Wednesday, November 18, 2015

PHP configuration for use with Palo Alto Networks Configurator

Palo Alto Networks has a tool that allows you to gather configuration information from a firewalls and Panorama systems.
The PHP scripts can be found here.

Download and extract the files to your system. I chose to extract them to c:\pan-configurator-master

Example scripts for how to use are found at the links below (they do require a Palo Alto Networks customer account)

If you don't have PHP already installed on your Windows system, here is how I configured my system.
Download and install PHP to your machine from I used version and installed to c:\php
Once the PHP has been installed, copy the php.ini-production to php.ini, and edit the following lines by removinig the semicolons:
include_path = ".;c:\php\includes"
; On windows:
extension_dir = "ext"
;  Enable cURL extension in PHP

Copy the following dll’s to the c:\windows\system32 directory

If you want to be able to run the scripts from directories other than c:\php update your path at the command line with the following command: set path=%path%;"c:\php"

When you connect to a device the first time it will ask for either a username and password or an API key
You can generate an API key via your browser - https:///api/?type=keygen&user=&password=
Replace the data in between < > with the appropriate date for your system

I used php C:\pan-configurator-master\utils\rules-edit.php in=api:// actions=exportToExcel:my-home-rules.xls location=vsys1 ruletype=all to pull the security, decryption and nat policies from my home firewalls.
Take your time with this tool and test all of you commands in a lab before using them in production