP, Domain ya URL.
• Feed type ko content format ke saath aligned rakhein. IP EDL me sirf IP entries, Domain EDL me sirf domains, aur URL EDL me sirf URLs honi chahiye.

Create the EDL

1. Objects > External Dynamic Lists par jayen aur ek nayi list add karein.
2. Clear naam aur optional description dein.
3. Wahi list type select karein jo aapke Cybora feed se match karti ho.
4. Cybora feed URL ko source field me paste karein.
5. Authentication sirf tab configure karein jab aapka specific feed use require karta ho.
6. Agar available ho to Test Source URL use karke confirm karein ki firewall feed reach kar sakta hai.
7. Check for updates ko apne Cybora plan ke hisab se bilkul set karein. Allowed interval ke andar sirf ek request permitted hai. Agar firewall feed ko plan se zyada frequently refresh karega, to feed block ho sakta hai.
8. Configuration commit karein.

Enforce policy on the EDL

1. EDL ko relevant Security policy rule ya supported profile me add karein.
2. IP EDLs ke liye list ko rule me source ya destination object ke roop me use karein.
3. Domain ya URL EDLs ke liye list ko supported security control me use karein jahan us list type ko enforce kiya jata hai.
4. Rule ko aise position karein ki Cybora matches intended order me evaluate hon.
5. Policy change commit karein.

Validation

1. EDL khol kar verify karein ki firewall source ko successfully fetch kar raha hai.
2. List Entries aur Exceptions use karke confirm karein ki expected entries import hui hain.
3. Zarurat padne par Import Now use karke web server se immediate refresh force karein.
4. Confirm karein ki EDL actually intended rule ya profile me referenced hai, kyunki unused list traffic protect nahi karegi.
5. Known matching traffic ke saath test karein aur related traffic, threat ya URL logs review karein.

Further reading

• Use an External Dynamic List in Policy
• External Dynamic List
• Objects > External Dynamic Lists
• View External Dynamic List Entries
• Formatting Guidelines for an External Dynamic List