Saucepan

User Tools

Site Tools

Trace: multi_vsys misc pan_configurator multicast fips sfp threat-logs azure aws_transit_gateway
paloaltonetworks:tools:pan_configurator

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:tools:pan_configurator [2020/05/19 09:43] bstaffordpaloaltonetworks:tools:pan_configurator [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== PAN Configurator ====== ====== PAN Configurator ======
-In these examples, '''10.1.1.1''' is a Panorama appliance.+===== Overview ===== 
 +[[https://github.com/cpainchaud/pan-configurator|PAN-Configurator]] is a PHP library for running actions on PAN-OS. 
 + 
 +There is a [[https://github.com/cpainchaud/pan-configurator-windows-package|Windows package]] for making it easy to run commands on Windows. 
 + 
 +Assuming you have plaged everything in "C:\Program Files\PAN Configurator" (Make sure your user has read/write access to this folder and sub-folders) 
 + 
 +Update the PATH variable with the following three entries 
 +  * C:\Program Files\PAN Configurator\php; 
 +  * C:\Program Files\PAN Configurator\Console2; 
 +  * C:\Program Files\PAN Configurator\git\bin 
 + 
 +Create the following variables and values 
 +  * PS1=\w> 
 +  * PANCDIR=C:\Program Files\PAN Configurator\pan-configurator 
 +  * HOME=C:\Program Files\PAN Configurator 
 + 
 +===== Examples ===== 
 +In these examples, ''10.1.1.1'' is a Panorama appliance.
  
 Set all security policies to have 'default' as the log forwarding profile. Set all security policies to have 'default' as the log forwarding profile.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default 'filter=!( logprof is.set )'</code>
 Set all security policies to have 'default' as the security profile group. Set all security policies to have 'default' as the security profile group.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:default</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:default</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-set:default 'filter=!( secprof is.set )'</code>
 Set security policies to have 'SPG_Outbound' as the security profile group. Only set it on policies that have the tag 'outbound'. Set security policies to have 'SPG_Outbound' as the security profile group. Only set it on policies that have the tag 'outbound'.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:SPG_Outbound 'filter=(tag has outbound)'</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:SPG_Outbound 'filter=(tag has outbound)'</code>
Line 27: Line 47:
   * nat   * nat
   * decryption   * decryption
 +  * pbf
 +
 +===== Replace one app with another =====
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=app-Add:app-grp-icmp 'filter=( app has icmp )'</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=app-Remove:icmp 'filter=( app has app-grp-icmp )'</code>
 +
paloaltonetworks/tools/pan_configurator.1589881438.txt.gz · Last modified: (external edit)