irom's Blog

Archive for the ‘Automation’ Category

Palo Alto firewall operating system PANOS includes a REST API which allows to run commands and capable of providing device-level information. Palo Alto provides also free ‘Palo Alto Networks Device Framework’ (called pandevice, currently in alpha version) to interact with firewalls (as well as management server Panorama) in a way conceptually similar to interaction with the device via the GUI or CLI. In this article I am showing how to schedule commands on PaloAlto firewalls using pandevice and Jenkins which is continuous integration and delivery (CI/CD) application capable of scheduling jobs (see my post ‘Jenkins as system job scheduler’ )

First obvious automation of firewall operations is scheduling policy installation. The best practice is to make changes after working hours. In Jenkins I have two jobs scheduled:

  1. Firewall commit – to commit changes on active firewall (pandevice.fw.commit_all.py)
  2. Panorama commit – to commit changes on management server (pandevice.pano.commit_all.py)

Both jobs can be pictured in Jenkins using graphviz, see below. Panorama commit job is triggered by Firewall commit job (second job runs after first job is completed). Panorama commit is not always enough, because, for example, firewall can be connected to Active Directory servers and  ‘Group Mapping Settings’ updates have to be done there.

paloalto-jenkins-graph

Read the rest of this entry »

I’ve not posted anything in last 3 years. I can see few drafts from June of 2015 which I never published. In Dec I posted my article about developing software for firewall or  rather Linux based network device monitoring at Indeni. I will be posting at packetpushers.net soon, added ‘Automation’ to the posts categories here.

Full Stack

I’ve done a lot of programming in 2015, mainly Python and JS and Node.js. I’m in the middle of my moderndeveloper.com full stack journey. I hope to improve my blog visually with what I’ve learned in the area of JS Front-End Development.


Twitter Updates

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

Blogs I Follow