Using Salt Proxy to edit password in config on Palo Alto firewall PA-220

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Using Salt Proxy to edit password in config on Palo Alto firewall PA-220

L1 Bithead

Hi, I am trying to use Salt to automate a config upload process. The problem is that the salt module for palo alto, called panos, needs access to the firewall on tcp443. "The panos proxy leverages the XML API functionality on the Palo Alto firewall. The Salt proxy must have access to the Palo Alto firewall on HTTPS (tcp/443)." from salt.proxy.panos (saltproject.io)

 

Is this something I need to allow on the firewall itself? I have tried to find a setting concerning this in the salt setup, but i have not found anything and that suggests to me that it needs to be done on the firewall itself. Keep in mind I know next to nothing about palo alto so i would appreciate that any answers are explained as simple as possible.

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@ThomasEikeland,

Correct. Since it uses the XML API to update things you'll need to actually allow the salt proxy to access the firewall's management interface. This is generally restricted through both security policy, but also through the permitted-ip settings as well. 

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite

@ThomasEikeland,

Correct. Since it uses the XML API to update things you'll need to actually allow the salt proxy to access the firewall's management interface. This is generally restricted through both security policy, but also through the permitted-ip settings as well. 

  • 1 accepted solution
  • 1266 Views
  • 1 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!