Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- ›
- About gfreeman
About gfreeman
Announcements
Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
03-19-2021
141Posts
43Likes
34Solutions
Mar 19, 2021Last Visited
User
Activity
User
Profile
Latest posts by gfreeman
| Subject | Views | Posted |
|---|---|---|
| 184 | 03-18-2021 10:43 AM | |
| 119 | 03-17-2021 09:37 AM | |
| 171 | 02-16-2021 09:55 AM | |
| 168 | 01-13-2021 09:16 AM | |
| 453 | 01-13-2021 09:12 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 05-01-2020 09:06 AM | |
| 1 | 05-01-2020 08:56 AM | |
| 1 | 05-22-2020 08:22 PM | |
| 1 | 05-01-2020 08:49 AM | |
| 1 | 02-19-2020 09:58 AM |
User Badges
Public Statistics
| Date Registered | 08-29-2016 10:26 AM |
| Date Last Visited | 03-19-2021 04:50 PM |
| Total Messages Posted | 143 |
| Total Likes Received | 43 |
03-18-2021
10:43 AM
Adding the address object as a child of the Panorama object itself is how you add things to "shared".
from panos.panorama import Panorama
from panos.objects import AddressObject
pano = Panorama(host, user, passwd)
obj = AddressObject("dmz network", "10.50.75.0/24")
pano.add(obj)
obj.create()
... View more
- Tags:
- ou'r
03-17-2021
09:37 AM
Seems like you specified a provider of "hashicorp/panos" instead of "paloaltonetworks/panos"...? Basing this on the error message you got back:
Did you intend to use paloaltonetworks/panos?
... View more
02-16-2021
09:55 AM
The Terraform provider supports both OSPF and BGP (current version is 1.8). GlobalProtect is not yet supported, so you'd need to bootstrap this config in.
... View more
01-13-2021
09:16 AM
Seems this is an existing feature request for the provider. Best thing to do is to thumbs up it so it's clear that more than one person wants this:
https://github.com/PaloAltoNetworks/terraform-provider-panos/issues/252
... View more
01-13-2021
09:12 AM
pan-os-python uses an object hierarchy. You have part of this correct, but part of it is wrong, and that's why you're not getting the results you expect. You want your object hierarchy to look like Panorama > DeviceGroup > AddressObject, but your first chunk is actually setting up the hierarchy as a Panorama object with two children, a DeviceGroup and an AddressObject. Invoking the create() function on the AddressObject with your hierarchy like this should put the address object in the shared scope instead of the device group. So your code should look something like this instead:
from panos.panorama import Panorama, DeviceGroup
from panos.objects import AddressObject
pano = Panorama(HOSTNAME, USERNAME, PASSWORD)
dg = DeviceGroup("DG-VWire")
pano.add(dg)
dg.create()
obj = AddressObject("Server3", "1.2.3.4")
dg.add(obj)
obj.create()
For your security rules one, I'm guessing you're wanting to get the rules that are in a specific device group..? I don't see a device group reflected in your code. So you'd want something like this:
from panos.panorama import Panorama, DeviceGroup
from panos.policies import SecurityRule, PostRulebase
pano = Panorama(HOSTNAME, USERNAME, PASSWORD)
dg = DeviceGroup("my group")
pano.add(dg)
rulebase = PostRulebase()
dg.add(rulebase)
rules = SecurityRule.refreshall(rulebase)
print("Current security rules ({0} found):".format(len(rules)))
Hope that helps!
... View more
05-22-2020
09:43 PM
You're close.
After you create the panorama object and add the device group to the panorama, you want to do refreshall(), giving the device group as the base. So like this:
from pandevice.panorama import Panorama, DeviceGroup
from pandevice.objects import AddressObject
pano = Panorama(....)
dg = DeviceGroup(devicegroup)
pano.add(dg)
# Now get all the address objects present.
listing = AddressObject.refreshall(dg)
for obj in listing:
print("* {0}".format(obj.about()))
... View more
05-22-2020
09:30 PM
I suspect your connection is not set to "local" at the top of your playbook...? Because panos_op doesn't connect using ssh.
... View more
05-22-2020
08:22 PM
1 Kudo
pandevice actually has an example script that deals with security rules:
https://github.com/PaloAltoNetworks/pandevice/blob/develop/examples/ensure_security_rule.py
... View more
05-05-2020
09:43 AM
Update the pandevice python library. PAN-OS 9.1 has changed the locations for the primary and secondary panorama server IP addresses, and the more recent version of pandevice has the new xpath locations.
... View more
05-04-2020
07:03 PM
The Ansible role (here) has entered maintenance mode as Ansible is pushing non-core modules into the new collections framework. As such, the Palo Alto Networks Ansible collection does not have this same behavior.
... View more
05-04-2020
06:59 PM
I think what you are looking for is this article, the GUI part, then look at the API calls PAN-OS is doing and you can do the same to get the same information.
... View more
05-04-2020
06:54 PM
Looking around, I found this article which seems to suggest the command was just changed a bit. Looks like on firewalls (I just checked 8.1), it's "save device-state", but the article has more details if you're pulling it from Panorama.
... View more
05-04-2020
04:03 PM
First and foremost, you seem to have posted your API key on the internet, which is basically posting your password. Please change the password associated with that account as it is no longer secure.
As for the error, you are not specifying a specific vsys in the xpath, so that might be the error..? It could also be that if the address group "apadr" is currently a dynamic address group, since you're using a set I know PAN-OS will error out, just don't remember off the top of my head if it's this specific error or something else.
In general, it is highly recommended that you use one of the API libraries Palo Alto Networks has made available for free to make it easier to work with the API, such as pan-python (python), pandevice (python), or pango (golang).
... View more
05-04-2020
03:55 PM
If you are suspicious of the pandevice currently hosted on pypi, you can always just download pandevice straight from github. When a tag is referred at and a release is created, that snapshot creates a tarball that you can see in the Releases tab in github. Both the current and any previous release.
Alternatively you can pip download the package, clone the repo, then diff both directories.
I think I remember something about github and checksums at the last github universe late last year, tho, so it's possible they're going to be doing something about this as well..?
... View more
05-01-2020
09:22 AM
If something already exists but it does not yet exist in the local state, then you want to import that resource, assuming the resource can be imported.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-19-2021
04:50 PM
|
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
