-
Notifications
You must be signed in to change notification settings - Fork 0
/
prisma-access-get-IPs.sh
executable file
·66 lines (54 loc) · 2.11 KB
/
prisma-access-get-IPs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
read -p "Enter API key: " key
# user="USER INPUT"
echo "Do you know the Prisma Access API well enough to specify serviceType, addrType, location, etc?"
read -p "[y/n]" answer
echo "Are you querying a lab tenant?"
read -p "[y/n]" IsLab
if [[ $IsLab = y ]] ; then
ApiUrl="https://api.lab.gpcloudservice.com/getPrismaAccessIP/v2"
else
ApiUrl="https://api.gpcloudservice.com/getPrismaAccessIP/v2"
fi
if [[ $answer = y ]] ; then
read -p "Enter desired IPs (gp_gateway / gp_portal / all): " NodeType
read -p "addrType (all / active / reserved): " addressType
read -p "location (all / deployed): " loc
else
echo "what is your Use case?"
echo "(1) Get current active IPs to whitelist for Prisma Access users to internet apps"
echo "(2) Get current active, passive, and reserved IPs to whitelist for Primsa Access users to internet apps"
echo "(3) Get every possible Primsa Access egress IP. Check the API docs here to figure it out: https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-overview/retrieve-ip-addresses-for-prisma-access "
read -p "Enter the number of your use case: " UseCaseNumber
case $UseCaseNumber in
1)
NodeType=gp_gateway
addressType=active
loc=deployed
;;
2)
NodeType=gp_gateway
addressType=all
loc=deployed
;;
3)
NodeType=all
addressType=all
loc=all
;;
*)
echo "invalid entry"
exit
;;
esac
fi
touch ./option.txt
echo { '"serviceType"': '"'$NodeType'"', '"addrType"': '"'$addressType'"', '"location"': '"'$loc'"' } > option.txt
curl -X POST -d @option.txt -k -H "header-api-key:$key" "$ApiUrl" > ./Prisma-IPs.txt
echo " "
echo " "
echo "Below is a list of zones and addresses based on your use case. If you have multiple zones, then the zones and addresses should be in the same order."
echo " "
echo "The first 'addresses' line will correspond to the first zone, the second 'addresses' line to the second zone listed, etc"
echo " "
grep -o -E "\"zone\": \"(.*?)\"" ./prisma-IPs.txt
grep -o -E "\"addresses\": \[(.*?)\]" ./prisma-IPs.txt