def main():
args = get_cli_arguments()
setup_logging(args)
# The Panorama object. This is the root object of the config tree.
pano = panorama.Panorama(hostname=HOSTNAME,
api_key=APIKEY,
)
# Add the devicegroup as a child of the Panorama
if args.devicegroup is not None:
scope = pano.add(panorama.DeviceGroup(args.devicegroup))
else:
scope = pano
# Create a dynamic address group in the required scope
addressgroup = scope.add(objects.AddressGroup(name=args.name,
dynamic_value=args.match,
description=args.description,
tag=args.tag,
))
# Push the new dynamic address group to the live Panorama device
addressgroup.create()
# Perform a commit if requested
if args.commit or args.commitall:
pano.commit(sync=True)
if args.commitall:
pano.commit_all(sync=True, sync_all=True, devicegroup=args.devicegroup)
def main():
signal.signal(signal.SIGINT, keyboardInterruptHandler)
try:
pano = panorama.Panorama(ip, user, pw)
dg = panorama.DeviceGroup(DEVICE_GROUP)
pano.add(dg)
postrulebase = policies.PostRulebase()
dg.add(postrulebase)
rule_refresh = policies.SecurityRule.refreshall(postrulebase)
rule_list = postrulebase.children
for rule in rule_list:
if SPLIT_DISABLED or (not SPLIT_DISABLED and not rule.disabled):
if len(rule.fromzone) > 1 and len(rule.tozone) > 1:
if rule.tag == None or not RULE_TAG in rule.tag:
rule_clone(rule, pano, postrulebase)
print('')
print('Total source rules cloned: ' + str(i))
except Exception as e:
print(e)
print('Error. Verify credentials/device address/device group name and try again.')
exit(0)
def test_device_group_xpath_unchanged():
expected = "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='somegroup']/address/entry[@name='intnet']"
pano = panorama.Panorama('127.0.0.1')
dg = panorama.DeviceGroup('somegroup')
ao = objects.AddressObject('intnet', '192.168.0.0/16')
pano.add(dg)
dg.add(ao)
assert expected == ao.xpath()
def get_rulebase(device, devicegroup):
# Build the rulebase
if isinstance(device, pandevice.firewall.Firewall):
rulebase = pandevice.policies.Rulebase()
device.add(rulebase)
elif isinstance(device, pandevice.panorama.Panorama):
dg = panorama.DeviceGroup(devicegroup)
device.add(dg)
rulebase = policies.PreRulebase()
dg.add(rulebase)
else:
return False
policies.SecurityRule.refreshall(rulebase)
return rulebase
def main():
args = get_cli_arguments()
setup_logging(args)
# The Panorama object. This is the root object of the config tree.
pano = panorama.Panorama(
hostname=HOSTNAME,
api_key=APIKEY,
)
# Add the devicegroup as a child of the Panorama
if args.devicegroup is not None:
scope = pano.add(panorama.DeviceGroup(args.devicegroup))
else:
scope = pano
# Create a security rule in the required scope
rulebase = scope.add(policies.PreRulebase())
rule = rulebase.add(
policies.SecurityRule(
args.name,
args.szone,
args.dzone,
source=args.saddr,
destination=args.daddr,
application=args.application,
action=args.action,
log_setting=args.log,
group=args.group,
virus=args.virus,
spyware=args.spyware,
vulnerability=args.threat,
url_filtering=args.url,
file_blocking=args.file,
wildfire_analysis=args.wildfire,
data_filtering=args.data,
tag=args.tag,
description=args.description,
))
# Push the new security rule to the live Panorama device
rule.create()
if args.above is not None:
pano.xapi.move(rule.xpath(), "before", args.above)
def get_address_objects(device, dg_list, group_members):
i = 0
with open('tagged_addresses_not_dynamic.csv', 'w', newline='') as output_file:
output_writer = csv.writer(output_file, delimiter=',')
for dg in dg_list:
pano = device.add(panorama.DeviceGroup(dg))
objects.AddressObject.refreshall(pano, add=True)
for addrobject in pano.children:
if addrobject.tag:
if addrobject.name not in group_members:
i += 1
output_writer.writerow([str(dg), str(addrobject), str(addrobject.tag)])
print('tagged - ' + str(dg) + ' - ' + str(addrobject) + ' - ' + str(addrobject.tag))
print('\n')
print('Total tagged addresses: ' + str(i))
from pandevice import panorama
from pandevice import policies
def display_process_id(process_name):
output_bytes = pano.op('show system software status', xml=True)
output_str = output_bytes.decode('utf-8')
output_lines = output_str.split('\n')
for line in output_lines:
if process_name in line:
return line
pano = panorama.Panorama('10.46.164.193', 'zmacharia', 'paloalto')
dallas_dg = panorama.DeviceGroup('Test') # creating device group object
pano.add(dallas_dg) # adding device group to the panorama object
rulebase = policies.PreRulebase()
dallas_dg.add(rulebase)
rules = policies.SecurityRule.refreshall(rulebase, add=False)
print(f'Before loop: {display_process_id("configd")}')
print(f'Starting timestamp: {datetime.datetime.now()}')
t1_start = time.process_time()
for rule in rules:
if rule.log_setting is None:
rulebase.add(policies.SecurityRule(rule.name,
log_setting='default')).create()
rule.log_setting = None
pano = panorama.Panorama('10.46.164.193', 'zmacharia', 'paloalto')
def display_process_id(process_name):
output_bytes = pano.op('show system software status', xml=True)
output_str = output_bytes.decode('utf-8')
output_lines = output_str.split('\n')
for line in output_lines:
if process_name in line:
return line
display_process_id('configd')
test_dg = panorama.DeviceGroup('Test2') # creating device group object
pano.add(test_dg) # adding device group to the panorama object
rulebase = policies.PreRulebase() # this is a PreRulebase container
test_dg.add(rulebase) # adding the container object to the device group
for rule_number in range(1, 1801):
rule_parameters = [
'test' + str(rule_number), 'L3-Trust', 'L3-Untrust', 'allow'
]
new_rule = policies.SecurityRule(name=rule_parameters[0],
fromzone=rule_parameters[1],
tozone=rule_parameters[2],
action=rule_parameters[3])
rulebase.add(new_rule)
new_rule.create()
