[rancid] login script for PaloAlto PA850
Anwar Durrani
durrani.anwar at gmail.com
Thu Apr 6 09:08:27 UTC 2023
Thanks, Chris for your prompt response.
I am putting complete procedure step by step so that every one can easily
understand
#Configure PaloAlto Firewall on rancid server
Rancid Version : 3.13-1 [apt -list | grep rancid]
OS Version : Ubuntu 22.04.2 LTS [lsb_release -a]
1. Make changes in rancid main configuration /etc/rancid/rancid.conf
add firewalls(whatever name you would like to keep) LIST_OF_GROUPS="routers
switches waps firewalls"; export LIST_OF_GROUPS
2. To take effets the changes in configuration run below command but you
have to be rancid user first
su - rancid
/usr/lib/rancid/bin/rancid-run
3. Make change in configuration file and add device
vim /var/lib/rancid/firewalls/router.db
add following line
firewall1.your-domain.com;paloalto;up;
4. Make changes in
vim /var/lib/rancid/firewalls/routers.up
add below line
firewall1.your-domain.com;paloalto
5. Make changes in vim /etc/rancid/rancid.types.base
add lines below
paloalto;login;plogin
paloalto;module;panos
paloalto;inloop;panos::inloop
paloalto;command;panos::ShowInfo;show system info
paloalto;command;panos::ShowInventory;show chassis inventory
paloalto;command;panos::ShowConfig;show config merged
6. Make changes in vim /etc/rancid/rancid.types.conf
# This is for PaloAlto Firewall
paloalto;script;panrancid
7. Make changes in vim /etc/rancid/rancid.types.conf
add lines as below
# This is for PaloAlto Firewall
paloalto;script;panrancid
8. Enable email configuration
vim /etc/aliases
add lines below
rancid-firewalls: infra-alerts at your-domain.com
rancid-firewalls-admin: infra-alerts at your-domain.com
# Run below command to take into effect
newaliases
# You Must have panos, panrancid & plogin files present under
/var/lib/rancid/bin
On Thu, 6 Apr 2023 at 03:49, Chris <chris.weakland at gmail.com> wrote:
> Just wanted to add for the benefit of all, I like to edit my
> etc/rancid.types.conf and add a new “type”. Here is what the additional
> lines look like:
>
>
>
> paloaltofw;script;rancid -t paloaltofw
>
> paloaltofw;login;panlogin
>
> paloaltofw;module;panos
>
> paloaltofw;inloop;panos::inloop
>
> paloaltofw;command;panos::ShowInfo;show system info
>
> paloaltofw;command;panos::ShowInventory;show chassis inventory
>
> paloaltofw;command;rancid::RunCommand;set cli config-output-format set
>
> paloaltofw;command;rancid::RunCommand;configure
>
> paloaltofw;command;panos::ShowConfig;show
>
>
>
> This gives you a more human readable configuration.
>
>
>
> In your router.db you would need to add:
>
>
>
> Firewall1.yourdomain.com;paloaltofw;up
>
>
>
> Chris
>
>
>
> *From: *heasley <heas at shrubbery.net>
> *Sent: *Wednesday, April 5, 2023 4:03 PM
> *To: *Chris Weakland <chris.weakland at gmail.com>
> *Cc: *Anwar Durrani <durrani.anwar at gmail.com>;
> rancid-discuss at www.shrubbery.net
> *Subject: *Re: [rancid] login script for PaloAlto PA850
>
>
>
> Wed, Apr 05, 2023 at 07:21:17AM -0400, Chris Weakland:
>
> > Palo Alto support has bee. built into Rancid for some time, no need for
> any
>
> additional scripts. The device type is: paloalto
>
>
>
> indeed; there is also device type paloaltoxml for the xml config.
>
>
>
> > Your router.db looks incorrect, it should be:
>
> >
>
> > Firewall1.yourdomain.com;paloalto;up
>
>
>
> to be pedantic, additional fields are simply ignored.
>
>
>
--
Thanks & regards,
Anwar M. Durrani
+91-9923205011
<http://in.linkedin.com/pub/anwar-durrani/20/b55/60b>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20230406/e504b33b/attachment.htm>
More information about the Rancid-discuss
mailing list