A lightweight multithreaded utility, that utilizes the PAN-OS API, for working with Palo Alto Networks Panorama and firewalls.
panos-cli is wrtten in Go, enabling you to download a dependency free binary for your platform.
Print all firewalls managed by the Panorama appliance in the config file:
> panos-cli panorama get firewallsPrint all active/standalone firewalls managed by panorama.example.com:
> panos-cli panorama get firewalls --panorama panorama.example.com --state active,standalonePrint all connected firewalls where the firewall name contains "ca" or "ny":
> panos-cli panorama get firewalls --connected yes --firewall "*ca*","*ny*"Print all firewall names to be piped to another command:
> panos-cli panorama get firewalls --tersePrint all interfaces of fw01.example.com and fw02.example.com:
> panos-cli firewall get interfaces fw01.example.com fw02.example.comPrint interfaces of firewalls returned from the panos-cli panorama get firewalls command:
> panos-cli panorama get firewalls --terse | panos-cli firewall get interfacesPrint interfaces that have an IP address and the interface name begins with "eth" or "ae":
> panos-cli firewall get interfaces --has-ip --name "eth*","ae*" fw01.example.comPrint two pingable addresses behind each interface on fw01.example.com:
> panos-cli firewall get pingable-hosts fw01.example.comPrint four pingable addresses behind each interface on fw01.example.com and set the ICMP timeout to 1000ms:
> panos-cli firewall get pingable-hosts --timeout 1000 --num-addrs 4 fw01.example.comPrint object limits of fw01.example.com and fw02.example.com:
> panos-cli firewall get object-limits fw01.example.com fw02.example.comPrint object limits of firewalls returned from the panos-cli panorama get firewalls command:
> panos-cli panorama get firewalls --terse | panos-cli firewall get object-limitsPrint set configuration of fw01.example.com and fw02.example.com:
> panos-cli firewall get config set fw01.example.com fw02.example.comPrint set configuration of firewalls returned from the "panos-cli panorama get firewalls" command:
> panos-cli panorama get firewalls --terse | panos-cli firewall get config set --key-based-authPrint set configuration and filter for "mgt-config":
> panos-cli firewall get config set --filter "mgt-config" fw01.example.comPrint running configuration of fw01.example.com and fw02.example.com:
> panos-cli firewall get config xml fw01.example.com fw02.example.comPrint running configuration of firewalls returned from the "panos-cli panorama get firewalls" command:
> panos-cli panorama get firewalls --terse | panos-cli firewall get config xmlPrint running configuration at specified XPath:
> panos-cli firewall get config xml --xpath "mgt-config" fw01.example.comPrint effective running configuration at specified XPath:
> panos-cli firewall get config xml --type "effective-running" --xpath "mgt-config" fw01.example.comExecute the show system info and show arp all commands on fw01.example.com:
> panos-cli firewall run commands --command "show system info","show arp all" fw01.example.comExecute the show system info command on fw01.example.com and fw02.example.com, use key based auth, and ignore host key verification:
> panos-cli firewall run commands --command "show system info" --key-based-auth --insecure fw01.example.com fw02.example.comExecute the show system info command on all firewalls returned from the panos-cli panorama get firewalls command:
> panos-cli panorama get firewalls --terse | panos-cli firewall run commands --command "show system info" --key-based-authPrint connected users on all gateways in the config file:
> panos-cli global-protect get usersPrint connected users on specified gateways and include stats:
> panos-cli global-protect get users --stats --gateways gw01.example.com,gw02.example.comPrint connected users where the username contains "doe":
> panos-cli global-protect get users --connected-user "*doe*"Download the latest binary from the release page or install via go install.
Installing via go install:
- Download and install Go (https://go.dev/dl/)
- Execute
go install github.com/Dapacruz/panos-cli@latest