NAME
Device::PaloAlto:Firewall::Return - Return values for Device::PaloAlto::Firewall methods.
VERSION
version 0.09
DESCRIPTION
The Device::PaloAlto::Firewall package has methods which make API calls against the firewall. The return values from these methods are either hash or array references where appropriate.
Apart from some data structure re-organisation and/or simplification, the values returned are verbatim what was receveied from the firewall in the API response.
Both the hash keys and example values are documented for each method to provide more context.
RETURN VALUES
METHODS
PLATFORM
system_info
Note the newline at the end of the 'time' member value.
{
'wildfire-release-date' => 'unknown',
'vm-license' => 'VM-100',
'wildfire-version' => '0',
'default-gateway' => '10.47.67.126',
'wf-private-release-date' => 'unknown',
'ipv6-default-gateway' => {},
'multi-vsys' => 'off',
'wf-private-version' => '0',
'global-protect-datafile-version' => '0',
'av-release-date' => 'unknown',
'global-protect-client-package-version' => '0.0.0',
'netmask' => '255.255.255.192',
'ipv6-address' => 'unknown',
'vm-mode' => 'VMWare ESXi',
'platform-family' => 'vm',
'global-protect-datafile-release-date' => 'unknown',
'av-version' => '0',
'threat-version' => '0',
'url-db' => 'paloaltonetworks',
'vpn-disable-mode' => 'off',
'devicename' => 'PA-VM',
'model' => 'PA-VM',
'ip-address' => '10.47.67.69',
'time' => 'Fri Aug 25 10:32:03 2017\n'
'mac-address' => '00:50:56:97:e1:bd',
'family' => 'vm',
'threat-release-date' => 'unknown',
'app-release-date' => 'unknown',
'app-version' => '564-3168',
'vm-uuid' => '4217C1F1-986E-10E7-375E-664A93CF453A',
'operational-mode' => 'normal',
'vm-mac-base' => 'D4:1D:71:D8:8D:00',
'ipv6-link-local-address' => 'fe80::250:56ff:fe97:e1bd/64',
'serial' => '007000000025137',
'is-dhcp' => 'no',
'sw-version' => '7.1.11',
'vm-mac-count' => '256',
'url-filtering-version' => '0000.00.00.000',
'hostname' => 'PA-VM',
'uptime' => '34 days, 21:56:18',
'vm-cpuid' => 'E4060300FFFBAB1F',
'logdb-version' => '7.0.9'
};
environmentals
If the device is a VM, there are no environmentals an an empty HASHREF is returned.
{
'fantray' => {
'Slot1' => [
{
'min' => '1',
'Inserted' => 'True',
'description' => 'Fan Tray',
'slot' => '1',
'alarm' => 'False'
}
]
},
'power-supply' => {
'Slot1' => [
{
'slot' => '1',
'alarm' => 'False',
'Inserted' => 'True',
'min' => 'True',
'description' => 'Power Supply #1 (left)'
},
]
},
'thermal' => {
'Slot1' => [
{
'min' => '5.0',
'description' => 'Temperature @ 10G Phys [U171]',
'DegreesC' => '34.5',
'max' => '60.0',
'slot' => '1',
'alarm' => 'False'
},
]
},
'fan' => {
'Slot1' => [
{
'min' => '2500',
'description' => 'Fan #1 RPM',
'RPMs' => '6136',
'slot' => '1',
'alarm' => 'False'
},
]
},
'power' => {
'Slot1' => [
{
'description' => '1.0V Power Rail',
'min' => '0.9',
'max' => '1.1',
'slot' => '1',
'Volts' => '1.00066666667',
