✅ Palo Alto Connector – Setup Guide
This guide outlines the connector configuration steps and API key generation process for integrating Palo Alto Firewalls with the XDR platform.
🔹 Prerequisites
- Palo Alto Firewall running on a private network
- XDR App Connector to communicate with the firewall
- Admin credentials for API access
- Ensure that the system (App Connector host) is reachable from the firewall
🔐 Generate API Key from Palo Alto Firewall
To allow the App Connector to authenticate with the firewall, generate an API key using the below curl
command:
curl -k "https://<Firewall-IP>/api/?type=keygen&user=<admin-username>&password=<admin-password>"
-
Replace:
<Firewall-IP>
with the actual IP of the Palo Alto firewall<admin-username>
and<admin-password>
with valid admin credentials
The API key returned will be used as the AccessToken in the connector configuration.
⚙️ Configure Palo Alto Connector in XDR
Steps:
- Go to XDR Console → Connectors → Ingestion
- Select PaloAlto Connector
- Click Configure
-
Fill in the following details:
- Server URL – Example:
https://<Firewall-IP>
- AccessToken – API key generated in the previous step
- Trust any certificate –
true
orfalse
depending on SSL setup - Has public access? – Set to
no
(since it’s a private network) - App Connector Identifier – Provide the ID or name of the registered App Connector
- Server URL – Example:
- Click Validate and Save