foreach ($groupsToProcess as $group) { $expl = explode('/', $group); print "* Group '{$expl['1']}' from location '{$expl['0']}'\n"; // // looking for AddressStore that is holding our group // if ($expl[0] == 'shared') { $store = $pan->addressStore; } else { if ($configType == 'panos') { $sub = $pan->findVirtualSystem($expl[0]); if ($sub === null) { derr(" ***ERROR*** cannot find VSYS '{$expl['0']}'\n\n"); } } else { $sub = $pan->findDeviceGroup($expl[0]); if ($sub === null) { derr(" ***ERROR*** cannot find DeviceGroup '{$expl['0']}'\n\n"); } } $store = $sub->addressStore; } // // Looking for the group inside the AddressStore we found // $groupToProcess = $store->find($expl[1], null, false); if ($groupToProcess === null) { derr(" ***ERROR*** cannot find group '{$expl['1']}' in location '{$expl['0']}'\n\n"); } // // checking this group has 2 members, one will be the $incGroup , the other will be the $exclGroup
* * *****************************************************************************/ // load PAN-Configurator library require_once "../lib/panconfigurator.php"; // input and output files $origfile = "sample-configs/panorama-example.xml"; $outputfile = "output.xml"; $targetDG = 'Perimeter-FWs'; $targetProfile = 'Shared Production Profile'; // We're going to load a PANConf object (PANConf is for PANOS Firewall, // PanoramaConf is obviously for Panorama which is covered in another example) $panc = new PanoramaConf(); $panc->load_from_file($origfile); // Did we find VSYS1 ? $dg = $panc->findDeviceGroup($targetDG); if (is_null($dg)) { derr("DeviceGroup {$targetDV} was not found ? Exit\n"); } print "\n***********************************************\n\n"; // Going after each pre-Security rules to add a profile foreach ($dg->securityRules->rules() as $rule) { print "Rule '" . $rule->name() . "' modified\n"; $rule->setSecurityProfileGroup($targetProfile); } print "\n***********************************************\n"; $panc->save_to_file($outputfile); //display some statistics $panc->display_statistics(); //more debugging infos memory_and_gc('end');
} if (isset(PH::$args[strtolower('panoramaPostRules')])) { $panoramaPreRuleSelected = false; } } $processedLocation = null; if ($pan->isPanorama()) { if ($rulesLocation == 'shared') { $processedLocation = $pan; if ($panoramaPreRuleSelected) { $rulesToProcess = $pan->securityRules->preRules(); } else { $rulesToProcess = $pan->securityRules->postRules(); } } else { $sub = $pan->findDeviceGroup($rulesLocation); if ($sub === null) { derr("DeviceGroup named '{$rulesLocation}' not found"); } if ($panoramaPreRuleSelected) { $rulesToProcess = $sub->securityRules->preRules(); } else { $rulesToProcess = $sub->securityRules->postRules(); } $processedLocation = $sub; } } else { $sub = $pan->findVirtualSystem($rulesLocation); if ($sub === null) { derr("VirtualSystem named '{$rulesLocation}' not found"); }