This document gives an example how you can use Azure function to obtain and display Azure data centers IP ranges.
Azure Functions allows you to run small pieces of code (called "functions") without worrying about application infrastructure. With Azure Functions, the cloud infrastructure provides all the up-to-date servers you need to keep your application running at scale.
A function is "triggered" by a specific type of event. Supported triggers include responding to changes in data, responding to messages, running on a schedule, or as the result of an HTTP request.
Azure Functions has three kinds of pricing plans:
-
Consumption plan: Azure provides all of the necessary computational resources. You don't have to worry about resource management, and only pay for the time that your code runs.
-
Premium plan: You specify a number of pre-warmed instances that are always online and ready to immediately respond. When your function runs, Azure provides any additional computational resources that are needed. You pay for the pre-warmed instances running continuously and any additional instances you use as Azure scales your app in and out.
-
App Service plan: Run your functions just like your web apps. If you use App Service for your other applications, your functions can run on the same plan at no additional cost.
In PAN-OS an External Dynamic List is a text file that is hosted on an external web server so that the firewall can import objects—IP addresses, URLs, domains—included in the list and enforce policy. To enforce policy on the entries included in the external dynamic list, you must reference the list in a supported policy rule or profile. As you modify the list, the firewall dynamically imports the list at the configured interval and enforces policy without the need to make a configuration change or a commit on the firewall.
Everything you need for a deployment is located in this repository. At first you need to deploy ARM template, located under '/Template/azuredeploy.json' path. To do so you can use any preferable option you want or just click on the
button.
As a result will be deployed a function, storage account and consumption app service plan:
To publish the function's code, please follow the instruction:
- Install Azure CLI and Core Tools
- Clone this repository locally
- Go to 'Function' folder and run following command(where
<FunctionAppName>should be your function name):func azure functionapp publish <FunctionAppName> --python
Deployment should take less than 5 minutes:
More information about a deployment options you can find here.
As soon as application was published you will get an unique URL. By accessing it you should get current available regions list. At the time of writing available regions are:
['australiac2', 'australiac', 'australiaeast', 'australiasoutheast', 'brazilsouth', 'brazilse', 'canadacentral', 'canadaeast', 'indiacentral', 'uscentraleuap', 'uscentral', 'asiaeast', 'useast2euap', 'useast2', 'useast', 'francec', 'frances', 'germanyn', 'germanywc', 'japaneast', 'japanwest', 'koreacentral', 'koreasouth', 'usnorth', 'europenorth', 'norwaye', 'norwayw', 'southafrican', 'southafricaw', 'ussouth', 'indiasouth', 'asiasoutheast', 'switzerlandn', 'switzerlandw', 'uaec', 'uaen', 'uknorth', 'uksouth2', 'uksouth', 'ukwest', 'uswestcentral', 'europewest', 'indiawest', 'uswest2', 'uswest']
Now, for example, if you want to get IP list from West Europe - just append URL with &location=europewest and check the result:
-
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVYCA0
-
https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld
-
https://buildwindows.wordpress.com/2017/11/19/get-azure-datacenter-ip-ranges-via-api/
-
https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function