Hey guys,
we have a Palo Alto firewall as a router.
Is it possible to implement that model in mactrack to get the ip addresses?
Thamks in advance for an info!
mactrack and Palo Alto Firewall
Moderators: Developers, Moderators
Re: mactrack and Palo Alto Firewall
There is a major problem on Palo Alto to work with mactrack, it's not possible to have ARP cache via SNMP request.
I've develop a batch script call by Mactrack script that :
- connect to Palo Alto (via ssh with account "service")
- do a "show arp all"
- save the result to file
- do snmpwalk to Palo Alto to have : VlanId and Vlan Name
- and compile a final file with IP,MacAddress,vlanID,Interface
This work for me...
I've develop a batch script call by Mactrack script that :
- connect to Palo Alto (via ssh with account "service")
- do a "show arp all"
- save the result to file
- do snmpwalk to Palo Alto to have : VlanId and Vlan Name
- and compile a final file with IP,MacAddress,vlanID,Interface
This work for me...
-
majedalanni
- Posts: 1
- Joined: Fri Jun 22, 2018 9:58 am
Re: mactrack and Palo Alto Firewall
Please can you share that script to get the show arp from the Palo Alto. very appreciated for thatgildas33 wrote:There is a major problem on Palo Alto to work with mactrack, it's not possible to have ARP cache via SNMP request.
I've develop a batch script call by Mactrack script that :
- connect to Palo Alto (via ssh with account "service")
- do a "show arp all"
- save the result to file
- do snmpwalk to Palo Alto to have : VlanId and Vlan Name
- and compile a final file with IP,MacAddress,vlanID,Interface
This work for me...
-
ponnuchelvam
- Posts: 23
- Joined: Fri Sep 28, 2018 6:59 am
- Contact:
Re: mactrack and Palo Alto Firewall
Hi Friend, Can you share script here?
Thanks and Regards
Ponnuchelvam.V
Thanks and Regards
Ponnuchelvam.V
Thanks and Regards
Ponnuchelvam.V
Infra Monitoring tool expert
Ponnuchelvam.V
Infra Monitoring tool expert
Re: mactrack and Palo Alto Firewall
Hi, for me i have proceed with another manner, since arpwach tool is supported by mactrack pluguin. using Paloalto arp table file, I convert it to a file which is similar to arpwatch DB file , here is my method :
1- I export the arp table of the paloalto firewall using curl tool :
configure your PA firewall for getting the arp table throught web browser or curl in XML format, you creat a user and role in PA where you activact for role just "opertional requests" in XML Api. you try with you browser if it work. here is a link how to do that from PA doc
https://docs.paloaltonetworks.com/pan-o ... nformation
2- After I have imported the arp table in XML format, I execute a script batch (import-pa-arp) whicj is a serie of cli command to get the final file isimilar to arpwach db file :
2.1 - I deal the file arp.xml to delete all the infomations, symbols, special caracater which are not necessary for the final file.
2.2- I run a script that i have developed in python (xml2csv) to convert the xml file to csv, as well as to get the hostname of the device.
3.3- I deal once again the result file to be similar with arpwatch DB file (arp.dat) and transfert it in the right folder.
arp.date structure :
Mac IP TTL hostname Interface
3.4- finaly you have just to configure mactrak in cact web interface to point at the folder where the file arp.dat is stored.
Setting>Device tracking>Arpwatch
3- I have configured a cron task to execute the script (import-pa-arp) every 15 mn.
*/14 * * * * /opt/import-pa-arp
1- I export the arp table of the paloalto firewall using curl tool :
configure your PA firewall for getting the arp table throught web browser or curl in XML format, you creat a user and role in PA where you activact for role just "opertional requests" in XML Api. you try with you browser if it work. here is a link how to do that from PA doc
https://docs.paloaltonetworks.com/pan-o ... nformation
2- After I have imported the arp table in XML format, I execute a script batch (import-pa-arp) whicj is a serie of cli command to get the final file isimilar to arpwach db file :
2.1 - I deal the file arp.xml to delete all the infomations, symbols, special caracater which are not necessary for the final file.
2.2- I run a script that i have developed in python (xml2csv) to convert the xml file to csv, as well as to get the hostname of the device.
3.3- I deal once again the result file to be similar with arpwatch DB file (arp.dat) and transfert it in the right folder.
arp.date structure :
Mac IP TTL hostname Interface
3.4- finaly you have just to configure mactrak in cact web interface to point at the folder where the file arp.dat is stored.
Setting>Device tracking>Arpwatch
3- I have configured a cron task to execute the script (import-pa-arp) every 15 mn.
*/14 * * * * /opt/import-pa-arp
- Attachments
-
- Import-Pa-ARP.txt
- (415 Bytes) Downloaded 129 times
-
- xml2csv.txt
- (744 Bytes) Downloaded 100 times
Who is online
Users browsing this forum: No registered users and 0 guests