This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About michalstaporek
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About michalstaporek
06-18-2021
4Posts
2Likes
1Solution
Jun 18, 2021Last Visited
User
Activity
User
Profile
Latest posts by michalstaporek
| Subject | Views | Posted |
|---|---|---|
| 2374 | 02-10-2020 02:34 AM | |
| 2538 | 01-24-2020 06:56 AM | |
| 4856 | 08-15-2019 07:05 AM | |
| 5000 | 08-07-2019 03:32 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 08-15-2019 07:05 AM | |
| 1 Like | 02-10-2020 02:34 AM |
User Badges
Community Statistics
| Member Since | 08-07-2019 02:05 AM |
| Date Last Visited | 06-18-2021 10:50 AM |
| Posts | 4 |
| Total Likes Received | 2 |
02-10-2020
02:34 AM
1 Kudo
After doing some testing it looks like Panorama only keeps last 10 jobs so if you need to submit more the only way is to do it in batches.
... View more
01-24-2020
06:56 AM
Hello, I am trying to use API calls to retrieve url logs from Panorama following guide: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/pan-os-xml-api-request-types/retrieve-logs-api/example-use-the-api-to-retrieve-traffic-logs.html I have about 300 urls that I would like to check and not sure if I can submit 300 jobs and then retrieve the results? Are there any limits on number of active jobs? Best Regards, Mike
... View more
- Tags:
- api
08-15-2019
07:05 AM
1 Kudo
Thank you very much, that helped a lot! If anyone is interested, this is what did the trick for us ---
- name: Disable existing security rules on the firewall
hosts: localhost
connection: local
gather_facts: False
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: Grab the credentials from ansible-vault
include_vars: 'firewall-secrets.yml'
no_log: 'yes'
- name: Set up an empty list variables
set_fact:
vsys1_rules: []
- name: Build a list of vsys1 unused rules from a file
set_fact:
vsys1_rules: '{{ vsys1_rules + [ item ] }}'
with_lines: cat ./vars/lab_fw_rules
- name: Get all rules in vsys1 and their config
panos_security_rule_facts:
provider: '{{ provider }}'
all_details: 'yes'
register: all_rules
- name: Disable unused rules in vsys1
panos_security_rule:
provider: '{{ provider }}'
rule_name: '{{ item.rule_name }}'
action: '{{ item.action }}'
antivirus: '{{ item.antivirus | default(omit, true) }}'
application: '{{ item.application }}'
category: '{{ item.category }}'
data_filtering: '{{ item.data_filtering | default(omit, true) }}'
description: '{{ item.description | default(omit, true) }}'
destination_ip: '{{ item.destination_ip }}'
destination_zone: '{{ item.destination_zone }}'
disable_server_response_inspection: '{{ item.disable_server_response_inspection }}'
disabled: 'yes'
file_blocking: '{{ item.file_blocking | default(omit, true) }}'
group_profile: '{{ item.group_profile | default(omit, true) }}'
hip_profiles: '{{ item.hip_profiles | default(omit, true) }}'
icmp_unreachable: '{{ item.icmp_unreachable | default(omit, true) }}'
log_end: '{{ item.log_end }}'
log_setting: '{{ item.log_setting | default(omit, true) }}'
log_start: '{{ item.log_start }}'
negate_destination: '{{ item.negate_destination }}'
negate_source: '{{ item.negate_source }}'
rule_type: '{{ item.rule_type }}'
schedule: '{{ item.schedule | default(omit, true) }}'
service: '{{ item.service }}'
source_ip: '{{ item.source_ip }}'
source_user: '{{ item.source_user }}'
source_zone: '{{ item.source_zone }}'
spyware: '{{ item.spyware | default(omit, true) }}'
tag_name: '{{ item.tag_name | default(omit, true) }}'
url_filtering: '{{ item.url_filtering | default(omit, true) }}'
vsys: 'vsys1'
vulnerability: '{{ item.vulnerability | default(omit, true) }}'
wildfire_analysis: '{{ item.wildfire_analysis | default(omit, true) }}'
commit: false
loop: '{{ all_rules.policy }}'
loop_control:
label: '{{ item.rule_name }}'
when:
- item.rule_name in vsys1_rules
... View more
08-07-2019
03:32 AM
Hello All, I have recently started experimenting with Ansible and managed to add/remove some rules. It's been a steep learning curve so far, I must admit. What I am trying to do now is to get Ansible to disable unused firewall rules. As part of the firewall clean-up we have a high number of rules that we ave identified as not being used. The plan is to disable them and if there are no complains from users after a period of time delete them completely. The argument for disabling them first is that if we disable something that is actully needed we can then quickly re-enable the rule. I have manually exported a list of unused rules to a file and wanted to loop through the file and disable all listed policies. The file I am using only contains the name of the rule, one policy per line. The playbook is constructed as follows: ---
- name: Disable existing security rules on the firewall
hosts: localhost
connection: local
gather_facts: False
roles:
- role: PaloAltoNetworks.paloaltonetworks
tasks:
- name: Grab the credentials from ansible-vault
include_vars: 'firewall-secrets.yml'
no_log: 'yes'
- name: Disable rules
panos_security_rule:
provider: '{{ provider }}'
rule_name: '{{ item }}'
disabled: 'yes'
commit: 'False'
with_lines: cat ./vars/lab_fw_rules I was hoping that this will only disbale the listed rules but in fact it is disabling the rules and also updating them with default settings for each property, i.e. 'any' source address, 'any' destination address, 'any' application, etc. Thinking about it now I believe that this is correct behaviour because I am instructing Ansible to update the rule and as I am not specifying any other properties than 'disabled' it just takes the defaults. Can anyone possibly suggest a solution?
... View more
- Tags:
- ansible
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks