Metadata-Version: 1.1
Name: panw_utils
Version: 0.7.8
Summary: Palo Alto Networks Utilities
Home-page: https://github.com/dapacruz/panw-utils
Author: David Paul Cruz
Author-email: davidcruz72@gmail.com
License: MIT license
Description: ==========
        panw-utils
        ==========
        
        
        .. image:: https://img.shields.io/pypi/v/panw_utils.svg
                :target: https://pypi.python.org/pypi/panw_utils
        
        .. image:: https://img.shields.io/travis/dapacruz/panw_utils.svg
                :target: https://travis-ci.org/dapacruz/panw_utils
        
        .. image:: https://readthedocs.org/projects/panw-utils/badge/?version=latest
                :target: https://panw-utils.readthedocs.io/en/latest/?badge=latest
                :alt: Documentation Status
        
        
        
        
        Palo Alto Networks Utilities
        
        
        * Free software: MIT license
        * Documentation: https://panw-utils.readthedocs.io.
        
        
        Features
        --------
        
        **panw-utils**
        
        * Returns a list of available commands
        
        **get-panw-api-key**
        
        * Returns the current API key, suitable for piping to pbcopy (macOS) or clip.exe (Windows)
        * Command line options
        * Platform independent
        * Save default user and firewall
        * Update saved settings
        * Receives pipeline input (stdin)
        * Uses a default firewall if one not provided
        * Prompts for required parameters if none provided
        * Multi-threaded
        
        **get-panw-firewalls**
        
        * Returns a list of firewalls including management address and serial number
        * Output can be pasted directly into Excel
        * Terse output option for piping to other commands
        * Command line options
        * Platform independent
        * Save API key and default Panorama host
        * Update saved settings
        * Override/supply API key on the command line
        
        **get-panw-interfaces**
        
        * Returns a list of firewalls interfaces
        * Output can be pasted directly into Excel
        * Terse output option for piping to other commands
        * Command line options
        * Platform independent
        * Save API key and default firewall
        * Update saved settings
        * Override/supply API key on the command line
        * Filter on interface properties
        * Multi-threaded
        
        **get-panw-config**
        
        * Returns the firewall configuration (set/XML format)
        * Command line options
        * Platform independent
        * Save key based auth preference, default user and default firewall
        * Update saved settings
        * Multi-threaded
        
        
        **run-panw-cmd**
        
        * Executes arbitrary CLI commands
        * Command line options
        * Platform independent
        * Save key based auth preference, default user and default firewall
        * Update saved settings
        * Multi-threaded
        
        
        Usage
        =====
        
        To return a list of firewalls use the ``get-panw-firewalls`` command::
        
            $ get-panw-firewalls
            Host                          	MgmtIP         	Serial      	Model   	Uptime              	SwVersion
            ==============================	===============	============	========	====================	=========
            fw01.domain.com                     1.1.1.1  	013999999999	PA-5220 	208 days, 6:49:53   	8.0.9
            fw02.domain.com                     1.1.1.2  	013999999998	PA-5220 	208 days, 7:27:28   	8.0.9
        
        |
        
        To return a list of firewall hostnames use the ``get-panw-firewalls`` command (suitable for piping to other commands)::
        
            $ get-panw-firewalls -t
            fw01.domain.com
            fw02.domain.com
        
        |
        
        To return a list of firewall interfaces use the ``get-panw-interfaces`` command::
        
            $ get-panw-interfaces fw01.domain.com
            Firewall                 	Interface           	State	IpAddress
            =========================	====================	=====	====================
            fw01.domain.com      	ethernet1/1         	up   	N/A
            fw01.domain.com      	ethernet1/12        	up   	N/A
            fw01.domain.com      	ethernet1/2         	up   	172.17.111.251/24
            fw01.domain.com      	ethernet1/21        	up   	N/A
            fw01.domain.com      	ethernet1/22        	up   	N/A
            fw01.domain.com      	ethernet1/5         	up   	172.19.222.206/28
            fw01.domain.com      	ethernet1/7         	up   	N/A
            fw01.domain.com      	ha1-a               	up   	1.1.1.1/30
            fw01.domain.com      	ha1-b               	up   	1.1.1.9/30
            fw01.domain.com      	hsci-a              	up   	1.1.1.5/30
            fw01.domain.com      	hsci-b              	up   	N/A
            fw01.domain.com      	tunnel              	up   	N/A
            fw01.domain.com      	tunnel.1800         	up   	N/A
            fw01.domain.com      	vlan                	up   	N/A
        
