Module: firewall¶

Inheritance diagram¶

Configuration tree diagram¶

Class Reference¶

Palo Alto Networks Firewall object

class panos.firewall.Firewall(hostname=None, api_username=None, api_password=None, api_key=None, serial=None, port=443, vsys=None, is_virtual=None, multi_vsys=None, *args, **kwargs)[source]¶

A Palo Alto Networks Firewall

This object can represent a firewall physical chassis, virtual firewall, or individual vsys.

Parameters:

hostname – Hostname or IP of device for API connections
api_username – Username of administrator to access API
api_password – Password of administrator to access API
api_key – The API Key for connecting to the device’s API
serial – The serial number of this firewall
port – Port of device for API connections
vsys – The vsys of this firewall (eg. “vsys1”, “vsys2”, etc.)
is_virtual (bool) – Physical or Virtual firewall
timeout – The timeout for asynchronous jobs
interval – The interval to check asynchronous jobs

apply()[source]¶

Apply this object to the device, replacing any existing object of the same name

Modifies the live device

create()[source]¶

Create this object on the device

Modifies the live device

This method is nondestructive. If the object exists, the variables are added to the device without changing existing variables on the device. If a variables already exists on the device and this object has a different value, the value on the firewall is changed to the value in this object.

create_vsys()[source]¶: Create the vsys on the live device that this Firewall object represents

delete()[source]¶

Delete this object from the firewall

Modifies the live device

delete_vsys()[source]¶: Delete the vsys on the live device that this Firewall object represents

element()[source]¶

Construct an ElementTree for this PanObject and all its children

Parameters:

with_children (bool) – Include children in element.
comparable (bool) – Element will be used in a comparison with another.

Returns:

An ElementTree instance representing the: xml form of this object and its children

Return type:

xml.etree.ElementTree

op(cmd=None, vsys=None, xml=False, cmd_xml=True, extra_qs=None, retry_on_peer=False)[source]¶

Perform operational command on this Firewall

Parameters:	cmd (str) – The operational command to execute vsys (str) – Vsys id. Defaults to the vsys of the firewall or the Vsys object in the parent tree. xml (bool) – Return value should be a string (Default: False) cmd_xml (bool) – True: cmd is not XML, False: cmd is XML (Default: True) extra_qs – Extra parameters for API call retry_on_peer (bool) – Try on active Firewall first, then try on passive Firewall
Returns:	The result of the operational command. May also return a string of XML if xml=True
Return type:	xml.etree.ElementTree

organize_into_vsys(create_vsys_objects=True, refresh_vsys=True)[source]¶

Organizes all imported objects under the appropriate Vsys object.

Parameters:	create_vsys_objects (bool) – Create the vsys objects (True) or use the ones already connected to this firewall (False). refresh_vsys (bool) – Refresh all vsys objects’ parameters before doing the reorganization or not. This is assumed True if create_vsys_objects is True.

refreshall_from_xml(xml, refresh_children=False, variables=None)[source]¶

Factory method to instantiate class from firewall config.

This method is a factory for the class. It takes an xml config from a firewall and generates instances of this class for each item this class represents in the xml config. For example, if the class is AddressObject and there are 5 address objects on the firewall, then this method will generate 5 instances of the class AddressObject.

Parameters:	xml (xml.etree.ElementTree) – A section of XML configuration from a firewall or Panorama. It should not contain the response or result tags. refresh_children (bool) – Refresh children objects or not. variables (iterable) – A list or tuple of the variables to parse from the XML. Note that this is only used when invoked against classes not derived from `VersionedPanObject`.
Returns:	created instances of class
Return type:	list

shared = None¶: Set to True to act on the shared part of this firewall

state = None¶: Panorama state variables refreshed by Panorama

vsys¶

Return the vsys for this object

Traverses the tree to determine the vsys from a panos.firewall.Firewall or panos.device.Vsys instance somewhere before this node in the tree.

Returns:	The vsys id (eg. vsys2)
Return type:	str

class panos.firewall.FirewallCommit(description=None, admins=None, exclude_device_and_network=False, exclude_shared_objects=False, exclude_policy_and_objects=False, force=False)[source]¶

Normalization of a firewall commit.

Instances of this class can be passed in to Firewall.commit() (inherited from panos.base.PanDevice.commit()) as the cmd parameter.

Parameters:

description (str) – The commit message.
admins (list) – (PAN-OS 8.0+) List of admins whose changes are to be committed.
exclude_device_and_network (bool) – Set to True to exclude device and network changes.
exclude_shared_objects (bool) – Set to True to exclude shared objects changes.
exclude_policy_and_objects (bool) – Set to True to exclude policy and objects changes.
force (bool) – Set to True to force a commit even if one is not needed.

element()[source]¶

Returns an xml representation of the commit requested.

Returns:	xml.etree.ElementTree