Module: network
Inheritance diagram
Configuration tree diagram
Class Reference
Network module contains objects that exist in the ‘Network’ tab in the firewall GUI
- class panos.network.AbstractSubinterface(name, tag, parent=None)[source]
When a subinterface is needed, but the layer is unknown
Kindof like a placeholder or reference for a Layer2Subinterface or Layer3Subinterface. This class gets a parent which is the ethernet or aggregate interface, but it should not be added to the parent interface with add().
- Parameters:
name (str) – Name of the interface (eg. ethernet1/1.5)
tag (int) – Tag for the interface, aka vlan id
parent (Interface) – The base interface for this subinterface
- delete()[source]
Deletes both Layer3 and Layer2 subinterfaces by name
This is necessary because an AbstractSubinterface’s mode is unknown.
- get_layered_subinterface(mode, add=True)[source]
Instantiate a regular subinterface type from this AbstractSubinterface
Converts an abstract subinterface to a real subinterface by offering it a mode.
- Parameters:
mode (str) – Mode of the subinterface (‘layer3’ or ‘layer2’)
add (bool) – Add the newly instantiated subinterface to the base interface object
- Returns:
A
panos.network.Layer3Subinterface
orpanos.network.Layer2Subinterface
instance, depending on the mode argument- Return type:
- nearest_pandevice()[source]
The PanDevice parent for this instance
- Returns:
Parent PanDevice instance (Firewall or Panorama)
- Return type:
PanDevice
- set_name()[source]
Create a name appropriate for a subinterface if it isn’t already created
Example
If self.name is ‘ethernet1/1’ and self.tag is 5, this method will change the name to ‘ethernet1/1.5’.
- set_virtual_router(virtual_router_name, refresh=False, update=False, running_config=False)[source]
Set the virtual router for this interface
Creates a reference to this interface in the specified virtual router and removes references to this interface from all other virtual routers. The virtual router will be created if it doesn’t exist.
- Parameters:
virtual_router_name (str) – The name of the VirtualRouter or a
panos.network.VirtualRouter
instancerefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
- Returns:
The zone for this interface after the operation completes
- Return type:
- class panos.network.AggregateInterface(*args, **kwargs)[source]
Aggregate interface (eg. ‘ae1’)
- Parameters:
name (str) – Name of interface (eg. ‘ae1’)
mode (str) –
- Mode of the interface:
layer3
layer2
virtual-wire
ha
Not all modes apply to all interface types (Default: layer3)
ip (tuple) – Layer3: Interface IPv4 addresses
ipv6_enabled (bool) – Layer3: IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Layer3: Interface Management Profile
mtu (int) – Layer3: MTU for interface
adjust_tcp_mss (bool) – Layer3: Adjust TCP MSS
netflow_profile (str) – Netflow profile
lldp_enabled (bool) – Enable LLDP
lldp_profile (str) – Reference to an lldp profile
comment (str) – The interface’s comment
ipv4_mss_adjust (int) – Layer3: TCP MSS adjustment for ipv4
ipv6_mss_adjust (int) – Layer3: TCP MSS adjustment for ipv6
enable_dhcp (bool) – Enable DHCP on this interface
create_dhcp_default_route (bool) – Layer3: Create default route pointing to default gateway provided by server
dhcp_default_route_metric (int) – Layer3: Metric for the DHCP default route
lacp_enable (bool) – Enables LACP
lacp_passive_pre_negotiation (bool) – Enable LACP passive pre-negotiation, off by default
lacp_mode (str) – Set LACP mode to ‘active’ or ‘passive’
lacp_rate (str) – Set LACP transmission-rate to ‘fast’ or ‘slow’
lacp_fast_failover (bool) – Enable fast failover for LACP
- class panos.network.Arp(*args, **kwargs)[source]
Static ARP Mapping
Can be added to various interfaces.
- Parameters:
ip (str) – The IP address
hw_address (str) – The MAC address for the static ARP
interface (str) – The interface (when attached to VlanInterface only)
- class panos.network.Bgp(*args, **kwargs)[source]
BGP Process
- Parameters:
enable (bool) – Enable BGP (Default: True)
router_id (str) – Router ID in IP format (eg. 1.1.1.1)
reject_default_route (bool) – Reject default route
allow_redist_default_route (bool) – Allow redistribution in default route
install_route (bool) – Populate BGP learned route to global route table
ecmp_multi_as (bool) – Support multiple AS in ECMP
enforce_first_as (bool) – Enforce First AS for EBGP
local_as (int) – local AS number
global_bfd_profile (str) – BFD Profile
- class panos.network.BgpAuthProfile(*args, **kwargs)[source]
BGP Authentication Profile
- Parameters:
name (str) – Name of Auth Profile
secret (str) – shared secret for the TCP MD5 authentication.
- class panos.network.BgpDampeningProfile(*args, **kwargs)[source]
BGP Dampening Profile
- Parameters:
name (str) – Name of Dampening Profile
enable (bool) – Enable profile (Default: True)
cutoff (float) – Cutoff threshold value
reuse (float) – Reuse threshold value
max_hold_time (int) – Maximum of hold-down time (in seconds)
decay_half_life_reachable (int) – Decay half-life while reachable (in seconds)
decay_half_life_unreachable (int) – Decay half-life while unreachable (in seconds)
- class panos.network.BgpOutboundRouteFilter(*args, **kwargs)[source]
BGP Outbound Route Filtering
NOTE: This functionality is not enabled yet in PanOS
- Parameters:
enable (bool) – enable prefix-based outbound route filtering.
max_received_entries (int) – maximum of ORF prefixes to receive.
cisco_prefix_mode (bool) – ORF vendor-compatible mode
- class panos.network.BgpPeer(*args, **kwargs)[source]
BGP Peer
- Parameters:
name (str) – Name of BGP Peer
enable (bool) – Enable Peer (Default: True)
peer_as (str) – peer AS number
enable_mp_bgp (bool) – enable MP-BGP extentions
address_family_identifier (str) – peer address family type * ipv4 * ipv6
subsequent_address_unicast (bool) – select SAFI for this peer
subsequent_address_multicast (bool) – select SAFI for this peer
local_interface (str) – interface to accept BGP session
local_interface_ip (str) – specify exact IP address if interface has multiple addresses
peer_address_ip (str) – IP address of peer
connection_authentication (str) – BGP auth profile name
connection_keep_alive_interval (int) – keep-alive interval (in seconds)
connection_min_route_adv_interval (int) – Minimum Route Advertisement Interval (in seconds)
connection_multihop (int) – IP TTL value used for sending BGP packet. set to 0 means eBGP use 2, iBGP use 255
connection_open_delay_time (int) – open delay time (in seconds)
connection_hold_time (int) – hold time (in seconds)
connection_idle_hold_time (int) – idle hold time (in seconds)
connection_incoming_allow (bool) – allow incoming connections
connection_outgoing_allow (bool) – allow outgoing connections
connection_incoming_remote_port (int) – restrict remote port for incoming BGP connections
connection_outgoing_local_port (int) – use specific local port for outgoing BGP connections
enable_sender_side_loop_detection (bool) –
reflector_client (str) –
non-client
client
meshed-client
peering_type (str) –
unspecified
bilateral
max_prefixes (int) – maximum of prefixes to receive from peer
bfd_profile (str) – BFD configuration * Inherit-vr-global-setting * None * Pre-existing BFD profile name * None
- class panos.network.BgpPeerGroup(*args, **kwargs)[source]
BGP Peer Group
- Parameters:
name (str) – Name of BGP Peer Group
enable (bool) – Enable Peer Group (Default: True)
aggregated_confed_as_path (bool) – the peers understand aggregated confederation AS path
soft_reset_with_stored_info (bool) – soft reset with stored info
type (str) – peer group type I(‘ebgp’)/I(‘ibgp’)/I(‘ebgp-confed’)/I(‘ibgp-confed’)
export_nexthop (str) – export locally resolved nexthop I(‘resolve’)/I(‘use-self’)
import_nexthop (str) – override nexthop with peer address I(‘original’)/I(‘use-peer’), only with ‘ebgp’
remove_private_as (bool) – remove private AS when exporting route, only with ‘ebgp’
- class panos.network.BgpPolicyAddressPrefix(*args, **kwargs)[source]
BGP Policy Address Prefix with Exact
- Parameters:
name (str) – address prefix
exact (str) – match exact prefix length
- class panos.network.BgpPolicyAdvertiseFilter(*args, **kwargs)[source]
BGP Policy Advertise Filter
- Parameters:
name (str) – Name of filter
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – Community AS-path regular expression
match_extended_community_regex (str) – Extended Community AS-path regular expression
- class panos.network.BgpPolicyAggregationAddress(*args, **kwargs)[source]
BGP Policy Aggregation Address
- Parameters:
name (str) – Sddress prefix
enable (bool) – Enable aggregation for this prefix
prefix (str) – Aggregating address prefix
summary (bool) – Summarize route
as_set (bool) – Generate AS-set attribute
attr_local_preference (int) – New local preference value
attr_med (int) – New MED value
attr_weight (int) – New weight value
attr_nexthop (str) – Nexthop address
attr_origin (str) – New route origin * igp * egp * incomplete
attr_as_path_limit (int) – Add AS path limit attribute if it does not exist
attr_as_path_type (str) – AS path update options * none (string, not to be confused with the Python type None) * remove * prepend * remove-and-prepend
attr_as_path_prepend_times (int) – Prepend local AS for specified number of times * only valid when attr_as_path_type is ‘prepend’ or ‘remove-and-prepend’
attr_community_type (str) – Community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
attr_community_argument (str) – Argument to the attr community value if needed * None * local-as * no-advertise * no-export * nopeer * regex * 32-bit value * AS:VAL
attr_extended_community_type (str) – Extended community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
attr_extended_community_argument (str) – Argument to the attr extended community value if needed
- class panos.network.BgpPolicyConditionalAdvertisement(*args, **kwargs)[source]
BGP Conditional Advertisement Policy
- Parameters:
name (str) – Name of Conditional Advertisement Policy
enable (bool) – enable prefix-based outbound route filtering.
used_by (list) – peer-groups that use this rule.
