/palo-alto-fw-code-example

Python code examples for Palo Alto firewall scripts.

Primary LanguagePython

Brian Trost, trostb@gmail.com

python panfw-base-script.py

This script is a template that can be used for Palo Alto API scripting using Python.

python show-arp.py -f x.x.x.x -i ae3.125

Displays arp output of a single firewall or interface.  Script can be modified to do other op commands from the firewall.

This script must be able to access the management firewall interface of the firewall.
----------
show-arp.py - show arp with cleaned up output

Total arp entries: 2

10.x.x.124 - xx:xx:xx:45:72:c7 - ae9.45 - 824
10.x.x.126 - xx:xx:xx:67:22:57 - ae9.45 - 579

python connect-to-fw-through-pano.py -f x.x.x.x

Connects to a target, checks if it is Panorama.  Then it queries all connected firewalls and displays all VSYS entries.
----------
connect-to-fw-through-pano.py - show devices and check zone settings

Querying device x.x.x.x

Firewall1 - 007xxxxxxxxx - 192.168.1.1 - PA-5060

 Finding VSYS
 - Found VSYS entry vsys1 - DEPT1
 - Found VSYS entry vsys2 - DEPT2

 Firewall2 - 007xxxxxxxxx - 192.168.1.2 - PA-7080

retkey.py

This file can be 'import'ed and retrieves a API key from the user's home directory in .panconfkeystore. Can be useful so one doesn't have to store API keys in a program. The source file can be changed and is expecting text in the '< ip > : < apikey >' format with one per line. This file is the PAN-C API key storage location.

 try:
     import retkey
 except:
     pass

 try:
     retkey.read_key_file("x.x.x.x")
 except:
     apikey = args.apikey    # If you're passing by args