Palo-Alto Block IP Playbook connection issue with Palo Alto PAN-OS

[Shubham-Lale-Work]

Dear Members,

We are trying to configure this automation "Palo Alto-PAN-OS-Block IP" playbooks for on premise firewall. But we are unable to make connection to firewall as it sits in on premise network. Also, we have a doubt how the connection will be established. Need assistance on it!!
Note - Firewall public Ip is not exposed, also network admin access the console with their private ip

Error:

"message": "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."

[github-actions]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

[v-sudkharat]

Hi @Shubham-Lale-Work, thanks for flagging this issue, we will soon get back to you on this. Thanks!

[Shubham-Lale-Work]

hello @v-rbajaj or @v-sudkharat any update on this? Or there is limitation with the current playbook workflow.

I received below error after re-configuring custom connector and playbook.
{
"statusCode": 500,
"headers": {
"Date": "",
"Content-Length": "",
"Content-Type": ""
},
"body": {
"error": {
"code": "InternalServerError",
"message": "An attempt was made to access a socket in a way forbidden by its access permissions 10.10.10.100:443"
}
}
}

[v-rbajaj]

Hi @Shubham-Lale-Work,
Our current Palo Alto solution works with Cloud Palo Alto Firewall
If you want to use it with on prem, you would need to wait, as on prem version of playbooks is currently under development.

For using the current playbook you would need to make you would need to somehow expose the public IP, or you can use the firewall with public IP having rule that only some IP can access it.
Logic app will ask for URL of palo alto Firewall, which should not be https://ipaddress/, it should be it should be https://domainname/. (IP address should be mapped to any domain)

[Shubham-Lale-Work]

Hey @v-rbajaj
thanks for your response.

Are there any work-around with the current solution available until the version is in development? using any other services for the connectivity .

[v-rbajaj]

Hi @Shubham-Lale-Work,
You can have the NATed IP to there public IP of firewall and assign one domain to NATed IP
make sure connection is https://

or second method, you can expose the public IP of Palo Alto PAN-VM and can have the rule that only particular IP can access the console.

Hope this helps.

[Shubham-Lale-Work]

Hello @v-rbajaj ,
Aren't there any work around using azure automation or ISE feature we could explore if you have any blogs or another method present in this repository.
To highlight over here we are using consumption-based logic app.

[v-rbajaj]

Hi @Shubham-Lale-Work,
Currently our team is working on creating the on prem playbooks and connector for palo alto, so we are not thinking about any workaround , because within few months, we will be having working playbooks and connector in place.

As we are already working on this enhancement and tracking it internally, we are closing this issue for now.

In case you have further question, feel free re open the issue.

[MReprogle1]

@v-rbajaj I am in the process of setting up Sentinel and came across your comment here. Is there an ETA for this on prem playbook by chance?

[deepakray184]

Any Update on On-Prem Firewall Playbooks?