- class panos.network.BgpPolicyExportRule(*args, **kwargs)[source]
BGP Policy Export Rule
- Parameters:
name (str) – The name
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – AS-path regular expression
match_extended_community_regex (str) – AS-path regular expression
used_by (list) – Peer-groups that use this rule.
action (str) – The action
action_local_preference (int) – New local preference value
action_med (int) – New MED value
action_nexthop (str) – Nexthop address
action_origin (str) – New route origin * igp * egp * incomplete
action_as_path_limit (int) – Add AS path limit attribute if it does not exist
action_as_path_type (str) – AS path update options * none (string, not to be confused with the Python type None) * remove * prepend * remove-and-prepend
action_as_path_prepend_times (int) – Prepend local AS for specified number of times * only valid when action_as_path_type is ‘prepend’ or ‘remove-and-prepend’
action_community_type (str) – Community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_community_argument (str) – Argument to the action community value if needed * None * regex
action_community_modifier (str) – Argument to the action community value when type is ‘append’ or ‘overwrite’ * local-as * no-advertise * no-export * nopeer * 32-bit value * AS:VAL
action_extended_community_type (str) – Extended community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_extended_community_argument (str) – Argument to the action extended community value if needed
- class panos.network.BgpPolicyFilter(*args, **kwargs)[source]
Base class for BGP Policy Match Filters
- Do not instantiate this class, use one of:
BgpPolicyImportRule
BgpPolicyExportRule
- Parameters:
name (str) – Name of filter
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – Community AS-path regular expression
match_extended_community_regex (str) – Extended Community AS-path regular expression
- class panos.network.BgpPolicyImportRule(*args, **kwargs)[source]
BGP Policy Import Rule
- Parameters:
name (str) – The name
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – AS-path regular expression
match_extended_community_regex (str) – AS-path regular expression
used_by (list) – Peer-groups that use this rule.
action (str) – The action
action_local_preference (int) – New local preference value
action_med (int) – New MED value
action_nexthop (str) – Nexthop address
action_origin (str) – New route origin * igp * egp * incomplete
action_as_path_limit (int) – Add AS path limit attribute if it does not exist
action_as_path_type (str) – AS path update options * none (string, not to be confused with the Python type None) * remove * prepend * remove-and-prepend
action_as_path_prepend_times (int) – Prepend local AS for specified number of times * only valid when action_as_path_type is ‘prepend’ or ‘remove-and-prepend’
action_community_type (str) – Community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_community_argument (str) – Argument to the action community value if needed * None * regex
action_community_modifier (str) – Argument to the action community value when type is ‘append’ or ‘overwrite’ * local-as * no-advertise * no-export * nopeer * 32-bit value * AS:VAL
action_extended_community_type (str) – Extended community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_extended_community_argument (str) – Argument to the action extended community value if needed
action_dampening (str) – Route flap dampening profile
action_weight (int) – New weight value
- class panos.network.BgpPolicyNonExistFilter(*args, **kwargs)[source]
BGP Policy Non-Exist Filter
- Parameters:
name (str) – Name of filter
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – Community AS-path regular expression
match_extended_community_regex (str) – Extended Community AS-path regular expression
- class panos.network.BgpPolicyRule(*args, **kwargs)[source]
Base class for BGP Policy Import/Export Rules
- Do not instantiate this class, use one of:
BgpPolicyImportRule
BgpPolicyExportRule
- Parameters:
name (str) – The name
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – AS-path regular expression
match_extended_community_regex (str) – AS-path regular expression
used_by (list) – Peer-groups that use this rule.
action (str) – The action
action_local_preference (int) – New local preference value
action_med (int) – New MED value
action_nexthop (str) – Nexthop address
action_origin (str) – New route origin * igp * egp * incomplete
action_as_path_limit (int) – Add AS path limit attribute if it does not exist
action_as_path_type (str) – AS path update options * none (string, not to be confused with the Python type None) * remove * prepend * remove-and-prepend
action_as_path_prepend_times (int) – Prepend local AS for specified number of times * only valid when action_as_path_type is ‘prepend’ or ‘remove-and-prepend’
action_community (str) – Community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_community_argument (str) – Argument to the action community value if needed * None * regex
action_community_modifier (str) – Argument to the action community value when type is ‘append’ or ‘overwrite’ * local-as * no-advertise * no-export * nopeer * 32-bit value * AS:VAL
action_extended_community_type (str) – Extended community update options * none (string, not to be confused with the Python type None) * remove-all * remove-regex * append * overwrite
action_extended_community_argument (str) – Argument to the action extended community value if needed
- class panos.network.BgpPolicySuppressFilter(*args, **kwargs)[source]
BGP Policy Suppress Filter
- Parameters:
name (str) – Name of filter
enable (bool) – Enable rule.
match_afi (str) – Address Family Identifier * ip * ipv6
match_safi (str) – Subsequent Address Family Identifier * ip * ipv6
match_route_table (str) – Route table to match rule * unicast * multicast * both
match_nexthop (list) – Next-hop attributes
match_from_peer (list) – Filter by peer that sent this route
match_med (int) – Multi-Exit Discriminator
match_as_path_regex (str) – AS-path regular expression
match_community_regex (str) – Community AS-path regular expression
match_extended_community_regex (str) – Extended Community AS-path regular expression
- class panos.network.BgpRedistributionRule(*args, **kwargs)[source]
BGP Policy Address Prefix with Exact
- Parameters:
name (str) – Redistribution profile name
enable (bool) – Enable redistribution rule.
address_family_identifier (str) – Select redistribution profile type * ipv4 * ipv6
route_table (str) – Select destination SAFI for redistribution * unicast * multicast * both
set_origin (str) – Add the ORIGIN path attribute * igp * egp * incomplete
set_med (int) – Add the MULTI_EXIT_DISC path attribute
set_local_preference (int) – Add the LOCAL_PREF path attribute
set_as_path_limit (int) – Add the AS_PATHLIMIT path attribute
set_community (list) – Add the COMMUNITY path attribute
set_extended_community (list) – Add the EXTENDED COMMUNITY path attribute
metric (int) – Metric value
- class panos.network.BgpRoutingOptions(*args, **kwargs)[source]
BGP Routing Options
- Parameters:
as_format (str) – AS format (‘2-byte’/’4-byte’)
always_compare_med (bool) – always compare MEDs
deterministic_med_comparison (bool) – deterministic MEDs comparison
default_local_preference (int) – default local preference
graceful_restart_enable (bool) – enable graceful restart
gr_stale_route_time (int) – time to remove stale routes after peer restart (in seconds)
gr_local_restart_time (int) – local restart time to advertise to peer (in seconds)
gr_max_peer_restart_time (int) – maximum of peer restart time accepted (in seconds)
reflector_cluster_id (str) – route reflector cluster ID
confederation_member_as (str) – 32-bit value in decimal or dot decimal AS.AS format
aggregate_med (bool) – aggregate route only if they have same MED attributes
- class panos.network.Dhcp(*args, **kwargs)[source]
DHCP config.
- Parameters:
name (str) – Interface name.
- class panos.network.DhcpRelay(*args, **kwargs)[source]
DHCP relay config.
- Parameters:
name (str) – The (interface) name
enabled (bool) – Enabled.
servers (list) – Relay server IP addresses.
ipv6_enabled (bool) – Enable DHCPv6 relay.
- class panos.network.DhcpRelayIpv6Address(*args, **kwargs)[source]
DHCP relay IPv6 address.
- Parameters:
name (str) – DHCP server IPv6 address.
interface (str) – Outgoing interface when using an IPv6 multicast address for the DHCPv6 server.
- class panos.network.EthernetInterface(*args, **kwargs)[source]
Ethernet interface (eg. ‘ethernet1/1’)
- Parameters:
name (str) – Name of interface (eg. ‘ethernet1/1’)
mode (str) –
- Mode of the interface:
layer3
layer2
virtual-wire
tap
ha
decrypt-mirror
aggregate-group
Not all modes apply to all interface types (Default: layer3)
ip (tuple) – Layer3: Interface IPv4 addresses
ipv6_enabled (bool) – Layer3: IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Layer3: Interface Management Profile
mtu (int) – Layer3: MTU for interface
adjust_tcp_mss (bool) – Layer3: Adjust TCP MSS
netflow_profile (str) – Netflow profile
lldp_enabled (bool) – Layer2: Enable LLDP
lldp_profile (str) – Layer2: Reference to an lldp profile
netflow_profile_l2 (str) – Netflow profile
link_speed (str) – Link speed: eg. auto, 10, 100, 1000
link_duplex (str) – Link duplex: eg. auto, full, half
link_state (str) – Link state: eg. auto, up, down
aggregate_group (str) – Aggregate interface (eg. ae1)
comment (str) – The interface’s comment
ipv4_mss_adjust (int) – (PAN-OS 7.1+) TCP MSS adjustment for ipv4
ipv6_mss_adjust (int) – (PAN-OS 7.1+) TCP MSS adjustment for ipv6
enable_dhcp (bool) – Enable DHCP on this interface
create_dhcp_default_route (bool) – Create default route pointing to default gateway provided by server
dhcp_default_route_metric (int) – Metric for the DHCP default route
enable_untagged_subinterface (bool) – (PAN-OS 7.1+) Enable untagged subinterface
decrypt_forward (bool) – (PAN-OS 8.1+) Decrypt forward.
rx_policing_rate (int) – (PAN-OS 8.1+) Receive policing rate
tx_policing_rate (int) – (PAN-OS 8.1+) Transmit policing rate
dhcp_send_hostname_enable (bool) – Enable send firewall or custom hostname to DHCP server
dhcp_send_hostname_value (string) – Set interface hostname
- class panos.network.GreTunnel(*args, **kwargs)[source]
GRE Tunnel configuration.
Note: This is valid for PAN-OS 9.0+
- Parameters:
name – GRE tunnel name.
interface – Interface to terminate tunnel.
local_address_type – Type of local address. Can be “ip” (default) or “floating-ip”.
local_address_value – IP address value.
peer_address – Peer IP address.
tunnel_interface – To apply GRE tunnels to tunnel interface.
ttl (int) – TTL.
copy_tos (bool) – Copy IP TOS bits from inner packet to GRE packet.
enable_keep_alive (bool) – Enable tunnel monitoring.
keep_alive_interval (int) – Interval.
keep_alive_retry (int) – Retry.
keep_alive_hold_timer (int) – Hold timer.
disabled (bool) – Disable the GRE tunnel.
- class panos.network.IPv6Address(*args, **kwargs)[source]
IPv6 Address
Can be added to any
panos.network.Interface
subclass that supports IPv6.- Parameters:
address (str) – The IPv6 address
enable_on_interface (bool) – Enabled IPv6 on the interface this object was added to
prefix (bool) – Use interface ID as host portion
anycast (bool) – Enable anycast
advertise_enabled (bool) – Enabled router advertisements
valid_lifetime (int) – Valid lifetime
preferred_lifetime (int) – Preferred lifetime
onlink_flag (bool) –
auto_config_flag (bool) –
- class panos.network.IkeCryptoProfile(*args, **kwargs)[source]
IKE SA proposal.
