This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About bgre033
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About bgre033
09-08-2023
10Posts
1Like
1Solution
Sep 08, 2023Last Visited
User
Activity
User
Profile
Latest posts by bgre033
| Subject | Views | Posted |
|---|---|---|
| 240 | 08-20-2023 08:08 PM | |
| 333 | 08-16-2023 02:56 AM | |
| 386 | 06-25-2023 12:32 AM | |
| 505 | 06-13-2023 12:42 AM | |
| 649 | 06-06-2023 03:39 PM | |
| 1076 | 04-03-2023 07:49 PM | |
| 1154 | 04-03-2023 06:08 PM | |
| 1180 | 04-03-2023 02:30 PM | |
| 1415 | 04-02-2023 03:35 AM | |
| 1673 | 03-31-2023 10:04 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-31-2023 10:04 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 3 Likes |
My LIVEcommunity Articles Contributions
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 0 |
User Badges
Community Statistics
| Member Since | 03-21-2023 03:56 AM |
| Date Last Visited | 09-08-2023 07:06 PM |
| Posts | 10 |
| Total Likes Received | 1 |
08-20-2023
08:08 PM
Thanks @SimonT, it needs the line you specified as well as the 'vartype="member". Working as expected now. params.append(
VersionedParamPath(
"ssl_certificate",
vartype="member",
path="type/{decryption_type}/certificates/",
#path="type/{decryption_type}",
condition={"decryption_type": "ssl-inbound-inspection",},
)
)
... View more
08-16-2023
02:56 AM
Hi @SimonT, thanks for this. Which line exactly did you edit in policies.py?
... View more
06-25-2023
12:32 AM
I have added my playbook to Github.
https://github.com/bgre033/paloalto-panos-certificate-renew-with-ansible
... View more
06-13-2023
12:42 AM
Thanks for your reply, Steve.
I got this working using the panos_type_cmd module with the code below.
- name: Update SSL TLS profile cert
panos_type_cmd:
provider: '{{ palo_provider }}'
xpath: |
/config/shared/ssl-tls-service-profile/entry[@name='PROFILE-NAME']
element: |
<certificate>{{ cert_name }}</certificate>
... View more
06-06-2023
03:39 PM
Hi,
I'm looking for an automatic way to update the certificate in a SSL/TLS Service Profile (which forms a part of the certificate replacement process). From what I can find, steps 1 and 2 can be automated with Ansible (or XML API), but I cannot find a way to do this for step 3.
Import certificate (Ansible or XML API)
Update Decryption Profile (Ansible)
Update SSL/TLS Service Profile (?)
I had a look at Ansible, XML API and REST API, but I cannot find the relevant module/call. If possible, I would like to avoid SSH and keep it all HTTPS based.
Thanks for any help.
... View more
04-03-2023
07:49 PM
I'll post an update here as it's the first search result, but it looks like this feature is available from PAN-OS 11.0.
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-release-notes/features-introduced-in-pan-os/networking-features#idf9feab55-ad90-46a0-ad3e-9297409b1c28
... View more
04-03-2023
02:30 PM
@seb_rupik @Raido_Rattameister Thanks for your responses, I appreciate it.
While I do use L3 sub-interfaces for normal traffic, I did need L2 for PPPoE tagging as it's not natively supported. This was in the end configured as per https://www.bitstrom.nl/post/paloalto-pppoe/, but while working through this I needed some clarifications.
... View more
04-02-2023
03:35 AM
Thanks, Seb.
This would suggest that an access port cannot exist (for example) in VLAN 20 unless a sub-interface has been created with tag '20' and both of these objects have been associated with a VLAN object (Network > VLAN)? Suppose this doesn't really matter, as an access port VLAN ID isn't relevant unless a trunk port exists somewhere on the said device (which it won't unless sub-interfaces have been created).
Finally, I take it a VLAN sub-interface (Network > Interfaces > VLAN) isn't needed unless inter-VLAN routing is required?
... View more
03-31-2023
10:04 PM
1 Kudo
Hi, I’ve recently got a PA-440, and trying to make sense of the VLAN logic on PAN-OS has got me stumped. First of all, I get creating a layer 3 sub interface and assigning a VLAN tag, easy. A bit odd that the 'tag' doesn't then show up as a VLAN under Network > VLANs, but I can let that slide.
It's an access port where things really don't make sense. I follow the steps below, and even though it works it just doesn't make sense.
Mark an interface as layer 2, and assign a layer 2 zone to it, ok.
Create a VLAN (Network > VLANs) - sure, but you don’t specify a VLAN ID, just a name. What is the point of this construct?
Assign created VLAN (from step 2) to the physical layer 2 interface - again, ok, but given the VLAN hasn’t got an ID, does this achieve anything?
Create a VLAN Interface (with an ID between 1-9999) and assign a VLAN to it. I assume this is like an SVI, but I don’t need a layer 3 VLAN interface, why is this necessary? Also, it seems like the ID is meant to be the VLAN tag (but the range is not right, 1-9999 rather than 1-4094)?
I'm hoping someone can explain this to be, as the documentation isn't clear.
What is the point of VLANs under Network > VLANs? Given you don't specify a VLAN ID.
Is the ID under the VLAN interface actually a VLAN tag, rather than an interface ID? If so, why is the range 1-9999 (rather than 1-4094)?
Thanks for any help.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-08-2023
07:06 PM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks