This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Get routes through Panorama

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Get routes through Panorama

Go to solution
czinu
L0 Member

‎08-29-2022 05:16 AM

Hello Fellow Community Members,

 

we are currently working on automation solution which involves getting routing tables from firewalls. Is there any way we can get routing tables from firewalls through Panorama's API?

 

Thanks in advance!

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
joaovictor
L2 Linker

‎09-08-2022 08:42 AM

Hi Czinu,

is possible to get routing tables using Python SDK and through API url. I prefer to use Python SDK. Follow bellow a sugestion:

1- Define authentication parameters:

from panos import network
from panos import policies
from panos import firewall
from panos import objects


api_user = 'admin'
api_password = 'admin'

device = 'fw.abc.com'

fw = firewall.Firewall(device, api_user, api_password)

2- So now, you can get the vrouters names:

vrouters_list = network.VirtualRouter.refreshall(fw)
for vrouter in vrouters_list:
    print(vrouter)

#the output of commands above will be the name of vrouters created in your firewall.

If you want to know more details about each vrouter:

for vrouter in vrouters_list:
    print(vrouter.about())

#the output of commands above will be the name of vrouters created in your firewall plus interfaces, virtual router
parameters. Below an example:

output: {'interface': ['ae1.30', 'tunnel.10', 'tunnel.11', 'ae1.20'],
'ad_static': None,
'ad_static_ipv6': None,
'ad_ospf_int': None,
'ad_ospf_ext': None,
'ad_ospfv3_int': None,
'ad_ospfv3_ext': None,
'ad_ibgp': None,
'ad_ebgp': None,
'ad_rip': None,
'name': 'default'}

4- To verify the static routes applied in a specific routing table:

vrouter = network.VirtualRouter(name='default')
fw.add(vrouter)
static_routes = network.StaticRoute.refreshall(vrouter)
for route in static_routes:
    print(route.about())

#the output of commands above will be the details about each static route in the vrouter:

output: #{'destination': '10.11.77.11/32',
'nexthop_type': None,
'nexthop': None,
'interface': 'tunnel.22',
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.11.77.11_32'}
{'destination': '10.20.20.0/27',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.20.20.0_27'}
{'destination': '10.30.30.30/24',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.30.30.0_24'}


5 - To deploy a static route in a routing table, you can follow the following procedure:
5.a - First, create a dictionary with required parameters:

test_python_route = {'destination': '8.8.8.8/32',
'nexthop_type': None,
'nexthop': None,
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': 'PYTHON_TESTE_GOOGLE_DNS'
}
#**If you don´t fill all the key values, the default value is assumed.


5.b - Second, you need to get the virtual routers configuration from the firewall:

network.VirtualRouter.refreshall(fw)

5.c - So, you can "search" and/or "find" the virtual-router that will receive the new static route:

vrouter = fw.find('default', network.VirtualRouter)


5.d - So now, you can "build" the configuration and associate the "route dictionary":

deploy_route = network.StaticRoute(**test_python_route)


5.e - Bind the config to vrouter python instance:

vrouter.add(deploy_route)


5.f - create the route:

deploy_route.create()


5.g - My sugestion is, not commit from the script. But if required, you can commit from the script:

fw.commit()


#to confirm the commit process ocurring in the firewall go to GUI interface and verify in Task the commit status.

Hope that this be useful, and i my suggestion is verify how panos module really works in the official documentation.
I´m a beginer yet, but i already learned a lot. 🙂

View solution in original post

(1)

Go to solution
czinu
L0 Member
In response to joaovictor

‎09-09-2022 03:49 AM

Thanks for extensive answer. This is not directly what I was asking for, but it has guided me in the right direction. For anyone else looking for the same thing this is how you can access devices with panorama as a proxy.

 

Take a look at option 2 from here:

https://pan-os-python.readthedocs.io/en/latest/howto.html#connect-via-panorama

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
joaovictor
L2 Linker

‎09-08-2022 08:42 AM

Hi Czinu,

is possible to get routing tables using Python SDK and through API url. I prefer to use Python SDK. Follow bellow a sugestion:

1- Define authentication parameters:

from panos import network
from panos import policies
from panos import firewall
from panos import objects


api_user = 'admin'
api_password = 'admin'

device = 'fw.abc.com'

fw = firewall.Firewall(device, api_user, api_password)

2- So now, you can get the vrouters names:

vrouters_list = network.VirtualRouter.refreshall(fw)
for vrouter in vrouters_list:
    print(vrouter)

#the output of commands above will be the name of vrouters created in your firewall.

If you want to know more details about each vrouter:

for vrouter in vrouters_list:
    print(vrouter.about())

#the output of commands above will be the name of vrouters created in your firewall plus interfaces, virtual router
parameters. Below an example:

output: {'interface': ['ae1.30', 'tunnel.10', 'tunnel.11', 'ae1.20'],
'ad_static': None,
'ad_static_ipv6': None,
'ad_ospf_int': None,
'ad_ospf_ext': None,
'ad_ospfv3_int': None,
'ad_ospfv3_ext': None,
'ad_ibgp': None,
'ad_ebgp': None,
'ad_rip': None,
'name': 'default'}

4- To verify the static routes applied in a specific routing table:

vrouter = network.VirtualRouter(name='default')
fw.add(vrouter)
static_routes = network.StaticRoute.refreshall(vrouter)
for route in static_routes:
    print(route.about())

#the output of commands above will be the details about each static route in the vrouter:

output: #{'destination': '10.11.77.11/32',
'nexthop_type': None,
'nexthop': None,
'interface': 'tunnel.22',
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.11.77.11_32'}
{'destination': '10.20.20.0/27',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.20.20.0_27'}
{'destination': '10.30.30.30/24',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.30.30.0_24'}


5 - To deploy a static route in a routing table, you can follow the following procedure:
5.a - First, create a dictionary with required parameters:

test_python_route = {'destination': '8.8.8.8/32',
'nexthop_type': None,
'nexthop': None,
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': 'PYTHON_TESTE_GOOGLE_DNS'
}
#**If you don´t fill all the key values, the default value is assumed.


5.b - Second, you need to get the virtual routers configuration from the firewall:

network.VirtualRouter.refreshall(fw)

5.c - So, you can "search" and/or "find" the virtual-router that will receive the new static route:

vrouter = fw.find('default', network.VirtualRouter)


5.d - So now, you can "build" the configuration and associate the "route dictionary":

deploy_route = network.StaticRoute(**test_python_route)


5.e - Bind the config to vrouter python instance:

vrouter.add(deploy_route)


5.f - create the route:

deploy_route.create()


5.g - My sugestion is, not commit from the script. But if required, you can commit from the script:

fw.commit()


#to confirm the commit process ocurring in the firewall go to GUI interface and verify in Task the commit status.

Hope that this be useful, and i my suggestion is verify how panos module really works in the official documentation.
I´m a beginer yet, but i already learned a lot. 🙂

(1)

Go to solution
czinu
L0 Member
In response to joaovictor

‎09-09-2022 03:49 AM

Thanks for extensive answer. This is not directly what I was asking for, but it has guided me in the right direction. For anyone else looking for the same thing this is how you can access devices with panorama as a proxy.

 

Take a look at option 2 from here:

https://pan-os-python.readthedocs.io/en/latest/howto.html#connect-via-panorama

0 Likes Likes
  • 2 accepted solutions
  • 3575 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks