Hello, For a PAN device connected with an LDAP server - is it possible to create an address group object containing users added with "Authentication profile: LDAP", using Ansible? Thank you for your time. Best regards.
What kind of least privilege account role would be needed for dagpusher. Also can minemeld read registered IP's from a firewall and use it in dagpusher/EDL
Just curious if there is another way to do it, without spending money.. I am pulling DAG blocked IPs from physical PA boxes using a python script, and then i am thinking of printing the formatted output in csv. This CSV will be used by a powershell script to create block rules in NSG in azure. I have python script in console and have tested addi...
I have a simple script that used to work but not any longer. It now hangs during the "load_system_host_keys()". I have even tried using user parameters, which is commented out, but still it hangs. Any idea why it can't connect either via ssh key or user info? Your input is greatly appreciated. import paramiko ssh_client = paramiko.SSHCli...
I am new to python. I am able to get results using op() method but not able to display or parse them to use meaningfully. fw = pandevice.base.PanDevice('10.10.10.10',api_key='abcdefgh') fwcmd = fw.op(cmd='show global-protect-gateway current-user',xml=True) print(type(fwcmd),"\n\n") print(fwcmd) the result this yields is like <class 'bytes'...
Hello, I have three virtual machines, each hosting a PA Firewall. One VM - test one, has no SSL installed, the other two have a self-signed SSL certs installed. I can access the firewall web GUI on all three VMs using a web browser. When I run the following playbook, Ansible can not connect to hosts with SSL certs in place: Spoiler (Highlight to...
Hello,I have a simple playbook adding/removing tags: --- - name: 'Palo Alto PAN OS: Create a new tag object.' hosts: all connection: local gather_facts: true collections: - paloaltonetworks.panos pre_tasks: - name: Get the system information. include_vars: ./vars/provider.yml no_log: 'no' tasks: - na...
Trying the API in browser. Clicking either submit or the URL give me error "show rule hit count op-command failed'Tried on 5250 multi-vsys and 220, both on 8.1.8-h5 https://PA/api/?REST_API_TOKEN=111111111&type=op&cmd=%3Cshow%3E%3Crule-hit-count%3E%3Cvsys%3E%3Cvsys-name%3E%3C%2Fvsys-name%3E%3C%2Fvsys%3E%3C%2Frule-hit-count%3E%3C%2Fsh...
Wondering if anyone has had any experience updating rules. I have approximately 700 or so rules that i need to add a security profile group to... testing the following seems to basically overwrite anything not provided to 'any' - name: update rules to FWpanos_security_rule:ip_address: '{{ item.firewall }}'username: '{{ username }}'password: '{{...
Hi, I would attribute specific rights to an key on my panorama.However when i use curl command or simply the the url like https://firewall/api/?type=keygen&user=username&password=password I get each time the same key, no matter the user used, it's already the same key.... Thanks for your future reply
Hi Guys, I need to translate the base 'xml' config to 'ansible'. I cannot locate any concrete information on doing the above:- Management creation- Policy definition- Static Routes- VPN i.e. Tunnel etcetc
I am trying to setup a Policy Push for quiet traffic hours of the day. This would ensure that Admins need only to commit to Panorama and then the push occur during the night. The systems are heavily taxed throughout the day and a Scheduled Policy Push would be invaluable. I originally believed it to be the Schedules under Objects however this is...
I have a very simple python script that uses ssh=paramiko.SSHClient(), ssh.connect (host, 22, user, password), stdin, stdout, stderr=ssh.exec_command(command), and for line in stdout.read().splitlines(): print(line). When I set host, user, password and command, e.g. "show ip int brief", to connect to a Cisco router, everything works fine and the...
Why am I not getting response when using pan.xapi vs panxapi.py? from python interpretor: api_sess = pan.xapi.PanXapi(hostname="10.209.32.33",api_username="myusername", api_password="mypassword",api_key='mykey') api_sess..show(xpath = "/config/devices/entry/deviceconfig/system/hostname") *returns no ouptput however using panxapi.py I expected re...
I did some work with pandevice and I am able to create new configuration in a Firewall, but struggling working with the existing Panorama configuration. Can you please help me with ideas for the below. I need to move a firewall between panorama appliances and the task is: Given the firewall serial, find the Template Stack and Device Group the f...
