Tuesday, April 18, 2023

HOWTO Backup Panorama with a API call

 One of my colleagues was discussing a way to backup panorama cfg vrs with the "schedule backup export" option that Palo has.




The problem with Scheduled Config Export the save file does not have the time stamps in the name

By using the API you can set the timestamp  by using the date cmd

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-use-cases/query-a-firewall-from-panorama-api


e.g 

create the API key

curl -k -X GET 'https:///panorama.socpuppets.com/api/?type=keygen&user=kfelix&password=ChangeME2023%21%40%23'




run the API call every hour and download the file

curl -o panorama.`date +%F-%H-%M-%S`.xml -k  'https://panorama.socpuppets.com/api/?type=op&cmd=<show><config><running><%2Frunning><%2Fconfig><%2Fshow>&key=LUFRPT1lL0I0YkFhMFNIOUs1RDRiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVJJyV21YREFSeFFnZmFXVzUrb0luZw=='
Posted by at No comments:

Monday, April 3, 2023

Sonic route-based vpn 0.0.0.0/0

 I was working in my day job with a customer that has a sonicwall and they need to change from specific  proxy-ids for src/dst to 0.0.0.0/0:0 


In order to do this you need to change the VPN from site2site to tunnel. Check out the screenshots of the two modes and take notice of how the "network" option disappears when you do tunnel mode




You still need to apply a route-policy for the destination to ensure that traffic is routed over the VPN . This is an option in sonicwalls that is commonly missed





NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

        /  \


Posted by at No comments:
Subscribe to: Posts (Atom)