* * It will load a sample PANOS config and make some rules and object * editing. * *****************************************************************************/ // load PAN-Configurator library require_once "../lib/panconfigurator.php"; // input and output files $origfile = "sample-configs/policy-best-practices.xml"; $outputfile = "output.xml"; // We're going to load a PANConf object (PANConf is for PANOS Firewall, // PanoramaConf is obviously for Panorama which is covered in another example) $panc = new PANConf(); $panc->load_from_file($origfile); // Did we find VSYS1 ? $vsys1 = $panc->findVirtualSystem('vsys1'); if (is_null($vsys1)) { derr("vsys1 was not found ? Exit\n"); } print "\n***********************************************\n\n"; print "\n\n************ Security Rules before changes *********\n\n"; // $vsys1->securityRules is an object containing all VSYS1 rules. Here we call display() to print them in console. $vsys1->securityRules->display(); // Here we look for a rule named 'Mail Server incoming mails' $mailServerRule = $vsys1->securityRules->find('Mail Server incoming mails'); // exit if that rule was not found if ($mailServerRule === null) { derr("ERROR : Cannot find rule 'Mail Server incoming mails'\n"); } // now look for an object named 'mail-server2' $objectMailServer2 = $vsys1->addressStore->find('mail-server2');
* * * *****************************************************************************/ // load PAN-Configurator library require_once "../lib/panconfigurator.php"; // input and output files $origfile = "sample-configs/policy-best-practices.xml"; $targetVSYS = 'vsys1'; $targetProfile = 'SecProf1'; $outputfile = "output.xml"; // We're going to load a PANConf object (PANConf is for PANOS Firewall, $panc = new PANConf(); $panc->load_from_file($origfile); // Did we find VSYS1 ? $vsys1 = $panc->findVirtualSystem($targetVSYS); if (is_null($vsys1)) { derr("vsys1 was not found ? Exit\n"); } print "\n***********************************************\n\n"; // first get the list of rules in an array $rules = $vsys1->securityRules->rules(); // for every rule we set the security profile foreach ($rules as $rule) { print "- Updating rule '" . $rule->name() . "' with security profile '{$targetProfile}'\n"; $rule->setSecurityProfileGroup($targetProfile); } print "\n***********************************************\n"; // Save resulting config to a file $panc->save_to_file($outputfile); //display some statistics