Table of Contents
Expand all | Collapse all
System
Getting started with system model using the PAN-OS OpenConfig
plugin.
Review the deviation file before using the
openconfig-system model to familiarize yourself with supported paths.
When using the System model with PAN-OS firewalls:
- Deleting an NTP server will also clear the corresponding ntp-key. Deleting an ntp-key entry doesn’t delete the server.
- DNS and NTP servers are limited to primary and secondary servers only.
- Licenses are read only.
- Server and authentication are separate constructs in OpenConfig. Link the server and ntp-key entries by matching their index.
Setting System Information
The following command sends a JSON file that will set host name, login banner,
timezone, NTP, and DNS servers:
gnmic -a 10.1.1.1:9339 -u username -p password --skip-verify -e JSON_IETF set --update-path /system --update-file system.json
The contents of
are as follows broken down into parts.system.json
The following code block sets the timezone for the firewall:
{ "openconfig-system:clock": { "config": { "timezone-name": "US/Pacific" } },
The following code block sets both the host name and login banner:
"openconfig-system:config": { "domain-name": ".", "hostname": "PA-VM", "login-banner": "hi this is the login banner" },
The following code block sets the primary and secondary DNS servers:
"openconfig-system:dns": { "config": { "search": [] }, "servers": { "server": [ { "address": "1.1.1.1", "config": { "address": "1.1.1.1", "port": 53 } }, { "address": "1.1.1.2", "config": { "address": "1.1.1.2", "port": 53 } } ] } },
The final code block sets the NTP servers and keys:
"openconfig-system:ntp": { "config": { "enable-ntp-auth": false, "ntp-source-address": "0.0.0.0" }, "ntp-keys": { "ntp-key": [ { "config": { "key-id": 2, "key-type": "NTP_AUTH_MD5", "key-value": "-AQ==Y2fEjdGT1W6nsLqtJbGUVeUp9e4=0oOUfuH9c2XUGkokxpVWpA==" }, "key-id": 2 }, { "config": { "key-id": 1, "key-type": "NTP_AUTH_MD5", "key-value": "-AQ==Y2fEjdGT1W6nsLqtJbGUVeUp9e4=0oOUfuH9c2XUGkokxpVWpA==" }, "key-id": 1 } ] }, "servers": { "server": [ { "address": "1.1.1.1", "config": { "address": "1.1.1.1", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": true, "version": 4 } }, { "address": "1.1.1.2", "config": { "address": "1.1.1.2", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": false, "version": 4 } } ] } } }
The picture below shows the NTP and DNS server configuration changes reflected in the
user interface.
Retrieving System Information
A gNMI GET request to /system returns:
Some of the output has been truncated denoted by
(...Truncated) to ease viewing experience.
[ { "timestamp": 1614661280766333865, "time": "2021-03-01T21:01:20.766333865-08:00", "updates": [ { "Path": "system", "values": { "system": { "config": { "hostname": "PA-VM", "login-banner": "hi this is the login banner" }, "openconfig-system:clock": { "config": { "timezone-name": "US/Pacific" }, "state": { "timezone-name": "US/Pacific" } }, "openconfig-system:cpus": { "cpu": [ { "index": 0, "state": { "hardware-interrupt": { "avg": 2, "instant": 2, "interval": "0", "max": 2, "max-time": "0", "min": 2, "min-time": "0" }, "idle": { "avg": 83, "instant": 83, "interval": "0", "max": 83, "max-time": "0", "min": 83, "min-time": "0" }, "index": 0, "kernel": { "avg": 5, "instant": 5, "interval": "0", "max": 5, "max-time": "0", "min": 5, "min-time": "0" }, "nice": { "avg": 