This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About hbalzac
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About hbalzac
03-12-2021
52Posts
0Likes
1Solution
Mar 12, 2021Last Visited
User
Activity
User
Profile
Latest posts by hbalzac
| Subject | Views | Posted |
|---|---|---|
| 2548 | 01-09-2021 07:03 AM | |
| 2585 | 01-08-2021 04:11 AM | |
| 1584 | 10-31-2020 09:51 AM | |
| 2565 | 10-29-2020 04:22 AM | |
| 2581 | 10-29-2020 03:01 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 3 Likes | |||
| 1 Like | |||
| 5 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 05-30-2018 10:12 PM |
| Date Last Visited | 03-12-2021 11:14 AM |
| Posts | 52 |
01-09-2021
07:03 AM
Im fairly sure its no way to convert the old configs to ansible playbooks. I dont really know how your policys look like and how many policys you are creating each day, but the thought of creating individuals policy in a playbook dont really sounds like something you would do in a the long run. Look at this example for a policy, https://github.com/PaloAltoNetworks/ansible-playbooks/blob/master/fw_rules.yml Imagine just sorting out the application/service/hostname/hostgroup/tag without being able to browse the one that are already defined? I guess panorama has its problem but i rebuilding one sounds messy. I dont know how your enviorment looks like, but i use ansible to create for example network interface, there you can also sync so it does config for switches, dns etc at the same time. I have also done playbooks that load a list of policy from a report in (exported from panorama of unused rules for x amount of time) and disable them, i also have a playbook for software upgrades. Here are some inspiration https://github.com/PaloAltoNetworks/ansible-playbooks
... View more
01-08-2021
04:11 AM
Do you plan to use ansible insted of panorama to create firewall rules? Any special reason? I think there are alot of other things that can be automated before that makes alot more sense then firewall policy, specialy since you have panorama (if i have understood it correct?)
... View more
10-31-2020
09:51 AM
So, say i have a multiple firewalls of many zones. If i want to create a rule between two servers in different firewall i need to create one rule in each firewall. For example trust to utrust and in the other firewall untrust to trust. (in some cases we allow it in one of the firewalls by default). If I need to type in this manualy in the automation job (no matter if its ansible or powershell or other) it feels like i almost can use the gui anyway. But if i can get this info via a script it would get alot easier. So if you had a enviorment consisting of many firewall and need to find out the routing between two servers. How would you build that logic?
... View more
10-29-2020
04:22 AM
The rbac functionality for api users are quite limited, so its not possible. I have heard that 10.0 will be better but not to what extent. Other vendors have had the possibility to just allow certain commands for users but palo lacks here imo. Not sure on how you enviorment is setup, there is always the issue with the client modify the script and run other commands that you dont want. Perhaps just having a simple webportal where they can click one button?
... View more
10-29-2020
03:01 AM
So do you want to limit so this api users to only be able to run just a few commands? In this case reseting the vpn?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-12-2021
11:14 AM
|
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks