Palo Alto Prisma IP Listener
When using Palo Alto Prisma Access for users or Remote networks, Palo Alto will sometimes need to change/add/delete IP addresses from the Google Cloud Platform (GCP) backend. This normally happens during upgrades or when there is a large increase or decrease in the number of users/sites connected to your Prisma Environment.
If using on-premise panorama to configure Prisma Access you’ll see inside the cloud service plugin>configuration section an option for IP Change Event Notification URL.
This is a url you can specify where a web listener can be setup to receive these notifications from the Palo Alto Prisma Infrastructure. Unfortunately Palo Alto does not provide code for this, so I rolled my own.
This can be setup on any box with a public IP (or Port Forward/DSTNAT) or cloud hosting provider. 1 CPU and 2GB of ram should be plenty of resources for this listener service. Also any distribution of linux will work as long as it supports Python3 and virtual environments. You should also be able to run this on the Azure Python Service, but I haven’t had the ability to test this out.
Most of the instructions are on my GitHub page below as far as setting up the environment and running it. I’m always happy to accept pull requests or issues if there’s something that should be improved.
Check out my Github for the full script: https://github.com/bile0026/pan_prisma_ip_update