12-14-2022 12:42 AM
Hi, I am trying to use Salt to automate a config upload process. The problem is that the salt module for palo alto, called panos, needs access to the firewall on tcp443. "The panos proxy leverages the XML API functionality on the Palo Alto firewall. The Salt proxy must have access to the Palo Alto firewall on HTTPS (tcp/443)." from salt.proxy.panos (saltproject.io)
Is this something I need to allow on the firewall itself? I have tried to find a setting concerning this in the salt setup, but i have not found anything and that suggests to me that it needs to be done on the firewall itself. Keep in mind I know next to nothing about palo alto so i would appreciate that any answers are explained as simple as possible.
12-14-2022 09:48 AM
Correct. Since it uses the XML API to update things you'll need to actually allow the salt proxy to access the firewall's management interface. This is generally restricted through both security policy, but also through the permitted-ip settings as well.
12-14-2022 09:48 AM
Correct. Since it uses the XML API to update things you'll need to actually allow the salt proxy to access the firewall's management interface. This is generally restricted through both security policy, but also through the permitted-ip settings as well.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
