0

I have a client (for our SOC) whos home is protected by a PAN 200 firewall (palto alto) but doesnt have a static ip address. The issue Im facing is how to send all the logs to our vps without having to open up all IP addresses. From what I understand, site to site vpns require static ips on either side, so I was considering adding an openvpn access server on our end and somehow establishing a connection from the PAN 200 appliance to our server. Is this possible in any way?

David
  • 11
  • 1

1 Answers1

1

It is possible to setup openVPN server on the VPS end. the specific procedure would depend on what operating system the VPS is running. You might also consider Wireguard as an alternative to OpenVPN. If your only objective is to ship log files from the home office environment, you might also consider using ssh. Although, if you decide to employ ssh in this capacity, you should disable password authentication and accept only key-based authentication.

ApatheticSheep
  • 56
  • 2
  • Thanks for the reply. I think I didn't clarify my question well enough. We have an openVPN server on the vps. What we would like to avoid is having to open every port in order to accept the incoming logs from the agent. I understand you are suggesting ssh however I dont believe this will work for the monitoring we are doing. So more specifically Id like to know if their is a way to deploy a openvpn client on an appliance? – David Jan 20 '21 at 09:08
  • "Id like to know if their is a way to deploy a openvpn client on an appliance?" Yes, there should be, although that depends on the nature of the appliance, specifically, the operating system on which it is built, and whether there is something within the appliance's config that would reset custom configurations upon reboot. May I ask what appliance you are wishing to install an OpenVPN client on? You might also consider using another VM as a gateway to the VPN. – ApatheticSheep Jan 25 '21 at 15:30
  • we would like to deploy openvpn on a palto alto firewall – David Jan 26 '21 at 08:54
  • I don't know anything about Palo Alto. When you said appliance I thought you meant virtual appliance. My mistake. It may only be possible to use your palo alto device in OpenVPN client mode if the vendor has exposed this functionality in their software. Do you have a specific model/version you are working with? I would like to research the capabilities of your specific device. – ApatheticSheep Jan 27 '21 at 15:09