def main(): signal.signal(signal.SIGINT, keyboardInterruptHandler) try: pano = panorama.Panorama(ip, user, pw) dg = panorama.DeviceGroup(DEVICE_GROUP) pano.add(dg) postrulebase = policies.PostRulebase() dg.add(postrulebase) rule_refresh = policies.SecurityRule.refreshall(postrulebase) rule_list = postrulebase.children for rule in rule_list: if SPLIT_DISABLED or (not SPLIT_DISABLED and not rule.disabled): if len(rule.fromzone) > 1 and len(rule.tozone) > 1: if rule.tag == None or not RULE_TAG in rule.tag: rule_clone(rule, pano, postrulebase) print('') print('Total source rules cloned: ' + str(i)) except Exception as e: print(e) print('Error. Verify credentials/device address/device group name and try again.') exit(0)
def main(): pano = Panorama(panip, api_key=key) # Use devicegroup dg devicegroup = panorama.DeviceGroup(dg) pano.add(devicegroup) # Get all the post rules postrulebase = policies.PostRulebase() devicegroup.add(postrulebase) current_security_rules = pandevice.policies.SecurityRule.refreshall( postrulebase) for rule in current_security_rules: print rule.name
def get_rulebase(device, devicegroup, is_post_rule): # Build the rulebase if isinstance(device, pandevice.firewall.Firewall): rulebase = pandevice.policies.Rulebase() device.add(rulebase) elif isinstance(device, pandevice.panorama.Panorama): dg = panorama.DeviceGroup(devicegroup) device.add(dg) if is_post_rule: rulebase = policies.PostRulebase() else: rulebase = policies.PreRulebase() dg.add(rulebase) else: return False policies.SecurityRule.refreshall(rulebase) return rulebase