About JimmyHolland

Hi @Prabhath, correct, there is no dedicated module today. Both panos_type_cmd and panos_config_element could be used. Here is an example of the latter, it does quite a few OSPF parameters rather than just the interface metric, but should give you an example to work from.   Hope that helps ... View more

Hi @MichaelPrensky, I'd say you are in the right place 🙂 There are various options, but if you can define the steps and config items with placeholder variables for the values that change per firewall, you should then be able to to deploy something consistent to each firewall. You own choice of programming language could do that, Ansible could do that, Terraform -could- do it but is not the best choice given how it likes to manage via state. Ansible is becoming very popular with PAN-OS users, you can do OS upgrades, perform configuration, install certs, etc, and use the variables feature within Ansible to give each firewall the unique values but with a consistent state. The choice between Ansible, bash scripts, Python, PHP, etc is likely something that primarily depends upon what you and/or your team have skills in, and want to operationalise. And keep an eye on the market too in case you need to hire someone; Python skills are more abundant in NetOps than, say, Java! And also the choice can be down to the features of each approach; Ansible may potentially have a lower barrier to entry on learning versus learning Python from scratch, but will likely execute slower than Python, there are trade-offs. Hope that helps, hopefully some other users will chip in with their experiences... ... View more

You could use "load config partial" via the API?   First upload the XML snippet file (DOS.xml): https://{{host}}/api?key={{key}}&type=import&category=configuration , passing in the XML file as form-data Second, load the XML as "partial config":  https:// {{host}} /api?key= {{key}} &type=op&cmd=<load><config><partial><mode>append</mode><from-xpath>entry</from-xpath><to-xpath>/config/devices/entry[@name="localhost.localdomain"]/network/profiles/zone-protection-profile</to-xpath><from>DOS.xml</from></partial></config></load>   Hope that helps ... View more

There are a few options. You can talk to your Palo representatives about progressing feature request ID 3159  to have something in the GUI. Expedition is also an option. For automated solutions, you could use the API or one of the SDKs, in fact pan-os-php has some dedicated advice on this topic: https://github.com/PaloAltoNetworks/pan-os-php/wiki/unused-objects, but you could use Python or Go which also have SDKs. It just depends on your preferred approach. Hope that helps ... View more