Activate an EDL for Palo Alto Networks Next-Generation Firewall with a change request
If configured, the ServiceNow change request form is used to activate the External Dynamic List (EDL). This option is recommended if your firewall administrator is also using the ServiceNow AI Platform for firewall policy or rule changes. The EDL is activated automatically and ready to receive EDL entries upon closure of the ServiceNow AI Platform change request.
Antes de Iniciar
Role required: sn_si.admin for approving the change request and change tasks
Palo Alto Networks firewall administrator for completing configuration tasks in Palo Alto Networks
Por Que e Quando Desempenhar Esta Tarefa
If configured, monitor your ServiceNow AI Platform change request and assign any tasks that are required to configure the Palo Alto Networks Next-Generation Firewall. After these tasks are completed, close the ServiceNow AI Platform change request to activate the EDL automatically.
Procedimento
-
Navigate to .
-
Select the EDL module and click an EDL in the Name
column.
-
In the open EDL record, click the change request number in the Change Requests
related list.
The change request record is displayed. The Description field lists the retrieval URL used to configure the Palo Alto Networks EDL. Details about mapping the EDL to the appropriate Palo Alto Networks Next-Generation Firewall policy are also included. In the Short description field, a comment indicates that there is a request to add a new EDL.
-
In the upper-right corner of the record, click Request
Approval.
The State changes to Assess, and a message is displayed that the change request is waiting for approval.
-
To complete the change request and activate the EDL, follow the steps to assign
the tasks and close the change request.
-
If not displayed, open the change request and select the
Change Tasks tab.
-
Click the task associated with creating the EDL object to open
it.
-
On the record that is displayed, assign the task to the Palo Alto Networks
firewall administrator, and click Update.
The firewall administrator is notified and creates the EDL object in the Palo Alto Networks Next-Generation Firewall.
To create the EDL object, the ServiceNow AI Platform retrieval URL is copied in Palo Alto Networks at .
Image is used by permission and is PRIVILEGED and PROPRIETARY.
-
Navigate to the Change Tasks tab and click the task for assigning a
firewall policy to the EDL Object.
The status for CTASK0010037 is Closed.
-
Open the record and assign the next task.
After the task has been assigned, in Palo Alto Networks, the firewall administrator navigates to the Policies tab to assign the policy.
Image is used by permission and is PRIVILEGED and PROPRIETARY.
-
In the Name column, locate and click the
security policy rule you want to add the EDL to, for example,
ServiceNow ip edl list.
Image is used by permission and is PRIVILEGED and PROPRIETARY.
-
To view all the available EDLs, click the Add
icon.
Image is used by permission and is PRIVILEGED and PROPRIETARY.
-
On the change request record, click the
Approvers related list, and select an item in
the State column to open the request used for
creating the EDL.
-
On the open approval request form, click
Approve.
The change request state moves to Scheduled.
-
Click the Closure Information related tab and
enter notes to close the request.
An entry in this field is required to close the change request.
After the change request is closed, the EDL is activated automatically. If you have not verified that the EDL is activated, navigate to .In the Active column in the list, note that the status for the EDL is (true).
In the Name column, click the EDL name, and in the open record, note that the Active check box is also selected.
The EDL is now ready to accept EDL entries. -
If not displayed, open the change request and select the
Change Tasks tab.