'alarm' => 'False'
}
]
}
};
high_availability
{
'group' => {
'mode' => 'Active-Passive',
'peer-info' => {
'mode' => 'Active-Passive',
'mgmt-ip' => '10.175.32.17/24',
'platform-model' => 'PA-VM',
'conn-ha1' => {
'conn-desc' => 'heartbeat status',
'conn-primary' => 'yes',
'conn-status' => 'up'
},
'url-version' => '0000.00.00.000',
'conn-status' => 'up',
'state-duration' => '5270418',
'build-rel' => '8.0.3',
'vpnclient-version' => 'Not Installed',
'last-error-state' => 'suspended',
'priority' => '128',
'gpclient-version' => 'Not Installed',
'last-error-reason' => 'User requested',
'state' => 'passive',
'app-version' => '712-4114',
'mgmt-ipv6' => {},
'ha1-macaddr' => '00:50:56:9b:c5:de',
'av-version' => '0',
'vm-license' => 'VM-300',
'version' => '1',
'preemptive' => 'yes',
'threat-version' => '712-4114',
'ha1-ipaddr' => '169.254.0.2'
},
'path-monitoring' => {
'vrouter' => {},
'enabled' => 'yes',
'fail-cond' => 'any',
'vlan' => {},
'vwire' => {}
},
'link-monitoring' => {
'enabled' => 'yes',
'fail-cond' => 'any',
'groups' => {}
},
'running-sync' => 'synchronized',
'local-info' => {
'max-flaps' => '3',
'app-version' => '712-4114',
'ha1-link-mon-intv' => '3000',
'state' => 'active',
'state-sync' => 'User-disabled',
'version' => '1',
'preemptive' => 'yes',
'ha1-ipaddr' => '169.254.0.1/30',
'threat-version' => '712-4114',
'ha1-macaddr' => '00:50:56:9b:48:4f',
'monitor-fail-holdup' => '0',
'build-compat' => 'Match',
'mgmt-ipv6' => {},
'url-compat' => 'Match',
'promotion-hold' => '2000',
'av-version' => '0',
'vpnclient-compat' => 'Match',
'addon-master-holdup' => '500',
'mode' => 'Active-Passive',
'mgmt-ip' => '10.175.32.16/24',
'ha1-encrypt-enable' => 'no',
'platform-model' => 'PA-VM',
'vpnclient-version' => 'Not Installed',
'av-compat' => 'Match',
'hello-interval' => '8000',
'build-rel' => '8.0.3',
'app-compat' => 'Match',
'gpclient-compat' => 'Match',
'vm-license' => 'VM-300',
'url-version' => '0000.00.00.000',
'preempt-hold' => '1',
'nonfunc-flap-cnt' => '0',
'last-error-reason' => 'User requested',
'heartbeat-interval' => '2000',
'preempt-flap-cnt' => '0',
'gpclient-version' => 'Not Installed',
'priority' => '64',
'last-error-state' => 'suspended',
'active-passive' => {
'passive-link-state' => 'shutdown',
'monitor-fail-holddown' => '1'
},
'ha1-encrypt-imported' => 'no',
'threat-compat' => 'Match',
'ha1-port' => 'ethernet1/7',
'state-duration' => '5270423'
},
'running-sync-enabled' => 'yes'
},
'enabled' => 'yes'
};
software_check
[
{
'current' => 'no',
'downloaded' => 'no',
'filename' => 'PanOS_vm-8.0.4',
'latest' => 'yes',
'version' => '8.0.4',
'size' => '378',
'release-notes' => 'https://downloads.paloaltonetworks.com/software/PAN-OS-8.0.4-RN.pdf?__gda__=1505263707_ef8a89c4a93427db012ce6614bc44d03',
'uploaded' => 'no',
'released-on' => '2017/07/26 14:29:20',
'size-kb' => '387602'
}
];
content_check
[
{
