예제 #1
0
def main():

    signal.signal(signal.SIGINT, keyboardInterruptHandler)

    try:
        pano = panorama.Panorama(ip, user, pw)

        dg = panorama.DeviceGroup(DEVICE_GROUP)
        pano.add(dg)

        postrulebase = policies.PostRulebase()
        dg.add(postrulebase)

        rule_refresh = policies.SecurityRule.refreshall(postrulebase)

        rule_list = postrulebase.children

        for rule in rule_list:
            if SPLIT_DISABLED or (not SPLIT_DISABLED and not rule.disabled):
                if len(rule.fromzone) > 1 and len(rule.tozone) > 1:
                    if rule.tag == None or not RULE_TAG in rule.tag:
                        rule_clone(rule, pano, postrulebase)

        print('')
        print('Total source rules cloned: ' + str(i))

    except Exception as e:
        print(e)
        print('Error.  Verify credentials/device address/device group name and try again.')
        exit(0)
예제 #2
0
def main():
    pano = Panorama(panip, api_key=key)
    # Use devicegroup dg
    devicegroup = panorama.DeviceGroup(dg)
    pano.add(devicegroup)

    # Get all the post rules
    postrulebase = policies.PostRulebase()
    devicegroup.add(postrulebase)
    current_security_rules = pandevice.policies.SecurityRule.refreshall(
        postrulebase)

    for rule in current_security_rules:
        print rule.name
예제 #3
0
def get_rulebase(device, devicegroup, is_post_rule):
    # Build the rulebase
    if isinstance(device, pandevice.firewall.Firewall):
        rulebase = pandevice.policies.Rulebase()
        device.add(rulebase)
    elif isinstance(device, pandevice.panorama.Panorama):
        dg = panorama.DeviceGroup(devicegroup)
        device.add(dg)
        if is_post_rule:
            rulebase = policies.PostRulebase()
        else:
            rulebase = policies.PreRulebase()

        dg.add(rulebase)
    else:
        return False
    policies.SecurityRule.refreshall(rulebase)
    return rulebase