帕洛阿尔托网络公司
panw-utils的Python项目详细描述
窗格实用程序
帕洛阿尔托网络实用程序
- 自由软件:麻省理工学院许可证
- 文档:https://panw-utils.readthedocs.io。
功能
panw实用程序
- 返回可用命令的列表
get panw api键
- 返回当前的api密钥,适用于管道到pbcopy(macos)或clip.exe(windows)
- 命令行选项
- 独立于平台
- 保存默认用户和防火墙
- 更新保存的设置
- 接收管道输入(stdin)
- 如果未提供防火墙,则使用默认防火墙
- 如果未提供所需参数,则提示输入
- 多线程
get panw防火墙
- 返回防火墙列表,包括管理地址和序列号
- 输出可以直接粘贴到Excel中
- 简洁的输出选项,用于连接到其他命令
- 命令行选项
- 独立于平台
- 保存API密钥和默认全景主机
- 更新保存的设置
- 在命令行上覆盖/提供API键
get panw接口
- 返回防火墙接口列表
- 输出可以直接粘贴到Excel中
- 简洁的输出选项,用于连接到其他命令
- 命令行选项
- 独立于平台
- 保存API密钥和默认防火墙
- 更新保存的设置
- 在命令行上覆盖/提供API键
- 按接口属性筛选
- 多线程
get panw配置
- 返回防火墙配置(set/xml格式)
- 命令行选项
- 独立于平台
- 保存基于密钥的身份验证首选项、默认用户和默认防火墙
- 更新保存的设置
- 多线程
run panw命令
- 执行任意的cli命令
- 命令行选项
- 独立于平台
- 保存基于密钥的身份验证首选项、默认用户和默认防火墙
- 更新保存的设置
- 多线程
用法
要返回防火墙列表,请使用get-panw-firewalls命令:
$ get-panw-firewalls Host MgmtIP Serial Model Uptime SwVersion ============================== =============== ============ ======== ==================== ========= fw01.domain.com 1.1.1.1 013999999999 PA-5220 208 days, 6:49:53 8.0.9 fw02.domain.com 1.1.1.2 013999999998 PA-5220 208 days, 7:27:28 8.0.9
要返回防火墙主机名列表,请使用get-panw-firewalls命令(适用于管道到其他命令):
$ get-panw-firewalls -t fw01.domain.com fw02.domain.com
要返回防火墙接口列表,请使用get-panw-interfaces命令:
$ get-panw-interfaces fw01.domain.com Firewall Interface State IpAddress ========================= ==================== ===== ==================== fw01.domain.com ethernet1/1 up N/A fw01.domain.com ethernet1/12 up N/A fw01.domain.com ethernet1/2 up 172.17.111.251/24 fw01.domain.com ethernet1/21 up N/A fw01.domain.com ethernet1/22 up N/A fw01.domain.com ethernet1/5 up 172.19.222.206/28 fw01.domain.com ethernet1/7 up N/A fw01.domain.com ha1-a up 1.1.1.1/30 fw01.domain.com ha1-b up 1.1.1.9/30 fw01.domain.com hsci-a up 1.1.1.5/30 fw01.domain.com hsci-b up N/A fw01.domain.com tunnel up N/A fw01.domain.com tunnel.1800 up N/A fw01.domain.com vlan up N/A $ get-panw-firewalls -t | get-panw-interfaces Firewall Interface State IpAddress ========================= ==================== ===== ==================== fw01.domain.com ethernet1/1 up N/A fw01.domain.com ethernet1/12 up N/A fw01.domain.com ethernet1/2 up 172.17.111.251/24 fw01.domain.com ethernet1/21 up N/A fw01.domain.com ethernet1/22 up N/A fw01.domain.com ethernet1/5 up 172.19.222.206/28 fw01.domain.com ethernet1/7 up N/A fw02.domain.com ethernet1/1 up N/A fw02.domain.com ethernet1/12 up N/A fw02.domain.com ethernet1/2 up 172.17.111.251/24 fw02.domain.com ethernet1/21 up N/A fw02.domain.com ethernet1/22 up N/A fw02.domain.com ethernet1/5 up 172.19.222.206/28 fw02.domain.com ethernet1/7 up N/A
要返回防火墙配置,请使用get-panw-config命令:
$ get-panw-config ============================ = fw01.domain.com = ============================ <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks"> <mgt-config> <users> <entry name="admin"> <phash>xxxxx</phash> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> <entry name="user1"> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> <phash>xxxxx</phash> </entry> <--- Output truncated --->
要返回多个防火墙的配置,请将get-panw-firewalls-t的输出通过管道发送到get-panw-config命令:
$ get-panw-firewalls -t | get-panw-config ============================ = fw01.domain.com = ============================ <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks"> <mgt-config> <users> <entry name="admin"> <phash>xxxxx</phash> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> <entry name="user1"> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> <phash>xxxxx</phash> </entry> <--- Output truncated ---> ============================ = fw02.domain.com = ============================ <response status="success"><result><config version="8.0.0" urldb="paloaltonetworks"> <mgt-config> <users> <entry name="admin"> <phash>xxxxx</phash> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> <entry name="user1"> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> <phash>xxxxx</phash> </entry> <--- Output truncated --->
要返回部分防火墙配置,请使用get-panw-config命令和--xpath选项:
get-panw-config --xpath "/config/mgt-config/users" ============================ = fw01.domain.com = ============================ <response status="success"><result><users> <entry name="admin"> <phash>xxxxx</phash> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> </users></result></response>
若要返回多个防火墙的设置配置,请将get-panw-firewalls-t的输出通过管道传送到get-panw-config命令:
