Is it possible to send a cli command via ssh to Panorama ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is it possible to send a cli command via ssh to Panorama ?

L2 Linker

I sent cli commands to a remote devices via ssh on many different vendors. Can I do this on Palo Alto? or only way to automate PAN firewalls is via API ?

 

thanks !!

5 REPLIES 5

L2 Linker

I found this:
Palo doesn't have full bash CLI that is why Plink is not working

L2 Linker

PAN has it's own semantics, like a Cisco. Language you use in CLI is a kind of abstraction layer above unix shell. Depending on your case, you can use many possibilities. PAN has it's own terraform providers for example.

PCNSE, PCCSE, CCNP Security, AWS SAA

L2 Linker

thanks !!

Cyber Elite
Cyber Elite

@gongya,

Any particular reason why you don't want to use the API? Everything else is simply an abstraction from the API itself, and personally I recommend keeping abstraction layers as limited as possible when you're automating something. If you really want to utilize SSH netmiko will handle this well enough with some slight adjustments. 

 

A really simple way to interact with the device from an automation standpoint would be to utilize pan-os-python assuming you're utilizing Python. This is again just an abstraction to the API, but it allows you to send commands the same way that you would through the CLI (additionally the API allows you to do the exact same thing). 

The major reason is I do not want to embed password in the script. Also cli output is easy for me to parse.
I like to use ssh or putty for only connection and get the output. All the rest I will handle in python or perl.
I did customize the putty code to even hide the password from ps command.
What I did is writing a wrap in c and compile it into binary with the password in it, and only leave the binary in the server. it then is called in python or perl.

thanks !!

  • 1663 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!