Entradas

Mostrando las entradas etiquetadas como panorama

Strata Logging Service | Send Palo Alto logs to an AWS S3 bucket

Imagen
Prerequisites 1. Have 1 or multiple Palo Alto Firewalls onboarded to Strata Cloud Manager or sending Palo Alto logs directly to Strata Logging Service. 2. Have access to Strata Logging Service / Strata Cloud Manager console. 3. Have access to an AWS Console How to send Palo Alto logs to an AWS S3 bucket @AWS 1. Create a new S3 bucket . We will call it palo-alto-logs.  Take note of the AWS region (us-central-1, eu-central-1, etc) this will be required on a later step. Also for security, kindly enable Block all public access  in the S3 Bucket. It is not required to create an ACL so you can disable  this setting. 2. Create a new IAM role.  We will call it SLS_to_S3_access_role. During the creation of the IAM role, you need to select AWS Account > Another AWS Account > Enter the Account ID of Strata Logging Service.  This can be obtained when creating a new S3 bucket profile in Strata Logging Service, specifically here: Once the AWS Account ID it is obtaine...
Publicar un comentario
Leer más

Panorama SDWAN issue during commit with errror message "failed to create sdwan cluster meta file: 'NoneType' object has no attribute 'node'"

Imagen
Cause -->   This issue is directly related to high-availability configuration in SDWAN device in local device. If you are adding an standalone firewall as SDWAN device in Panorama with locally enabled HA configuration it will cause this problem. Solution -> You can either remove local HA configuration in the firewall or tou can implement HA with 2 member and then you can setup SDWAN in both devices as an HA group in Panorama SDWAN settings.
Publicar un comentario
Leer más

Palo Alto | Create a Security Zone on a Template using PANORAMA REST API call

## REST API POST call that creates a new Security Zone in an target Template in Panorama ## import requests import urllib3 import json urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) url = "https://{panoramaIP}/restapi/v10.2/Network/Zones?name={name_new_ZONE}&location=template&template={target_template}&vsys=vsys1" payload = json.dumps({ "entry": { "@name": "{name_new_ZONE}", "@location": "template", "@template": "{target_template}", "@vsys": "vsys1", "network": { "layer3": {}, "log-setting": "default" } } }) headers = { 'Content-Type': 'application/json', 'X-PAN-KEY': '{PANORAMA_API_KEY}' } response = requests.request("POST", url, headers=headers, data=payload, verify=False) print(response.text)
Publicar un comentario
Leer más