0, "instant": 0, "interval": "0", "max": 0, "max-time": "0", "min": 0, "min-time": "0" }, "software-interrupt": { "avg": 0, "instant": 0, "interval": "0", "max": 0, "max-time": "0", "min": 0, "min-time": "0" }, "total": { "avg": 13, "instant": 13, "interval": "0", "max": 13, "max-time": "0", "min": 13, "min-time": "0" }, "user": { "avg": 8, "instant": 8, "interval": "0", "max": 8, "max-time": "0", "min": 8, "min-time": "0" }, "wait": { "avg": 0, "instant": 0, "interval": "0", "max": 0, "max-time": "0", "min": 0, "min-time": "0" } } }, { "index": "ALL", "state": { "hardware-interrupt": { "avg": 2, "instant": 2, "interval": "0", "max": 2, "max-time": "0", "min": 2, "min-time": "0" }...(Truncated) } } } ] }, "openconfig-system:dns": { "servers": { "server": [ { "address": "1.1.1.1", "config": { "address": "1.1.1.1", "port": 53 }, "state": { "address": "1.1.1.1", "port": 53 } }, { "address": "1.1.1.2", "config": { "address": "1.1.1.2", "port": 53 }, "state": { "address": "1.1.1.2", "port": 53 } } ] }, "state": { "search": [] } }, "openconfig-system:license": { "licenses": { "license": [ { "config": { "active": true, "license-id": "PA-VM" }, "license-id": "PA-VM", "state": { "active": true, "description": "Standard VM-100", "expiration-date": "18446744011542332416", "expired": false, "in-use": true, "license-id": "PA-VM", "valid": true } }, { "config": { "active": true, "license-id": "Software warranty" }, "license-id": "Software warranty", "state": { "active": true, "description": "90 days for software warranty", "expired": false, "in-use": true, "license-id": "Software warranty", "valid": true } } ] } }, "openconfig-system:memory": { "state": { "physical": "12289540", "reserved": "12289540" } }, "openconfig-system:ntp": { "config": { "enable-ntp-auth": true, "enabled": true, "ntp-source-address": "10.8.64.201" }, "ntp-keys": { "ntp-key": [ { "config": { "key-id": 1, "key-type": "openconfig-system:NTP_AUTH_MD5", "key-value": "-AQ==Y2fEsdlfkjsSDFSJDLFKJSLDKFJSLKDFJLSKJFSLKAKkdjfkjs==" }, "key-id": 1, "state": { "key-id": 1, "key-type": "openconfig-system:NTP_AUTH_MD5", "key-value": "-AQ==Y2fEsdlfkjsSDFSJDLFKJSLDKFJSLKDFJLSKJFSLKAKkdjfkjs==" } }, { "config": { "key-id": 2, "key-type": "openconfig-system:NTP_AUTH_MD5", "key-value": "-AQ==Y2fEsdlfkjsSDFSJDLFKJSLDKFJSLKDFJLSKJFSLKAKkdjfkjs==" }, "key-id": 2, "state": { "key-id": 2, "key-type": "openconfig-system:NTP_AUTH_MD5", "key-value": "-AQ==Y2fEsdlfkjsSDFSJDLFKJSLDKFJSLKDFJLSKJFSLKAKkdjfkjs==" } } ] }, "servers": { "server": [ { "address": "1.1.1.1", "config": { "address": "1.1.1.1", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": true, "version": 4 }, "state": { "address": "1.1.1.1", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": true, "version": 4 } }, { "address": "1.1.1.2", "config": { "address": "1.1.1.2", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": false, "version": 4 }, "state": { "address": "1.1.1.2", "association-type": "SERVER", "iburst": false, "port": 123, "prefer": false, "version": 4 } } ] }, "state": { "enable-ntp-auth": true, "enabled": true, "ntp-source-address": "10.8.64.201" } }, "openconfig-system:processes": { "process": [ { "pid": "1", "state": { "args": [], "cpu-usage-system": "0", "cpu-usage-user": "0", "cpu-utilization": 0, "memory-usage": "1449984", "memory-utilization": 0, "name": "init", "pid": "1", "start-time": "0" } },... (Truncated)