Automation/API Discussions

How to perform a full firewall backup?

Hello,

How can I get a full backup including all settings, objects and security policies? The firewall is not managed by Panorama, I would like to be able to automate backup&restore process with Ansible and paloaltonetworks collection.

Regards,

Michael

Resolved! ansible zone creation failing

i'm trying to run the following task in my play to create a bunch of new L3 subinterfaces on ae2 and then add them to the appropriate security zone. if i try to assign the zone as part of the panos_l3_subinterface, or through a different play (as sho

...

Ansible and LDAP

Hello,

For a PAN device connected with an LDAP server - is it possible to create an address group object containing users added with "Authentication profile: LDAP", using Ansible?

Thank you for your time.

Best regards.

Account role read/write Minemeld - DAG

What kind of least privilege account role would be needed for dagpusher.

Also can minemeld read registered IP's from a firewall and use it in dagpusher/EDL

Update Azure Microsoft NSG using DAG

Just curious if there is another way to do it, without spending money..

I am pulling DAG blocked IPs from physical PA boxes using a python script, and then i am thinking of printing the formatted output in csv. This CSV will be used by a powershell s

...

paramiko hangs on PaloAlto

I have a simple script that used to work but not any longer. It now hangs during the "load_system_host_keys()". I have even tried using user parameters, which is commented out, but still it hangs. Any idea why it can't connect either via ssh key o

...

Resolved! How to parse op(cmd) results

I am new to python. I am able to get results using op() method but not able to display or parse them to use meaningfully.

fw = pandevice.base.PanDevice('10.10.10.10',api_key='abcdefgh')
fwcmd = fw.op(cmd='show global-protect-gateway current-user',xm

...

Resolved! Ansible PAN OS Collection - Can not connect to PA firewall.

Hello,

I have three virtual machines, each hosting a PA Firewall. One VM - test one, has no SSL installed, the other two have a self-signed SSL certs installed. I can access the firewall web GUI on all three VMs using a web browser. When I run the fo

...

Resolved! How to create a set of different "provider" values depending on 'ansible_hostname'?

Hello,

I have a simple playbook adding/removing tags:

---
- name: 'Palo Alto PAN OS: Create a new tag object.'
  hosts: all
  connection: local
  gather_facts: true
  collections:
    - paloaltonetworks.panos
    
  pre_tasks:
    - name: Get the sy

...

API in python works but in browser fails

Trying the API in browser. Clicking either submit or the URL give me error "show rule hit count op-command failed'

Tried on 5250 multi-vsys and 220, both on 8.1.8-h5

https://PA/api/?REST_API_TOKEN=111111111&type=op&cmd=%3Cshow%3E%3Crule-hit-count%...

Resolved! updating a portion of the rule - ansible

Wondering if anyone has had any experience updating rules. I have approximately 700 or so rules that i need to add a security profile group to...

testing the following seems to basically overwrite anything not provided to 'any'

- name: update rules

...

API Rest : Generate an API key linked to a specific user

Hi,

I would attribute specific rights to an key on my panorama.

However when i use curl command or simply the the url like https://firewall/api/?type=keygen&user=username&password=password

I get each time the same key, no matter the user used, it's al

...

XML Config to Ansible

Hi Guys,

I need to translate the base 'xml' config to 'ansible'.

I cannot locate any concrete information on doing the above:

- Management creation

- Policy definition

- Static Routes

- VPN i.e. Tunnel etc

etc

Automated Policy Push

I am trying to setup a Policy Push for quiet traffic hours of the day. This would ensure that Admins need only to commit to Panorama and then the push occur during the night. The systems are heavily taxed throughout the day and a Scheduled Policy Pus

...

Running a CLI command from Python using paramiko

I have a very simple python script that uses ssh=paramiko.SSHClient(), ssh.connect (host, 22, user, password), stdin, stdout, stderr=ssh.exec_command(command), and for line in stdout.read().splitlines(): print(line).

When I set host, user, password a

...

Discussions

How to perform a full firewall backup?

Resolved! ansible zone creation failing

Ansible and LDAP

Account role read/write Minemeld - DAG

Update Azure Microsoft NSG using DAG

paramiko hangs on PaloAlto

Resolved! How to parse op(cmd) results

Resolved! Ansible PAN OS Collection - Can not connect to PA firewall.

Resolved! How to create a set of different "provider" values depending on 'ansible_hostname'?

API in python works but in browser fails

Resolved! updating a portion of the rule - ansible

API Rest : Generate an API key linked to a specific user

XML Config to Ansible

Automated Policy Push

Running a CLI command from Python using paramiko

Output format for test/url-info-cloud and test/url-info-host

Wildfire API "Missing required field apikey"

Auto de-register devices in Panorama

Rest API not seeing template variables

Devicegroup hierarchy dump

XML API: show merged config

Unlock your full community experience!

Resolved! ansible zone creation failing

Resolved! How to parse op(cmd) results

Resolved! Ansible PAN OS Collection - Can not connect to PA firewall.

Resolved! How to create a set of different "provider" values depending on 'ansible_hostname'?

Resolved! updating a portion of the rule - ansible