- Parameters:
name – IKE crypto profile name
dh_group (string/list) – phase-1 DH group: group1, group2, group5, group14, group19 (7.0+), or group20 (7.0+).
authentication (string/list) – hashing algorithm: md5, sha1, sha256, sha384, or sha512.
encryption (string/list) – encryption algorithm: des (7.1+), 3des, aes128 / aes-128-cbc, aes192 / aes-192-cbc, or aes256 / aes-256-cbc. If you need to be able to work with older than 7.0 firewalls, then use set_encryption().
lifetime_seconds (int) – IKE SA lifetime in seconds
lifetime_minutes (int) – IKE SA lifetime in minutes
lifetime_hours (int) – IKE SA lifetime in hours
lifetime_days (int) – IKE SA lifetime in days
authentication_multiple (int) – (7.0+) IKEv2 SA reauthentication interval equals authentication_multiple * lifetime; 0 means reauthentication is disabled.
- set_encryption(value)[source]
Version agnostic set for encryption.
This object should be connected to a panos.Firewall before invocation.
- Valid values include the following:
des (7.1+)
3des
aes128
aes-128-cbc
aes192
aes-192-cbc
aes256
aes-256-cbc
- Raises:
PanDeviceNotSet – if there is no Firewall in the object tree
ValueError – if value is not one of the above, or you attempt to configure 3des with this object connected to a PANOS 7.0 or earlier firewall.
- class panos.network.IkeGateway(*args, **kwargs)[source]
IKE Gateway.
- Parameters:
name – IKE gateway name
version – (7.0+) ikev1, ikev2, or ikev2-prefered (default: ikev1)
enable_ipv6 (bool) – (7.0+) enable IPv6
disabled (bool) – (7.0+) disable this object
peer_ip_type – ip, dynamic, or fqdn (8.1+) (default: ip)
peer_ip_value – the IP for peer_ip_type of ‘ip’ or ‘fqdn’
interface – local gateway end-point
local_ip_address_type – ip or floating-ip
local_ip_address – IP address if interface has multiple addresses
auth_type – pre-shared-key or certificate (default: pre-shared-key)
pre_shared_key – The string used as pre-shared key
local_id_type – ipaddr, fqdn, ufqdn, keyid, or dn
local_id_value – The value for local_id_type
peer_id_type – ipaddr, fqdn, ufqdn, keyid, or dn
peer_id_value – The value for peer_id_type
peer_id_check – exact or wildcard (default: exact)
local_cert – Local certificate name
cert_enable_hash_and_url (bool) – (7.0+) Use hash-and-url for local certificate.
cert_base_url – (7.0+) The host and directory part of URL for local certificates (http only).
cert_use_management_as_source (bool) – (7.0+) Use management interface IP as source to retrieve http certificates
cert_permit_payload_mismatch (bool) – Permit peer identification and certificate payload identification mismatch.
cert_profile – Local certificate name
cert_enable_strict_validation (bool) – Enable strict validation of peer’s extended key use
enable_passive_mode (bool) – Enable passive mode (responder only)
enable_nat_traversal (bool) – Enable NAT traversal
nat_traversal_keep_alive (int) – sending interval for NAT keep-alive packets (in seconds)
nat_traversal_enable_udp_checksum (bool) – enable UDP checksum
enable_fragmentation (bool) – Enable IKE fragmentation
ikev1_exchange_mode – auto, main, or aggressive
ikev1_crypto_profile – IKE SA crypto oprofile name
enable_dead_peer_detection (bool) – enable Dead-Peer-Detection
dead_peer_detection_interval (int) – sending interval for probing packets (in seconds)
dead_peer_detection_retry (int) – number of retries before disconnection
ikev1_send_commit_bit (bool) – Send commit bit
ikev1_initial_contact (bool) – send initial contact
ikev2_crypto_profile – (7.0+) IKE SE crypto profile name
ikev2_cookie_validation (bool) – (7.0+) require cookie
ikev2_send_peer_id (bool) – (7.0+) send peer ID
enable_liveness_check (bool) – (7.0+) enable sending empty information liveness check message
liveness_check_interval (int) – (7.0+) delay interval before sending probing packets (in seconds)
- class panos.network.Interface(*args, **kwargs)[source]
Base class for all interfaces
Do not instantiate this object. Use a subclass. Methods in this class are available to all interface subclasses.
- Parameters:
name (str) – Name of the interface
state (str) – Link state, ‘up’ or ‘down’
- full_delete(refresh=False, delete_referencing_objects=False, include_vsys=False)[source]
Delete the interface and all references to the interface
Often when deleting an interface there is an API error because there are still references to the interface from zones, virtual-router, vsys, etc. This method deletes all references to the interface before deleting the interface itself.
- Parameters:
refresh (bool) – Refresh the current state of the device before taking action
delete_referencing_objects (bool) – Delete the entire object that references this interface
- get_counters()[source]
Pull the counters for an interface
- Returns:
- counter name as key, counter as value, None if interface is
not configured
- Return type:
dict
- refresh_state()[source]
Pull the state of the interface from the firewall
The attribute ‘state’ is populated with the current state from the firewall.
- Returns:
The current state from the firewall
- Return type:
str
- set_virtual_router(virtual_router_name, refresh=False, update=False, running_config=False, return_type='object')[source]
Set the virtual router for this interface
Creates a reference to this interface in the specified virtual router and removes references to this interface from all other virtual routers. The virtual router will be created if it doesn’t exist.
- Parameters:
virtual_router_name (str) – The name of the VirtualRouter or a
panos.network.VirtualRouter
instancerefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
return_type (str) – Specify what this function returns, can be either ‘object’ (the default) or ‘bool’. If this is ‘object’, then the return value is the VirtualRouter in question. If this is ‘bool’, then the return value is a boolean that tells you about if the live device needs updates (update=False) or was updated (update=True).
- Returns:
The zone for this interface after the operation completes
- Return type:
- set_vlan(vlan_name, refresh=False, update=False, running_config=False, return_type='object')[source]
Set the vlan for this interface
Creates a reference to this interface in the specified vlan and removes references to this interface from all other interfaces. The vlan will be created if it doesn’t exist.
- Parameters:
vlan_name (str) – The name of the vlan or a
panos.network.Vlan
instancerefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
return_type (str) – Specify what this function returns, can be either ‘object’ (the default) or ‘bool’. If this is ‘object’, then the return value is the Vlan in question. If this is ‘bool’, then the return value is a boolean that tells you about if the live device needs updates (update=False) or was updated (update=True).
- Raises:
AttributeError – if this class is not allowed to use this function.
- Returns:
The VLAN for this interface after the operation completes
- Return type:
- set_zone(zone_name, mode=None, refresh=False, update=False, running_config=False, return_type='object')[source]
Set the zone for this interface
Creates a reference to this interface in the specified zone and removes references to this interface from all other zones. The zone will be created if it doesn’t exist.
- Parameters:
zone_name (str) – The name of the Zone or a
panos.network.Zone
instancemode (str) – The mode of the zone. See
panos.network.Zone
for possible valuesrefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
return_type (str) – Specify what this function returns, can be either ‘object’ (the default) or ‘bool’. If this is ‘object’, then the return value is the Zone in question. If this is ‘bool’, then the return value is a boolean that tells you about if the live device needs updates (update=False) or was updated (update=True).
- Returns:
The zone for this interface after the operation completes
- Return type:
- class panos.network.IpsecCryptoProfile(*args, **kwargs)[source]
IPSec SA proposals.
- Parameters:
name – IPSec crypto profile name
esp_encryption (string/list) – des, 3des, null, aes128 / aes-128-cbc, aes192 / aes-192-cbc, aes256 / aes-256-cbc, aes-128-gcm (7.0+), or aes-256-gcm (7.0+). If you need to write a script that works older than 7.0 firewalls, then please use set_esp_encryption().
esp_authentication (string/list) – none, md5, sha1, sha256, sha384, or sha512
ah_authentication (string/list) – md5, sha1, sha256, sha384, or sha512
dh_group – no-pfs, group1, group2, group5, group14, group19, or group20
lifetime_seconds (int) – IPSec SA lifetime in seconds
lifetime_minutes (int) – IPSec SA lifetime in minutes
lifetime_hours (int) – IPSec SA lifetime in hours
lifetime_days (int) – IPSec SA lifetime in days
lifesize_kb (int) – IPSec SA lifesize in kilobytes (KB)
lifesize_mb (int) – IPSec SA lifesize in megabytes (MB)
lifesize_gb (int) – IPSec SA lifesize in gigabytes (GB)
lifesize_tb (int) – IPSec SA lifesize in terabytes (TB)
- set_esp_encryption(value)[source]
Version agnostic set for esp_encryption.
This object should be connected to a panos.Firewall before invocation.
- Valid values include the following:
des
3des
aes128
aes-128-cbc
aes192
aes-192-cbc
aes256
aes-256-cbc
aes-128-gcm (7.0+)
aes-256-gcm (7.0+)
null
- Parameters:
value (string/list) – values to put in esp_encryption
- Raises:
PanDeviceNotSet – if there is no Firewall in the object tree
ValueError – if value is not one of the above, or you attempt to configure aes-128-gcm or aes-256-gcm with this object connected to a PANOS 6.1 firewall.
- class panos.network.IpsecTunnel(*args, **kwargs)[source]
IPSec Tunnel
- A large number of params have prefixes:
ak: Auto Key
mk: Manual Key
gps: GlobalProtect Satellite
Only attach IpsecTunnelIpv4ProxyId or IpsecTunnelIpv4ProxyId objects to this one if you are using type=’auto-key’.
