# Execute Response Actions with Palo Alto Networks PAN-OS
In this guide, you'll set up a trusted relationship between Radiant and Palo Alto Networks PAN-OS to enable automated and one-click response actions.
:bolt-lightning: Available actions
The following action is available after you set up the Palo Alto Networks PAN-OS action connector. Keep in mind, additional permissions are required.
* **Block IP Address**
At the end of this configuration, you will provide Radiant Security with the following:
* **Administrator Username**
* **Administrator Password**
* **PAN-OS BaseURL**
### Prerequisites
* [ ] Admin access to Palo Alto Networks PAN-OS
{% hint style="info" %}
**Note:** The connector described in this document were tested on v9.1, v10.1 and v11.0, with v9.1 being the oldest present in .
{% endhint %}
### Add an administrator in Palo Alto
1. Login to your Palo Alto firewall.
2. On the top navigation bar, click **Device.**
3. From the left navigation menu, click **Admin Roles.**
4. Add a new admin profile:
* Name: `radiantsecurityadmin`
5. Add the required permissions
**XML API**
* **Commit (Enable)**
**REST API**
* Objects - Addresses (Enable)
* Objects - AddressGroups (Enable)
* Device - VirtualSystems (Read Only)
6. Click **OK** to create the admin profile.
7. From the left navigation menu, click **Administrators.**
8. Add a new user with the following features:
* Name: `radiantsecurity`
* Administrator Type: **Role Based**
* Password: ``
* Profile: **radiantsecurityadmin**
* Choose the role created in the previous step
{% hint style="warning" %}
**Important note:** Save both **username** and **password** of the administrator profile. This will be provided to Radiant Security in a later step.
{% endhint %}
9\. In the top navigation menu, click **Commit** to save the configuration changes.
{% hint style="warning" %}
**Important note:** On the connector configuration we must also save PAN-OS base URL. This is both the API domain to be used and PanOS web URL that we need to add to the Radiant connector.
{% endhint %}
### Create the action connector in Radiant Security
1. Login to [Radiant Security](https://app.radiantsecurity.ai/).
2. Navigate to **Settings** > **Action Connectors** and click **+ Add Connector**.
3. Search for and select **Palo Alto Networks PAN-OS** and then click **Credentials**.
4. Under **Credential** **Name**, enter a credential name (`PAN-credentials` for example)
5. Under **Required** **Credentials**, add the information you obtained from the previous step:
* **Administrator Username**
* **Administrator Password**
* **PAN-OS BaseURL**
6. Click **Add Connector** to save your changes.
{% hint style="info" %}
**Note:** The base URL is the FQDN or Public IP Address of the Palo Alto Firewall or Panorama followed by the version. For example: `https://111.163.30.32/restapi/9.1/`
{% endhint %}
{% hint style="warning" %}
**Important note:** Palo Alto Firewall must be reachable for Radiant to execute the actions.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/palo-alto-networks-firewall/execute-response-actions-with-palo-alto-networks-pan-os.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.