Vendor
Product
Panorama
OS Versions:
9.1
Method
Category
Security (SASE)
Project Type
Example Project
View Repository
Workflow
Palo Alto Panorama - Example Use Cases
Overview
This Pre-Built Automation bundle contains several example use cases that are applicable when Itential Automation Platform is integrated with Palo Alto Panorama using the REST API. Because every environment is different, these use cases are fully functioning examples that can be easily modified to operate in your specific environment. These workflows have been written with modularity in mind to make them easy to understand and simple to modify to suit your needs.
Example Workflows
| Name | Overview |
|---|---|
| Create Security Pre or Post Rule - Panorama - REST - Example | This example use case automates the procedure of creating security pre or post rule and committing staged changes to Palo Alto Panorama |
For further technical details on how to install and use this Example Project, please click the Technical Documentation tab.
Table of Contents
Getting Started
This section is helpful for deployments as it provides you with pertinent information on prerequisites and properties.
Helpful Background Information
Workflows and processes often include logic that varies from business to business. Our Example Projects are more complex processes that include several of our modular components to build a more complete process.
While these can be utilized, you may find more value in using them as a starting point to build around.
Prerequisites
Itential Example Projects are built and tested on particular versions of IAP. In addition, Example Projects are often dependent on external systems and as such, these Example Projects will have dependencies on these other systems. This version of Palo Alto - Panorama - REST - Example has been tested with:
- IAP 2023.2
External Dependencies
| Name | OS Version | API Version |
|---|---|---|
| Palo Alto Panorama | 9.1 |
Adapters
| Name | Version | Configuration Notes |
|---|---|---|
| adapter-panorama | 0.14.2 |
How to Install
To install the Example Project:
- Verify you are running a supported version of the Itential Automation Platform (IAP) as listed above in the Supported IAP Versions section in order to install the Example Project.
- Import the Example Project in Admin Essentials.
Testing
Cypress is generally used to test all Itential Example Projects. While Cypress is an opensource tool, at Itential we have internal libraries that have been built around Cypress to allow us to test with a deployed IAP.
When certifying our Example Projects for a release of IAP we run these tests against the particular version of IAP and create a release branch in GitLab. If you do not see the Example Project available in your version of IAP please contact Itential.
While Itential tests this Example Project and its capabilities, it is often the case the customer environments offer their own unique circumstances. Therefore, it is our recommendation that you deploy this Example Project into a development/testing environment in which you can test the Example Project.
Using this Example Project
Example Projects contain 1 or more workflows. Each of these workflows have different inputs and outputs.
Create Security Pre or Post Rule - Panorama - REST - Example
This example use case automates the procedure of creating security pre or post rule and committing staged changes to Palo Alto Panorama
Capabilities include:
- Create security pre or post rule on Palo Alto Panorama
- Commit staged changes to Palo Alto Panorama
Entry Point IAP Component
The primary IAP component to run Create Security Pre or Post Rule - Panorama - REST - Example is listed below:
| IAP Component Name | IAP Component Type | Create Security Pre or Post Rule - Panorama - REST - Example | Operations Manager Automation |
|---|
Inputs
The following table lists the inputs for Create Security Pre or Post Rule - Panorama - REST - Example:
| Name | Type | Required | Description | Example Value |
|---|---|---|---|---|
| securityRule | string | yes | Whether to create security pre or post rule | Pre Rule |
| name | string | yes | Name of security post rule | postRule1 |
| description | string | yes | Description of security post rule | Post Rule 1 description |
| ruleLocation | string | yes | Location of security post rule | shared |
| ruleType | string | yes | Type of security post rule | universal |
| schedule | string | yes | Schedule of when to apply security post rule | Overnight |
| logStart | string | yes | Whether log at session start will generate time for each start event | yes |
| logEnd | string | yes | Whether log at session end will generate time when session has ended | yes |
| action | string | yes | Action to apply to rule | allow |
| fromMembers | array | yes | List of from members (source zones) | [
{
"member": "any"
}
] |
| toMembers | array | yes | List of to members (destination zones) | [
{
"member": "10.0.0.0"
}
] |
| sourceMembers | array | yes | List of source members (source address or source address group members) | [
{
"member": "10.0.0.1"
}
] |
| destinationMembers | array | yes | List of destination members (destination address or destination address group members) | [
{
"member": "any"
}
] |
| panoramaAdapter | string | yes | Panorama adapter instance to be used | panorama |
Outputs
There are no outputs for Create Security Pre or Post Rule - Panorama - REST - Example.
Query Output
There are no query output examples for Create Security Pre or Post Rule - Panorama - REST - Example.
Example Inputs and Outputs
Example 1
Input:
{
"formData": {
"schedule": "Business Hours",
"fromMembers": [
{
"member": "any"
}
],
"toMembers": [
{
"member": "10.0.0.0"
}
],
"sourceMembers": [
{
"member": "10.0.0.1"
}
],
"destinationMembers": [
{
"member": "any"
}
],
"securityRule": "Post Rule",
"name": "rule-2",
"description": "rule-2",
"ruleLocation": "shared",
"ruleType": "universal",
"logStart": "yes",
"logEnd": "yes",
"action": "deny",
"panoramaAdapter": "panorama"
}
} API Links
| API Name | API Documentation Link | API Link Visibility |
|---|---|---|
| Create Security Policy Rule REST API | https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-rest-api/create-security-policy-rule-rest-api | Public |
| PAN-OS XML API Commit | https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-request-types/commit-configuration-api/commit | Public |
Additional Information
Support
Please use your Itential Customer Success account if you need support when using this Workflow Project.