Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-17-2019 02:21 PM
I have Panorama managing my firewalls. I would like to leverage Postman to make API POSTS to Panorama for new security policies.
Can someone provide an example of a filled-out body with bogus data to show me how the API wants it?
I'm particularily getting stuck on the first part of the body.. I have a device group called "firewalls" and the device is named "firewall1"
{
"entry": {
"@name": "testrule",
"target": {
"devices": {
"entry": [
null
]
},
07-17-2019 02:37 PM
If you're doing PAN-OS automation and aren't using any of the integrations that already exist (aka - Terraform or Ansible) and you need to figure out how to format calls to the XML API, your best course of action is to use the debug GUI functionality.
This is just one of the three ways available. The other two are detailed here (the link is from PAN-OS 7.1, but the information is still accurate now):
Hope this helps!
07-17-2019 03:38 PM
Neither Terraform nor Ansible force specific workflows on the user, so you are free to use whatever workflow you want. Using either of them however gets you away from having to start from nothing.
As to whether you should use Terraform or Ansible, I think that it becomes a matter of preference. Sometimes a company is already using one or the other internally, so it makes sense to stick with that tool. But if no one is using either already and you are free to choose, I think I'd suggest playing with them both and figuring out which you like more.
Palo Alto Networks has had a Terraform & Ansible lab the past few years at Ignite. Here's the 2019 lab (the description has the link to the lab guide as HTML):
https://github.com/PaloAltoNetworks/multicloud-automation-lab
07-17-2019 02:37 PM
If you're doing PAN-OS automation and aren't using any of the integrations that already exist (aka - Terraform or Ansible) and you need to figure out how to format calls to the XML API, your best course of action is to use the debug GUI functionality.
This is just one of the three ways available. The other two are detailed here (the link is from PAN-OS 7.1, but the information is still accurate now):
Hope this helps!
07-17-2019 02:54 PM
Do you suggest that I work on using Ansible? I want to automate our firewall changes. Can you give me a brief rundown of an example workflow that you or someone else has created for firewall changes? Hoping that I'll have an idea of what to work toward.. Right now, it's trying to mess with Postman.
07-17-2019 03:38 PM
Neither Terraform nor Ansible force specific workflows on the user, so you are free to use whatever workflow you want. Using either of them however gets you away from having to start from nothing.
As to whether you should use Terraform or Ansible, I think that it becomes a matter of preference. Sometimes a company is already using one or the other internally, so it makes sense to stick with that tool. But if no one is using either already and you are free to choose, I think I'd suggest playing with them both and figuring out which you like more.
Palo Alto Networks has had a Terraform & Ansible lab the past few years at Ignite. Here's the 2019 lab (the description has the link to the lab guide as HTML):
https://github.com/PaloAltoNetworks/multicloud-automation-lab
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
