Guilty. Sorry. Our organisation depends quite heavyli on NAV and it's as simple as I have not found the courage to implement this. I also do a lot of work with our remote work solutions and the last two years have been a bit intense.
But the wish for this still applies even if I haven't executed anything yet.
Best regards Martin Burman University of Gothenburg
-----Ursprungligt meddelande----- Från: nav-users-request@uninett.no nav-users-request@uninett.no För Morten Brekkevold Skickat: den 20 januari 2022 12:39 Till: Mehmet E. Şahin (BAŞKANLIK-BİDB) mehmet.sahin@tubitak.gov.tr Kopia: nav-users-request@uninett.no; nav-users@uninett.no Ämne: Re: NAV - Palo Alto ARP table import for Machine Tracer
On Tue, 18 Jan 2022 12:20:18 +0300 (EET) Mehmet "E. Şahin (BAŞKANLIK-BİDB)" mehmet.sahin@tubitak.gov.tr wrote:
Hi Everyone,
We have NAV to monitor network switches and also Palo Alto Firewall. We can only use Palo Alto api to query its arp table as it does not support it over snmp.
Hi Mehmet! This sounds like the exact same problem users have described for the Cisco ASA range of firewalls over the years.
Could there be a way to import those ARP records from palo alto firewall to NAV periodically ?
I recall some users describing trying to hack their way around the Cisco ASA limitations by writing expect scripts that fetch the data and modify the NAV database externally.
A quick search of the archives reveals that the last time this issue was discussed was in July of 2019:
https://sympa.uninett.no/lists/uninett.no/arc/nav-users/2019-07/msg00001.htm...
I did respond with some tips and ideas for making this idea work with NAV, but the user never got back to me.
Now that has better support for configuring other management protocols than SNMP, we would stand a better chance of actually implementing an alternative collector mechanism in NAV itself.
I lack access to firewalls to test on, so someone else would have to write the code, but I could assist in getting it worked into NAV.
What kind of APIs do Palo Alto provide? Are they NETCONF compatible? I do see there is a community-built PAN-OS driver for NAPALM: https://github.com/napalm-automation-community/napalm-panos
-- Best regards Morten Brekkevold Senior engineer, The Data and Infrastructure Division
Sikt – Norwegian Agency for Shared Services in Education and Research www.sikt.no