https://github.com/scotchoaf/panos_tools

basic skillets for panos ideas and testing
https://github.com/scotchoaf/panos_tools

skillets

Last synced: about 1 month ago
JSON representation

basic skillets for panos ideas and testing

• Host: GitHub
• URL: https://github.com/scotchoaf/panos_tools
• Owner: scotchoaf
• License: mit
• Created: 2019-06-27T17:33:56.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2022-12-08T06:19:08.000Z (over 2 years ago)
• Last Synced: 2025-04-07T14:22:48.727Z (2 months ago)
• Topics: skillets
• Language: Python
• Size: 104 KB
• Stars: 3
• Watchers: 1
• Forks: 4
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Panos Tools

set of sample skillets for various NGFW config and operations actions

that could be used as part of other use case configurations.

## move rule

Uses the rest API model to move a rule to top, bottom, before or after.

Jinja logic in the skillet so that a second rule name is used for the

before and after options.

## load baseline config

This is a simple reset configuration that uses the firewall API to

import and load the xml configuration as a candidate config.

## content update

This uses the API to update the firewall to the latest content and threat

versions. Useful for new firewall installs or skillets that may require

the latest content update.

## brute force exceptions

Set commands to add a set of brute force exceptions to a

named vulnerability security profile.

`NOTE:` the IDs used in this configuration are based on a list from a

support knowledge article. Since IDs can be dynamically added and removed

from the firewall, a commit warning may occur if the IDs are not found

in the local signature database.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClmpCAC

The set commands are applied using the CLI followed by a commit.

## connect the firewall to panorama set, xml+rest

This is a simple configuration to both add a Panorama IP address to the firewall

and enable the firewall to install panorama pushed template and device-group

configuration elements.

Setting the IP address is a configuration command while enabling the template

and device-group are operational commands.

The set commands are applied using the CLI for both config and ops.

The xml option is only used for configuration while the REST skillet is

provided for the needed operational enable commands.