Palo Alto Networks firewall with PAN-OS (SSH)
Connector name |
|
Connector type | PSLang script |
Type (UI field value) | Palo Alto Networks firewall with PAN-OS (SSH) |
Target system versions supported / tested | The |
Connector status / support | Customer-Verified Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system. |
Installation / setup | Bravura Security Fabric performs operations on Palo Alto Networks firewall with PAN-OS using the |
The following Bravura Security Fabric operations are supported by this connector (depending on your product license and version):
administrator reset password
user verify password
create account
delete account
disable account
enable account
check account enabled
get server information
List:
accounts
For a full list and explanation of each connector operation, see connector operations.
See also
See Secure Shell for details about agtssh.
Targeting the Palo Alto Networks firewall with PAN-OS system
For each Palo Alto Networks firewall with PAN-OS system, add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type is Palo Alto Networks firewall with PAN-OS (SSH) .
Address uses options described in the table below.
The full list of target parameters is explained in Target System Options .
Option | Description |
|---|---|
Options marked with a | |
Script file | Must be set to agtpanos.psl (key: script) |
Server | The IP address/domain name of the Palo Alto Networks firewall with PAN-OS server. (key: server) |
Target system’s internal hostname | This is the internally-defined host name that, along with the logged in user’s name, comprises the Palo Alto Networks firewall with PAN-OS prompt. The script generates the expected prompt using this value, then uses the generated prompt to know when commands have completed. (key: name) |
Advanced | |
Port | TCP Port number. Default is 22. (key: port) |
Compression | Select to enable data compression for SSH connections. Default is false. (key: compression) |
Action for host keys | Select DenyUnmatch (default) or AllowAppend. For new targets, AllowAppend is recommended. DenyUnmatch only connects to SSH hosts whose public host keys have been previously recorded and have not been changed. It will reject SSH hosts whose keys have not been previously recorded or were previously recorded but have changed. AllowAppend connects to SSH hosts whose public host keys have been previously recorded and have not been changed, and to SSH hosts whose keys have not been previously recorded. It will reject SSH hosts whose keys were previously recorded but have changed. (key: hostkeys) |
Host keys file | Specify the name of the public host key file. It must be located in the \<instance>\script\ directory. (key: file) |
Authentication key file | This is a generic SSH target field that is ignored for Palo Alto Networks firewall with PAN-OS target systems. Login must be done with username and password. |
Timeout for connection | Amount of time the connector will wait for a response. (key: timeout) |
Enable SSH v1? | To enable SSH connection via SSH protocol version 1. (key: enable_ssh_1) |
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts on Palo Alto Networks firewall with PAN-OS.
Consult the documentation included with your specific application to learn how to create an account to use as a template in Bravura Security Fabric . You can then add account attributes to determine how new accounts should be created based on the template account’s parameters.
Note that Bravura Security Fabric still requires a template account, even though attributes may or may not be copied from the template account, for example, if the configured action for all account attributes is Set .