Automation routines for provisioning Palo Alto Networks Terminal Services Agents into Panorama from dynamically deployed Citrix XenApp "golden" images.
Performs network probing to "discover" which servers have the PAN Terminal Services Agent running
- icmp ping sweep subnets for alive servers
- openssl client socket connects to confirm presence of TSAgent certificate
- reverse ddns lookup ip address for constructing object and hostname
- Panorama running configurations are checked if the discovered agents are new, or skipped if already defined
Changes are committed and pushed to defined template stacks
Removes stale not-connected PAN TS Agents from Panorama
- Retrieve idle agents from an active firewall member
- confirms again with an openssl tls connect that agent is unreachable
- removes config from panorama template
Changes are committed and pushed to defined template stacks
Create your local inc/config.tcl file.
I run the crontab discovery hourly and purge daily (after the overnight server reboot maintenance window).
Use the provided logrotate to manage the logs files this generates.
See INSTALL for more hints on setting up your environment, a Dockerfile exists now too.