- Parameters:
name – IPSec tunnel name
tunnel_interface – apply IPSec VPN tunnels to tunnel interface
ipv6 (bool) – (7.0+) use IPv6 for the IPSec tunnel
type – auto-key (default), manual-key, or global-protect-satellite
ak_ike_gateway (string/list) – IKE gateway name
ak_ipsec_crypto_profile – IPSec crypto profile name
mk_local_spi – outbound SPI in hex
mk_interface – interface to terminate tunnel
mk_remote_spi – inbound SPI in hex
mk_remote_address – tunnel peer IP address
mk_local_address_ip – exact IP address if interface has multiple IP addresses
mk_local_address_floating_ip – floating IP address in HA Active-Active configuration
mk_protocol – esp or ah
mk_auth_type – md5, sha1, sha256, sha384, or sha512
mk_auth_key – the key for the given mk_auth_type
mk_esp_encryption – des, 3des, aes128 / aes-128-cbc, aes192 / aes-192-cbc, aes256 / aes-256-cbc, or null. The various “aes” options changed in version 7.0 onward. If you need to make a script that is compatible with 6.1 PANOS, then use “set_mk_esp_encryption()”. Passing it either “aes128” or “aes-128-cbc” will have it set the appropriate string for the given version.
mk_esp_encryption_key – The ESP encryption key for mk_esp_encryption type
gps_portal_address – GlobalProtect portal address
gps_prefer_ipv6 (bool) – (8.0+) perfer to register portal in IPv6
gps_interface – interface to communicate with portal
gps_interface_ipv4_ip – exact IPv4 IP address if interface has multiple IP addresses
gps_interface_ipv6_ip – (8.0+) exact IPv6 IP address if interface has multiple IP addresses
gps_interface_ipv4_floating_ip – (7.0+) floating IPv4 IP address in HA Active-Active configuration
gps_interface_ipv6_floating_ip – (8.0+) floating IPv6 IP address in HA Active-Active configuration
gps_publish_connected_routes (bool) – enable publishing of connected and static routes
gps_publish_routes (str/list) – specify list of routes to publish to GlobalProtect gateway
gps_local_certificate – GlobalProtect satellite certificate file name
gps_certificate_profile – profile for authenticating GlobalProtect gateway certificates
anti_replay (bool) – enable anti-replay check on this tunnel
copy_tos (bool) – copy IP TOS bits from inner packet to IPSec packet (not recommended)
copy_flow_label (bool) – (7.0+) copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended)
enable_tunnel_monitor (bool) – enable tunnel monitoring on this tunnel
tunnel_monitor_dest_ip – destination IP to send ICMP probe
tunnel_monitor_proxy_id – (7.0+) which proxy-id (or proxy-id-v6) the monitoring traffic will use
tunnel_monitor_profile – monitoring action
disabled (bool) – (7.0+) disable the IPSec tunnel
- set_mk_esp_encryption(value)[source]
Version agnostic set for mk_esp_encryption.
This object should be connected to a panos.Firewall before invocation.
- Valid values include the following:
des
3des
aes128
aes-128-cbc
aes192
aes-192-cbc
aes256
aes-256-cbc
null
- Raises:
PanDeviceNotSet – if there is no Firewall in the object tree
ValueError – if value is not one of the above
- class panos.network.IpsecTunnelIpv4ProxyId(*args, **kwargs)[source]
IKEv1 proxy-id for auto-key IPSec tunnels.
- Parameters:
name – The proxy ID
local – IP subnet or IP address represents local network
remote – IP subnet or IP address represents remote network
any_protocol (bool) – Any protocol
number_protocol (int) – Numbered Protocol: protocol number (1-254)
tcp_local_port (int) – Protocol TCP: local port
tcp_remote_port (int) – Protocol TCP: remote port
udp_local_port (int) – Protocol UDP: local port
udp_remote_port (int) – Protocol UDP: remote port
- class panos.network.IpsecTunnelIpv6ProxyId(*args, **kwargs)[source]
IKEv1 IPv6 proxy-id for auto-key IPSec tunnels.
NOTE: Only supported in 7.0 and forward.
- Parameters:
name – The proxy ID
local – IP subnet or IP address represents local network
remote – IP subnet or IP address represents remote network
any_protocol (bool) – Any protocol
number_protocol (int) – Numbered Protocol: protocol number (1-254)
tcp_local_port (int) – Protocol TCP: local port
tcp_remote_port (int) – Protocol TCP: remote port
udp_local_port (int) – Protocol UDP: local port
udp_remote_port (int) – Protocol UDP: remote port
- class panos.network.Layer2Subinterface(*args, **kwargs)[source]
Ethernet or Aggregate Subinterface in Layer 2 mode.
- Parameters:
name (str) – The name
tag (int) – Tag for the interface, aka vlan id
lldp_enabled (bool) – Enable LLDP
lldp_profile (str) – Reference to an lldp profile
netflow_profile_l2 (str) – Netflow profile
comment (str) – The interface’s comment
- class panos.network.Layer3Subinterface(*args, **kwargs)[source]
Ethernet or Aggregate Subinterface in Layer 3 mode.
- Parameters:
name (str) – The name
tag (int) – Tag for the interface, aka vlan id
ip (tuple) – Interface IPv4 addresses
ipv6_enabled (bool) – IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Interface Management Profile
mtu (int) – MTU for interface
adjust_tcp_mss (bool) – Adjust TCP MSS
netflow_profile (str) – Netflow profile
comment (str) – The interface’s comment
ipv4_mss_adjust (int) – TCP MSS adjustment for ipv4
ipv6_mss_adjust (int) – TCP MSS adjustment for ipv6
enable_dhcp (bool) – Enable DHCP on this interface
create_dhcp_default_route (bool) – Create default route pointing to default gateway provided by server
dhcp_default_route_metric (int) – Metric for the DHCP default route
decrypt_forward (bool) – (PAN-OS 8.1+) Decrypt forward.
- class panos.network.LogicalRouter(*args, **kwargs)[source]
Logical router
- Parameters:
name (str) – Name of logical router
vrf (str) – Name of VRF
- class panos.network.LoopbackInterface(*args, **kwargs)[source]
Loopback interface
- Parameters:
name (str) – The name
ip (tuple) – Interface IPv4 addresses
ipv6_enabled (bool) – IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Interface Management Profile
mtu (int) – MTU for interface
adjust_tcp_mss (bool) – Adjust TCP MSS
netflow_profile (str) – Netflow profile
comment (str) – The interface’s comment
ipv4_mss_adjust (int) – TCP MSS adjustment for ipv4
ipv6_mss_adjust (int) – TCP MSS adjustment for ipv6
- class panos.network.ManagementProfile(*args, **kwargs)[source]
Interface management provile.
Add to any of the following interfaces:
Layer3Subinterface
EthernetInterface
AggregateInterface
VlanInterface
LoopbackInterface
TunnelInterface
- Parameters:
name (str) – The name
ping (bool) – Enable ping
telnet (bool) – Enable telnet
ssh (bool) – Enable ssh
http (bool) – Enable http
http_ocsp (bool) – Enable http-ocsp
https (bool) – Enable https
snmp (bool) – Enable snmp
response_pages (bool) – Enable response pages
userid_service (bool) – Enable userid service
userid_syslog_listener_ssl (bool) – Enable userid syslog listener ssl
userid_syslog_listener_udp (bool) – Enable userid syslog listener udp
permitted_ip (list) – The list of permitted IP addresses
- class panos.network.Ospf(*args, **kwargs)[source]
OSPF Process
- Parameters:
enable (bool) – Enable OSPF (Default: True)
router_id (str) – Router ID in IP format (eg. 1.1.1.1)
reject_default_route (bool) – Reject default route
allow_redist_default_route (bool) – Allow redistribution in default route
rfc1583 (bool) – rfc1583
spf_calculation_delay (int) – SPF calculation delay
lsa_interval (int) – LSA interval
graceful_restart_enable (bool) – Enable OSPF graceful restart
gr_grace_period (int) – Graceful restart period
gr_helper_enable (bool) – Graceful restart helper enable
gr_strict_lsa_checking (bool) – Graceful restart strict lsa checking
gr_max_neighbor_restart_time (int) – Graceful restart neighbor restart time
- class panos.network.OspfArea(*args, **kwargs)[source]
OSPF Area
- Parameters:
name (str) – Area in IP format
type (str) – Type of area, ‘normal’, ‘stub’, or ‘nssa’ (Default: normal)
accept_summary (bool) – Accept summary route - stub and nssa only
default_route_advertise (str) – ‘disable’ or ‘advertise’ (Default: disable) - stub and nssa only
default_route_advertise_metric (int) – Default route metric - stub and nssa only
default_route_advertise_type (str) – ‘ext-1’ or ‘ext2’ (Default: ext-2 - nssa only
- class panos.network.OspfAreaInterface(*args, **kwargs)[source]
OSPF Area Interface
- Parameters:
name (str) – Name of the interface (interface must exist)
enable (bool) – OSPF enabled on this interface
passive (bool) – Passive mode
link_type (str) – Link type, ‘broadcast’, ‘p2p’, or ‘p2mp’ (Default: broadcast)
metric (int) – Metric
priority (int) – Priority id
hello_interval (int) – Hello interval
dead_counts (int) – Dead counts
retransmit_interval (int) – Retransmit interval
transit_delay (int) – Transit delay
gr_delay (int) – Graceful restart delay
authentication (str) – Reference to a
panos.network.OspfAuthProfile
- class panos.network.OspfAuthProfile(*args, **kwargs)[source]
OSPF Authentication Profile
- Parameters:
name (str) – Name of Auth Profile
type (str) – ‘password’ or ‘md5’
password (str) – The password if type is set to ‘password’. If type is set to ‘md5’, add a
panos.network.OspfAuthProfileMd5
- class panos.network.OspfAuthProfileMd5(*args, **kwargs)[source]
OSPF Authentication Profile
- Parameters:
keyid (int) – Identifier for key
key (str) – The authentication key
preferred (bool) – This key is preferred
- class panos.network.OspfExportRules(*args, **kwargs)[source]
OSPF Export Rules
- Parameters:
name (str) – IP subnet or
panos.network.RedistributionProfile
new_path_type (str) – New path type, ‘ext-1’ or ‘ext-2’ (Default: ext-2)
new_tag (str) – New tag (int or IP format)
metric (int) – Metric
- class panos.network.OspfNeighbor(*args, **kwargs)[source]
OSPF Neighbor
- Parameters:
name (str) – IP of neighbor
metric (int) – Metric
- class panos.network.OspfNssaExternalRange(*args, **kwargs)[source]
OSPF NSSA External Range
- Parameters:
name (str) – IP network with prefix
mode (str) – ‘advertise’ or ‘suppress’ (Default: advertise)
- class panos.network.OspfRange(*args, **kwargs)[source]
OSPF Range
- Parameters:
name (str) – IP network with prefix
mode (str) – ‘advertise’ or ‘suppress’ (Default: advertise)
- class panos.network.PathMonitorDestination(*args, **kwargs)[source]
PathMonitorDestination Static Route
- Parameters:
name (str) – Name of Path Monitor Destination
enable (bool) – Enable Path Monitor Destination
source (str) – Source ip of interface
destination (str) – Destination ip
interval (int) – Ping Interval (sec) (Default: 3)
count (int) – Ping count (Default: 5)
- class panos.network.PhysicalInterface(*args, **kwargs)[source]
Absract base class for Ethernet and Aggregate Interfaces
Do not instantiate this object. Use a subclass.
