Configuring PAN Next Generation Firewall

Ivanti Policy Secure Integration with Palo Alto Networks Firewall Deployment Guide

Configuring PAN Next Generation Firewall

The Ivanti Policy Secure device must be added as a syslog server while configuring the PAN Next Generation Firewall for sending the logging information. You must add PAN Next Generation Firewall as syslog client on Ivanti Policy Secure.

To configure PAN firewall:

Select Device > Service Profiles > Syslog and create a syslog server. Enter the IP address of Ivanti Policy Secure.
Create a log forwarding profile. Select Objects > Log Forwarding. Enable PAN to forward the syslog message.

On PAN Next Generation Firewall, configure the security policy – network trust, untrust zone and apply the policy to desired ports.
Select Objects > Security Profiles and create a security profile. The following security profiles are available:
- URL Filtering
- Anti Spyware
- Vulnerability Protection
- File Blocking
- Wildfire Analysis
- DoS Protection
The following is an example of configuring a URL filtering policy.
Select Policies > Security, click the policy add the created objects to Security Policy Rule.