[rancid] login script for PaloAlto PA850

Anwar Durrani durrani.anwar at gmail.com
Thu Apr 6 15:30:16 UTC 2023 

Ok Thanks, Chris, I will make a note.

One more thing, whenever I am pushing changes to Firewalls i am not getting
notified through email about changes made but in the case of Cisco, I
receive whatever changes are made through email. While in the Firewall I am
getting notifications as below every 30 mins.

 #wf-private-version: 0
  #wf-private-release-date: unknown
  #url-db: paloaltonetworks
- #wildfire-version: 757373-760822
- #wildfire-release-date: 2023/04/06 19:57:32 IST
+ #wildfire-version: 757379-760828
+ #wildfire-release-date: 2023/04/06 20:27:32 IST
  #wildfire-rt: Disabled
- #url-filtering-version: 20230406.20218
+ #url-filtering-version: 20230406.20226


On Thu, 6 Apr 2023 at 18:17, Chris <chris.weakland at gmail.com> wrote:

> I think you can remove step 4, in my experience it should not be needed
>
>
>
> Chris
>
>
>
> *From: *Anwar Durrani <durrani.anwar at gmail.com>
> *Sent: *Thursday, April 6, 2023 5:08 AM
> *To: *Chris <chris.weakland at gmail.com>
> *Cc: *heasley <heas at shrubbery.net>; rancid-discuss at www.shrubbery.net
> *Subject: *Re: [rancid] login script for PaloAlto PA850
>
>
>
> Thanks, Chris for your prompt response.
>
>
>
> I am putting complete procedure step by step so that every one can easily
> understand
>
>
>
> #Configure PaloAlto Firewall on rancid server
>
> Rancid Version : 3.13-1   [apt -list | grep rancid]
>
> OS Version : Ubuntu 22.04.2 LTS     [lsb_release -a]
>
>
>
> 1. Make changes in rancid main configuration /etc/rancid/rancid.conf
>
>     add firewalls(whatever name you would like to keep)
> LIST_OF_GROUPS="routers switches waps firewalls"; export LIST_OF_GROUPS
>
>
>
> 2. To take effets the changes in configuration run below command but you
> have to be rancid user first
>
>     su - rancid
>
>     /usr/lib/rancid/bin/rancid-run
>
>
>
> 3. Make change in configuration file and add device
>
>     vim /var/lib/rancid/firewalls/router.db
>
>
>
>     add following line
>
>
>
>     firewall1.your-domain.com;paloalto;up;
>
>
>
> 4. Make changes in
>
>     vim /var/lib/rancid/firewalls/routers.up
>
>
>
>     add below line
>
>
>
>     firewall1.your-domain.com;paloalto
>
>
>
> 5. Make changes in vim /etc/rancid/rancid.types.base
>
>
>
>     add lines below
>
>
>
>     paloalto;login;plogin
>
>     paloalto;module;panos
>
>     paloalto;inloop;panos::inloop
>
>     paloalto;command;panos::ShowInfo;show system info
>
>     paloalto;command;panos::ShowInventory;show chassis inventory
>
>     paloalto;command;panos::ShowConfig;show config merged
>
>
>
> 6. Make changes in vim /etc/rancid/rancid.types.conf
>
>
>
>     *# This is for PaloAlto Firewall*
>
>     paloalto;script;panrancid
>
>
>
> 7. Make changes in vim /etc/rancid/rancid.types.conf
>
>
>
>     add lines as below
>
>
>
>     *# This is for PaloAlto Firewall*
>
>     paloalto;script;panrancid
>
>
>
> 8. Enable email configuration
>
>
>
>     vim /etc/aliases
>
>
>
>     add lines below
>
>
>
>     rancid-firewalls:       infra-alerts at your-domain.com
>
>     rancid-firewalls-admin:  infra-alerts at your-domain.com
>
>
>
>     *# Run below command to take into effect*
>
>     newaliases
>
>
>
> *# You Must have panos, panrancid & plogin files present under
> /var/lib/rancid/bin*
>
>
>
> On Thu, 6 Apr 2023 at 03:49, Chris <chris.weakland at gmail.com> wrote:
>
> Just wanted to add for the benefit of all, I like to edit my
> etc/rancid.types.conf and add a new “type”. Here is what the additional
> lines look like:
>
>
>
> paloaltofw;script;rancid -t paloaltofw
>
> paloaltofw;login;panlogin
>
> paloaltofw;module;panos
>
> paloaltofw;inloop;panos::inloop
>
> paloaltofw;command;panos::ShowInfo;show system info
>
> paloaltofw;command;panos::ShowInventory;show chassis inventory
>
> paloaltofw;command;rancid::RunCommand;set cli config-output-format set
>
> paloaltofw;command;rancid::RunCommand;configure
>
> paloaltofw;command;panos::ShowConfig;show
>
>
>
> This gives you a more human readable configuration.
>
>
>
> In your router.db you would need to add:
>
>
>
> Firewall1.yourdomain.com;paloaltofw;up
>
>
>
> Chris
>
>
>
> *From: *heasley <heas at shrubbery.net>
> *Sent: *Wednesday, April 5, 2023 4:03 PM
> *To: *Chris Weakland <chris.weakland at gmail.com>
> *Cc: *Anwar Durrani <durrani.anwar at gmail.com>;
> rancid-discuss at www.shrubbery.net
> *Subject: *Re: [rancid] login script for PaloAlto PA850
>
>
>
> Wed, Apr 05, 2023 at 07:21:17AM -0400, Chris Weakland:
>
> > Palo Alto support has bee. built into Rancid for some time, no need for
> any
>
> additional scripts.  The device type is:  paloalto
>
>
>
> indeed; there is also device type paloaltoxml for the xml config.
>
>
>
> > Your router.db looks incorrect, it should be:
>
> >
>
> > Firewall1.yourdomain.com;paloalto;up
>
>
>
> to be pedantic, additional fields are simply ignored.
>
>
>
>
>
>
> --
>
> Thanks & regards,
> Anwar M. Durrani
>
> +91-9923205011
>
>
>
>
>


-- 
Thanks & regards,
Anwar M. Durrani
+91-9923205011
<http://in.linkedin.com/pub/anwar-durrani/20/b55/60b>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/rancid-discuss/attachments/20230406/c56d5b41/attachment.htm>

More information about the Rancid-discuss mailing list