Module: firewall
Inheritance diagram
Configuration tree diagram
Class Reference
Palo Alto Networks Firewall object
- class panos.firewall.Firewall(hostname=None, api_username=None, api_password=None, api_key=None, serial=None, port=443, vsys=None, is_virtual=None, multi_vsys=None, *args, **kwargs)[source]
A Palo Alto Networks Firewall
This object can represent a firewall physical chassis, virtual firewall, or individual vsys.
- Parameters:
hostname – Hostname or IP of device for API connections
api_username – Username of administrator to access API
api_password – Password of administrator to access API
api_key – The API Key for connecting to the device’s API
serial – The serial number of this firewall
port – Port of device for API connections
vsys – The vsys of this firewall (eg. “vsys1”, “vsys2”, etc.)
is_virtual (bool) – Physical or Virtual firewall
timeout – The timeout for asynchronous jobs
interval – The interval to check asynchronous jobs
- apply()[source]
Apply this object to the device, replacing any existing object of the same name
Modifies the live device
- create()[source]
Create this object on the device
Modifies the live device
This method is nondestructive. If the object exists, the variables are added to the device without changing existing variables on the device. If a variables already exists on the device and this object has a different value, the value on the firewall is changed to the value in this object.
- element()[source]
Construct an ElementTree for this PanObject and all its children
- Parameters:
with_children (bool) – Include children in element.
comparable (bool) – Element will be used in a comparison with another.
- Returns:
- An ElementTree instance representing the
xml form of this object and its children
- Return type:
xml.etree.ElementTree
- op(cmd=None, vsys=None, xml=False, cmd_xml=True, extra_qs=None, retry_on_peer=False, quote='"')[source]
Perform operational command on this Firewall
Operational commands are most any command that is not a debug or config command. These include many ‘show’ commands such as
show system info.When passing the cmd as a command string (not XML) you must include any non-keyword strings in the command inside double quotes (
"). Here’s some examples:# The string "facebook-base" must be in quotes because it is not a keyword fw.op('clear session all filter application "facebook-base"') # The string "ethernet1/1" must be in quotes because it is not a keyword fw.op('show interface "ethernet1/1"') # Using an alternative quote character to get DHCP info on ethernet1/1 fw.op('show dhcp client state `ethernet1/1`', quote='`')
- Parameters:
cmd (str) – The operational command to execute
vsys (str) – Vsys id. Defaults to the vsys of the firewall or the Vsys object in the parent tree.
xml (bool) – Return value should be a string (Default: False)
cmd_xml (bool) – True: cmd is not XML, False: cmd is XML (Default: True)
extra_qs – Extra parameters for API call
retry_on_peer (bool) – Try on active Firewall first, then try on passive Firewall
quote (str) – The quote character when the supplied cmd is a string and cmd_xml=True
- Returns:
The result of the operational command. May also return a string of XML if xml=True
- Return type:
xml.etree.ElementTree
- organize_into_vsys(create_vsys_objects=True, refresh_vsys=True)[source]
Organizes all imported objects under the appropriate Vsys object.
- Parameters:
create_vsys_objects (bool) – Create the vsys objects (True) or use the ones already connected to this firewall (False).
refresh_vsys (bool) – Refresh all vsys objects’ parameters before doing the reorganization or not. This is assumed True if create_vsys_objects is True.
- refreshall_from_xml(xml, refresh_children=False, variables=None)[source]
Factory method to instantiate class from firewall config.
This method is a factory for the class. It takes an xml config from a firewall and generates instances of this class for each item this class represents in the xml config. For example, if the class is AddressObject and there are 5 address objects on the firewall, then this method will generate 5 instances of the class AddressObject.
- Parameters:
xml (xml.etree.ElementTree) – A section of XML configuration from a firewall or Panorama. It should not contain the response or result tags.
refresh_children (bool) – Refresh children objects or not.
variables (iterable) – A list or tuple of the variables to parse from the XML. Note that this is only used when invoked against classes not derived from
VersionedPanObject.
- Returns:
created instances of class
- Return type:
list
Set to True to act on the shared part of this firewall
- state
Panorama state variables refreshed by Panorama
- property vsys
Return the vsys for this object
Traverses the tree to determine the vsys from a
panos.firewall.Firewallorpanos.device.Vsysinstance somewhere before this node in the tree.- Returns:
The vsys id (eg. vsys2)
- Return type:
str
- class panos.firewall.FirewallCommit(description=None, admins=None, exclude_device_and_network=False, exclude_shared_objects=False, exclude_policy_and_objects=False, force=False)[source]
Normalization of a firewall commit.
Instances of this class can be passed in to
Firewall.commit()(inherited frompanos.base.PanDevice.commit()) as thecmdparameter.- Parameters:
description (str) – The commit message.
admins (list) – (PAN-OS 8.0+) List of admins whose changes are to be committed.
exclude_device_and_network (bool) – Set to True to exclude device and network changes.
exclude_shared_objects (bool) – Set to True to exclude shared objects changes.
exclude_policy_and_objects (bool) – Set to True to exclude policy and objects changes.
force (bool) – Set to True to force a commit even if one is not needed.