08-15-2020 01:35 AM
Firstly, apologies if this has been asked before. I couldn't find it with a search, but if it has been asked I'll review that answer
I'm writing a 'Health Check' script in Python, that connects to managed firewalls for all of our customers (we're an MSSP) and scrapes important data, then submits it to a central server for generating reports. Given an IP address with an appropriate managemenbt profile for any firewall, I can extract the data easily.
Most of our larger customers use Panorama, and I was hoping that I could write the script in such a way that it would only need to be given an IP address for Panorama, and could pull the list of (connected) devices from Panorama, and then connect to them one-by-one automatically using the IP address they are communicating to Panorama from.
Unfortunately I cannot find a command in Panorama (either via API or CLI), to give me a list of devices that includes the IP Address they are CONNECTING TO PANORAMA from. I can easily get a list of devices with 'show devices connected', but that shows only the Management IP (along with hostname, serial, etc). In many cases, due to the nature of the customers deployment they do not use the Management interface (especially for lots of small branches with 200's or 220's). In this case the call to 'show devices connected' returns 192.168.1.1 for these devices, but I know they are connecting to Panorama using dataplane interfaces with RFC1918 addressing.
Does anyone know of a command, or a way using API calls, to extract the IP address that devices are using to communicate to Panorama?
08-15-2020 02:55 AM
Hello @sam_miller
You could connect (send an API call) to a node using an API call with panorama (target=<serial number>).
This is not exactly what you ask, Calling the remote nodes via panorama is much faster, compared with calling the nodes direct.
08-15-2020 02:55 AM
Hello @sam_miller
You could connect (send an API call) to a node using an API call with panorama (target=<serial number>).
This is not exactly what you ask, Calling the remote nodes via panorama is much faster, compared with calling the nodes direct.
08-15-2020 03:18 AM
That sounds like a good idea, as then the script wouldn't be reliant on the same username/password or API key being present on each firewall
I'll investigate this option, thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
