Course Overview
Get hands-on and use Terraform to automate the PAN-OS operating system for Palo Alto Networks NGFWs and Panorama products. Students will learn to manage various aspects of a firewall’s or a Panorama’s config, such as data interfaces and security policies. Optional lecture may also cover Palo Alto Networks Terraform providers for Prisma Cloud, Bridgecrew Security Platform, or Palo Alto Networks Cloud Next-Gen Firewalls for AWS. All lessons focus on best practice techniques, including interacting with git, GitHub or GitLab, and writing prompts for AI LLM tools to generate relevant solutions.
Course Objectives
- Automating the PAN-OS and Panorama APIs with Python and Ansible
- AI LLM prompt engineering for generating Ansible solutions
- Ansible collections for Palo Alto network appliances
- YAML formatting
- Playbook construction and order of execution
- Credential Management and Encryption with Ansible Vault and other credential management best practices
- Python and other client side software for exploring PAN-OS and Panorama APIs
- Exploring the PAN-OS
- Version controlling code with Git
- CI / CD Pipeline Scenarios common across Industry (GitHub Actions, GitLab, AWX Tower, and more)
Agenda
AI LLM Toolkit
- Lecture + Lab: Large Language Model toolkit for AI Solution Assistance
Introduction to Terraform
- Lecture: Terraform Course Map
- Lecture: Introduction to Terraform
Software Control Management
- Lecture + Lab: SCM Option #1 - GitHub
- Lecture + Lab: SCM Option #2 - GitLab
Up and Running
- Lecture + Lab: Terraform Install
- Lecture: Special Considerations for Palo Alto Networks
Terraform Modules
- Lecture: Terraform HCL Syntax
- Lecture + Lab: Up and Running with Terraform
- Lecture + Lab: Terraform Variables
- Lecture + Lab: Output Values
- Lecture: Avoid the :latest Tag
Palo Alto Provider
- Lecture: Terraform Providers
- Lecture + Lab: Palo Alto Network on the Terraform Registry
- Lecture: Terraform and PAN-OS Interaction
- Lecture + Lab: Installing the PaloAltoNetwork panos Provider
- Lecture + Lab: Managing State with PaloAltoNetwork panos Provider
- Lecture: Terraform Data Sources
- Lecture + Lab: Palo Alto Network panos Data Sources
Beyond Basics
- Lecture: Credential Management Options for Terraform and Palo Alto Interactions
- Lecture + Lab: Terraform CLI Workspaces
- Lecture + Lab: Handling Errors on from PaloAltoNetwork Providers
- Lecture: Resources - replace vs taint
- Lecture + Lab: Dynamic Operations with Functions
- Lecture: Short-cutting Solutions for Palo Alto with Terraform Modules
- Lecture + Lab: Creating a Terraform Module
- Lecture + Lab: Dynamic Provisioning with tfvars Files
- Lecture + Lab: Data Sources and HTTP Provider
Loops
- Lecture: for_each
- Lecture + Lab: Looping Constructs - for_each
Provisioning
- Lecture + Lab: Creating Delays
- Lecture + Lab: Terraform - templatefile Function
Dynamic Blocks
- Lecture + Lab: Dynamic Blocks
Generative AI LLM Toolkits
- Lecture + Lab: Creating prompts for AI LLM tools to Generate Palo Alto Terraform Code
- Lecture + Lab: Testing Terraform Solutions Generated by AI
Expanding on Palo Alto Network Providers (OPTIONAL)
- Lecture: Palo Alto Providers - panos, prismacloud, bridgecrew, prismacloudcompute, prismacloud-waas, cloudngfwaws
- Lecture: Palo Alto Networks Cloud Next-Gen Firewalls for AWS
- Lecture + Lab: Terraform and Palo Alto Networks Cloud Next-Gen Firewalls for AWS
- Lecture: Terraform and Palo Alto Networks Prisma Cloud
- Lecture: Terraform and Palo Alto Networks Bridgecrew Security Platform
Terraform Cloud (OPTIONAL)
- Lecture + Lab: Terraform Cloud and Terraform Enterprise
- Lecture + Lab: Triggering Cloud Builds via Git Commits
Industry Scenarios (OPTIONAL)
- Lecture: Common Workflows and Pipelines for Automating Security Platforms
- Lecture + Lab: GitHub Actions - Terraform
Terraform Review
- Lecture: HashiCorp Terraform Study Guide