private function &getBaseXPath() { $str = ''; $class = get_class($this->owner); if ($class == 'PanoramaConf' || $class == 'PANConf') { $str = "/config/shared"; } else { $str = $this->owner->getXPath(); } return $str; }
public function &getXPath(Rule $contextRule) { $class = get_class($this->owner); $serial = spl_object_hash($contextRule); $str = ''; if ($class == 'VirtualSystem') { $str = $this->owner->getXPath() . '/rulebase'; } else { if ($class == 'DeviceGroup') { if ($contextRule->isPreRule()) { $str = $this->owner->getXPath() . '/pre-rulebase'; } else { if ($contextRule->isPostRule()) { $str = $this->owner->getXPath() . '/post-rulebase'; } else { derr('unsupported mode'); } } } else { if ($class == 'PANConf') { derr('unsupported'); } else { if ($class == 'PanoramaConf') { if ($contextRule->isPreRule()) { $str = "/config/shared/pre-rulebase"; } else { if ($contextRule->isPostRule()) { $str = "/config/shared/post-rulebase"; } else { derr('unsupported mode'); } } } else { derr('unsupported mode'); } } } } $str .= '/' . self::$storeNameByType[$this->type]['xpathRoot'] . '/rules'; return $str; }
<?php // load 'PAN Configurator' library require_once "../lib/panconfigurator.php"; /*************************************************************** ****************************************************************/ // input and ouput xml files $inputfile = 'sample-configs/panorama-example.xml'; $outputfile = 'output.xml'; // Create a new PanoramaConf object $p = new PanoramaConf(); // and load it from a XML file $p->load_from_file($inputfile); print "\n***********************************************\n\n"; // display some statiscs for debug and exit program! print "\n\n***********************************************\n"; $p->display_statistics();
automatically *********************************************************************************************/ // load 'PAN Configurator' library require_once "../lib/panconfigurator.php"; //$mode = 'panos'; $mode = 'panorama'; // input and ouput xml files $inputfile = 'sample-configs/panorama-example4.xml'; $outputfile = 'output.xml'; $largeGroupsCount = 491; $splitCount = 490; // is it a Panorma or PANOS config ? if ($mode == 'panorama') { // Create Panorama object $p = new PanoramaConf(); // and load it from a XML file $p->load_from_file($inputfile); // load the list of DeviceGroups in an array $subs = $p->deviceGroups; } else { if ($mode == 'panos') { // Create new PanConf object $p = new PANConf(); // load it from XML file $p->load_from_file($inputfile); // load the list of VSYS in an array $subs = $p->virtualSystems; } else { derr('Please set mode="panos" or mode ="panorama"'); }
* * This script will list all rules in DeviceGroup referenced in $targetDG * and force them into using profile group referenced in $targetProfile * * *****************************************************************************/ // load PAN-Configurator library require_once "../lib/panconfigurator.php"; // input and output files $origfile = "sample-configs/panorama-example.xml"; $outputfile = "output.xml"; $targetDG = 'Perimeter-FWs'; $targetProfile = 'Shared Production Profile'; // We're going to load a PANConf object (PANConf is for PANOS Firewall, // PanoramaConf is obviously for Panorama which is covered in another example) $panc = new PanoramaConf(); $panc->load_from_file($origfile); // Did we find VSYS1 ? $dg = $panc->findDeviceGroup($targetDG); if (is_null($dg)) { derr("DeviceGroup {$targetDV} was not found ? Exit\n"); } print "\n***********************************************\n\n"; // Going after each pre-Security rules to add a profile foreach ($dg->securityRules->rules() as $rule) { print "Rule '" . $rule->name() . "' modified\n"; $rule->setSecurityProfileGroup($targetProfile); } print "\n***********************************************\n"; $panc->save_to_file($outputfile); //display some statistics
// // Script really starts here // $configType = strtolower(PH::$args['type']); if ($configType != 'panos' && $configType != 'panorama') { derr("\n**ERROR** Unsupported config type '{$configType}'. Check your CLI arguments\n\n"); } print "Config type is '{$configType}', intput filename is '{$inputFile}'\n"; if (!file_exists($inputFile)) { derr("\n**ERROR** Input file '" . $inputFile . "' doesn't exists!\n\n"); } print "Loading config file '" . $inputFile . "'... "; if ($configType == 'panos') { $pan = new PANConf(); } else { $pan = new PanoramaConf(); } $pan->load_from_file($inputFile); print "OK!\n\n"; // Variable that will hold all groups to be processed $groupsToProcess = array(); // if $argv[4] is a file that exists then we must load it if ($groupFile !== null) { $fcontent = file_get_contents($groupFile); $groupsToProcess = explode("\n", $fcontent); } else { $groupsToProcess[] = $groupLocation . '/' . $groupName; } print "Sanitizing and listing groups from input:\n"; foreach ($groupsToProcess as $index => &$group) { if (strlen($group) < 3) {
// Determine if PANOS or Panorama // $xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc); if ($xpathResult === FALSE) { derr('XPath error happened'); } if ($xpathResult->length < 1) { $configType = 'panorama'; } else { $configType = 'panos'; } unset($xpathResult); if ($configType == 'panos') { $pan = new PANConf(); } else { $pan = new PanoramaConf(); } print " - Detected platform type is '{$configType}'\n"; if ($configInput['type'] == 'api') { $pan->connector = $configInput['connector']; } // </editor-fold> // // Location provided in CLI ? // if (isset(PH::$args['location'])) { $rulesLocation = PH::$args['location']; if (!is_string($rulesLocation) || strlen($rulesLocation) < 1) { display_error_usage_exit('"location" argument is not a valid string'); } } else {
// Determine if PANOS or Panorama // $xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc); if ($xpathResult === FALSE) { derr('XPath error happened'); } if ($xpathResult->length < 1) { $configType = 'panorama'; } else { $configType = 'panos'; } unset($xpathResult); if ($configType == 'panos') { $pan = new PANConf(); } else { $pan = new PanoramaConf(); } print " - Detected platform type is '{$configType}'\n"; if ($configInput['type'] == 'api') { $pan->connector = $configInput['connector']; } $errorMessage = ''; $filterQuery = null; if (isset(PH::$args['filter'])) { $filterQuery = new RQuery('rule'); if (!$filterQuery->parseFromString(PH::$args['filter'], $errorMessage)) { derr($errorMessage); } print " - rule filter after sanitizing : "; $filterQuery->display(); }
This sample script will look for all rules inside a Panorama config and search for tags Outgoing or Incoming. When Outgoing is found, it will edit the rule to put FromZone = internal and ToZone = external When Incoming is found, it will edit the rule to put FromZone = extern and ToZone = internal *********************************************************************************************/ // input and ouput xml files $inputfile = 'sample-configs/panorama-example.xml'; $outputfile = 'output.xml'; // Create a new PanoramaConf object $p = new PanoramaConf(); // and load it from a XML file $p->load_from_file($inputfile); print "\n***********************************************\n\n"; // below starts the real stuff // we need to find references of Zones 'internal' and 'external'. they will be used later $internal = $p->zoneStore->find('internal'); $external = $p->zoneStore->find('external'); if (!$internal) { derr("We didn't find zone 'internal', is there a problem? \n"); } if (!$external) { derr("We didn't find zone 'external', is there a problem? \n"); } // We are looking for a tag called "Outgoing" , to be used later, same for Incoming tag $outgoing = $p->tagStore()->find('Outgoing');