sending user-id logon/logoffss to firewall via PAN-perl

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

sending user-id logon/logoffss to firewall via PAN-perl

L0 Member

Hi everyone,

Can anyone advise how the PAN-Perl module can be used in per scripts to send user-id mappiungs directly to the firewall? In reading the module,  the PAN-Perl module (PAN::XAPI) seems to include every restull api type, except user-id and so I don't seem to be able to send an "action='user-id', xpath= ...user-id xml..." it's not listed in the doc, nor the module as far as I can see.

 

 

I know I can use PAN:API to talk to external agent collectors (which I've tested), but there is a 10-15 second polling period before the Firewall is updated which in my scenario is a touch too long, (and  doesn't seem to be changable in config).

 

any suggestions ?

 

Cheers

Jason

4 REPLIES 4

L1 Bithead

Hi,

 

I have not played with the Perl module, but i have just been playing with Python, and using a external DB source to feed into the User-ID login, and logouts.

There are a few examples on GitHub, but they are mainly Python.

In theory you can do it with perl as it is just RestfulAPI.

 

I am assuming you are OK with getting the API Key.

 

My example of the API request format for the login.

 

https://192.168.0.200/api/?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srN...> <type>update</type> <payload> <login> <entry name="user1" ip="10.0.0.1"/> <entry name="domain\user2" ip="10.0.0.2"/> </login> </payload></uid-message>

 

 

Toby

L3 Networker

You would need to have at least this version:

 

2012-08-30

  - PAN::XAPI, bin/panxapi: add support for updating dynamic objects
    in PAN-OS 5.0 (type=user-id).

L0 Member

Thanks everyone. Rather than doing direct Rest http calls I was hoping to use PAN::XAPI because it had all the underlying http logic and error handling in simple functions, which simplied things and added reliability for my need. I ended up adding a 15 line subroutine that added $api->userid($cmd) with the same format as the rest of PAN:XAPIs functions, which solved everthing.

 

Thanks for your help !

 

Jason

 

  • 3733 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!