NAME
Device::PaloAlto::Firewall - Interact with the Palo Alto firewall API
VERSION
version 0.08
SYNOPSIS
Device::PaloAlto::Firewall provides interfaces to retrieve information from a Palo Alto firewall.
my $firewall = Device::PaloAlto::Firewall->new(uri => 'http://localhost.localdomain', username => 'admin', password => 'complex_password')
my $environ = $firewall->environmentals();
my $interfaces = $firewall->interfaces();
A key point is that that methods only retrieve information. There are no methods within this module to modify or commit configuration.
The methods return either an ARRAYREF or HASHREF, and the data structure returned is largely unchanged from what the firewall returns. Some general cleaning may be have done, and some changes occur when the XML from the firewall is parsed and turned into a Perl structure.
For brevity, examples of the return values aren't documented within this document but in a separate Device::PaloAlto:Firewall::Return page.
CONSTRUCTOR
The new()
constructor takes the following arguments:
uri
- A HTTP or HTTPS URI to the firewall.username
- a username to authenticate to the device.password
- a password for the username.
METHODS
META
These methods affect the way requests are made to the firewalls.
authenticate
Manually authenticates to the firewall.
verify_hostname
Enables/disables the verification of the peer certificate and hostname if 'https' is used for API calls. By default TLS peer verification is enabled.
$fw->verify_hostname(1); Enable TLS peer verification
$fw->verify_hostname(0); Disable TLS verification
optimise
Enables/disables the local caching of requests and responses to the firewall. This is disabled by default.
$fw->optimise(1); # Enable optimisation
my $system_info = $fw->system_info(); # API call to retrieve interface information
$system_info = $fw->system_info(); # Information retrieved from local cache
The first call to system_info()
will make an API call to the firewall and cache the result. The second request will retrieve the response from the local cache without making an API call. Under the covers it uses Memoize
to cache the API request call. This means that each function & arguments receive their own cache. For example:
$fw->optimise(1);
my $default_vr bgp_peers = $fw->bgp_peers(vrouter => 'default');
my $other_vr_bgp_peers = $fw->bgp_peers(vrouter => 'other');
Both of these methods would make an API call to the firewall as the arguments differ.
tester
Retrieves a Device::PaloAlto::Firewall::Test
object for this firewall.
use Test::More;
my $test = Device::PaloAlto::Firewall->new(uri => 'http://remote_pa.domain', username => 'test', password => 'test')->tester();
ok( $test->interfaces_up(interfaces => ['ethernet1/1']) );
For more information, see the Device::PaloAlto::Firewall::Test documentation.
PLATFORM
These methods retrieve information on the firewall platform.
system_info
Returns system information from the firewall.
my $system_info = $fw->system_info();
say "Current Time on Firewall: $system_info->{time}";
environmentals
Returns information on the system environmentals. This includes the fantray and fans, power supplies and power, temperature. Note: virtual machines don't have any environmental information and won't return any information.
high_availability
Retrieves information on the high availability status of the firewall.
NETWORK
These methods retrieve network information from the firewall.
interfaces
Retrieves interface information.
interface_counters_logical
Retrieves information on the logical interface counters.
routing_table
Retrives information on the routing table for a particular virtual router. If no vrouter
argument is specified it retrieves the 'default' vrouter's routing table.
my $default_vr_table = $fw->routing_table();
my $corp_vr_table = $fw->routing_table(vrouter => 'corp');
bgp_peers
Retrieves information on the configured BGP peers for a particular virtual router. If no vrouter
argument is specified it retrieves the 'default' vrouter's BGP peers.
my $default_vr_bgp_peers = $fw->bgp_peers();
my $corp_vr_bgp_peers = $fw->bgp_peers(vrouter => 'corp');
bgp_rib
Retrieves information the local routing information base (RIB) for a specific virtual router. If no vrouter
argument is specified, the 'default' vrouter's loc RIB is returned.
my $default_vr_rib = $fw->bgp_rib();
my $corp_vr_rib = $fw->bgp_rib(vrouter => 'corp');
If BGP is not configured, or there are no prefixes in the local RIB, an empty ARRAYREF is returned. Otherwise an ARRAYREF is returned containing the prefixes in the local RIB.
ospf_neighbours
Returns and ARRAYREF containing information on the current OSPF neighbours for a specific virtual router. If no vrouter
argument is specified, the 'default' vrouter's neighbours are returned.
If OSPF is not configured, or there are no OSPF neighbours up, an empty ARRAYREF
Neighbours are returned who have not completed a full OSPF handshake - for example they may be in EXSTART if there is an MTU mismatch on the interface.
pim_neighbours
Retrieves information on the PIM neighbours for a specific virtual router. If no vrouter
argument is specified, the neighbours for the 'default' vrouter are returned.
my $pim_neighbours = $fw->pim_neighbours(vrouter => 'corp');
If PIM is not configured, or there are currently no neighbours, an empty ARRAYREF is returned.
bfd_peers
Returns information on BFD peers.
MANAGEMENT
These methods retrieve information on the management / operational status of the firewall.
ntp
Retrieves information on the current synchronisation and reachability of configured NTP peers.
panorama_status
Returns information on the current Panorama runtime status.
SECURITY
These methods retrieve information on the security functions of the firewall.
ip_user_mapping
Returns the ip to user mapping table.
userid_server_monitor
Returns the state of the servers used to monitor User-ID IP-to-user mappings.
ike_peers
Returns information on active IKE (Phase 1) VPN peers.
ipsec_peers
Returns information on the active IPSEC (Phase 2) VPN peers.
vpn_tunnels
Returns dataplane IPSEC VPN tunnel information.
AUTHOR
Greg Foletta, <greg at foletta.org>
BUGS
Please report any bugs or feature requests to bug-device-paloalto-firewall at rt.cpan.org
, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Device-PaloAlto-Firewall. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Device::PaloAlto::Firewall
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Device-PaloAlto-Firewall
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
Copyright 2017 Greg Foletta.
This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:
http://www.perlfoundation.org/artistic_license_2_0
Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.
If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.
This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.
This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.
Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.