$ get-panw-firewalls -t | get-panw-config --format set | egrep "^=|virtual-router" Collecting set configuration via ssh ... ============================ = fw01.domain.com = ============================ set network virtual-router default protocol bgp enable no set network virtual-router default protocol bgp dampening-profile default cutoff 1.25 set network virtual-router default protocol bgp dampening-profile default reuse 0.5 set network virtual-router default protocol bgp dampening-profile default max-hold-time 900 set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300 set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900 set network virtual-router default protocol bgp dampening-profile default enable yes set network virtual-router default interface [ ethernet1/1 ] set network virtual-router default routing-table ip static-route "Default Route" nexthop ip-address 192.168.197.254 set network virtual-router default routing-table ip static-route "Default Route" path-monitor enable no set network virtual-router default routing-table ip static-route "Default Route" path-monitor failure-condition any set network virtual-router default routing-table ip static-route "Default Route" path-monitor hold-time 2 set network virtual-router default routing-table ip static-route "Default Route" metric 10 set network virtual-router default routing-table ip static-route "Default Route" destination 0.0.0.0/0 set network virtual-router default routing-table ip static-route "Default Route" route-table unicast ============================ = fw02.domain.com = ============================ set network virtual-router default protocol bgp enable no set network virtual-router default protocol bgp dampening-profile default cutoff 1.25 set network virtual-router default protocol bgp dampening-profile default reuse 0.5 set network virtual-router default protocol bgp dampening-profile default max-hold-time 900 set network virtual-router default protocol bgp dampening-profile default decay-half-life-reachable 300 set network virtual-router default protocol bgp dampening-profile default decay-half-life-unreachable 900 set network virtual-router default protocol bgp dampening-profile default enable yes set network virtual-router default interface [ ethernet1/1 ] set network virtual-router default routing-table ip static-route "Default Route" nexthop ip-address 10.69.26.62 set network virtual-router default routing-table ip static-route "Default Route" path-monitor enable no set network virtual-router default routing-table ip static-route "Default Route" path-monitor failure-condition any set network virtual-router default routing-table ip static-route "Default Route" path-monitor hold-time 2 set network virtual-router default routing-table ip static-route "Default Route" metric 10 set network virtual-router default routing-table ip static-route "Default Route" destination 0.0.0.0/0 set network virtual-router default routing-table ip static-route "Default Route" route-table unicast
要在1秒超时的情况下ping处于“向上”状态的所有接口,请计数1,过滤ha子网:
$ get-panw-firewalls -t | grep fw01.domain.com | get-panw-interfaces --if-state up -t | grep -v 1.1.1. | xargs -n1 ping -c 1 -t 1 PING 10.170.196.241 (10.170.196.241): 56 data bytes 64 bytes from 10.170.196.241: icmp_seq=0 ttl=57 time=63.845 ms --- 10.170.196.241 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 63.845/63.845/63.845/0.000 ms PING 10.170.118.254 (10.170.118.254): 56 data bytes 64 bytes from 10.170.118.254: icmp_seq=0 ttl=57 time=63.471 ms --- 10.170.118.254 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 63.471/63.471/63.471/0.000 ms PING 10.171.119.254 (10.171.119.254): 56 data bytes 64 bytes from 10.171.119.254: icmp_seq=0 ttl=57 time=63.862 ms --- 10.171.119.254 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 63.862/63.862/63.862/0.000 ms PING 10.170.111.254 (10.170.111.254): 56 data bytes 64 bytes from 10.170.111.254: icmp_seq=0 ttl=57 time=63.931 ms --- 10.170.111.254 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 63.931/63.931/63.931/0.000 ms PING 10.170.92.126 (10.170.92.126): 56 data bytes 64 bytes from 10.170.92.126: icmp_seq=0 ttl=57 time=63.768 ms --- 10.170.92.126 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 63.768/63.768/63.768/0.000 ms
历史记录
0.0.1(2019-02-16)
- pypi上的第一个版本。
0.1.5(2019-02-17)
- 更新readme.rst。
- 更新说明。
- 实现helper命令(panw utils)。
0.1.6(2019-02-17)
- 修复保存的设置更新中的错误
0.1.11(2019-02-17)
- 配置Travis CI
0.2.0(2019-03-07)
- 添加了“获取窗格”配置
0.3.0(2019-04-07)
- <升i>实现并发性
- 将标题重定向到sys.stderr,使grep更友好
- 将型号、正常运行时间和软件版本添加到输出中
0.4.0(2019-04-12)
- 从多处理迁移到多线程
0.5.0(2019-04-13)
- 添加运行窗格命令