11-03-2010 12:42 PM
I've been working on automated scripts to export my firewall configurations, gather the NAT translations and reformat the exported data into the XML format used by my IPAM system.
I've managed to automate this on our Check Points by parsing the objects.C file directly from our firewall managers - however, chopping through the PA config isn't quite as trivial - until I took the advance admin class and learned about the nice little command "show running nat-policy"
My ultimate method for making this work would be use SSH with the remote command to hopefully run this command and output the XML ready for transformation.
Can anyone recommend a strategy for remotely executing the command "show running nat-policy" so that I can process it?
Thanks.
11-03-2010 04:56 PM
Hello,
You might consider using the REST API: https://live.paloaltonetworks.com/docs/DOC-1031
With this API you can pull the configuration file in XML output, similar to the "show running nat-policy" command. Then you can parse it and pull out only the parts you would like. This might be easier than creating a script to login and run the command.
Cheers,
Kelly
11-04-2010 01:03 PM
This is definitely a big help - now how do I get more information on building my xpath variable?
xpath=devices/entry/vsys/entry/rulebase/security
As I'm wanting the running NAt policy from vsys FEDMZ, I figure this gets me close:
xpath=devices/entry/FEDMZ/entry/running/nat-policy
or something like this... help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
