Palo Alto Networks has a tool that allows you to gather configuration information from a firewalls and Panorama systems.
The PHP scripts can be found here.
Download and extract the files to your system. I chose to extract them to c:\pan-configurator-master
Example scripts for how to use are found at the links below (they do require a Palo Alto Networks customer account)
If you don’t have PHP already installed on your Windows system, here is how I configured my system.
Download and install PHP to your machine from http://www.php.net. I used version 220.127.116.11 and installed to c:\php
Once the PHP has been installed, copy the php.ini-production to php.ini, and edit the following lines by removinig the semicolons:
include_path = “.;c:\php\includes”
; On windows:
extension_dir = “ext”
; Enable cURL extension in PHP
Copy the following dll’s to the c:\windows\system32 directory
If you want to be able to run the scripts from directories other than c:\php update your path at the command line with the following command: set path=%path%;”c:\php”
When you connect to a device the first time it will ask for either a username and password or an API key
You can generate an API key via your browser – https://
Replace the data in between < > with the appropriate date for your system
I used php C:\pan-configurator-master\utils\rules-edit.php in=api://10.200.132.43 actions=exportToExcel:my-home-rules.xls location=vsys1 ruletype=all to pull the security, decryption and nat policies from my home firewalls.
Take your time with this tool and test all of you commands in a lab before using them in production
This is a Security Bloggers Network syndicated blog post authored by James.Costello. Read the original post at: IT Security, Windows Scripting and other matters