- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-30-2021 06:23 AM - edited 12-30-2021 06:25 AM
Hello Guys,
I have prepared the "SET" commands which configure the baseline settings. I can able to run the full set command from CLI. I would like to know any options where I can run these command from a Linux machine where the system take the commands from the local script and loginto the palo alto and execute the commands.
Also need to print the output of each set of command like " executed password policy successfully" or Failed to executed password policy with the output comments"
No knowledge in python or any scripting language so need to make it simple and would like to know this process is possible ?
eg: Commands
set mgt-config password-complexity enabled yes
set mgt-config password-complexity minimum-length 12
set mgt-config password-complexity minimum-uppercase-letters 1
set mgt-config password-complexity minimum-lowercase-letters 1
set deviceconfig setting management idle-timeout 10
set deviceconfig setting management admin-lockout failed-attempts 5
set deviceconfig setting management admin-lockout lockout-time 5
set deviceconfig system snmp-setting access-setting version v3
12-30-2021 07:49 AM
Hello,
I'm not the best scripting guy, however have you heard of Palo Alto's Zero Touch Provisioning?
Regards,
12-30-2021 08:54 AM
I'll do you one better. Pull our docker container to run IronSkillet (get it, hardened PANs?)
You are able to directly edit the config, add variables, among many other things (including generating set commands from a current config).
12-30-2021 11:13 AM
Hello,
Here is a zero day config to base things off of ;)...
Regards,
12-30-2021 12:04 PM
@SPG,
IronSkillet and zero day configurations are all a great option. I would personally really recommend that you look into learning some sort of scripting language for use in situations like this. Whether you choose to utilize Python, PowerShell, simple Bash scripts, or anything of the sort is up to you, but it's an invaluable tool to have in your toolbox.
What you're looking to do is pretty simple from a scripting aspect and easily done. It would actually be a great starter script to assist you in learning how to make basic scripts. While I'm personally impartial to Python and think that's a better scripting language to focus on from a network/security aspect, any scripting language can handle what you're looking to do.
01-01-2022 11:30 PM
Hello @BPry ,
Thanks for the advice and agree on learning some scripting language . Let me try the IronSkillet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!