Basic configuration of Palo Alto firewall using Terraform
Requirements
- Palo Alto VM series firewall on KVM (in my case, hosted in EVE-NG)
- Terraform.exe file (Downloaded from Terraform official page)
- Visual Studio Code software
- Connectivity to Palo Alto machine from the host machine
Step 0 - Create a folder to host all Terraform files
C:\Users\angel\scripts\paloalto
Step 1 - Download terraform.exe file from Official Terraform page
I am using Windows OS for this example but you can use Linux, MAC or other OS types as well
Extract terraform.exe in folder where all Terraform files are located --> C:\Users\angel\scripts\paloalto
Step 2 - Open Visual Studio Code and download the following Terraform related extensions:
- Terraform
- Hashicorp Terraform
- Terraform advanced syntax higlighting
Step 3 - Create main.tf on terraform files folder
C:\Users\angel\scripts\paloalto\main.tf
Step 4 - Edit main.tf with the following basic code. Make sure that indetation is well respected on file
required_providers {
panos = {
source = "PaloAltoNetworks/panos"
}
}
}
provider "panos" {
# Configuration options
hostname = "tatget_ip_address"
username = "ssh_username"
password = "ssh_password"
}
resource "panos_administrative_tag" "tag_test" {
name = "internal"
vsys = "vsys1"
color = "color1"
comment = "Internal resources"
lifecycle {
create_before_destroy = true
}
}
resource "panos_address_object" "angel-test1" {
name = "angel-test1"
value = "1.2.3.4/32"
description = "TEST NETWORK OBJECT"
tags = [
"tag_test",
]
lifecycle {
create_before_destroy = true
}
}
Step 5 - Open Terminal in Studio Code en execute terraform init, terraform plan and terraform apply commands
.\terraform.exe init
.\terraform.exe plan
.\terraform.exe apply yes
Comentarios
Publicar un comentario