Import Existing Security Policies from Panorama to Terraform code (Reverse Terraform for Palo Alto)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Import Existing Security Policies from Panorama to Terraform code (Reverse Terraform for Palo Alto)

L2 Linker

I created a script to reverse Terraform Security Policies from Panorama to be Managed by terraform 

Currently only works with Security Policies, i'll be working in the future to work with the rest of the configuration in a panorama.

 

https://github.com/gabrielmontiel/PanosReverseTerraform

I hope you find this useful, feel free to collaborate on it too!

Gabriel Montiel
4 REPLIES 4

L4 Transporter

@GabrielMontiel Very good idea. Thank you

L5 Sessionator

Thanks @GabrielMontiel.

 

I see this uses an XML config file; if you have a live device you can also use Terraformer.

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Yes i just saw that terraformer had support for the panos terraform provider just recently, there's an issue with it though that the policies can not have a whitespace in the name. i guess its easier to pull request than to build it from scratch

Gabriel Montiel

L6 Presenter

Nice! I still see Panorama as a nice system for monitoring many firewalls that can be used together with Terraform and as Palo Alto allows managing firewalls locally or with Panorama without issues with the Post and Pre rules for me Terraform in some cases can be added without the removal of Panorama, especially if you have many firewalls but maybe if you have small number in different cloud region locations and 1 Panorama is not enough because of the latency then going with Terraform could be answer.

 

https://registry.terraform.io/providers/PaloAltoNetworks/panos/latest/docs/resources/panorama_securi...

 

  • 4829 Views
  • 4 replies
  • 4 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!