def platform_info(host):
api_call = 'https://' + host + '/api/?type=op&cmd=<show><system><info></info>'
api_call += '</system></show>&key=' + keys.pa_vm_key()
response = requests.get(api_call, verify=False)
if response.status_code == 200:
apikey = keys.pa_vm_key()
return apikey
else:
apikey = keys.pan_vm_key()
return apikey
def commit_force(self):
"""Issues a commit to firewall"""
cf = requests.get('https://' + self.ip + '/api/?type=commit&' + \
'cmd=<commit><force></force></commit>&key=' + \
keys.pa_vm_key(), verify=False)
if cf.status_code == 200:
print(f'Commit to {self.ip} successful!')
def log_at_start(host):
"""Enter a DOCSTRING"""
# apikey = keys.sg_pa_200_key()
apikey = keys.pa_vm_key()
rules = fw_sec_rule_names('10.46.160.82')
for rule in rules:
# for rule in fw_sec_rule_names('47.190.134.39:7443'):
xpath = "https://" + host + "/api/?type=config&action=show&xpath=/config/"
xpath += "devices/entry[@name='localhost.localdomain']/vsys/entry[@name="
xpath += "'vsys1']/rulebase/security/rules/entry[@name='" + rule + "']"
xpath += "&key=" + apikey
print(xpath)
def get_link_mon_group_element():
"""Check if link monitoring is enabled Run function on HA enabled fiewalls.
Use the 'get_ha_status' to query if needed. """
config_data = requests.get('https://' + '10.46.160.219' + '/api/?type=op&cmd=<show>'
'<high-availability><link-monitoring></link-monitoring>'
'</high-availability></show>&key=' +\
keys.pa_vm_key(),verify=False)
config_data_string = config_data.text
config_data_xml = ET.fromstring(config_data_string)
for element in config_data_xml.iter('name'):
if 'ethernet' not in element.text:
print('Interface not configured')
def check_link_monitoring_enabled(self):
"""Check if link monitoring is enabled Run function on HA enabled fiewalls.
Use the 'get_ha_status' to query if needed. """
config_data = requests.get('https://' + self.ip + '/api/?type=op&cmd=<show>'
'<high-availability><link-monitoring></link-monitoring>'
'</high-availability></show>&key=' +\
keys.pa_vm_key(),verify=False)
config_data_string = config_data.text
config_data_xml = ET.fromstring(config_data_string)
# Three 'enabled' elements available in node; only need the second one
for element in islice(config_data_xml.iter('enabled'), 1, 2):
if element.text == 'yes':
return 'Link monitoring is enabled'
else:
return 'Link monitoring not enabled'
def get_ha_status(self):
"""Get Firewall HA Status"""
config_data = requests.get(
'https://' + self.ip + '/api/?type=op&cmd=<show>'
'<high-availability><state></state></high-availability>'
'</show>&key=' + keys.pa_vm_key(),
verify=False)
config_data_string = config_data.text
config_data_xml = ET.fromstring(config_data_string)
# Three 'enabled' elements available in node; only need the first one
for element in islice(config_data_xml.iter('enabled'), 1):
if element.text == 'yes':
return 'HA is enabled'
else:
return 'HA not enabled'
def fw_sec_rule_names(host):
"""Takes Firewall IP address as a string input. Makes an API call to
Fireall and returns security policy names as a string."""
# apikey = keys.sg_pa_200_key()
apikey = keys.pa_vm_key()
xpath = 'https://' + host + "/api/?type=config&action=get&xpath=/config/"
xpath += "devices/entry[@name='localhost.localdomain']/vsys/entry[@name="
xpath += "'vsys1']/rulebase/security/rules&key=" + apikey
output = requests.get(xpath, verify=False)
data = output.text # converts requests response into a string
xml_data = ET.fromstring(data)
rulenames = []
for element in xml_data.iter('entry'):
rulename = element.attrib
rulenames.append(rulename['name'])
return rulenames
import requests
from Keys import keys
url = '192.168.0.1'
api_path = '/api/?type=op&cmd=<request><tech-support><dump></dump>'\
'</tech-support></request>'
full_url = 'https://' + url + api_path + '&key=' + keys.pa_vm_key()
response = (requests.get(full_url, verify=False))
print(response.status_code)
print(full_url)
def generate_tsf(host):
api_call = 'https://' + host + '/api/?type=op&cmd=<request>'
api_call += '<tech-support><dump></dump></tech-support></request>'
api_call += '&key=' + key.apikey.pa
response = requests.get(api_call, verify=False)
if response.status_code == '200':
print('TSF genereted')
print(api_call)
generate_tsf('23.3.3.3')
# def from_file_extract_ips():
# """Reads a file with ip addresses and returns a list of IPs"""
#
# ip_dict = {}
# text_file = input('Enter the name of the text file: ')
# # # print('Source File as is', source_file)
# if '.txt' not in text_file:
def __init__(self, ip):
"""PAWN class instantiation"""
self.ip = ip
self.fw_key = keys.pa_vm_key()
self.pan_key = keys.pan_vm_key()
