iT Infra Automation

 When managing a large network with multiple Object Addresses, configuring each zone manually can be both time-consuming and prone to human error.  To streamline this process, automating the bulk import of Object Addresses into Palo Alto Networks firewalls can save significant time and effort.  In this blog, we'll walk you through a comprehensive solution to automate the import of Object Addresses using the Palo Alto API or CLI,  leveraging Excel (XLS) files for input, and performing Object Addresses validation. 1. Input from XLSX File: Read and Structure Data The first step in the automation process is reading the data from your XLSX file.  Typically, this file will contain various columns, such as Address names, types, values of the address, and other relevant data  that you'll use to configure the Object Addresses. The key here is to ensure that your Excel sheet is structured in a way that the automation script  can easily interpret and map the data...

When managing a large network with multiple zones, configuring each zone manually can be both time-consuming and prone to human error.  To streamline this process, automating the bulk import of network zones into Palo Alto Networks firewalls can save significant time and effort.  In this blog, we'll walk you through a comprehensive solution to automate the import of network zones using Palo Alto API or CLI,  leveraging Excel (XLS) files for input, and performing Object Addresses validation, mapping include/exclude lists, and interface configuration. 1. Input from XLSX File: Read and Structure Data The first step in the automation process is reading the data from your XLSX file.  Typically, this file will contain various columns, such as zone names, interfaces, include/exclude lists, and other relevant data  that you'll use to configure the zones. The key here is to ensure that your Excel sheet is structured in a way that the automation script  can easily in...

To bulk import security policies into Palo Alto Networks firewalls, you'll typically need to leverage the Palo Alto API or CLI with a script. I am using an Excel file (XLS), IP address validation, and mapping source and destination zones, for comprehensive solution to automate the process. 1. Input from XLSX File : You will first need to read the data from the XLS file. 2. Check for Existing Rules : Before creating new rules, you should check if similar rules already exist on the firewall. This could be done by comparing the rule names, source, and destination IPs, and zones. 3. Mapping Source Zone and Destination Zone : Ensure that the source and destination zones are correctly mapped according to your firewall configuration. 4. IP Address Validation : Before adding a rule, you'll need to validate that the IP addresses specified in the file are valid 📝  Flow Diagram  (Text Representation) Further Automation If you need enhancements or additional automation features , fee...

 # Issue Overview It looks like after upgrading to Aria Automation 8.18.1 , the vRA API endpoint structure has changed.   Users encountered an unexpected issue where Python API calls failed to execute pipelines. The API request to:   ``` https://vra-url.com/codestream/api/pipelines/pipeline-id/executions/ ``` was no longer functioning as expected.   ## Root Cause Analysis This issue was particularly problematic since the same API call worked fine before the patch. The behavior change suggested a possible security hardening introduced by the update.     https://vra-url.com/codestream/api/pipelines/pipeline-id/executions/ After an in-depth troubleshooting session, we identified the cause:   To resolve this issue and restore pipeline execution:   Modify API Calls – Ensure the API endpoint does **not** include a trailing `/` before executing the request.                  ...

  Introduction Automating NSX-T Distributed Firewall (DFW) rule creation can save time and reduce human error. In this blog, I will explain how to bulk import NSX-T DFW rules using a PowerShell script with an Excel input file. Steps for Automation 1. Inputs from Excel Files The script reads firewall rules from an Excel sheet. The Excel file contains details such as Policies, Security Groups, Source, Destination, Services, and Rule Actions. Each row represents a firewall rule with the required parameters. 2. Create Policies If Not Available The script checks for existing policies. If a policy does not exist, it creates a new one. Policies help organize firewall rules effectively. 3. Create Security Groups with Multiple IP Ranges Security groups are created dynamically based on source and destination IP ranges. The script supports multiple IP ranges per group. Security groups ensure better managemen...

 During my experience with vRA 8.4 and NSX-V, I successfully implemented an On-Demand NAT Network with an On-Demand Load Balancer (In-line). This blog outlines the key aspects of this setup. Existing NSX Edges in Our NSX-V The environment contained multiple NSX Edge Gateways already configured. The goal was to provision on-demand resources dynamically while integrating them seamlessly into the existing NSX topology. Service Broker Catalog Items for One-Arm and Two-Arm Load Balancer in vRA 8.4 One-Arm Load Balancer: Configured for environments where a single subnet is sufficient. Two-Arm Load Balancer: Utilized when separate front-end and back-end networks are required. Service Broker catalog items were created to allow users to request the appropriate load balancer based on their application needs. VM Request Based on User Inputs in vRA Catalog Users could request VMs through the vRA catalog, specifying: Number of VMs Network requirements Load balancing needs vRA dynamically crea...

 During my migration project from vRA 7.6 to vRA 8.6, I encountered several challenges and learned valuable lessons. Here, I am sharing my experience and the solutions implemented. Project Scope: More than 650 Deployments 50+ Deployments Missing Stage in vRA 7.6 200+ Deployments with Multiple Disks and NSX Components (e.g., Load Balancer) I ran the Migration Assessment, reviewed the reports, and performed a test migration from vRA 7.x to vRA 8.x. During this process, I noticed three critical issues. Identified Issues: Approval issue reporting 500 errors Deployments with multiple VMs having multiple disks VMs missing in the vRA 7 environment Action Plans and Resolutions: 1. Approval Issue (500 Errors) To resolve this, I updated the Postgres database by running the following query: UPDATE requesteditemapproval SET cancelled = false WHERE cancelled IS NULL; 2. Deployments with Multiple VMs Having Multiple Disks To fix this, I had to update the IaaS database with the following steps: S...

To increase a virtual machine's hard disk using VMware vRealize Automation (vRA) and vRealize Orchestrator (vRO), you can follow these general steps: Create a vRO Workflow : Develop a workflow in vRO that performs the disk expansion. This workflow should include: Identifying the target virtual machine. Locating the specific hard disk to be expanded. Executing the disk size modification. Rescanning the storage adapter to recognize the new disk size. Extending the filesystem within the guest OS to utilize the additional space. Kindly please refer the below vRO workflow screen shots: var  devices = vm.config.hardware.device; //var match = diskInfo.match(/\w+\s+\w+\s+(\d+)\s+.+?:\s*(\d+)\s*GB/); var  totalsize = increaseSizeGB +  Number ( Size ) var  newDiskSizeKb = totalsize *  1024  *  1024 ; //var diskName = 'Hard disk ' + match[1];   conf...