- set_zone(zone_name, mode=None, refresh=False, update=False, running_config=False, return_type='object')[source]
Set the zone for this interface
Creates a reference to this interface in the specified zone and removes references to this interface from all other zones. The zone will be created if it doesn’t exist.
- Parameters:
zone_name (str) – The name of the Zone or a
panos.network.Zone
instancemode (str) – The mode of the zone. See
panos.network.Zone
for possible valuesrefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
return_type (str) – Specify what this function returns, can be either ‘object’ (the default) or ‘bool’. If this is ‘object’, then the return value is the Zone in question. If this is ‘bool’, then the return value is a boolean that tells you about if the live device needs updates (update=False) or was updated (update=True).
- Returns:
The zone for this interface after the operation completes
- Return type:
- class panos.network.RedistributionProfile(*args, **kwargs)[source]
Redistribution Profile
- Parameters:
name (str) – Name of profile
priority (int) – Priority id
action (str) – ‘no-redist’ or ‘redist’
filter_type (tuple) – Any of ‘static’, ‘connect’, ‘rip’, ‘ospf’, or ‘bgp’
filter_interface (tuple) – Filter interface
filter_destination (tuple) – Filter destination
filter_nexthop (tuple) – Filter nexthop
ospf_filter_pathtype (tuple) – Any of ‘intra-area’, ‘inter-area’, ‘ext-1’, or ‘ext-2
ospf_filter_area (tuple) – OSPF filter on area
ospf_filter_tag (tuple) – OSPF filter on tag
bgp_filter_community (tuple) – BGP filter on community
bgp_filter_extended_community (tuple) – BGP filter on extended community
- class panos.network.RedistributionProfileBase(*args, **kwargs)[source]
Redistribution Profile
- Parameters:
name (str) – Name of profile
priority (int) – Priority id
action (str) – ‘no-redist’ or ‘redist’
filter_type (tuple) – Any of ‘static’, ‘connect’, ‘rip’, ‘ospf’, or ‘bgp’
filter_interface (tuple) – Filter interface
filter_destination (tuple) – Filter destination
filter_nexthop (tuple) – Filter nexthop
ospf_filter_pathtype (tuple) – Any of ‘intra-area’, ‘inter-area’, ‘ext-1’, or ‘ext-2
ospf_filter_area (tuple) – OSPF filter on area
ospf_filter_tag (tuple) – OSPF filter on tag
bgp_filter_community (tuple) – BGP filter on community
bgp_filter_extended_community (tuple) – BGP filter on extended community
- class panos.network.RedistributionProfileIPv6(*args, **kwargs)[source]
Redistribution Profile
- Parameters:
name (str) – Name of profile
priority (int) – Priority id
action (str) – ‘no-redist’ or ‘redist’
filter_type (tuple) – Any of ‘static’, ‘connect’, ‘rip’, ‘ospf’, or ‘bgp’
filter_interface (tuple) – Filter interface
filter_destination (tuple) – Filter destination
filter_nexthop (tuple) – Filter nexthop
ospf_filter_pathtype (tuple) – Any of ‘intra-area’, ‘inter-area’, ‘ext-1’, or ‘ext-2
ospf_filter_area (tuple) – OSPF filter on area
ospf_filter_tag (tuple) – OSPF filter on tag
bgp_filter_community (tuple) – BGP filter on community
bgp_filter_extended_community (tuple) – BGP filter on extended community
- class panos.network.Rip(*args, **kwargs)[source]
Add to a
panos.network.VirtualRouter
instance.- Parameters:
enable (bool) – Enable RIP
reject_default_route (bool) – Reject default route
allow_redist_default_route (bool) – Allow Redistribute Default Route
delete_intervals (int) – Delete Intervals
expire_intervals (int) – Expire Intervals
interval_seconds (int) – Interval Seconds (sec)
update_intervals (int) – Update Intervals
global_bfd_profile (str) – Global BFD profile
- class panos.network.RipAuthProfile(*args, **kwargs)[source]
Rip Authentication Profile
- Parameters:
name (str) – Name of Auth Profile
auth_type (str) – ‘password’ or ‘md5’
password (str) – The password if auth_type is set to ‘password’. If auth_type is set to ‘md5’, add a
panos.network.RipAuthProfileMd5
- class panos.network.RipAuthProfileMd5(*args, **kwargs)[source]
Rip Authentication Profile
- Parameters:
keyid (int) – Identifier for key
key (str) – The authentication key
preferred (bool) – This key is preferred
- class panos.network.RipExportRule(*args, **kwargs)[source]
Rip Export Rules
- Parameters:
name (str) – IP subnet or
panos.network.RedistributionProfile
metric (int) – Metric
- class panos.network.RipInterface(*args, **kwargs)[source]
Rip Interface
Add to a
panos.network.Rip
instance.- Parameters:
name (str) – Interface name
enable (bool) – Enable
advertise_default_route – Advertise default route * advertise * disable
metric (int) – Default route metric. Requires {advertise_default_route: “advertise”}
auth_profile (str) – Auth profile name
mode (str) – Mode of RipInterface * normal (default) * passive * send-only
- class panos.network.RoutingProfileBfd(*args, **kwargs)[source]
BFD profile
- Parameters:
name (str) – The name
mode (str) – BFD operation mode
min_tx_interval (int) – Desired Minimum Tx Interval (ms)
min_rx_interval (int) – Required Minimum Rx Interval (ms)
detection_multiplier (int) – Detection Time Multiplier
hold_time (int) Hold Time (ms) –
min_received_ttl (int) – Minimum accepted TTL on received BFD packet
- class panos.network.RoutingProfileBgpAddressFamily(*args, **kwargs)[source]
BGP address family profile
- Parameters:
name (str) – The name of the profile
afi (str) – Address Family Identifier
unicast_enable (bool) – Enable IPv4/IPv6 Unicast Profile
unicast_soft_reconfig_with_stored_info (bool) – Soft reconfiguration of peer with stored routes
unicast_add_path_tx_all_paths (bool) – Advertise all paths to peer
unicast_add_path_tx_bestpath_per_as (bool) – Advertise the bestpath per each neighboring AS
unicast_as_override (bool) – Override ASNs in outbound updates if AS-Path equals Remote-A
unicast_default_originate (bool) – Originate Default Route
unicast_route_reflector_client (bool) – Route Reflector Client
unicast_allowas_in (str) – Accept my AS in AS_PATH if route originated in my AS
unicast_allowas_in_occurrence (int) – Number of occurrences of AS number
unicast_maximum_prefix_num_prefixes (int) – Max allowed prefixes from this peer
unicast_maximum_prefix_threshold (int) – Threshold value (%) at which to generate a warning msg
unicast_maximum_prefix_action (str) – Action if max-prefixes reached
unicast_maximum_prefix_action_restart_interval (int) – Restart connection when limit exceeded
unicast_next_hop (str) – Disable next-hop calculation
unicast_remove_private_as (str) – Remove private ASNs in outbound updates
unicast_send_community (str) – Send community attributes
unicast_orf (str) – Advertise ORF (Outbound Route Filtering) Capability
unicast_default_originate_map (str) – Default Originate Route-Map
multicast_enable (bool) – Enable IPv4 Multicast Profile
multicast_soft_reconfig_with_stored_info (bool) – Soft reconfiguration of peer with stored routes
multicast_add_path_tx_all_paths (bool) – Advertise all paths to peer
multicast_add_path_tx_bestpath_per_as (bool) – Advertise the bestpath per each neighboring AS
multicast_as_override (bool) – Override ASNs in outbound updates if AS-Path equals Remote-A
multicast_default_originate (bool) – Originate Default Route
multicast_route_reflector_client (bool) – Route Reflector Client
multicast_allowas_in (str) – Accept my AS in AS_PATH if route originated in my AS
multicast_allowas_in_occurrence (int) – Number of occurrences of AS number
multicast_maximum_prefix_num_prefixes (int) – Max allowed prefixes from this peer
multicast_maximum_prefix_threshold (int) – Threshold value (%) at which to generate a warning msg
multicast_maximum_prefix_action (str) – Action if max-prefixes reached
multicast_maximum_prefix_action_restart_interval (int) – Restart connection when limit exceeded
multicast_next_hop (str) – Disable next-hop calculation
multicast_remove_private_as (str) – Remove private ASNs in outbound updates
multicast_send_community (str) – Send community attributes
multicast_orf (str) – Advertise ORF (Outbound Route Filtering) Capability
multicast_default_originate_map (str) – Default Originate Route-Map
- class panos.network.RoutingProfileBgpAuth(*args, **kwargs)[source]
BGP authentication profile
- Parameters:
name (str) – The name of the profile
secret (str) – Shared secret for the TCP MD5 authentication
- class panos.network.RoutingProfileBgpDampening(*args, **kwargs)[source]
BGP dampening profile
- Parameters:
name (str) – The name of the profile
description (str) – Description of the BGP Dampening Profile
half_life (int) – Half-life for the penalty
reuse_limit (int) – Value to start reusing a route
suppress_limit (int) – Value to start supressing the route
max_suppress_limit (int) – Maximum duration (in minutes) a route can be suppressed
- class panos.network.RoutingProfileBgpFiltering(*args, **kwargs)[source]
BGP filtering profile
- Parameters:
name (str) – The name of the profile
description (str) – Description of the profile
afi (str) – Address Family Identifier
- class panos.network.RoutingProfileBgpRedistribution(*args, **kwargs)[source]
BGP redistribution profile
- Parameters:
name (str) – The name of the profile
afi (str) – Address Family Identifier
static_enable (bool) – Enable Static Routes
static_metric (int) – Static Metric (Field ignored if route-map configured)
connected_enable (bool) – Enable Connected Routes
connected_metric (int) – Connected Metric (Field ignored if route-map configured)
ospf_enable (bool) – Enable OSPF Routes (only for IPv4)
ospf_metric (int) – OSPF Metric (Field ignored if route-map configured)
ospfv3_enable (bool) – Enable OSPFv3 Routes (only for IPv6)
ospfv3_metric (int) – OSPFv3 Metric (Field ignored if route-map configured)
rip_enable (bool) – Enable RIP Routes
rip_metric (int) – RIP Metric (Field ignored if route-map configured)
- class panos.network.RoutingProfileBgpTimer(*args, **kwargs)[source]
BGP timer profile
- Parameters:
name (str) – The name of the profile
keep_alive_interval (int) – Keep-alive interval
hold_time (int) – Hold time
reconnect_retry_interval (int) – Wait in the connect state before retrying connection to the peer
open_delay_time (int) – Delay time after peer TCP connection up and sending 1st BGP Open Message
min_route_adv_interval (int) – Minimum Route Advertisement Interval
- class panos.network.RoutingProfileFilterAccessList(*args, **kwargs)[source]
Filter Access List