            $ get-panw-firewalls -t | get-panw-interfaces
            Firewall                 	Interface           	State	IpAddress
            =========================	====================	=====	====================
            fw01.domain.com      	ethernet1/1         	up   	N/A
            fw01.domain.com      	ethernet1/12        	up   	N/A
            fw01.domain.com      	ethernet1/2         	up   	172.17.111.251/24
            fw01.domain.com      	ethernet1/21        	up   	N/A
            fw01.domain.com      	ethernet1/22        	up   	N/A
            fw01.domain.com      	ethernet1/5         	up   	172.19.222.206/28
            fw01.domain.com      	ethernet1/7         	up   	N/A
            fw02.domain.com      	ethernet1/1         	up   	N/A
            fw02.domain.com      	ethernet1/12        	up   	N/A
            fw02.domain.com      	ethernet1/2         	up   	172.17.111.251/24
            fw02.domain.com      	ethernet1/21        	up   	N/A
            fw02.domain.com      	ethernet1/22        	up   	N/A
            fw02.domain.com      	ethernet1/5         	up   	172.19.222.206/28
            fw02.domain.com      	ethernet1/7         	up   	N/A
        
        |
        
        To return the firewall configuration use the ``get-panw-config`` command::
        
            $ get-panw-config
            ============================
            = fw01.domain.com =
            ============================
            <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks">
              <mgt-config>
                <users>
                  <entry name="admin">
                    <phash>xxxxx</phash>
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                  </entry>
                  <entry name="user1">
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                    <phash>xxxxx</phash>
                  </entry>
            <--- Output truncated --->
        
        |
        
        To return the configuration of multiple firewalls pipe the output of ``get-panw-firewalls -t`` to the ``get-panw-config`` command::
        
            $ get-panw-firewalls -t | get-panw-config
            ============================
            = fw01.domain.com =
            ============================
            <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks">
              <mgt-config>
                <users>
                  <entry name="admin">
                    <phash>xxxxx</phash>
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                  </entry>
                  <entry name="user1">
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                    <phash>xxxxx</phash>
                  </entry>
            <--- Output truncated --->
        
            ============================
            = fw02.domain.com =
            ============================
            <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks">
              <mgt-config>
                <users>
                  <entry name="admin">
                    <phash>xxxxx</phash>
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                  </entry>
                  <entry name="user1">
                    <permissions>
                      <role-based>
                        <superuser>yes</superuser>
                      </role-based>
                    </permissions>
                    <phash>xxxxx</phash>
                  </entry>
            <--- Output truncated --->
        
        |
        
        To return a portion of the firewall configuration use the ``get-panw-config`` command with the ``--xpath`` option::
        
            get-panw-config --xpath "/config/mgt-config/users"
            ============================
            = fw01.domain.com =
            ============================
            <response status="success"><result><users>
              <entry name="admin">
                <phash>xxxxx</phash>
                <permissions>
                  <role-based>
                    <superuser>yes</superuser>
                  </role-based>
                </permissions>
              </entry>
            </users></result></response>
        
        |
        
        To return the set configuration of multiple firewalls pipe the output of ``get-panw-firewalls -t`` to the ``get-panw-config`` command::
        
