Configure Palo Alto Panorama for Cloud App Discovery

%3CLINGO-SUB%20id%3D%22lingo-sub-1816949%22%20slang%3D%22en-US%22%3EConfigure%20Palo%20Alto%20Panorama%20for%20Cloud%20App%20Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1816949%22%20slang%3D%22en-US%22%3E%3CP%3EBelow%20are%20the%20steps%20I've%20taken%20to%20integrate%20PaloAlto%20Panorama%20Traffic%20logs%20to%20Cloud%20App%20Discovery.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20this%20setup%2C%20multiple%20PA%20Firewalls%20are%20configured%20forward%20their%20logs%20to%20Panorama.%20Check%20the%20Palo%20Alto%20guides%20for%20how%20this%20is%20setup.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYour%20thoughts%20and%20feedback%20is%20much%20appreciated.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollow%20the%20Microsoft%20guide%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fdiscovery-docker-ubuntu-azure%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esetup%20a%20log%20collector%20for%20MCAS%3C%2FA%3E.%20I've%20settled%20with%20the%20Docker%20for%20Ubuntu%20on%20Azure%20after%20multiple%20failed%20attempts%20with%20RHEL%208.1.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20%3CSTRONG%3EStep%203%20-%20On-premises%20configuration%20of%20your%20network%20appliances%26nbsp%3B%3C%2FSTRONG%3Elog%20into%20Panorama%2C%20make%20sure%20Context%20Panorama%20on%20the%20top%20left%20is%20selected.%3C%2FP%3E%3COL%3E%3CLI%3ESelect%20the%20Panorama%20tab%20and%20Server%20Profiles%20-%26gt%3B%20Syslog%20on%20the%20left%20hand%20menu.%3C%2FLI%3E%3CLI%3ESelect%20Add%20to%20create%20a%20new%20Syslog%20Server%20Profile%3C%2FLI%3E%3CLI%3EEnter%20a%20Name%20for%20the%20Profile%20-%20i.e.%20MCAS%20Log%20Collector%3C%2FLI%3E%3CLI%3ESelect%20Add%20in%20the%20Servers%20tab%20and%20provide%20the%20details%20for%20the%20collector%20server%2C%20i.e.%3AName%3A%20MCAS%20Server%20Azure%3CBR%20%2F%3EIP%3A%20%26lt%3B%3CLOG%20collector%3D%22%22%20ip%3D%22%22%3E%26gt%3B%3CBR%20%2F%3ETransport%3A%20as%20per%20your%20collector%20config%2C%20i.e.%20TCP%3CBR%20%2F%3EPort%3A%26nbsp%3Bas%20per%20your%20collector%20config%2C%20i.e.%20601%3CBR%20%2F%3EFormat%3A%20BSS%3CBR%20%2F%3EFacility%3A%20LOG_USER%3C%2FLOG%3E%3C%2FLI%3E%3CLI%3ESelect%20Ok%20to%20save%20the%20Syslog%20Server%20and%20Profile.%3C%2FLI%3E%3CLI%3EGo%20to%20Collector%20Groups%20and%20select%20the%20%22default%22%20Collector%20Group.%3C%2FLI%3E%3CLI%3ESelect%20the%20Collector%20Log%20Forwarding%20tab%2C%20then%20the%20Traffic%20tab.%3C%2FLI%3E%3CLI%3ESelect%20Add%20and%20give%20the%20Log%20Setting%20a%20name%2C%20i.e.%20MCAS%20Logs%3C%2FLI%3E%3CLI%3ESet%20filter%20to%20All%20Logs%3C%2FLI%3E%3CLI%3ESelect%20Add%20in%20the%20Syslog%20field%20and%20select%20the%20MCAS%20Log%20Collector.%3C%2FLI%3E%3CLI%3ESelect%20Ok%2C%20and%20Ok%20again%2C%20then%20save%20and%20commit%20your%20changes.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EDone.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFollow%20on%20with%26nbsp%3BStep%204%20-%20Verify%20the%20successful%20deployment%20in%20the%20Cloud%20App%20Security%20portal%20in%20the%20Microsoft%20guide.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1816949%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Below are the steps I've taken to integrate PaloAlto Panorama Traffic logs to Cloud App Discovery.

 

In this setup, multiple PA Firewalls are configured forward their logs to Panorama. Check the Palo Alto guides for how this is setup.

 

Your thoughts and feedback is much appreciated. 

 

Follow the Microsoft guide to setup a log collector for MCAS. I've settled with the Docker for Ubuntu on Azure after multiple failed attempts with RHEL 8.1. 

 

For Step 3 - On-premises configuration of your network appliances log into Panorama, make sure Context Panorama on the top left is selected.

  1. Select the Panorama tab and Server Profiles -> Syslog on the left hand menu.
  2. Select Add to create a new Syslog Server Profile
  3. Enter a Name for the Profile - i.e. MCAS Log Collector
  4. Select Add in the Servers tab and provide the details for the collector server, i.e.:Name: MCAS Server Azure
    IP: <<Log Collector IP>>
    Transport: as per your collector config, i.e. TCP
    Port: as per your collector config, i.e. 601
    Format: BSS
    Facility: LOG_USER
  5. Select Ok to save the Syslog Server and Profile.
  6. Go to Collector Groups and select the "default" Collector Group.
  7. Select the Collector Log Forwarding tab, then the Traffic tab.
  8. Select Add and give the Log Setting a name, i.e. MCAS Logs
  9. Set filter to All Logs
  10. Select Add in the Syslog field and select the MCAS Log Collector.
  11. Select Ok, and Ok again, then save and commit your changes.

Done.

 

Follow on with Step 4 - Verify the successful deployment in the Cloud App Security portal in the Microsoft guide.

 

0 Replies