- Parameters:
name (str) – The name of the access list
description (str) – Description of the access list
type (str) – IPv4 or IPv6
- class panos.network.RoutingProfileFilterAccessListEntryIpv4(*args, **kwargs)[source]
Filter Access List - IPv4 entry
- Parameters:
name (str) – The name of the entry
action (str) – Deny or permit action
source_address_type (str) – IPv4 Access-List Source Address (none, any, address)
source_address (str) – IPv4 Source Address
source_wildcard (str) – IPv4 Source Wildcard
destination_address_type (str) – IPv4 Access-List Destination Address (none, any, address)
destination_address (str) – IPv4 Destination Address
destination_wildcard (str) – IPv4 Destination Wildcard
- class panos.network.RoutingProfileFilterAccessListEntryIpv6(*args, **kwargs)[source]
Filter Access List - IPv6 entry
- Parameters:
name (str) – The name of the entry
action (str) – Deny or permit action
source_address_type (str) – IPv6 Access-List Source Address (none, any, address)
source_address (str) – IPv6 Source Address
source_exact_match (bool) – Exact Match of this address
- class panos.network.RoutingProfileFilterAsPathAccessList(*args, **kwargs)[source]
Filter AS-Path Access List
- Parameters:
name (str) – The name of the profile
description (str) – Description of the AS path access list
- class panos.network.RoutingProfileFilterAsPathAccessListEntry(*args, **kwargs)[source]
Filter AS-Path Access List - entry
- Parameters:
name (str) – The name of the AS-Path access list
action (str) – Deny or permit action
aspath_regex (str) – Regular-expression (1234567890_^|[,{}()]$*+.?-) to match the BGP AS path
- class panos.network.RoutingProfileFilterCommunityList(*args, **kwargs)[source]
Filter Community List
- Parameters:
name (str) – The name of the community list
description (str) – Description of the community list
type (str) – Community list entries type
- class panos.network.RoutingProfileFilterCommunityListEntryExtended(*args, **kwargs)[source]
Filter Community List - extended entry
- Parameters:
name (str) – The name of the entry
action (str) – Permit or Deny (default) this Extended Community-List Entry
ec_regex (list) – Specify Extended Community regular expression format {regex1:regex2}
- class panos.network.RoutingProfileFilterCommunityListEntryLarge(*args, **kwargs)[source]
Filter Community List - large entry
- Parameters:
name (str) – The name of the entry
action (str) – Permit or Deny (default) this Large Community-List Entry
lc_regex (list) – Specify Large Community regular expression format {regex1:regex2:regex3}
- class panos.network.RoutingProfileFilterCommunityListEntryRegular(*args, **kwargs)[source]
Filter Community List - regular entry
- Parameters:
name (str) – The name of the entry
action (str) – Permit or Deny (default) this Regular Community-List Entry
community (list) – Specify Community either using number in AA:NN format (where AA and NN are between (0-65535)) or pre-defined value
- class panos.network.RoutingProfileFilterPrefixList(*args, **kwargs)[source]
Filter Prefix List
- Parameters:
name (str) – The name of the prefix list
description (str) – Description of the prefix list
type (str) – IPv4 or IPv6
- class panos.network.RoutingProfileFilterPrefixListEntryIpv4(*args, **kwargs)[source]
Filter Prefix List - IPv4 entry
- Parameters:
name (str) – The name of the entry
action (str) – Deny or permit action
prefix (str) – IPv4 prefix list network (none, any, network)
network (str) – IPv4 prefix
greater_than_or_equal (int) – Maximum Prefix length to be matched
less_than_or_equal (int) – Minimum Prefix length to be matched
- class panos.network.RoutingProfileFilterPrefixListEntryIpv6(*args, **kwargs)[source]
Filter Prefix List - IPv6 entry
- Parameters:
name (str) – The name of the entry
action (str) – Deny or permit action
prefix (str) – IPv4 prefix list network (none, any, network)
network (str) – IPv4 prefix
greater_than_or_equal (int) – Maximum Prefix length to be matched
less_than_or_equal (int) – Minimum Prefix length to be matched
- class panos.network.RoutingProfileFilterRouteMaps(*args, **kwargs)[source]
Filter BGP Route-Maps
- Parameters:
name (str) – The name of BGP route map
description (str) – BGP route map description
- class panos.network.RoutingProfileFilterRouteMapsEntry(*args, **kwargs)[source]
Filter BGP Route-Maps - entry
- Parameters:
name (str) – The name of the entry
action (str) – Permit or Deny (default) route map
description (str) – Description of route map
match_as_path_access_list (str) – AS Path Access List Name
match_regular_community (str) – Regular Community Name
match_large_community (str) – Large Community Name
match_extended_community (str) – Extended Community Name
match_interface (str) – Match Interface of the route
match_origin (str) – Match origin
match_metric (str) – Match Metric (BGP MED) of route
match_tag (str) – Match Tag of route
match_local_preference (str) – “Match Local Preference of route
match_peer (str) – Match Peer Address
match_ipv4_address_access_list (str) – Match IPv4 Route - Route Access-List
match_ipv4_address_prefix_list (str) – Match IPv4 Route - Route Prefix-List
match_ipv4_next_hop_access_list (str) – Match IPv4 Next-Hop of Route - Access-List
match_ipv4_next_hop_prefix_list (str) – Match IPv4 Next-Hop of Route - Prefix-List
match_ipv4_route_source_access_list (str) – Match IPv4 Advertising Source Address of route - Access-List
match_ipv4_route_source_prefix_list (str) – Match IPv4 Advertising Source Address of route - Prefix-List
match_ipv6_address_access_list (str) – Match IPv6 Route - Route Access-List
match_ipv6_address_prefix_list (str) – Match IPv6 Route - Route Prefix-List
match_ipv6_next_hop_access_list (str) – Match IPv6 Next-Hop of Route - Access-List
match_ipv6_next_hop_prefix_list (str) – Match IPv6 Next-Hop of Route - Prefix-List
set_aggregator_as (str) – Set Aggregator AS Number
set_aggregator_router_id (str) – Set Aggregator Router ID
set_tag (str) – Set Tag of route
set_local_preference (str) – Set Local Preference of route
set_weight (str) – Set BGP weight of the route
set_origin (str) – Set BGP origin
set_atomic_aggregate (bool) – Enable BGP atomic aggregate
set_metric_action (str) – Set Metric action
set_metric_value (str) – Set Metric value (BGP MED) of route
set_originator_id (str) – Set BGP Originator Id
set_ipv4_source_address (str) – Source IPv4 Address
set_ipv4_next_hop (str) – IPv4 Next-Hop Address
set_ipv6_source_address (str) – Source IPv6 Address
set_ipv6_next_hop (str) – IPv6 Next-Hop Address
set_ipv6_next_hop_prefer_global (bool) – IPv6 Nexthop Prefer Global Address
set_overwrite_regular_community (bool) – If enabled, set community will overwite existing communities, instead of appending
set_overwrite_large_community (bool) – If enabled, set community will overwite existing large communities, instead of appending
set_remove_regular_community (str) – Remove Regular Community Name
set_remove_large_community (str) – Remove Large Community Name
set_aspath_exclude (list) – Remove BGP AS-Path Attribute
set_aspath_prepend (list) – Prepend BGP AS-Path Attribute
set_regular_community (list) – Regular Community either using number in AA:NN format (where AA and NN are between (0-65535)) or pre-defined value
set_large_community (list) – Large Community in AA:BB:CC format (where AA, BB and CC are between (0-4294967295))
- class panos.network.RoutingProfileFilterRouteMapsRedistribution(*args, **kwargs)[source]
Filter BGP Route-Maps Redistribution
- Parameters:
name (str) – The name of BGP route map redistribution
description (str) – BGP route map description redistribution
- class panos.network.RoutingProfileOspfAuth(*args, **kwargs)[source]
OSPF authentication profile
- Parameters:
name (str) – The name of the profile
password (str) – Simple password authentication
- class panos.network.RoutingProfileOspfIfTimer(*args, **kwargs)[source]
OSPF interface timer profile
- Parameters:
name (str) – The name of the profile
hello_interval (int) – Interval (in seconds) to send Hello packets
dead_counts (int) – Number of lost hello packets to declare router down
retransmit_interval (int) – Interval (in seconds) to retransmit LSAs
transit_delay (int) – Estimated delay (in seconds) to transmit LSAs
gr_delay (int) – Period (in seconds) used to send grace LSAs before first hello is sent when graceful restart starts
- class panos.network.RoutingProfileOspfRedistribution(*args, **kwargs)[source]
OSPF redistribution profile
- Parameters:
name (str) – The name of the profile
static (str) – IPv4 static section
static_enable (bool) – IPv4 static enabled
static_metric (int) – IPv4 static metric value (1-65535)
static_metric_type (str) – IPv4 static metric type (type-1, type-2)
connected (str) – Connected section
connected_enable (bool) – Connected enabled
connected_metric (int) – Connected metric value (1-65535)
connected_metric_type (str) – Connected metric type (type-1, type-2)
rip (str) – RIPv2 section
rip_enable (bool) – RIPv2 enabled
rip_metric (int) – RIPv2 metric value (1-65535)
rip_metric_type (str) – RIPv2 metric type (type-1, type-2)
bgp (str) – BGP AFI IPv4 section
bgp_enable (bool) – BGP AFI IPv4 enabled
bgp_metric (int) – BGP AFI IPv4 metric value (1-65535)
bgp_metric_type (str) – BGP AFI IPv4 metric type (type-1, type-2)
default_route (str) – IPv4 Default Route section
default_route_always (bool) – IPv4 Default Route always
default_route_enable (bool) – IPv4 Default Route enabled
default_route_metric (int) – IPv4 Default Route metric value (1-65535)
default_route_metric_type (str) – IPv4 Default Route metric type (type-1, type-2)
- class panos.network.RoutingProfileOspfSpfTimer(*args, **kwargs)[source]
OSPF global timer profile
- Parameters:
name (str) – The name of the profile
lsa_interval (int) – The minimum time in seconds between distinct originations of any particular LSA
spf_calculation_delay (int) – Delay in seconds before running the SPF algorithm
initial_hold_time (int) – Initial hold time (second) between consecutive SPF calculations
max_hold_time (int) – Maximum hold time (second)
- class panos.network.RoutingProfileOspfv3Auth(*args, **kwargs)[source]
OSPFv3 authentication profile
- Parameters:
name (str) – The name of the profile
spi (str) – SPI for both inbound and outbound SA, hex format xxxxxxxx.
