Saucepan

User Tools

Site Tools

Trace: multi_vsys misc pan_configurator multicast fips sfp threat-logs azure aws_transit_gateway
paloaltonetworks:tools:pan_configurator

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
paloaltonetworks:tools:pan_configurator [2020/06/04 09:48] bstaffordpaloaltonetworks:tools:pan_configurator [2022/11/23 12:49] (current) – external edit 127.0.0.1
Line 4: Line 4:
  
 There is a [[https://github.com/cpainchaud/pan-configurator-windows-package|Windows package]] for making it easy to run commands on Windows. There is a [[https://github.com/cpainchaud/pan-configurator-windows-package|Windows package]] for making it easy to run commands on Windows.
 +
 +Assuming you have plaged everything in "C:\Program Files\PAN Configurator" (Make sure your user has read/write access to this folder and sub-folders)
 +
 +Update the PATH variable with the following three entries
 +  * C:\Program Files\PAN Configurator\php;
 +  * C:\Program Files\PAN Configurator\Console2;
 +  * C:\Program Files\PAN Configurator\git\bin
 +
 +Create the following variables and values
 +  * PS1=\w>
 +  * PANCDIR=C:\Program Files\PAN Configurator\pan-configurator
 +  * HOME=C:\Program Files\PAN Configurator
 +
 ===== Examples ===== ===== Examples =====
 In these examples, ''10.1.1.1'' is a Panorama appliance. In these examples, ''10.1.1.1'' is a Panorama appliance.
Line 9: Line 22:
 Set all security policies to have 'default' as the log forwarding profile. Set all security policies to have 'default' as the log forwarding profile.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=logSetting-set:default 'filter=!( logprof is.set )'</code>
 Set all security policies to have 'default' as the security profile group. Set all security policies to have 'default' as the security profile group.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:default</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:default</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-set:default 'filter=!( secprof is.set )'</code>
 Set security policies to have 'SPG_Outbound' as the security profile group. Only set it on policies that have the tag 'outbound'. Set security policies to have 'SPG_Outbound' as the security profile group. Only set it on policies that have the tag 'outbound'.
 <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:SPG_Outbound 'filter=(tag has outbound)'</code> <code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=securityProfile-Group-Set:SPG_Outbound 'filter=(tag has outbound)'</code>
Line 32: Line 47:
   * nat   * nat
   * decryption   * decryption
 +  * pbf
 +
 +===== Replace one app with another =====
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=app-Add:app-grp-icmp 'filter=( app has icmp )'</code>
 +<code>pa_rule-edit in=api://10.1.1.1 ruleType=security location=DeviceGroupName actions=app-Remove:icmp 'filter=( app has app-grp-icmp )'</code>
 +
paloaltonetworks/tools/pan_configurator.1591264102.txt.gz · Last modified: (external edit)