JSA Risk Manager supports the Palo Alto adapter. The Palo Alto adapter uses the PAN-OS XML-based Rest API to communicate with Palo Alto firewall devices.
The following features are available with the Palo Alto adapter:
Neighbor data support
HTTPS connection protocol
The Palo Alto adapter does not support shared policies that are pushed to devices by a Palo Alto Panorama network security management system.
The following table describes the integration requirements for the Palo Alto adapter.
Table 1: Integration Requirements for the Palo Alto Adapter
PAN-OS Versions 5.0 to 7.0
Minimum user access level
Superuser (full access) Required for PA devices that have Dynamic Block Lists to perform system-level commands.
Superuser (read-only) for all other PA devices.
SysDescr matches 'Palo Alto Networks(.*)series firewall' or sysOid matches 'panPA'
Required credential parameters
To add credentials in JSA log in as an administrator and use Configuration Source Management on the Admin tab.
Supported connection protocols
To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.
Required commands to use for the backup operation.
Optional commands to use for the backup operation.
Required commands to use for telemetry and neighbor data.
Optional commands to use for telemetry and neighbor data.
Required commands to use for the GetApplication.