protocol (str) – Protocol ESP or AH
esp_auth_type (str) – ESP options - Authentication type
esp_auth_key (str) – ESP options - Authentication key
esp_encrypt_algorithm (str) – ESP options - Encryption algorithm
esp_encrypt_key (str) – ESP options - Encryption key
ah_type (str) – AH options - type
ah_key (str) – AH options - key
- class panos.network.RoutingProfileOspfv3IfTimer(*args, **kwargs)[source]
OSPFv3 interface timer profile
- Parameters:
name (str) – The name of the profile
hello_interval (int) – Interval (in seconds) to send Hello packets
dead_counts (int) – Number of lost hello packets to declare router down
retransmit_interval (int) – Interval (in seconds) to retransmit LSAs
transit_delay (int) – Estimated delay (in seconds) to transmit LSAs
gr_delay (int) – Period (in seconds) used to send grace LSAs before first hello is sent when graceful restart starts
- class panos.network.RoutingProfileOspfv3Redistribution(*args, **kwargs)[source]
OSPFv3 redistribution profile
- Parameters:
name (str) – The name of the profile
static (str) – IPv4 static section
static_enable (bool) – IPv4 static enabled
static_metric (int) – IPv4 static metric value (1-65535)
static_metric_type (str) – IPv4 static metric type (type-1, type-2)
connected (str) – Connected section
connected_enable (bool) – Connected enabled
connected_metric (int) – Connected metric value (1-65535)
connected_metric_type (str) – Connected metric type (type-1, type-2)
bgp (str) – BGP AFI IPv4 section
bgp_enable (bool) – BGP AFI IPv4 enabled
bgp_metric (int) – BGP AFI IPv4 metric value (1-4294967295)
bgp_metric_type (str) – BGP AFI IPv4 metric type (type-1, type-2)
default_route (str) – IPv6 Default Route section
default_route_always (bool) – IPv6 Default Route always
default_route_enable (bool) – IPv6 Default Route enabled
default_route_metric (int) – IPv6 Default Route metric value (1-4294967295)
default_route_metric_type (str) – IPv6 Default Route metric type (type-1, type-2)
- class panos.network.RoutingProfileOspfv3SpfTimer(*args, **kwargs)[source]
OSPFv3 global timer profile
- Parameters:
name (str) – The name of the profile
lsa_interval (int) – The minimum time in seconds between distinct originations of any particular LSA
spf_calculation_delay (int) – Delay in seconds before running the SPF algorithm
initial_hold_time (int) – Initial hold time (second) between consecutive SPF calculations
max_hold_time (int) – Maximum hold time (second)
- class panos.network.StaticMac(*args, **kwargs)[source]
Static MAC address for a Vlan
Can be added to a
panos.network.Vlan
object- Parameters:
mac (str) – The MAC address
interface (str) – Name of an interface
- class panos.network.StaticRoute(*args, **kwargs)[source]
Static Route
Add to a
panos.network.VirtualRouter
instance.- Parameters:
name (str) – The name
destination (str) – Destination network
nexthop_type (str) – ip-address, discard, or next-vr
nexthop (str) – Next hop IP address or Next VR Name
interface (str) – Next hop interface
admin_dist (str) – Administrative distance
metric (int) – Metric (Default: 10)
enable_path_monitor (bool) – Enable Path Monitor
failure_condition (str) – Path Monitor failure condition set ‘any’ or ‘all’
preemptive_hold_time (int) – Path Monitor Preemptive Hold Time in minutes
- class panos.network.StaticRouteV6(*args, **kwargs)[source]
IPV6 Static Route
Add to a
panos.network.VirtualRouter
instance.- Parameters:
name (str) – The name
destination (str) – Destination network
nexthop_type (str) – ip-address or discard
nexthop (str) – Next hop IP address
interface (str) – Next hop interface
admin_dist (str) – Administrative distance
metric (int) – Metric (Default: 10)
enable_path_monitor (bool) – Enable Path Monitor
failure_condition (str) – Path Monitor failure condition set ‘any’ or ‘all’
preemptive_hold_time (int) – Path Monitor Preemptive Hold Time in minutes
- class panos.network.Subinterface(*args, **kwargs)[source]
Subinterface class
Do not instantiate this object. Use a subclass.
- class panos.network.TunnelInterface(*args, **kwargs)[source]
Tunnel interface
- Parameters:
name (str) – The name
ip (tuple) – Interface IPv4 addresses
ipv6_enabled (bool) – IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Interface Management Profile
mtu (int) – MTU for interface
netflow_profile (str) – Netflow profile
comment (str) – The interface’s comment
- class panos.network.VirtualRouter(*args, **kwargs)[source]
Virtual router
- Parameters:
name (str) – Name of virtual router (Default: “default”)
interface (list) – List of interface names
ad_static (int) – Administrative distance for this protocol
ad_static_ipv6 (int) – Administrative distance for this protocol
ad_ospf_int (int) – Administrative distance for this protocol
ad_ospf_ext (int) – Administrative distance for this protocol
ad_ospfv3_int (int) – Administrative distance for this protocol
ad_ospfv3_ext (int) – Administrative distance for this protocol
ad_ibgp (int) – Administrative distance for this protocol
ad_ebgp (int) – Administrative distance for this protocol
ad_rip (int) – Administrative distance for this protocol
- class panos.network.VirtualWire(*args, **kwargs)[source]
Virtual wires (vwire)
- Parameters:
name (str) – The vwire name
tag (int) – Tag for the interface, aka vlan id
interface1 (str) – The first interface to use
interface2 (str) – The second interface to use
multicast (bool) – Enable multicast firewalling or not
pass_through (bool) – Enable link state pass through or not
- class panos.network.Vlan(*args, **kwargs)[source]
- Parameters:
name (str) – The name
interface (list) – List of interface names
virtual_interface (VlanInterface) – The layer3 vlan interface for this vlan
- class panos.network.VlanInterface(*args, **kwargs)[source]
Vlan interface
- Parameters:
name (str) – Interface name
ip (tuple) – Interface IPv4 addresses
ipv6_enabled (bool) – IPv6 Enabled (requires IPv6Address child object)
management_profile (ManagementProfile) – Interface Management Profile
mtu (int) – MTU for interface
adjust_tcp_mss (bool) – Adjust TCP MSS
netflow_profile (str) – Netflow profile
comment (str) – The interface’s comment
ipv4_mss_adjust (int) – TCP MSS adjustment for ipv4
ipv6_mss_adjust (int) – TCP MSS adjustment for ipv6
enable_dhcp (bool) – Enable DHCP on this interface
create_dhcp_default_route (bool) – Create default route pointing to default gateway provided by server
dhcp_default_route_metric (int) – Metric for the DHCP default route
- set_vlan_interface(vlan_name, refresh=False, update=False, running_config=False, return_type='object')[source]
Sets the VLAN’s VLAN interface to this VLAN interface
Creates a reference to this interface in the specified vlan and removes references to this interface from all other VLANs. The vlan will be created if it doesn’t exist.
- Parameters:
vlan_name (str) – The name of the vlan or a
panos.network.Vlan
instancerefresh (bool) – Refresh the relevant current state of the device before taking action (Default: False)
update (bool) – Apply the changes to the device (Default: False)
running_config – If refresh is True, refresh from the running configuration (Default: False)
return_type (str) – Specify what this function returns, can be either ‘object’ (the default) or ‘bool’. If this is ‘object’, then the return value is the Vlan in question. If this is ‘bool’, then the return value is a boolean that tells you about if the live device needs updates (update=False) or was updated (update=True).
