Palo Alto Networks

Automate the security management of your devices

Having to rely on manual processes to review proposed rule changes and checking that firewall updates comply with security policies, slow down the entire application deployment. Also having to log in to the Palo Alto Network user interface to perform firewall management at scale add more overhead to the whole management process of those devices.

That’s why automating the management of networking devices with Puppet has become a priority for Palo Alto users.

Introducing our Palo Alto module

The Palo Alto module allows users to automate the management of Palo Alto devices, for enhanced consistency in the management of on-premises and cloud devices. The Palo Alto module supports multiple Palo Alto Network OS versions (from 7.1 and 8.1) either on premises or in the cloud. The module allows users to manage Palo Alto network security devices using a desired state management (get / create / update / delete services, security rules etc.).

This module also provides users with sample manifests that are consistent with Palo Alto best practices.

How does the Palo Alto module work?

  • Use the module’s Resource API which is automatically installed when you install the module
  • Utilize Puppet Device, meaning no Puppet Agent is required on the devices. Puppet Device can be executed on the Puppet Master, or on the Puppet Agent that acts as a proxy node to request certificates, collect facts, retrieve and apply catalogs and store reports. All interactions with Palo Alto firewalls are via PANOS XML API over HTTPS protocol managed by the Puppet module
  • Download the Palo Alto module from the Puppet Forge and install it the same as any other module
  • Explore the examples folder in the modules to find sample manifests for retrieving existing configuration data and setting new configuration data. The Read Me also includes a step-by-step guide on how to use the module and how to troubleshooting.

Learn more

Get started with our Palo Alto Networks integration by checking out the Palo Alto module on the Puppet Forge.

Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.