            $ get-panw-firewalls -t | get-panw-config --format set | egrep "^=|virtual-router"
            Collecting set configuration via ssh ...
            ============================
            = fw01.domain.com =
            ============================
            set network virtual-router default protocol bgp enable no
            set network virtual-router default protocol bgp dampening-profile default cutoff 1.25
            set network virtual-router default protocol bgp dampening-profile default reuse 0.5
            set network virtual-router default protocol bgp dampening-profile default max-hold-time 900
            set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300
            set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900
            set network virtual-router default protocol bgp dampening-profile default enable yes
            set network virtual-router default interface [ ethernet1/1 ]
            set network virtual-router default routing-table ip static-route "Default Route" nexthop ip-address 192.168.197.254
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor enable no
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor failure-condition any
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor hold-time 2
            set network virtual-router default routing-table ip static-route "Default Route" metric 10
            set network virtual-router default routing-table ip static-route "Default Route" destination 0.0.0.0/0
            set network virtual-router default routing-table ip static-route "Default Route" route-table unicast
            ============================
            = fw02.domain.com =
            ============================
            set network virtual-router default protocol bgp enable no
            set network virtual-router default protocol bgp dampening-profile default cutoff 1.25
            set network virtual-router default protocol bgp dampening-profile default reuse 0.5
            set network virtual-router default protocol bgp dampening-profile default max-hold-time 900
            set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300
            set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900
            set network virtual-router default protocol bgp dampening-profile default enable yes
            set network virtual-router default interface [ ethernet1/1 ]
            set network virtual-router default routing-table ip static-route "Default Route" nexthop ip-address 10.69.26.62
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor enable no
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor failure-condition any
            set network virtual-router default routing-table ip static-route "Default Route" path-monitor hold-time 2
            set network virtual-router default routing-table ip static-route "Default Route" metric 10
            set network virtual-router default routing-table ip static-route "Default Route" destination 0.0.0.0/0
            set network virtual-router default routing-table ip static-route "Default Route" route-table unicast
        
        |
        
        To ping all interfaces in an "up" state with a 1 second timeout, count 1, filter HA subnets::
        
            $ get-panw-firewalls -t | grep fw01.domain.com | get-panw-interfaces --if-state up -t | grep -v 1.1.1. | xargs -n1 ping -c 1 -t 1
            PING 10.170.196.241 (10.170.196.241): 56 data bytes
            64 bytes from 10.170.196.241: icmp_seq=0 ttl=57 time=63.845 ms
        
            --- 10.170.196.241 ping statistics ---
            1 packets transmitted, 1 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 63.845/63.845/63.845/0.000 ms
            PING 10.170.118.254 (10.170.118.254): 56 data bytes
            64 bytes from 10.170.118.254: icmp_seq=0 ttl=57 time=63.471 ms
        
            --- 10.170.118.254 ping statistics ---
            1 packets transmitted, 1 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 63.471/63.471/63.471/0.000 ms
            PING 10.171.119.254 (10.171.119.254): 56 data bytes
            64 bytes from 10.171.119.254: icmp_seq=0 ttl=57 time=63.862 ms
        
            --- 10.171.119.254 ping statistics ---
            1 packets transmitted, 1 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 63.862/63.862/63.862/0.000 ms
            PING 10.170.111.254 (10.170.111.254): 56 data bytes
            64 bytes from 10.170.111.254: icmp_seq=0 ttl=57 time=63.931 ms
        
            --- 10.170.111.254 ping statistics ---
            1 packets transmitted, 1 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 63.931/63.931/63.931/0.000 ms
            PING 10.170.92.126 (10.170.92.126): 56 data bytes
            64 bytes from 10.170.92.126: icmp_seq=0 ttl=57 time=63.768 ms
        
            --- 10.170.92.126 ping statistics ---
            1 packets transmitted, 1 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 63.768/63.768/63.768/0.000 ms
        
        
        =======
        History
        =======
        
        0.0.1 (2019-02-16)
        ------------------
        
        * First release on PyPI.
        
        0.1.5 (2019-02-17)
        -------------------
        
        * Update README.rst.
        * Update descriptions.
        * Implement helper command (panw-utils).
        
        0.1.6 (2019-02-17)
        -------------------
        
        * Fix bug in saved settings update
        
        0.1.11 (2019-02-17)
        -------------------
        
        * Configure Travis CI
        
        0.2.0 (2019-03-07)
        -------------------
        
        * Added get-panw-config
        
        0.3.0 (2019-04-07)
        -------------------
        
        * Implement concurrency
        * Redirect headers to sys.stderr to make grep friendly
        * Add model, uptime and  software version to output
        
        0.4.0 (2019-04-12)
        -------------------
        
        * Migrate from multi-processing to multi-threading
        
        0.5.0 (2019-04-13)
        -------------------
        
        * Added run-panw-cmd
        
        0.6.0 (2020-09-14)
        -------------------
        
        * Added status, MAC address, zone, virtual router and comment to get-panw-interfaces output
        * Bumped requirements versions
        
        0.7.0 (2020-09-14)
        -------------------
        
        * Convert get-panw-interfaces operational state to link state
        
Keywords: panw_utils
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
