Creating a Vsys/VR via CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Creating a Vsys/VR via CLI

L2 Linker

Does anyone have a script or a way to implement a new virtural firewall and virtual router via the cli? Does not have to be automatic but would like to get to that point? I have a couple dozen to implement and looking for a quicker way vs via gui.

Thank you

David

5 REPLIES 5

L1 Bithead

@dwmaas are you still looking for this? I have been working on a script to create full tenants via vsys creation and could share that portion of the script if you're still looking

Hi,

Yes still looking, just dropped down in priorty on my list. But that would be fantastic if you could share what you have.

Thank you

David

L4 Transporter

Why use CLI?  If you're going for automation, API is usually a much better option.  You could use any of our API libraries to do this quickly.  Here's an example using the Palo Alto Networks Device Framework:

 

from pandevice import firewall, device

fw = firewall.Firewall('10.0.1.1', 'admin', 'password', vsys=None)

fw.add(device.Vsys('vsys2', 'My New Vsys1')).create()
fw.add(device.Vsys('vsys3', 'My New Vsys2')).create()
fw.add(device.Vsys('vsys4', 'My New Vsys3')).create()
fw.add(device.Vsys('vsys5', 'My New Vsys4')).create()

fw.commit()

That creates 4 vsys on the firewall.  If you need vsys each with their own virtual router you'd do something like this:

 

from pandevice import firewall, network, device

fw = firewall.Firewall('10.0.1.1', 'admin', 'password', vsys=None)

vr2 = fw.add(network.VirtualRouter('vsys2-vr')
vsys2 = fw.add(device.Vsys('vsys2', 'My New Vsys2'), virtual_routers=[vr2])

vr2.create()
vsys2.create()

fw.commit()

That would give you a new virtual router in a new vsys.

 

More information:

https://live.paloaltonetworks.com/deviceframework
http://pandevice.readthedocs.io/en/latest/usage.html#working-with-virtual-system
http://pandevice.readthedocs.io/en/latest/module-device.html#pandevice.device.Vsys

@btorresgil This is why it's nice to see others work sometimes. I had a very similar thing to part two I was going to share, but I was defining my variable, then adding it in another line and then creating it in another line. I hadn't even thought about that I could be slimming it down to one line for the add and create!

Thank you very much, this would work out super, we do what to automate the entire vsys/vr and bgp router configs. So it is not done manually.

 

  • 5086 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!