Such scripts would be run from a trusted PC used to remotely manage the PA device. A read-write administrator account would be created for their use. It's not a good idea to venture into such things unless you are very comfortable with shell scripting and Perl, and the management PC is very, very secure. I would recommend that if you dabble with automating things, begin with read-only access to pull stats and such before graduating to more complicated and dangerous activities. The Palo Alto PAN-perl-20110828.tar.gz package has examples for use of Perl and Expect. I posted a simple Perl Net::OpenSSH script in this forum. There's also the XML API, see docs DOC-1031.pdf and DOC-1714.pdf to get started. Most automation approaches require a Linux managment PC, although I imagine that a person would be able to use Windows and something like AutoIT or other batch tool. Good luck.
... View more