This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About Veentjer
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Veentjer
02-02-2023
2Posts
0Likes
0Solutions
Feb 02, 2023Last Visited
User
Activity
User
Profile
Latest posts by Veentjer
| Subject | Views | Posted |
|---|---|---|
| 569 | 11-29-2022 10:53 PM | |
| 707 | 11-29-2022 01:54 AM |
User Badges
Community Statistics
| Member Since | 09-11-2019 04:24 AM |
| Date Last Visited | 02-02-2023 05:14 AM |
| Posts | 2 |
11-30-2022
08:04 PM
1 Kudo
I'll work on actually putting this into one script that is sanitized and doesn't have any abnormal dependencies specific to any set environment or anything like that. Likely won't have time to get to this until this weekend.
Essentially the only thing that the actual script needs to do is take the configuration from the "primary" firewall and replace everything between <deviceconfig> and </deviceconfig> and replace it with the copy meant for the "backup" firewall.
The way that I've chosen to do this is using the configuration file as a jinja template and merging the stored "backup" deviceconfig file to create a full and working configuration file. Then you simply upload the updated configuration file to the "backup" device and it has the updated configuration from the "primary" firewall on a daily basis.
Configuration File Example:
<deviceconfig>
{% include [deviceconfig] %}
</deviceconfig>
Render Example
from jinja2 import Environment, FileSystemLoader
output_file = ('/tmp/new-config.xml') #Rendered file output#
log_collector.debug("Setting output_file variable: " + str(output_file))
file_loader = FileSystemLoader('/Palo-Alto/Configurations/PA-5220/Jinja2/') #Where are the files#
log_collector.debug("Setting FileSystemLoader: " + str(file_loader))
# Load Environment #
env = Environment(loader=file_loader)
log_collector.debug("Utilizing template Config-Files/Palo-Alto/Configurations/PA-5220/Jinja2/deployed-config.xml")
template = env.get_template('deployed-config.xml') #Gathers Template File#
# Render #
log_collector.debug("Rending template: deviceconfig variable: 'backup-firewall/deviceconfig.xml'")
output = template.render(deviceconfig='backup-firewall/deviceconfig.xml') #Renders the template#
save_file_f = open(output_file, 'w')
save_file_f.write(output)
save_file_f.close()
The thing to keep in mind here is that you won't want to have anything plugged into the "backup" firewall dataplane unless you have those associated interfaces shutdown. Replacing the deviceconfig will allow you to maintain management access to the "backup" firewall while keeping the relevant configuration updated. You'd also want to ensure the master key is the same between both units, but since you'd be breaking HA that'll already be the case.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-02-2023
05:14 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks