Skip to content

nabbi/pan-dynamic-static-group

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
cron
cron
 
 
inc
inc
 
 
.gitignore
.gitignore
 
 
INSTALL.md
INSTALL.md
 
 
README.md
README.md
 
 
config.tcl.example
config.tcl.example
 
 
flow.png
flow.png
 
 
refresh-static-group.exp
refresh-static-group.exp
 
 

Repository files navigation

PAN Dynamic Static Group

Not to be confused with EDL (External Dynamic Lists), this routine dynamically updates Palo Alto Networks NGFW static address-groups and objects within PAN-OS configurations.

This was created becase GlobalProtect could not reference EDL for split-tunnel.

See dynamic-allow-lists for the source ip lists.

config flow

Dry-Run

If you pass "dry-run" as the tag value, changes will be logged but not made.

Examples

Pipe changes to system logger and catch list fetch errors before piping into PAN-OS

Microsoft M365 Optimized for split-tunnel vpn

(~/dynamic-allow-lists/microsoft-office365.tcl "Optimize" || (logger -t "dynamic-allow-lists" "failed to fetch cisco webex network lists" && exit ) 2>&1 ) | ( ~/pan-dynamic-static-group/refresh-static-group.exp Dyn-M365-Optimized Dyn-M365-Optimized-Networks Office365 | logger -t "dynamic-allow-lists" 2>&1 )

Cisco WebEx

(~/dynamic-allow-lists/cisco-webex.tcl || (logger -t "dynamic-allow-lists" "failed to fetch cisco webex network lists" && exit ) 2>&1 ) | ( ~/pan-dynamic-static-group/refresh-static-group.exp Dyn-WebEx Dyn-CiscoWebEx-Networks WebEx | logger -t "dynamic-allow-lists" 2>&1 )

Zoom

(~/dynamic-allow-lists/zoom.tcl || (logger -t "dynamic-allow-lists" "failed to fetch zoom network lists" && exit ) 2>&1 ) | ( ~/pan-dynamic-static-group/refresh-static-group.exp Dyn-Zoom Dyn-Zoom-Networks Zoom | logger -t "dynamic-allow-lists" 2>&1 )

About

Palo Alto NGFW - Dynamicly update static groups

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.1: typos Latest
Jul 25, 2024

Packages

No packages published

Languages