# Palo Alto Firewall ### Configuration Steps **1. Identify GPT Enterprise Traffic** First, create an application filter or custom application to identify OpenAI/GPT Enterprise traffic: * GPT Enterprise typically uses `*.openai.com` and `*.azure.com` (for Azure OpenAI) * You may need to create a custom App-ID or use URL filtering categories **2. Configure ICAP Server Profile** In your Palo Alto firewall: * Navigate to **Objects > Security Profiles > ICAP Server** * Create a new ICAP server profile pointing to your Docker container's IP and port (typically port 1344) * Configure the ICAP URI path (e.g., `/request` and `/response`) **3. Create a Data Filtering Profile** * Go to **Objects > Security Profiles > Data Filtering** * Create a profile that uses your ICAP server for inspection * Configure it to inspect both request and response traffic **4. Apply to Security Policy** Create or modify a security policy rule: * **Source**: Your internal zones/users * **Destination**: External zone * **Application**: OpenAI/GPT Enterprise (custom app or URL category) * **Action**: Allow * **Profile Settings**: Attach your Data Filtering profile with ICAP **5. SSL Decryption (Critical)** Since GPT Enterprise uses HTTPS, you'll need SSL decryption: * Create an SSL decryption policy to decrypt traffic to `*.openai.com` * Use forward proxy with appropriate certificates * This is essential for ICAP to inspect the actual payloads ### Key Considerations * **Performance**: ICAP inspection adds latency - ensure your Docker container has adequate resources * **Certificate Trust**: Deploy your SSL decryption certificate to client machines * **Bypass Rules**: Consider bypass rules for non-sensitive traffic to reduce load * **High Availability**: Consider running multiple ICAP server instances --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aiceberg.ai/developers/guardian-via-icap/production-configuration-guides/palo-alto-firewall.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.