top of page

Script to automate (offline) firewall upgrades

The following script was created by o5e and since it addresses an issue encountered by many I thought I'd share it here (with permission of course!)

Hopefully you'll find it as useful as I did, in which case feel free to leave a shoutout to o5e in the comments


 


Hey all, I thought I'd share a little script I made that automates firewall upgrades. There are of course bigger/better ways of doing this, but I figured mine fills a bit of a niche...

  • it's 100% written in bash

  • it works without Internet or a fw license (the image files are taken from your pc)

  • it uses XML API / HTTPS exclusively, no SCP required

  • it runs the full upgrade path automatically

  • it has a batch mode to upgrade multiple "factory new" firewalls connected to the same L2 switch, no IP config required, using IPv6 link-local

  • the batch mode has a simple Python GUI you can use with a touchscreen to make your very own "upgrade machine"

Let me know if anyone needs help getting it to work. I've been using it pretty consistently for over a year now and it's saved me quite a bit of time. Here's the link: https://github.com/o5edaxi/paloversion(Obvious disclaimer) I'm just a firewall guy, not a coder, so expect bugs... and DONT use in production

GitHub GitHub - o5edaxi/paloversion: Fully-offline unattended upgrade script for Palo Alto firewalls over HTTPS Fully-offline unattended upgrade script for Palo Alto firewalls over HTTPS - GitHub - o5edaxi/paloversion: Fully-offline unattended upgrade script for Palo Alto firewalls over HTTPS (52 kB) https://github.com/o5edaxi/paloversion

604 views0 comments

Recent Posts

See All

Comments


bottom of page