07-30-2018 11:24 AM
How can I get device group specific policies as well as shared object, object groups etc. from the Panorama. I tried with API browser and cli (with debug cli on) but could not find specific path/command. I have checked the xml running config and can see the path however not sure how to use it and the type of operation. Thanks in advance!
07-30-2018 11:34 AM
At this point, there are multiple ways to get and configure the firewall and Panorama without building a framework from scratch:
High level integrations:
* Ansible - http://panwansible.readthedocs.io/en/latest/
* Terraform - https://www.terraform.io/docs/providers/panos/index.html
Programatic integrations:
* pandevice (python) - https://github.com/PaloAltoNetworks/pandevice
Technically there's also pango (which Terraform support is built on), but that code should be considered alpha, as it sometimes makes breaking changes, so I wouldn't recommend using it directly right now.
08-01-2018 09:08 AM
@gfreeman Can I use Terraform or Ansible purely for getting data (no updating)? I am using Python with pan-python now.
08-01-2018 09:23 AM
To some extent yes. Ansible has facts and Terraform has data sources. If you give me a bit more info on what kind of data you'd want, I can be more specific..?
In addition to that, pan-python is a good library (it's what pandevice is built on top of). pandevice functions very differently from pan-python, however if you're already not afraid of the API, maybe pandevice could be a good path forward.
08-14-2018 02:11 PM - edited 08-14-2018 02:13 PM
Hey Sly!
While the pan-python/pandevice and Ansible/Terraform frameworks really handy, for doing something as simple as pulling information from the Panorama/firewall config I tend to prefer rolling my own. In particular using the xmltodict module and then navigating the config as a Python dictionary can be much more intuitive and pythonic as you build out your program. Here's a sample function you can use for pulling in the Panorama configuration (in Python 3.6.5):
import requests
import xmltodict
def get_config(ip: str, api_key: str) -> dict: try: api_call_dict = { 'key': api_key, 'type': 'config', 'action': 'get', 'xpath': f"/config" }
url = f"https://{ip}/api" response = requests.post(url, api_call_dict, verify=False) parsed_response = xmltodict.parse(response.text) panorama_config = parsed_response['response']['result']['config'] return panorama_config except BaseException as be: print(f"get_config() failed due to {be}.") return {}
You could then access the shared address objects by running the function like this:
pano_ip = '10.1.1.1' pano_api_key = 'ABCDEFKEY' pano_cfg = get_config(pano_ip, pano_api_key) print(pano_cfg['shared']['address'])
Hope that helps!
Nasir
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
