In Palo alto firewall whatever the time based policies is going to expire for that we want to configure the mail alerts or reports for example if any rule is going to expire on date of 24 October we should get report or mail alert of those rules by today (2 days before) , how we can achieve this?
Is it possible in palo alto ?
there is no direct correlation between logs that can be forwarded and a schedule set to a policy; the schedule acts as a conditional match inside the security rule, so once the 'end' time is reached, the condition can never be met and the rule won't be hit again
if you need to set rules with a specific end time, it may be a good idea to set a clear description to such rules so they can be easily viewed and removed after they've server their purpose
Not natively. You could put together a script that works in conjunction with the XML-API to pull the schedules that are ending in a specified timeframe and alert on the expiring schedules (or further use the API to find all of the rulebase entries with that schedule specified), but that isn't built-in to PAN-OS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!