def main(): args = get_cli_arguments() setup_logging(args) # The Panorama object. This is the root object of the config tree. pano = panorama.Panorama( hostname=HOSTNAME, api_key=APIKEY, ) # Add the devicegroup as a child of the Panorama if args.devicegroup is not None: scope = pano.add(panorama.DeviceGroup(args.devicegroup)) else: scope = pano # Create a security rule in the required scope rulebase = scope.add(policies.PreRulebase()) rule = rulebase.add( policies.SecurityRule( args.name, args.szone, args.dzone, source=args.saddr, destination=args.daddr, application=args.application, action=args.action, log_setting=args.log, group=args.group, virus=args.virus, spyware=args.spyware, vulnerability=args.threat, url_filtering=args.url, file_blocking=args.file, wildfire_analysis=args.wildfire, data_filtering=args.data, tag=args.tag, description=args.description, )) # Push the new security rule to the live Panorama device rule.create() if args.above is not None: pano.xapi.move(rule.xpath(), "before", args.above)
def create_security_rule(**kwargs): """ Create a security rule object and return the object handle """ security_rule = policies.SecurityRule( name=kwargs['rule_name'], description=kwargs['description'], fromzone=kwargs['source_zone'], #source=kwargs['source_ip'], source_user=kwargs['source_user'], hip_profiles=kwargs['hip_profiles'], tozone=kwargs['destination_zone'], destination=kwargs['destination_ip'], application=kwargs['application'], service=kwargs['service'], category=kwargs['category'], log_start=kwargs['log_start'], log_end=kwargs['log_end'], action=kwargs['action'], type=kwargs['rule_type'] ) if 'tag_name' in kwargs: security_rule.tag = kwargs['tag_name'] # profile settings if 'group_profile' in kwargs: security_rule.group = kwargs['group_profile'] else: if 'antivirus' in kwargs: security_rule.virus = kwargs['antivirus'] if 'vulnerability' in kwargs: security_rule.vulnerability = kwargs['vulnerability'] if 'spyware' in kwargs: security_rule.spyware = kwargs['spyware'] if 'url_filtering' in kwargs: security_rule.url_filtering = kwargs['url_filtering'] if 'file_blocking' in kwargs: security_rule.file_blocking = kwargs['file_blocking'] if 'data_filtering' in kwargs: security_rule.data_filtering = kwargs['data_filtering'] if 'wildfire_analysis' in kwargs: security_rule.wildfire_analysis = kwargs['wildfire_analysis'] return security_rule
def from_criteria(cls, criteria): """Create an instance from the provided criteria """ logging_criteria = criteria.get('logging', []) pandevice_object = policies.SecurityRule() pandevice_object.name = criteria['name'] pandevice_object.description = criteria.get('description', '') pandevice_object.action = criteria[ 'action'] # we expect it to be human readable at this point, map it later if 'start' in logging_criteria or 'both' in logging_criteria: pandevice_object.log_start = True if 'end' in logging_criteria or 'both' in logging_criteria: pandevice_object.log_end = True return cls(pandevice_object)
if process_name in line: return line pano = panorama.Panorama('10.46.164.193', 'zmacharia', 'paloalto') dallas_dg = panorama.DeviceGroup('Test') # creating device group object pano.add(dallas_dg) # adding device group to the panorama object rulebase = policies.PreRulebase() dallas_dg.add(rulebase) rules = policies.SecurityRule.refreshall(rulebase, add=False) print(f'Before loop: {display_process_id("configd")}') print(f'Starting timestamp: {datetime.datetime.now()}') t1_start = time.process_time() for rule in rules: if rule.log_setting is None: rulebase.add(policies.SecurityRule(rule.name, log_setting='default')).create() rule.log_setting = None rule.tozone = 'L3-Untrust' rule.fromzone = 'L3-Trust' rule.apply() t1_stop = time.process_time() print(f'After loop: {display_process_id("configd")}') print(f'Stopping timestamp: {datetime.datetime.now()}') print(f'Elapsed time: {t1_stop-t1_start}')
pano = panorama.Panorama('10.46.164.193', 'zmacharia', 'paloalto') def display_process_id(process_name): output_bytes = pano.op('show system software status', xml=True) output_str = output_bytes.decode('utf-8') output_lines = output_str.split('\n') for line in output_lines: if process_name in line: return line display_process_id('configd') test_dg = panorama.DeviceGroup('Test2') # creating device group object pano.add(test_dg) # adding device group to the panorama object rulebase = policies.PreRulebase() # this is a PreRulebase container test_dg.add(rulebase) # adding the container object to the device group for rule_number in range(1, 1801): rule_parameters = [ 'test' + str(rule_number), 'L3-Trust', 'L3-Untrust', 'allow' ] new_rule = policies.SecurityRule(name=rule_parameters[0], fromzone=rule_parameters[1], tozone=rule_parameters[2], action=rule_parameters[3]) rulebase.add(new_rule) new_rule.create()