panos-cli

command module

v0.9.5 Latest Latest Go to latest Published: Jan 28, 2023 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

License Downloads

A lightweight utility, that utilizes the PAN-OS API, for working with Palo Alto Networks Panorama and firewalls.

panos-cli is wrtten in Go, enabling you to download a dependency free binary for your platform.

Print all firewalls managed by the Panorama appliance in the config file:

> panos-cli panorama get firewalls

Print all active/standalone firewalls managed by panorama.example.com:

> panos-cli panorama get firewalls --panorama panorama.example.com --state active,standalone

Print all connected firewalls where the firewall name contains "ca" or "ny":

> panos-cli panorama get firewalls --connected yes --firewall "*ca*","*ny*"

Print all firewall names to be piped to another command:

> panos-cli panorama get firewalls --terse

Print all interfaces of 'fw01.example.com' and 'fw02.example.com':

> panos-cli firewall get interfaces fw01.example.com fw02.example.com

Print interfaces of firewalls returned from the 'panos-cli panorama get firewalls' command:

> panos-cli panorama get firewalls --terse | panos-cli firewall get interfaces

Print interfaces that have an IP address and the interface name begins with 'eth' or 'ae':

> panos-cli firewall get interfaces --has-ip --name "eth*","ae*" fw01.example.com

Print two pingable addresses behind each interface on fw01.example.com:

> panos-cli firewall get pingable-hosts fw01.example.com

Print four pingable addresses behind each interface on fw01.example.com and set the ICMP timeout to 1000ms:

> panos-cli firewall get pingable-hosts --timeout 1000 --num-addrs 4 fw01.example.com

Execute the 'show system info' and 'show arp all' commands on fw01.example.com:

> panos-cli firewall run commands --command "show system info","show arp all" fw01.example.com

Execute the 'show system info' command on fw01.example.com and fw02.example.com, use key based auth, and ignore host key verification:

> panos-cli firewall run commands --command "show system info" --key-based-auth --insecure fw01.example.com fw02.example.com

Execute the 'show system info' command on all firewalls returned from the 'panos-cli panorama get firewalls' command:

> panos-cli panorama get firewalls --terse | panos-cli firewall run commands --command "show system info" --key-based-auth

Print connected users on all gateways in the config file:

> panos-cli global-protect get users

Print connected users on specified gateways and include stats:

> panos-cli global-protect get users --stats --gateways gw01.example.com,gw02.example.com

Print connected users where the username contains 'doe':

> panos-cli global-protect get users --connected-user "*doe*"

Download the latest binary from the release page or install via go install.

Installing via go install:

There is no documentation for this package.