Examples
Example scripts
There are several example scripts written as CLI programs in the [examples directory](https://github.com/PaloAltoNetworks/pan-os-python/tree/develop/examples).
Cookbook examples
Get the version of a firewall
from panos.firewall import Firewall
fw = Firewall("10.0.0.1", "admin", "mypassword")
version = fw.refresh_system_info().version
print version
Example output:
10.0.3
We use refresh_system_info()
here instead of an op commands because this
method saves the version information to the Firewall object which tells all
future API calls what format to use to be compatible with this version.
Print a firewall rule
from panos.firewall import Firewall
from panos.policies import Rulebase, SecurityRule
# Create a config tree for the rule
fw = Firewall("10.0.0.1", "admin", "mypassword", vsys="vsys1")
rulebase = fw.add(Rulebase())
rule = rulebase.add(SecurityRule("my-rule"))
# Refresh the rule from the live device and print it
rule.refresh()
print(rule.about())
List of firewall rules by name
from panos.firewall import Firewall
from panos.policies import Rulebase, SecurityRule
# Create config tree and refresh rules from live device
fw = Firewall("10.0.0.1", "admin", "mypassword", vsys="vsys1")
rulebase = fw.add(Rulebase())
rules = SecurityRule.refreshall(rulebase)
for rule in rules:
print(rule.name)
List of pre-rules on Panorama
from panos.panorama import Panorama
from panos.policies import PreRulebase, SecurityRule
# Create config tree and refresh rules from live device
pano = Panorama("10.0.0.1", "admin", "mypassword")
pre_rulebase = pano.add(PreRulebase())
rules = SecurityRule.refreshall(pre_rulebase)
for rule in rules:
print(rule.name)
List firewall devices in Panorama
Print the serial, hostname, and management IP of all firewalls that Panorama knows about.
from panos.panorama import Panorama
from panos.device import SystemSettings
# Create config tree root
pano = Panorama("10.0.0.1", "admin", "mypassword")
# Refresh firewalls from live Panorama
devices = pano.refresh_devices(expand_vsys=False, include_device_groups=False)
# Print each firewall's serial and management IP
for device in devices:
system_settings = device.find("", SystemSettings)
print(f"{device.serial} {system_settings.hostname} {system_settings.ip_address}")
Example output:
310353000003333 PA-VM-1 10.1.1.1
310353000003334 PA-VM-2 10.1.1.2
Upgrade a firewall
from panos.firewall import Firewall
fw = Firewall("10.0.0.1", "admin", "mypassword")
fw.software.upgrade_to_version("10.1.5")
This simple example will upgrade from any previous version to the target version and handle all intermediate upgrades and reboots.