PAN-OS Query Scripts

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Printer Friendly Page
Did you find this article helpful? Yes No
No ratings

 

Brief Description

This quickplay solution includes a set of scripts and skillets to quickly query the NGFW to determine inbound open policy ports/applications, domain categories, and URL categories.

 

Video coming soon...

 

Prerequisites

Playing this solution requires:

  • panhandler 4.3 or later to play skillets
  • API access to the NGFW

 

Solution Details

Documentation: https://github.com/PaloAltoNetworks/panos-query-scripts/blob/main/README.md

Github Location: https://github.com/PaloAltoNetworks/panos-query-scripts.git

Github Branches: main

Product Versions Supported:

  • DNS domain category query: PAN-OS 10.0 and later
  • URL category query: PAN-OS 9.0 and later
  • Inbound policy query: PAN-OS 9.0 and later

 

Full Description

The quickplay scripts and skillets use the NGFW API to gain insights about inbound policy configuration and cloud service category mappings.

 

Get the DNS Domain or URL Category

PAN-OS includes the capability to use CLI commands and the web UI to leverage the NGFW as a proxy into the cloud service layer to get category mappings for URLs and DNS domains. The CLI commands include:

 

test dns-proxy dns-signature fqdn {domain-to-test}

test url {url-to-test}

 

The quickplay solution utilizes these commands through the API to read a list of domains or URLs to determine their category and output the results to screen and as a csv file for additional data analysis.

 

Open Port Query

Provides a quick configuration analysis using the API to find security policies with destination of 'any' and a user input zone. The output shows the security policy name and associated services/ports and applications.

 

This provides quick insights regarding the NGFW attack surface where traffic is allowed from high risk zones such as the internet.