Ok Thanks, Chris, I will make a note. One more thing, whenever I am pushing changes to Firewalls i am not getting notified through email about changes made but in the case of Cisco, I receive whatever changes are made through email. While in the Firewall I am getting notifications as below every 30 mins.
#wf-private-version: 0 #wf-private-release-date: unknown #url-db: paloaltonetworks - #wildfire-version: 757373-760822 - #wildfire-release-date: 2023/04/06 19:57:32 IST + #wildfire-version: 757379-760828 + #wildfire-release-date: 2023/04/06 20:27:32 IST #wildfire-rt: Disabled - #url-filtering-version: 20230406.20218 + #url-filtering-version: 20230406.20226 On Thu, 6 Apr 2023 at 18:17, Chris <[email protected]> wrote: > I think you can remove step 4, in my experience it should not be needed > > > > Chris > > > > *From: *Anwar Durrani <[email protected]> > *Sent: *Thursday, April 6, 2023 5:08 AM > *To: *Chris <[email protected]> > *Cc: *heasley <[email protected]>; [email protected] > *Subject: *Re: [rancid] login script for PaloAlto PA850 > > > > Thanks, Chris for your prompt response. > > > > I am putting complete procedure step by step so that every one can easily > understand > > > > #Configure PaloAlto Firewall on rancid server > > Rancid Version : 3.13-1 [apt -list | grep rancid] > > OS Version : Ubuntu 22.04.2 LTS [lsb_release -a] > > > > 1. Make changes in rancid main configuration /etc/rancid/rancid.conf > > add firewalls(whatever name you would like to keep) > LIST_OF_GROUPS="routers switches waps firewalls"; export LIST_OF_GROUPS > > > > 2. To take effets the changes in configuration run below command but you > have to be rancid user first > > su - rancid > > /usr/lib/rancid/bin/rancid-run > > > > 3. Make change in configuration file and add device > > vim /var/lib/rancid/firewalls/router.db > > > > add following line > > > > firewall1.your-domain.com;paloalto;up; > > > > 4. Make changes in > > vim /var/lib/rancid/firewalls/routers.up > > > > add below line > > > > firewall1.your-domain.com;paloalto > > > > 5. Make changes in vim /etc/rancid/rancid.types.base > > > > add lines below > > > > paloalto;login;plogin > > paloalto;module;panos > > paloalto;inloop;panos::inloop > > paloalto;command;panos::ShowInfo;show system info > > paloalto;command;panos::ShowInventory;show chassis inventory > > paloalto;command;panos::ShowConfig;show config merged > > > > 6. Make changes in vim /etc/rancid/rancid.types.conf > > > > *# This is for PaloAlto Firewall* > > paloalto;script;panrancid > > > > 7. Make changes in vim /etc/rancid/rancid.types.conf > > > > add lines as below > > > > *# This is for PaloAlto Firewall* > > paloalto;script;panrancid > > > > 8. Enable email configuration > > > > vim /etc/aliases > > > > add lines below > > > > rancid-firewalls: [email protected] > > rancid-firewalls-admin: [email protected] > > > > *# Run below command to take into effect* > > newaliases > > > > *# You Must have panos, panrancid & plogin files present under > /var/lib/rancid/bin* > > > > On Thu, 6 Apr 2023 at 03:49, Chris <[email protected]> wrote: > > Just wanted to add for the benefit of all, I like to edit my > etc/rancid.types.conf and add a new “type”. Here is what the additional > lines look like: > > > > paloaltofw;script;rancid -t paloaltofw > > paloaltofw;login;panlogin > > paloaltofw;module;panos > > paloaltofw;inloop;panos::inloop > > paloaltofw;command;panos::ShowInfo;show system info > > paloaltofw;command;panos::ShowInventory;show chassis inventory > > paloaltofw;command;rancid::RunCommand;set cli config-output-format set > > paloaltofw;command;rancid::RunCommand;configure > > paloaltofw;command;panos::ShowConfig;show > > > > This gives you a more human readable configuration. > > > > In your router.db you would need to add: > > > > Firewall1.yourdomain.com;paloaltofw;up > > > > Chris > > > > *From: *heasley <[email protected]> > *Sent: *Wednesday, April 5, 2023 4:03 PM > *To: *Chris Weakland <[email protected]> > *Cc: *Anwar Durrani <[email protected]>; > [email protected] > *Subject: *Re: [rancid] login script for PaloAlto PA850 > > > > Wed, Apr 05, 2023 at 07:21:17AM -0400, Chris Weakland: > > > Palo Alto support has bee. built into Rancid for some time, no need for > any > > additional scripts. The device type is: paloalto > > > > indeed; there is also device type paloaltoxml for the xml config. > > > > > Your router.db looks incorrect, it should be: > > > > > > Firewall1.yourdomain.com;paloalto;up > > > > to be pedantic, additional fields are simply ignored. > > > > > > > -- > > Thanks & regards, > Anwar M. Durrani > > +91-9923205011 > > > > > -- Thanks & regards, Anwar M. Durrani +91-9923205011 <http://in.linkedin.com/pub/anwar-durrani/20/b55/60b>
_______________________________________________ Rancid-discuss mailing list [email protected] https://www.shrubbery.net/mailman/listinfo/rancid-discuss
