Palo Alto Networks Firewall Integration

Blue Hexagon integrates with Palo Alto Networks External Dynamic List. An External Dynamic List is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. When Blue Hexagon detects malware in less than a second, the malicious URL information captured in our malware inspection, i.e. where the malware is originating from and C2, is included in an EDL file. This EDL file is maintained by Blue Hexagon on our server, and the Palo Alto Networks can be configured to import this information.

Open

Configuration

1. Inform Blue Hexagon Customer Support at support@bluehexagon.ai to enable the PANW Firewall integration on your Blue Hexagon Secure appliance.

2. Blue Hexagon includes a web server that hosts the malware URL block list file at http://<Appliance IP (e.g. 192.168.170.166)>:8081/url_list. This is the External Dynamic List that enables PANW Firewall to block the web malware from getting downloaded. For IP blocking http://<Appliance IP>:8081/ip_list

3. Configure External Dynamic List and URL rule on PANW FW

4. Verify that Blue Hexagon is updating new URLs for High and Critical malware threats in the EDL file (through PANW CLI )

5. Verify that PANW FW is blocking the URLs updated in the pac.txt file. Endpoint accessing the URL should get a "Web Page Blocked" message.