Skip to main content

PAN-OS - Block Destination Service

This Playbook is part of the PAN-OS by Palo Alto Networks Pack.#

This playbook blocks a destination IP and service (TCP or UDP port) by creating a rule for a specific device group on PAN-OS.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • PAN-OS Commit Configuration


  • Panorama


  • Set
  • SetAndHandleEmpty


  • pan-os-create-service
  • pan-os-list-addresses
  • pan-os-create-address
  • pan-os-list-services
  • pan-os-create-rule

Playbook Inputs#

NameDescriptionDefault ValueRequired
LogForwardingPanorama log forwarding object name.Optional
IPIP address to block.Optional
AutoCommitThis input establishes whether to commit the configuration automatically.
True - Commit automatically.
False - Commit manually.
DeviceGroupTarget Device Group.Optional
PortDestination port to block.Optional
ServiceNamePrefixPrefix of the Service name to be created.xsoar-service-Optional
RuleNamePrefixPrefix of the Rule name to be created.xsoar-rule-Optional
ObjectNamePrefixPrefix of the object name to be created.xsoar-object-Optional
WhereRuleWhere to move the rule. If you specify "before" or "after", you need to supply the "dst" argument. (Default is: 'top')topOptional
SourceZoneA comma-separated list of source zones.Optional
DestinationZoneA comma-separated list of destination zones.Optional
SecondaryDeviceGroupIf the rule, address and service are created in the "Shared" location, we need to know what device groups we can push to because it isn't possible to push to the "Shared" location.Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

PAN-OS - Block Destination Service