'release-notes' => 'https://downloads.paloaltonetworks.com/content/content-730-4195.html?__gda__=1505264450_4bf3585276733c1dd4fd8902286b222a',
'current' => 'no',
'previous' => 'no',
'released-on' => '2017/08/30 16:54:52 PDT',
'update-type' => 'Full',
'downloaded' => 'no',
'version' => '730-4195',
'feature-desc' => 'Unknown',
'app-version' => '730-4195',
'features' => 'Apps, Threats',
'size-kb' => '32940',
'filename' => 'panupv2-all-contents-730-4195',
'size' => '32',
'installing' => 'no'
},
];
antivirus_check
[
{
'filename' => 'panup-all-antivirus-2358-2850',
'release-notes' => 'https://downloads.paloaltonetworks.com/virus/AntiVirusExternal-2358.html?__gda__=1505264830_d290e01664cb68c51d3e1f24202e0cfa',
'downloaded' => 'no',
'features' => 'Virus',
'version' => '2358-2850',
'current' => 'no',
'size-kb' => '79446',
'update-type' => 'Full',
'size' => '77',
'released-on' => '2017/09/05 04:00:27 PDT',
'previous' => 'no',
'app-version' => '2358-2850',
'feature-desc' => 'Unknown',
'installing' => 'no'
}
];
gp_client_check
[
{
'latest' => 'no',
'release-notes' => 'https://downloads.paloaltonetworks.com/software/GlobalProtect-Agent-4.0.3-RNs.pdf?__gda__=1505265092_f74a714ded048dbf4031a9cf2308279b',
'released-on' => '2017/09/01 15:47:38',
'filename' => 'PanGP-4.0.3',
'uploaded' => 'no',
'downloaded' => 'no',
'size' => '39',
'size-kb' => '40823',
'version' => '4.0.3',
'current' => 'no'
}
];
licenses
[
{
'authcode' => {},
'serial' => '1234567890',
'expires' => 'June 30, 2020',
'expired' => 'no',
'description' => 'WildFire signature feed, integrated WildFire logs, WildFire API',
'issued' => 'July 06, 2017',
'feature' => 'WildFire License',
'base-license-name' => 'PA-VM'
}
];
NETWORK
interfaces
{
'ifnet' => {
'entry' => [
{
'vsys' => '1',
'dyn-addr' => {},
'name' => 'ethernet1/1',
'zone' => 'Untrust',
'id' => '16',
'addr' => {},
'fwd' => 'vr:default',
'ip' => '203.44.17.6/29',
'addr6' => {},
'tag' => '0'
},
]
},
'hw' => {
'entry' => [
{
'speed' => '10000',
'st' => '10000/full/up',
'type' => '0',
'state' => 'up',
'mac' => '00:50:56:9b:5a:25',
'name' => 'ethernet1/1',
'mode' => '(autoneg)',
'duplex' => 'full',
'id' => '16'
},
]
}
};
interface_counters_logical
[
{
'teardrop' => '0',
'l2_decap' => '0',
'noneigh' => '0',
'neighpend' => '0',
'ipspoof' => '0',
'other_conn' => '0',
'zonechange' => '0',
'noroute' => '0',
'ifwderrors' => '0',
'pod' => '0',
'noarp' => '1',
'l2_encap' => '0',
'idrops' => '172',
'opackets' => '493642',
'name' => 'ethernet1/1',
'obytes' => '158503950',
'udp_conn' => '0',
'land' => '0',
'nomac' => '0',
'icmp_frag' => '0',
'ibytes' => '547451868',
'macspoof' => '0',
'tcp_conn' => '0',
'ipackets' => '1789916',
'ierrors' => '0',
'flowstate' => '10928'
},
];
routing_table
[
{
'destination' => '0.0.0.0/0',
'nexthop' => '203.44.17.1',
'flags' => 'A S ',
'virtual-router' => 'default',
'interface' => 'ethernet1/1',
'metric' => '10',
'age' => {},
