09-14-2022 11:52 PM - edited 09-14-2022 11:53 PM
Hi all
Do you use Terraform for managing Panorama configuration and particularly routine security policies creation and changes? Is there any issues and do you have any feedback?
I know this can be done well with Ansible, but for number of reasons Ansible cannot be used in our case.
09-15-2022 09:12 AM
@batd2 Yes, there is a common pattern in the industry, particularly around cloud infrastructure, that revolves around Terraform for build/deploy, and Ansible for configuration. The truth is that you could use either for both tasks, you have to decide as a team/organisation which tools make sense for you. You could go all-in on one tool for everything, or separate tools for separate jobs. Your organisation may invest in the paid version of one of those tools which means you have a vendor-supported product rather then OSS, which may affect the decision. There's lots of factors. As they both have OSS versions, you can try out both and pick the one(s) you like for the specific task(s) you wish to undertake 🙂
09-15-2022 01:03 AM
Hi @batd2, there are a number of organisations using Terraform to configure their PAN-OS appliances. If you are familiar with Terraform already, the reference documentation is very useful and can be found here in Terraform Registry, otherwise "get started" with Terraform concepts in general first, then move onto PAN-OS configuration. Configuration work for objects and security policies is a common use case. I will let others contribute with their experiences here as they wish...
09-15-2022 04:09 AM
@JimmyHolland Thank you for the information. The reason I am asking is because it is kind of suggested that Terraform is used for the initial build and initial configuration, rather than configuration management.
09-15-2022 09:12 AM
@batd2 Yes, there is a common pattern in the industry, particularly around cloud infrastructure, that revolves around Terraform for build/deploy, and Ansible for configuration. The truth is that you could use either for both tasks, you have to decide as a team/organisation which tools make sense for you. You could go all-in on one tool for everything, or separate tools for separate jobs. Your organisation may invest in the paid version of one of those tools which means you have a vendor-supported product rather then OSS, which may affect the decision. There's lots of factors. As they both have OSS versions, you can try out both and pick the one(s) you like for the specific task(s) you wish to undertake 🙂
11-20-2022 04:54 PM
Hi i recently created a small tool to import security policies from panorama xml to terraform code you might want to look it up https://live.paloaltonetworks.com/t5/automation-api-discussions/import-existing-security-policies-fr...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
