firewall-orchestrator icon indicating copy to clipboard operation
firewall-orchestrator copied to clipboard

Published 20 hours ago verified publisher icon CactuseSecurity

Importer - palo alto module advanced features

Open tpurschke opened this issue 5 years ago • 1 comments

general information

  • api based (api exists both for panorama mgmt and fw gw)
  • 2 different apis exist (xml, rest) --> ignoring XML, just using REST
  • https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClZLCA0
  • https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/about-the-pan-os-xml-api.html

basic importer

  • [x] import from Palo Alto FW itself
  • [ ] import from Panorama
  • [x] import network objects (simple, groups)
  • [x] import services
  • [x] import service lists ('843,4530-4533,6060-6063,9090-9093,19090-19093')
  • [x] import access rules
  • [x] import applications

advanced / procrastinated functionality

  • [ ] import users
  • [ ] add multiple zones per rule (db changes needed)
  • [ ] import nat rules
  • [ ] deal with tagging
    • [ ] import dynamic network groups defined by tags
  • [ ] get intrazone and interzone default rules
  • [ ] add vsys support

tpurschke avatar May 22 '20 07:05 tpurschke

There has been an opportunity to join a PoV. Within this PoV Palo would have been required as knock out criteria. Customer is utilizing palos labelling feature. Adding this feature might allow application to PoVs / PoCs in future as Palo shows up quite often in Customers environments lately.

gammelich avatar Nov 25 '22 09:11 gammelich