'route-table' => 'unicast'
},
{
'age' => {},
'route-table' => 'unicast',
'destination' => '10.175.34.0/24',
'nexthop' => '10.175.34.1',
'flags' => 'A C ',
'interface' => 'ethernet1/5',
'virtual-router' => 'default',
'metric' => '0'
},
];
bgp_peers
[
{
'ORF-entry-received' => '0',
'msg-total-in' => '45',
'local-address' => '192.168.122.19:179',
'passive' => 'no',
'msg-total-out' => '47',
'status-duration' => '1021',
'connect-retry-interval' => '120',
'holdtime' => '90',
'peer-router-id' => '1.1.1.20',
'peer-group' => 'Cisco',
'prefix-limit' => '5000',
'last-error' => {},
'keepalive' => '30',
'status-flap-counts' => '2',
'prefix-counter' => {
'entry' => [
{
'incoming-accepted' => '2',
'outgoing-total' => '1',
'incoming-total' => '2',
'afi-safi' => 'bgpAfiIpv4-unicast',
'outgoing-advertised' => '1',
'incoming-rejected' => '0'
}
]
},
'peer-address' => '192.168.122.30:52236',
'multi-hop-ttl' => '2',
'idle-hold' => '15',
'msg-update-out' => '5',
'remote-as' => '65001',
'config' => {
'remove-private-as' => 'yes'
},
'open-delay' => '0',
'last-update-age' => '16',
'password-set' => 'no',
'nexthop-thirdparty' => 'yes',
'peer' => 'c1000v.local',
'aggregate-confed-as' => 'yes',
'msg-update-in' => '7',
'peering-type' => 'Unspecified',
'vr' => 'default',
'nexthop-peer' => 'no',
'same-confederation' => 'no',
'established-counts' => '1',
'holdtime-config' => '90',
'reflector-client' => 'not-client',
'keepalive-config' => '30',
'peer-capability' => {
'list' => [
{
'capability' => 'Multiprotocol Extensions(1)'
},
{
'capability' => 'Route Refresh(2)'
},
{
'capability' => '32-Bit AS Number(65)'
},
{
'capability' => 'unknown(70)'
},
{
'capability' => 'Route Refresh (Cisco)(128)'
}
]
},
'nexthop-self' => 'no',
'status' => 'Established'
},
]
bgp_rib
[
{
'nexthop' => '192.168.122.30',
'received-from' => 'c1000v.local',
'as-path' => '65001',
'prefix' => '9.9.9.0/24',
'flag' => '*',
'flap-stat' => {
'flap-count' => '0'
},
'attr' => {
'local-preference' => '100',
'med' => '0',
'origin' => 'IGP',
'originator-id' => '0.0.0.0',
'weight' => '0'
}
},
];
ospf_neighbours
[
{
'area-id' => '0.0.0.0',
'hello-suppressed' => 'no',
'neighbor-router-id' => '1.1.1.2',
'neighbor-address' => '192.168.122.30',
'options' => '0x52: O EA E ',
'status' => 'full',
'local-address-binding' => '0.0.0.0',
'lsa-request-pending' => '0',
'restart-helper-status' => 'not helping',
'restart-helper-time-remaining' => '0',
'type' => 'dynamic',
'messages-pending' => '0',
'virtual-router' => 'default',
'neighbor-priority' => '1',
'restart-helper-exit-reason' => 'none',
'lifetime-remain' => '38'
},
];
pim_neighbours
[
{
'Address' => '192.168.122.30',
'IfIndex' => 'ethernet1/1',
'DRPriority' => '1',
'sec' => {},
'ExpiryTime' => '94.06',
'UpTime' => '44.97',
'GenerationIDPresent' => 'yes',
'GenerationIDValue' => '1410841443'
}
]
bfd_peers
[
{
'neighbor-ip-address' => '192.168.198.30',
