<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#666666">Thanks, Chris for your prompt response.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#666666"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#666666">I am putting complete procedure step by step so that every one can easily understand</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#666666"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;color:#666666"><div style="color:rgb(212,212,212);background-color:rgb(30,30,30);font-family:Menlo,Monaco,"Courier New",monospace;font-size:12px;line-height:18px;white-space:pre"><div>#Configure PaloAlto Firewall on rancid server</div><div>Rancid Version : 3.13-1 [apt -list | grep rancid]</div><div>OS Version : Ubuntu 22.04.2 LTS [lsb_release -a]</div><br><div><span style="color:rgb(103,150,230)">1.</span> Make changes in rancid main configuration /etc/rancid/rancid.conf </div><div> add firewalls(whatever name you would like to keep) LIST_OF_GROUPS="routers switches waps firewalls"; export LIST_OF_GROUPS</div><br><div><span style="color:rgb(103,150,230)">2.</span> To take effets the changes in configuration run below command but you have to be rancid user first</div><div> su - rancid</div><div> /usr/lib/rancid/bin/rancid-run</div><br><div><span style="color:rgb(103,150,230)">3.</span> Make change in configuration file and add device</div><div> vim /var/lib/rancid/firewalls/router.db</div><br><div> add following line</div><br><div> <a href="http://firewall1.your-domain.com">firewall1.your-domain.com</a>;paloalto;up;</div><br><div><span style="color:rgb(103,150,230)">4.</span> Make changes in </div><div> vim /var/lib/rancid/firewalls/routers.up</div><br><div> add below line</div><br><div> <a href="http://firewall1.your-domain.com">firewall1.your-domain.com</a>;paloalto</div><br><div><span style="color:rgb(103,150,230)">5.</span> Make changes in vim /etc/rancid/rancid.types.base</div><br><div> add lines below</div><br><div> paloalto;login;plogin</div><div> paloalto;module;panos</div><div> paloalto;inloop;panos::inloop</div><div> paloalto;command;panos::ShowInfo;show system info</div><div> paloalto;command;panos::ShowInventory;show chassis inventory</div><div> paloalto;command;panos::ShowConfig;show config merged</div><br><div><span style="color:rgb(103,150,230)">6.</span> Make changes in vim /etc/rancid/rancid.types.conf</div><br><div> <span style="color:rgb(86,156,214);font-weight:bold"># This is for PaloAlto Firewall</span></div><div> paloalto;script;panrancid</div><br><div><span style="color:rgb(103,150,230)">7.</span> Make changes in vim /etc/rancid/rancid.types.conf</div><br><div> add lines as below</div><br><div> <span style="color:rgb(86,156,214);font-weight:bold"># This is for PaloAlto Firewall</span></div><div> paloalto;script;panrancid</div><br><div><span style="color:rgb(103,150,230)">8.</span> Enable email configuration</div><br><div> vim /etc/aliases</div><br><div> add lines below </div><br><div> rancid-firewalls: <a href="mailto:infra-alerts@your-domain.com">infra-alerts@your-domain.com</a></div><div> rancid-firewalls-admin: <a href="mailto:infra-alerts@your-domain.com">infra-alerts@your-domain.com</a> </div><br><div> <span style="color:rgb(86,156,214);font-weight:bold"># Run below command to take into effect</span></div><div> newaliases</div><br><div><span style="color:rgb(86,156,214);font-weight:bold"># You Must have panos, panrancid & plogin files present under /var/lib/rancid/bin</span></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 6 Apr 2023 at 03:49, Chris <<a href="mailto:chris.weakland@gmail.com">chris.weakland@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg6212396426526816261"><div lang="EN-US" style="overflow-wrap: break-word;"><div class="m_6212396426526816261WordSection1"><p class="MsoNormal">Just wanted to add for the benefit of all, I like to edit my etc/rancid.types.conf and add a new “type”. Here is what the additional lines look like:</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">paloaltofw;script;rancid -t paloaltofw</p><p class="MsoNormal">paloaltofw;login;panlogin</p><p class="MsoNormal">paloaltofw;module;panos</p><p class="MsoNormal">paloaltofw;inloop;panos::inloop</p><p class="MsoNormal">paloaltofw;command;panos::ShowInfo;show system info</p><p class="MsoNormal">paloaltofw;command;panos::ShowInventory;show chassis inventory</p><p class="MsoNormal">paloaltofw;command;rancid::RunCommand;set cli config-output-format set</p><p class="MsoNormal">paloaltofw;command;rancid::RunCommand;configure</p><p class="MsoNormal">paloaltofw;command;panos::ShowConfig;show</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">This gives you a more human readable configuration.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">In your router.db you would need to add:</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><a href="http://Firewall1.yourdomain.com" target="_blank">Firewall1.yourdomain.com</a>;paloaltofw;up</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Chris<u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in"><p class="MsoNormal" style="border:none;padding:0in"><b>From: </b><a href="mailto:heas@shrubbery.net" target="_blank">heasley</a><br><b>Sent: </b>Wednesday, April 5, 2023 4:03 PM<br><b>To: </b><a href="mailto:chris.weakland@gmail.com" target="_blank">Chris Weakland</a><br><b>Cc: </b><a href="mailto:durrani.anwar@gmail.com" target="_blank">Anwar Durrani</a>; <a href="mailto:rancid-discuss@www.shrubbery.net" target="_blank">rancid-discuss@www.shrubbery.net</a><br><b>Subject: </b>Re: [rancid] login script for PaloAlto PA850</p></div><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Wed, Apr 05, 2023 at 07:21:17AM -0400, Chris Weakland:</p><p class="MsoNormal">> Palo Alto support has bee. built into Rancid for some time, no need for any</p><p class="MsoNormal">additional scripts. The device type is: paloalto</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">indeed; there is also device type paloaltoxml for the xml config.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">> Your router.db looks incorrect, it should be:</p><p class="MsoNormal">> </p><p class="MsoNormal">> <a href="http://Firewall1.yourdomain.com" target="_blank">Firewall1.yourdomain.com</a>;paloalto;up</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">to be pedantic, additional fields are simply ignored.</p><p class="MsoNormal"><u></u> <u></u></p></div></div>
</div></blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Thanks & regards,<br>Anwar M. Durrani<div>+91-9923205011<br><a href="http://in.linkedin.com/pub/anwar-durrani/20/b55/60b" title="View public profile" name="SignatureSanitizer_SafeHtmlFilter_UNIQUE_ID_SafeHtmlFilter_SafeHtmlFilter_webProfileURL" target="_blank"></a><dl><dd><p>
</p>
</dd></dl><br></div></div></div></div></div>