This is the first post of many detailing the scripts I use to backup devices in my home lab. This post details a Palo Alto configuration backup API script. Eventually i’ll move to using Ansible but for now some simple scripts work nicely. Almost all the the backups in my lab are now automated.
The script will make an API call to Palo Alto Networks firewall(s) using curl to retrieve the running configuration. The script runs in a loop connecting to each firewall specified in a list. Once the script completes it reports back the total API connections, successes and failures to the user and a log file. Its easy to see how the script can be modified for other API functions. In this script the API key is hard coded to enable execution from a cron job. This might not be desirable in some circumstances unless you confine access to the device hosting the script.
I’ll publish another version shortly which prompts a user for credentials to remove the need to hard code the key in the script. This approach would prove a little tricky to automate though.
The code and documentation can be found on my GitHub account here: https://github.com/nickmoody/Palo-Alto-Config-Backups-API