'local-ip-address' => '192.168.198.29',
'protocol' => 'BGP ',
'session-id' => '2',
'discriminator-remote' => '0x4bb50013',
'state-local' => 'up',
'up-time' => '-1244382476d 16h 53m 38s 940ms ',
'discriminator-local' => '0x48e0002',
'errors' => '0',
'interface' => 'ethernet1/23 '
},
]
MANAGEMENT
ntp
{
'synched' => 'LOCAL'
};
{
'ntp-server-2' => {
'reachable' => 'yes',
'status' => 'synched',
'name' => '203.122.222.149',
'authentication-type' => 'none'
},
'ntp-server-1' => {
'authentication-type' => 'none',
'name' => '202.122.222.150',
'status' => 'rejected',
'reachable' => 'no'
},
'synched' => '203.122.222.149'
};
panorama_status
[
{
'ip' => '1.1.1.1',
'ha_state' => 'disconnected',
'connected' => 'no',
'id' => '1'
},
{
'ha_state' => 'disconnected',
'id' => '2',
'connected' => 'no',
'ip' => '1.1.1.2'
}
];
SECURITY
ip_user_mapping
[
{
'timeout' => '413',
'domain' => 'domain',
'ip' => '192.9.202.79',
'vsys' => 'vsys1',
'type' => 'AD',
'user' => 'user1',
'idle_timeout' => '413'
},
{
'user' => 'user2',
'idle_timeout' => '2644',
'type' => 'AD',
'ip' => '192.9.200.64',
'vsys' => 'vsys1',
'domain' => 'domain',
'timeout' => '2644'
},
]
userid_server_monitor
[
{
'connected' => 'Connected',
'vsys' => 'vsys1',
'name' => 'ad03.domain.int'
},
{
'name' => 'ad06.domain.int',
'connected' => 'Connection timeout',
'vsys' => 'vsys1'
},
]
ike_peers
[
{
'mode' => 'Main',
'name' => 'c1000v',
'expires' => 'Aug.29 02:02:49',
'created' => 'Aug.28 18:02:49',
'algo' => 'PSK/ DH5/ AES/SHA512',
'gwid' => '1',
'role' => 'Resp'
}
];
ipsec_peers
[
{
'i_spi' => '-6187583',
'o_spi' => '-623460235',
'life' => '2847',
'proto' => 'ESP',
'tid' => '1',
'remote' => '192.168.122.30 ',
'hash' => 'MD5',
'enc' => '3DES',
'kb' => '4608000',
'name' => 'c1000v(c1000v)',
'gwid' => '1'
}
];
vpn_tunnels
[
{
'natt' => 'False',
'pkt-decap' => '5',
'sid' => '208',
'pkt-replay' => '0',
'type' => 'IPSec',
'anti-replay' => 'False',
'state' => 'active',
'proto' => 'ESP',
'auth' => 'md5',
'monitor' => {
'pkt-seen' => '0',
'threshold' => '0',
'on' => 'False',
'pkt-reply' => '0',
'status' => 'False',
'interval' => '0',
'pkt-recv' => '0',
'pkt-sent' => '0'
},
'pkt-lifesize' => '0',
'inner-if' => 'tunnel.1',
'remain' => '2568',
'id' => '1',
'natt-lp' => '0',
'auth-err' => '0',
'context' => '4',
'copy-tos' => 'False',
'owner' => '1',
'dec-err' => '0',
'byte-encap' => '600',
'acquire' => '0',
'owner-state' => '0',
'timestamp' => '2531',
'remote-spi' => 'DAD6C075',
'byte-decap' => '600',
'gwid' => '1',
'pkt-lifetime' => '0',
'name' => 'c1000v',
'local-spi' => 'FFA195C1',
'natt-rp' => '0',
'seq-recv' => '0',
'mtu' => '1436',
'subtype' => 'None',
'peerip' => '192.168.122.30',
'keytype' => 'auto key',
'last-rekey' => '1032',
'pkt-encap' => '5',
'seq-send' => '5',
'start' => '2531',
'inner-warn' => '0',
'outer-if' => 'ethernet1/1',
'owner-cpuid' => '0',
'localip' => '192.168.122.19',
'enc' => '3des'
}
];