Saucepan

User Tools

Site Tools

Trace: firewall_config_sync
paloaltonetworks:api:scripts:firewall_config_sync

Firewall Configuration Sync Script

Windows Batch File

Useful for keeping two load balanced VM's in sync in Azure. 

:: This is a Windows Batch script that can be used to quickly sync the configuration of one Palo Alto Networks firewall with another.
:: This is meant to be used between two virtual firewalls in Azure or AWS that are not a high availability pair but are part of a load balanced 'pair'.
:: This works when the virtual machines do not have any statically assigned IP addresses within the VM.

::For this script to work, you will need an API key to each firewall. Generate the API key with the following commands.
::  https://FIREWALL_1_IP/api/?type=keygen&user=XML_USERNAME_HERE&password=XML_PASSWORD_HERE
::  https://FIREWALL_2_IP/api/?type=keygen&user=XML_USERNAME_HERE&password=XML_PASSWORD_HERE



@echo off

SET FW1_KEY=APIKEY_HERE
SET FW2_KEY=APIKEY_HERE
SET FW_KEY=%FW1_KEY%

SET FIREWALL_1_IP=10.1.1.1
SET FIREWALL_2_IP=10.1.1.1
SET FW_2_HOSTNAME=palo2
SET FIREWALL_IP=%FIREWALL_1_IP%
SET FILENAME=FW_1.xml


:: Export FW 1
SET TYPE=export
SET URL=https://%FIREWALL_IP%/api/?type=%TYPE%^&key^=%FW_KEY%^&category=^configuration
SET CURL_COMMAND=curl --insecure -o %FILENAME% -s -g -X GET "%URL%"
ECHO Starting configuration export from %FIREWALL_IP% ...
%CURL_COMMAND%
ECHO Finished configuration export from %FIREWALL_IP%


:: Upload to FW 2  
SET TYPE=import
SET FIREWALL_IP=%FIREWALL_2_IP%
SET FW_KEY=%FW2_KEY%
SET URL=https://%FIREWALL_IP%/api/?type=%TYPE%^&key^=%FW_KEY%^&category^=configuration
SET CURL_COMMAND=curl --insecure -s -o nul --form file=@%FILENAME% "%URL%"
ECHO Starting configuration import to %FIREWALL_IP% ...
%CURL_COMMAND%
ECHO Finished configuration import to %FIREWALL_IP%

::
ECHO Deleting the downloading configuration ...
ECHO DEL %FILENAME%


::Load on FW2
SET TYPE=op
SET CMD=%%3Cload%%3E%%3Cconfig%%3E%%3Cfrom%%3E%FILENAME%%%3C/from%%3E%%3C/config%%3E%%3C/load%%3E
SET URL=https://%FIREWALL_IP%/api/?type^=%TYPE%^&key^=%FW_KEY%^&cmd^=%CMD%
SET CURL_COMMAND=curl --insecure -s -o nul -g -X GET "%URL%"
ECHO Starting configuration load on %FIREWALL_IP% ...
%CURL_COMMAND%
ECHO Finished configuration load on %FIREWALL_IP%



::Correct Hostname
SET TYPE=config
SET CMD1=/config/devices/entry%%5B%%40name=%%27localhost.localdomain%%27%%5D/deviceconfig/system
SET CMD2=element^=%%3Chostname%%3E%FW_2_HOSTNAME%%%3C/hostname%%3E
SET URL=https://%FIREWALL_IP%/api/?type^=%TYPE%^&key^=%FW_KEY%^&action^=set^&xpath=%CMD1%^&%CMD2%
SET CURL_COMMAND=curl --insecure -s -o nul -g -X GET "%URL%"
ECHO Starting hostname correction on %FIREWALL_IP% ...
%CURL_COMMAND%
ECHO Finished hostname correction on %FIREWALL_IP% ...


:: Commit
SET TYPE=commit
SET CMD=%%3Ccommit%%3E%%3C/commit%%3E
SET URL=https://%FIREWALL_IP%/api/?type^=%TYPE%^&key^=%FW_KEY%^&cmd=%CMD%
SET CURL_COMMAND=curl --insecure -s -o nul -g -X GET "%URL%"
ECHO Starting commit on %FIREWALL_IP% ...
%CURL_COMMAND%
ECHO Commit scheduled on %FIREWALL_IP% ...
paloaltonetworks/api/scripts/firewall_config_sync.txt · Last modified: by 127.0.0.1