Skip to main content
Skip table of contents

Configure Palo Alto Firewall

After adding a Palo Alto Firewall integration, analysts can block IP addresses, hosts, and networks while managing cases and incidents.

Obtain an API Key in the PAN-OS

Before configuring a firewall integration in LogRhythm NDR, some required information must be obtained from the PAN-OS.

For more information on using the PAN-OS console to obtain required information, see Firewall Administration.

Make sure that the PAN account used by LogRhythm NDR has the following permissions:

API Route


Object Access

Object/Address Groups

To generate a PAN-OS API key from your internet browser, do the following:

  1. To generate the API key, enter the following URL into your browser:
    Replace these tags with the information as defined.



    <hostname>The IP address of the Palo Alto firewall.
    <username>The account's user name.
    <password>The account's password.
  2. Click Enter.
    The API key appears in plaintext, between the <key></key> tags.

Add a Palo Alto Firewall Integration in LogRhythm NDR

  1. Log in to the LogRhythm NDR UI.
  2. Click the Settings tab, and then click Firewall Integrations.
    The Firewall Table appears.
  3. To add a new firewall integration, click Add Firewall Integration.
  4. Select the Site and Firewall Type from the drop-down menus.
  5. Enter an Integration Name for the firewall.
  6. Enter the integration credentials into the relevant fields.

    Firewall IPThe IP address of the Palo Alto firewall. 
    API TokenThe Palo Alto token.
    PAN Address GroupThe Palo Alto address group.
    PAN TagThe Palo Alto tag.
    For more information on obtaining the PAN Address Group and PAN Tag, see the user documentation available in the PAN-OS interface.
  7. Click Active to enable the firewall integration.
  8. To verify the credentials have been entered correctly, click Test.
    If the information is correct, Connection Success appears. Otherwise, Connection Failed appears, meaning the credentials need to be verified and re-entered.

    When using the Palo Alto firewall product, the maximum number of IPs may vary. For more information, see What is the Maximum Number of Addresses per Address Group in Panorama topic in the Palo Alto knowledge base.
  9. Click Save.
    The firewall integration is now complete within LogRhythm NDR.
  10. (Optional) To make changes to an existing integration, click the green Edit icon in the Actions column.
    The Edit Firewall Integration page appears.
  11. After making changes, click Update.
    The firewall integration is updated within LogRhythm NDR.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.