Set up and install Palo Alto Networks Next-Generation Firewall

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Complete the following setup checklist prior to installation. These setup tasks are required for a smooth installation.

    Before you begin

    Role required: (admin)
    Setup task Description
    Verify that you have the required ServiceNow AI Platform and Security Incident Response roles assigned. The following roles are required:
    • The System Administrator (admin) installs the app and assigns the Security Incident Administrator (sn_si.admin) role.
    • The Security Incident Administrator (sn_si.admin) oversees the configuration, and creates, activates, and removes EDLs. This role also assigns the sn_si.analyst role.
    • The (admin) assigns the ServiceNow AI Platform® API account role (sn_sec_panfw.api_account_access), which is used exclusively for entering credentials required for authentication on Palo Alto Networks so the firewalls can retrieve EDLs from the ServiceNow AI Platform®.
    • (sn_si.analyst), or Security Operations Center (SOC) Analyst, creates EDL entries and works with security incidents.
    Verify that you are using Palo Alto Networks Next-Generation Firewall version-OS 9.x, and 10.x. This integration only supports Palo Alto Networks Next-Generation Firewall OS 9.0 and later.
    Set up any EDL profiles, security policy rules, and certificate profiles in Palo Alto Networks as recommended in Palo Alto Networks documentation. Refer to Palo Alto Networks general documentation and requirements at the: Paloalto Networks Documentation website.
    Verify that you have downloaded and configured the DigiCert Root Authority Certificate. The integration requires this certificate to validate and authenticate the secure connection between the ServiceNow AI Platform server and the Palo Alto Networks Next-Generation Firewall server. For more information on setting up the certificate, see "Configure a Certificate Profile" in the PAN-OS 10.0 Administrator's Guide. For the download, see Create a certificate profile for the Palo Alto Networks Next-Generation Firewall and DigiCert Trusted Root Authority Certificates.
    Verify that the ServiceNow core applications that are required to support the integration are installed and activated before you install the application for the integration.

    Madrid and later release requirements

    For the Madrid release and later family releases, the Security Incident Response Dependency plugin (com.snc.si_dep) is required. This plugin automatically installs all the dependencies that are required to support the Security Incident Response product. Install and activate this plugin before you install and activate the other Security Operations applications required by the integration.

    Verify that the following Security Operations applications are installed and activated from the ServiceNow Store. If not installed, install and activate one application at a time in the following order to ensure a smooth installation.

    1. Security Incident Response
    2. Security Integration Framework
    3. Security Support Common
    4. Security Support Orchestration

    For more information on setting up your ServiceNow AI Platform instance for the integration, see Get entitlement for a Security Operations product or application and Activate a ServiceNow Store application.
    If your organization has ServiceNow AI Platform® change management and approval processes for email deletion, verify that email send/receive capability is enabled. To verify that email send/receive capability is enabled in your ServiceNow AI Platform® instance, navigate to Email properties > Administration > Email Properties. In Outbound Email Configuration, verify Email sending and Email receiving are selected.

    Procedure

    If you have not installed the application for the integration, see Install a Security Operations integration and follow the steps to install it.