General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
About General Articles
LIVEcommunity's General Articles area is home to how-to resources, technical documentation, and discussions with Accepted Solutions that turn into articles related to all Palo Alto Networks products.
This Nominated Discussion Article is based on the post "What do you people's think of this script?" by @hfakoor2    I wrote a Python script that returns the differences in policies across firwealls. Here's the github description:   Firewall policies contain object groups, hundreds of ip addresses and ACL's, services, address objects etc. This script compares a set of firewall policies with the same name, across many firewalls, and return differences in services, source/destination, address objects, ACL's etc, to a Python dictionary. We use a XML path api call to obtain the configuration files, so no need for token authentication. The script also returns object groups that exist in one firewall and not the other. So if your firewalls have similar named policies with dozens of rules, this script can save time in validating the policies by hand.   There's  video of the code running against 10.0.4 vm_eval editions.  https://github.com/hfakoor222/Palo_Alto_Scripting/tree/master   the code is under folder compare_Object_ACL's   Please let me know what you think, and where I can improve on.   Also like or follow my github page for more scripts Thanks!   That is a very nice script!   If someone were going to use your script in production, then I would store the username and password (or API keys) in local environment variables and not the script.  That is not required, but definitely a best practice especially if they use Git or another development platform where the code is shared.  Your scripts have the default usernames and passwords.  So, no sensitive information is exposed in your example.   Great job!  
View full article
This configuration is in-line with best practices and day-one settings for proper security, and combines Palo Alto Networks best practices with a Zero Trust start. 
View full article
  • 182 Posts
  • 257 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors