Driver Support Document

PaloAlto PA-200/500/4000/5000 Firewalls, OS Version 3.x, 4.x, 5.x, 6.x, 7.x, & 8.x

Show Tested Devices Grid

SYSOID Mapping
SYSOID MODEL OS VERSION
 1.3.6.1.4.1.25461.2.3.1 PA-4050 4.0.7, 4.1.7
 1.3.6.1.4.1.25461.2.3.2 PA-4020 4.1.8
 1.3.6.1.4.1.25461.2.3.3 PA-2050 4.1
 1.3.6.1.4.1.25461.2.3.4 PA-2020 4.1.5
 1.3.6.1.4.1.25461.2.3.5 PA-4060 4.1.3
 1.3.6.1.4.1.25461.2.3.6 PA-500 3.1, 4.1.2
 1.3.6.1.4.1.25461.2.3.7 Panorama 3.1, 4.1.0
 1.3.6.1.4.1.25461.2.3.8 PA-5060 4.1, 5.0, 7.0
 1.3.6.1.4.1.25461.2.3.9 PA-5050 4.1
 1.3.6.1.4.1.25461.2.3.11 PA-5020 4.1
 1.3.6.1.4.1.25461.2.3.12 PA-200 4.1
 1.3.6.1.4.1.25461.2.3.17 PA-3050 5.0, 6.0.2
 1.3.6.1.4.1.25461.2.3.18 PA-3020 5.0.12
 1.3.6.1.4.1.25461.2.3.19 PA-3060 5.0.12
 1.3.6.1.4.1.25461.2.3.22 PA-5260 8.0.2
 1.3.6.1.4.1.25461.2.3.24 PA-5220 8.0.3
 1.3.6.1.4.1.25461.2.3.29 VM series 5.0
 1.3.6.1.4.1.25461.2.3.30 M-100 5.0
 1.3.6.1.4.1.25461.2.3.31 PS-7050 7.1.6
 1.3.6.1.4.1.25461.2.3.34 PA-7080 5.0.12, 7.1.2
 1.3.6.1.4.1.25461.2.3.35 M-500 7.1.3
 1.3.6.1.4.1.25461.2.3.37 M-850 8.0.3
 N/A Firewall PA-5000 4.1.5-c7

Driver Features Support Grid

Driver FeaturesAccess Methods
(X signifies feature support)CLISNMPTFTPCLI+TFTPSNMP+TFTPFTPCLI+FTPSNMP+FTPCLI+SFTPSCPCLI+SCPSNMP+SCPHTTP/HTTPS
X Driver Discovery release notes X X                      
X General Access  
(CLI protocols: ssh2, console)
Supports SecurID 		X     X             X    
Configuration
X Retrieve Running Configuration release notes X     X             X    
  Retrieve Startup Configuration                            
  Retrieve Binary Configuration                            
X Device information parsing  
X Enhanced Layer2 Basic IP information parsing  
X Configuration Deployment to Running         X             X    
  Configuration Deployment to Startup                            
  Binary Configuration Deployment                            
Diagnostics
X Routing Table   X                        
X OSPF Neighbors   X                        
X Interfaces   X                        
  Modules and Inventory                            
  Flash Storage Space                            
  File System                            
X Uptime     X                      
X ICMP Test   X                        
X Topology Parsing   X                        
X Duplex Parsing   X                        
  Enhanced VLAN Parsing  
Features
X Software Center         X             X    
  Software Image Synchronization                            
X Password Management  
(Can modify: full username, full password, read-only community strings) 		X                        
  Syslog Configuration and Change Detection                              
X Custom Scripts and Diagnostics  
Bulk deploy available 		X                        
X ACL Parsing  
  ACL Provisioning                            
  VLAN Provisioning                            
X Configlet Parsing  
X QoS Parsing  
  VRF Parsing  
  Context Management                            

Retrieve Running Configuration

Release Notes

Configurations in SET format

These devices support an XML format and a SET format. The driver selects the XML format by default, but the SET format can be captured instead by setting the "config_set" access variable to "true". When using the config_set option, transport protocols are not supported, since they can not issue the "set" format configuration.

Configurations for Palo Alto Firewall

Configuration for Palo Alto Firewall is fetched by executing "show config merged". if it requires to be executed in enable mode then set access variable "alternate_config" to true.In this case,TFTP and SCP will not be used for snapshot, since they would likely produce different data and would cause config differences and sync issues that weren’t really there.

return to top

Driver Discovery

Release Notes

More prompt causes an unexpected disconnection

Discovery tasks for Javascript drivers handle More prompts by using timeouts, which can cause problems with the third-party SSH client code, which interprets the timeout as a disconnection. There are two options to work around the problem. Setting the RCX option [<option name="Driver/Discovery/UsePollRead">true</option>] in site_options.rcx will effect the workaround for all affected devices. Alternatively, it could be applied to a single device by setting the device access variable "PollRead" to "true".

Wakeup Ctrl-U character can cause discovery to fail

Discovery tasks for Javascript drivers use wakeup characters are sent during device connection, to ensure that the device is responding. Normally, these characters do not echo to the console, but some devices may echo them. In this case, this causes the prompt detection phase to fail, which in turn can cause More prompts to not be handled properly, and discovery may fail. If these characters are echoed from the device [check the session log to see this], then set the device access variable "skip_ctrl_u" to skip the sending of the wakeup characters. Note that setting this option on a previously working device could cause discovery tasks to fail, but it only affects CLI discovery. SNMP discovery is unaffected.

return to top