Management of Palo Alto Networks firewalls is gradually shifting from traditional on-premises administration, either directly or via Panorama , to a cloud-based model. The product enabling centralized, cloud-based management of Palo Alto Networks firewall infrastructures is Strata Cloud Manager (SCM) .

This management paradigm introduces several fundamental changes:

• Data format: Panorama was XML-based, while SCM uses JSON.
• Configuration model: Panorama relied on Device Groups, Templates, and Template Stacks. SCM uses configuration scopes, where snippets are reusable scopes that can be applied to folders or devices.
• Variables: Variables existed in Panorama but with limited scope. SCM extends them, allowing usage even within security policies.

The approach to structuring complex infrastructures changes significantly. Our focus here is not on designing the architecture, but on creating automation to make migrations and ongoing operations more efficient.

We will not cover how to work manually within SCM; instead, we will explore how to interact with SCM through its API.

CLI

There is no official CLI for SCM. However, Calvin Remsburg has developed a personal CLI module and an accompanying SDK enabling command-line management.

While the project is worth reviewing, several caveats apply:

Continue reading the post on Patreon .