- Returns:
The VLAN for this interface after the operation completes
- Return type:
- class panos.network.Vrf(*args, **kwargs)[source]
VRF
- Parameters:
name (str) – Name of VRF
interface (list) – List of interface names
ad_static (int) – Administrative distance for this protocol
ad_static_ipv6 (int) – Administrative distance for this protocol
ad_ospf_inter (int) – Administrative distance for this protocol
ad_ospf_intra (int) – Administrative distance for this protocol
ad_ospf_ext (int) – Administrative distance for this protocol
ad_ospfv3_inter (int) – Administrative distance for this protocol
ad_ospfv3_intra (int) – Administrative distance for this protocol
ad_ospfv3_ext (int) – Administrative distance for this protocol
ad_bgp_internal (int) – Administrative distance for this protocol
ad_bgp_external (int) – Administrative distance for this protocol
ad_bgp_local (int) – Administrative distance for this protocol
ad_rip (int) – Administrative distance for this protocol
bgp_enable (bool) – Enable BGP
bgp_router_id (str) – Router id of this BGP instance
bgp_local_as (str) – Local AS number
bgp_install_route (bool) – Populate BGP learned route to global route table
bgp_enforce_first_as (bool) – Enforce First AS
bgp_fast_external_failover (bool) – Immediately reset session if a link to a directly connected external peer goes down
bgp_ecmp_multi_as (bool) – Support multiple AS in ECMP
bgp_default_local_preference (int) – Global Default Local Preference
bgp_graceful_shutdown (bool) – Gracefully Shutdown BGP following RFC-8326
bgp_always_advertise_network_route (bool) – Always advertise network routes even if not present in RIB
bgp_med_always_compare_med (bool) – Always compare MEDs
bgp_med_deterministic_med_comparison (bool) – Deterministic MEDs comparison
bgp_graceful_restart_enable (bool) – Graceful-restart options enabled
bgp_graceful_restart_stale_route_time (int) – Time to remove stale routes after peer restart
bgp_graceful_max_peer_restart_time (int) – Maximum of peer restart time accepted
bgp_graceful_local_restart_time (int) – Local restart time to advertise to peer
bgp_global_bfd (str) – BGP Global BFD Profile
bgp_redistribution_profile_ipv4_unicast (str) – IPv4 Redistribution Profile
bgp_redistribution_profile_ipv6_unicast (str) – IPv6 Redistribution Profile
ospf_enable (bool) – Enable OSPF (Default: True)
ospf_router_id (str) – Router ID in IP format (eg. 1.1.1.1)
ospf_global_bfd (str) – OSPF Global BFD Profile
ospf_spf_timer (str) – SPF timer setting
ospf_global_if_timer (str) – Global protocol timer setting
ospf_redistribution_profile (str) – Redistribution profile setting
ospf_rfc1583 (bool) – RFC 1583 compatibility
ospf_graceful_restart_enable (bool) – Enable OSPF graceful restart
ospf_graceful_restart_grace_period (int) – Graceful restart period
ospf_graceful_restart_helper_enable (bool) – Graceful restart helper enable
ospf_graceful_restart_strict_lsa_checking (bool) – Graceful restart strict lsa checking
ospf_graceful_restart_max_neighbor_restart_time (int) – Graceful restart neighbor restart time
ospfv3_enable (bool) – Enable OSPFv3 (Default: True)
ospfv3_router_id (str) – Router ID in IP format (eg. 1.1.1.1)
ospfv3_global_bfd (str) – OSPFv3 Global BFD Profile
ospfv3_spf_timer (str) – SPF timer setting
ospfv3_global_if_timer (str) – Global protocol timer setting
ospfv3_redistribution_profile (str) – Redistribution profile setting
ospfv3_disable_transit_traffic (bool) – Disable R-Bit and v6-Bit
ospfv3_graceful_restart_enable (bool) – Enable OSPFv3 graceful restart
ospfv3_graceful_restart_grace_period (int) – Graceful restart period
ospfv3_graceful_restart_helper_enable (bool) – Graceful restart helper enable
ospfv3_graceful_restart_strict_lsa_checking (bool) – Graceful restart strict lsa checking
ospfv3_graceful_restart_max_neighbor_restart_time (int) – Graceful restart neighbor restart time
rib_filter_ipv4_static (str) – IPv4 static route map
rib_filter_ipv4_bgp (str) – IPv4 BGP route map
rib_filter_ipv4_ospf (str) – IPv4 OSPF route map
rib_filter_ipv6_static (str) – IPv6 static route map
rib_filter_ipv6_bgp (str) – IPv6 BGP route map
rib_filter_ipv6_ospfv3 (str) – IPv6 OSPFv3 route map
ecmp_enable (bool) – Enable Equal Cost Multipath
ecmp_symmetric_return (bool) – Allows return packets to egress out of the ingress interface of the flow
ecmp_strict_source_path (bool) – Force VPN traffic to exit interface that the source-ip belongs to
ecmp_max_path (int) – Maxmum number of ECMP paths supported, change this configuration will result in a virtual router restart
ecmp_algorithm (str) – Load balancing algorithm
ecmp_algorithm_src_only (bool) – Only use source address for hash
ecmp_algorithm_use_port (bool) – Use source/destination port for hash
ecmp_algorithm_hash_seed (int) – User-specified hash seed
- class panos.network.VrfBgpPeer(*args, **kwargs)[source]
VRF BGP peer
- Parameters:
name (str) – Name of the BGP peer
enable (bool) – Enable BGP peer
passive (bool) – If enabled, open messages are not sent to this peer
peer_as (int) – Peer AS number
enable_sender_side_loop_detection (bool) – Enable Sender Side Loop Detection
local_address_interface (str) – Interface to accept BGP session
local_address_ip (str) – Specify exact IP address if interface has multiple addresses
peer_address_type (str) – Peer address configuration
peer_address_value (str) – IP or FQDN
bfd_profile (str) – BFD profile
- class panos.network.VrfBgpPeerGroup(*args, **kwargs)[source]
VRF BGP peer group
- Parameters:
name (str) – Name of the BGP peer group
enable (bool) – Enabled BGP peer group
type (str) – Type of BGP peer group
address_family_ipv4 (str) – IPv4 Address Family
address_family_ipv6 (str) – IPv6 Address Family
filtering_profile_ipv4 (str) – IPv4 Filtering Profile
filtering_profile_ipv6 (str) – IPv6 Filtering Profile
connection_options_timers (str) – Timer Profile Name
connection_options_multihop (int) – Multi-hop value
connection_options_authentication (str) – Authentication Profile Name
connection_options_dampening (str) – Dampening Profile Name
- class panos.network.VrfEcmpInterfaceWeight(*args, **kwargs)[source]
VRF ECMP interface and weight
- Parameters:
name (str) – Interface name
weight (int) – Interface ECMP weight
- class panos.network.VrfOspfArea(*args, **kwargs)[source]
VRF OSPF area
- Parameters:
name (str) – The name
authentication (str) – Authentication profile name
type (str) – Area type
import_list (str) – Import list
export_list (str) – Export list
inbound_filter_list (str) – Inbound filter list
outbound_filter_list (str) – Outbound filter list
no_summary (bool) – No summary
metric (int) – Metric value
metric_type (str) – Metric type
- class panos.network.VrfOspfAreaInterface(*args, **kwargs)[source]
VRF OSPF area interface
- Parameters:
name (str) – Interface name
enable (bool) – Enable OSPF on this interface
mtu_ignore (bool) – Ignore mtu when try to establish adjacency
passive (bool) – “Suppress the sending of hello packets in this interface
priority (int) – Priority for OSPF designated router selection
link_type (str) – Link Type
metric (int) – Cost of OSPF interface
authentication (str) – Authentication options
bfd_profile (str) – BFD profile
timing (str) – Protocol timer setting
- class panos.network.VrfOspfAreaRange(*args, **kwargs)[source]
VRF OSPF area range
- Parameters:
name (str) – IP Address/Netmask
substitute (str) – Substitute network/prefix
advertise (bool) – Do summarization and advertise
- class panos.network.VrfOspfAreaVirtualLink(*args, **kwargs)[source]
VRF OSPF area virtual link
- Parameters:
name (str) – Virtual link name
enable (bool) – Enable this virtual link
neighbor_id (str) – Neighbor router id for virtual link
transit_area_id (str) – ID of transit area, cannot be backbone, stub or NSSA
timing (str) – Timer profile
authentication (str) – Authentication options
- class panos.network.VrfOspfv3Area(*args, **kwargs)[source]
VRF OSPFv3 area
- Parameters:
name (str) – The name
authentication (str) – Authentication profile name
type (str) – Area type
import_list (str) – Import list
export_list (str) – Export list
inbound_filter_list (str) – Inbound filter list
outbound_filter_list (str) – Outbound filter list
no_summary (bool) – No summary
metric (int) – Metric value
metric_type (str) – Metric type
- class panos.network.VrfOspfv3AreaInterface(*args, **kwargs)[source]
VRF OSPF area interface
- Parameters:
name (str) – Interface name
enable (bool) – Enable OSPF on this interface
mtu_ignore (bool) – Ignore mtu when try to establish adjacency
passive (bool) – “Suppress the sending of hello packets in this interface
priority (int) – Priority for OSPF designated router selection
link_type (str) – Link Type
metric (int) – Cost of OSPF interface
instance_id (str) – OSPFv3 instance ID
authentication (str) – Authentication options
bfd_profile (str) – BFD profile
timing (str) – Protocol timer setting
- class panos.network.VrfOspfv3AreaRange(*args, **kwargs)[source]
VRF OSPFv3 area range
- Parameters:
name (str) – IP Address/Netmask
substitute (str) – Substitute network/prefix
advertise (bool) – Do summarization and advertise
- class panos.network.VrfOspfv3AreaVirtualLink(*args, **kwargs)[source]
VRF OSPF area virtual link
- Parameters:
name (str) – Virtual link name
enable (bool) – Enable this virtual link
neighbor_id (str) – Neighbor router id for virtual link
transit_area_id (str) – ID of transit area, cannot be backbone, stub or NSSA
timing (str) – Timer profile
authentication (str) – Authentication options
- class panos.network.VrfStaticRoute(*args, **kwargs)[source]
VRF Static Route
Add to a
panos.network.Vrf
instance.- Parameters:
name (str) – The name
destination (str) – Destination network
nexthop_type (str) – ip-address, discard, or next-vr
nexthop (str) – Next hop IP address or Next VR Name
interface (str) – Next hop interface
admin_dist (str) – Administrative distance
metric (int) – Metric (Default: 10)
enable_path_monitor (bool) – Enable Path Monitor
failure_condition (str) – Path Monitor failure condition set ‘any’ or ‘all’
preemptive_hold_time (int) – Path Monitor Preemptive Hold Time in minutes
bfd_profile (str) – Name of the BRF profile
- class panos.network.VrfStaticRouteV6(*args, **kwargs)[source]
VRF Static Route IPv6
Add to a
panos.network.Vrf
instance.- Parameters:
name (str) – The name
destination (str) – Destination network
nexthop_type (str) – ip-address, discard, or next-vr
nexthop (str) – Next hop IP address or Next VR Name
interface (str) – Next hop interface
admin_dist (str) – Administrative distance
metric (int) – Metric (Default: 10)
enable_path_monitor (bool) – Enable Path Monitor
failure_condition (str) – Path Monitor failure condition set ‘any’ or ‘all’
preemptive_hold_time (int) – Path Monitor Preemptive Hold Time in minutes
bfd_profile (str) – Name of the BRF profile
- class panos.network.Zone(*args, **kwargs)[source]
Security zone
- Parameters:
name (str) – Name of the zone
mode (str) – The mode of the security zone. Must match the mode of the interface. Possible values: tap, virtual-wire, layer2, layer3, external
interface (list) – List of interface names or instantiated subclasses of
panos.network.Interface
.zone_profile (str) – Zone protection profile
log_setting (str) – Log forwarding setting
enable_user_identification (bool) – If user identification is enabled
include_acl (list/str) – User identification ACL include list
exclude_acl (list/str) – User identification ACL exclude list
enable_packet_buffer_protection (bool) – (PAN-OS 8.0+) Enable packet buffer protection
enable_device_identification (bool) – (PAN-OS 10.0+) Enable device identification
device_include_acl (list) – (PAN-OS 10.0+) Device include ACLs list
device_exclude_acl (list) – (PAN-OS 10.0+) Device exclude ACLs list
- panos.network.interface(name, *args, **kwargs)[source]
Interface object factory
Creates an interface object of type determined by the name of the interface.
- Parameters:
name (str) – Name of the interface to create (eg. ethernet1/1.5)
mode (str) – Mode of the interface. Possible values: layer3, layer2, virtual-wire, tap, ha, aggregate-group. Default: None
- Keyword Arguments:
tag (int) – Tag for the interface, aka vlan id
- Returns:
An instantiated subclass of
panos.network.Interface
- Return type: