Palo Alto Networks and BackBox Integrated Network Automation Solution

PaloAltoNetworks_2020_Logo.svg (1)

Trusted Network and Security Device Automation

Integration Highlights

  • Automate OS updates and vulnerability patches for Palo Alto Networks devices across your network in a timely manner, to prevent exposure to known vulnerabilities. This includes automating multistep updates and support for older devices.

  • Automate backup of Palo Alto Networks NGFWs and other security devices. Each backup is validated to ensure its integrity and can be restored with a single click. Backups and restores become so simple, they can easily be incorporated into any potentially destructive automation for rapid recovery.

  • Backups can be stored off-site and encrypted with a longer history of backups saved to help with troubleshooting or in the event of an undetected vulnerability.

  • Fully support CIS Benchmark compliance out-of-the-box, including an initial gap-analysis, ongoing automated configuration audit, drift prevention, reporting, and optional automated remediation.

  • Ensure your CMDB is always up-to-date and that security vulnerabilities don’t go undetected with Dynamic Inventory capabilities.

  • Automated discovery of all Palo Alto Networks NGFW and other devices connected to the network for tight management of device inventory to comply with cybersecurity standards, such as CIS.

The Challenge

Modern enterprise-class networks are incredibly complex and require constant changes to maximize uptime and minimize vulnerabilities. This complexity is exacerbated by the pace of change within networks to support new applications and services for businesses and their customers. Manually automating the configuration of all network and security devices to ensure business continuity can often be difficult, time-consuming, and prone to human error.

In fact, 92% of our customers say they face more updates to their networks than they can accomplish.

Network and security devices require constant OS updates, patches, and configuration changes to protect from vulnerabilities. Failure to perform these updates in a timely manner exposes the network to security threats and the potential for costly downtime. In the absence of regular backups, which often happens when backups are complex to perform or require manual steps, networks experience slower recovery from downtime following outages.

The Solution

To tackle these challenges, organizations need a trusted automation platform that can make repetitive network tasks efficient and reliable, works within existing network architecture and operations, and scales to enterprise or multi-tenant deployments.

BackBox delivers such a platform with out- of-the-box capabilities for backup, OS updates, compliance auditing and auto-remediation, Dynamic Inventory Reporting, and closed- loop management of vulnerability patching.

Palo Alto and BackBox Integrated Solution

The Palo Alto and BackBox integrated solution provides automated backup and single-click recovery of Palo Alto Networks NGFW and Panorama network security management devices, eliminating the need for time-consuming and ineffective manual processes or creating and managing in-house scripts.


The Palo Alto and BackBox integrated solution provides automated backup and single-click recovery of Palo Alto Networks NGFW and Panorama network security management devices.

BackBox Dynamic Inventory collects granular asset information from Cisco Secure Firewalls and other devices and then reports on inventory information, including license information, device model, serial numbers, and more. Inventory information can also be passed along to other systems, like an ITSM or CMDB via the BackBox API.

BackBox can change operating system-level parameters on multiple devices with a single click, providing the ability to delegate administrative tasks to individuals who do not require full policy access, which minimizes potential human errors that might lead to configuration errors.

BackBox also provides seamless integration to verify that Palo Alto Networks devices and other devices are configured in alignment with internal and industry security policies and regulations, such as the CIS Benchmarks, and can automatically remediate.

Benefits Of The Integration

  • Automated, verified PAN-OS updates of Palo Alto Networks NGFW and Panorama devices to protect from vulnerabilities.

  • Automated, validated backups for Palo Alto Networks devices.

  • Single-click restore and disaster recovery.

  • Validation and automatic remediation of configurations against policies and regulations.

  • Automated discovery of newly connected Palo Alto Networks devices for easy asset management.

BackBox Network Automation Manager

BackBox is the most trusted network automation platform, focused on automating network security and operations at scale for enterprises and Technology Services Partners.

Flexible automation empowers our customers to enhance the health, performance, and security of over 100,000 networks worldwide.

We believe that network automation should be easy and reliable, providing our customers with unprecedented time savings and reduced risk.

Palo Alto Networks Panorama™ Network Security Management

Panorama™ network security management empowers users with easy-to-implement, consolidated policy creation and centralized management features. Administrators can manage network security with a single security rule base for firewalls, threat prevention, URL filtering, application awareness, user identification, sandboxing, file blocking, access control, and data filtering. This crucial simplification, along with App-ID technology-based rules, dynamic security updates, and rule usage analysis, reduces administrative workload and improves overall security posture.

Use Case 1


The Challenge:

OS updates and patch management are a critical aspect of maintaining network security. The versions of OS that run on the network infrastructure must be closely managed to ensure continuity of service and remediation of known security vulnerabilities. But manually keeping track of the frequent OS updates and patches of firewalls and other network and security devices is getting more challenging, especially with limited resources.

The Solution:

BackBox offers automated PAN-OS updates and patches for Palo Alto Networks devices across the entire network and will do the same for network and security devices from 180 other vendors, all from a centralized location, and typically with a single automation. This eliminates the need to hop from one tool to another to update different devices, saving time and resources. Users can use BackBox to update the OS of Palo Alto Networks devices, alongside hundreds of devices seamlessly, with a single click.

Use Case 2


The Challenge:

With configuration updates getting more frequent due to the acceleration of new threats and malicious actors, it is a challenge to ensure all security devices, such as firewalls, are up-to-date and compliant with internal organization policies and government or industry regulations

The Solution:

Eliminating the need to manually check device configuration for compliance, BackBox provides contextually-aware automation templates that remove the drudgery and reduce risk by validating that a specific configuration for Palo Alto Networks devices or devices from other vendors meets best practices and can automatically remediate those that do not. Rechecks can be scheduled to run daily or at whatever frequency desired. Administrators receive notifications of configuration drift and can auto-remediate to bring the organization back into compliance.

Use Case 3


The Challenge:

Manual configuration backup for network security devices like firewalls is time consuming and prone to human errors. In addition to security infrastructure, network engineers must perform regular backups on routers, switches, and other network devices from multiple vendors, via multiple different user interfaces, further increasing risk.

The Solution:

Seamless integration between BackBox and Palo Alto Networks NGFWs and Panorama enables automated, centralized, and secure backups for all configuration information from these devices alongside devices from other vendors. This ensures rapid recovery and minimal downtime.

See for yourself how consistent and reliable your device backups and upgrades can be