Palo Alto Networks GlobalProtect

Attempting to get GlobalProtect Sessions and All Active Sessions via API

Last year, 2020, when we all went remote it became important for my management to have an easy way to see what was happening with our GlobalProtect clients. Sure they could get to much of the data on the firewall themselves but it really didn't have a lot of history. I wrote some small PowerShell scripts using the Palo Alto Networks API to collect the data in Server & Application Monitor and then I could present this in either Performance Analysis graphs or a custom HTML graph. As is typical I brute forced the PowerShell,  helped me make some pretty changes, and then I added the last piece from  on passing ${Credential} into the script so the KEY did not have to be stored in the script. The end result is all you need to pass the scripts is the Node.DNS and Credential.

One of the things I found was making the calls to the API too quickly caused the errors so at the start of each monitor in this template I used a prime number of sleep seconds. Now I consistently get good results. 

We are in the process of migrating to a new instance of Orion and updating all the modules. I hope to be able to convert this collection to an API Poller. That is a task for another day.

Here are some references to the Palo Alto Networks API documentation:

How to Get Your API Key

Using the CLI to find your XML API Syntax

Use the API Browser

Here is the reference to Josh Biggley's THWACK post: Passing ${CREDENTIAL} in a PowerShell without using -Credential

Anonymous