public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
$tmp = DH::findFirstElementOrDie('config', $xml);
$this->deviceConfiguration->load_from_domxml($tmp);
}
public function load_from_domxml(DOMNode $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("tag name not found\n", $xml);
}
if (strlen($this->name) < 1) {
derr("Tag name '" . $this->name . "' is not valid.", $xml);
}
}
/**
* @param string $newName
* @param bool $skip_name_unicity_check
* @throws Exception
* @return bool
*/
protected function setRefName($newName, $skip_name_unicity_check = false)
{
if (!is_string($newName)) {
derr('$newName must be a string');
}
if ($this->name == $newName) {
return false;
}
$oldName = $this->name;
$this->name = $newName;
$this->broadcastMyNameChange($oldName);
return true;
}
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("name not found\n");
}
$this->extract_disabled_from_domxml();
$this->extract_description_from_domxml();
$this->load_from();
$this->load_to();
$this->load_source();
$this->load_destination();
$this->load_tags();
}
public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("loopback name name not found\n");
}
$ipNode = DH::findFirstElement('ip', $xml);
if ($ipNode !== false) {
foreach ($ipNode->childNodes as $l3ipNode) {
if ($ipNode->nodeType != XML_ELEMENT_NODE) {
continue;
}
$this->_ipv4Addresses[] = $ipNode->getAttribute('name');
}
}
}
/**
* @param DOMElement $xml
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("virtual-router name not found\n");
}
$node = DH::findFirstElementOrCreate('interface', $xml);
$this->attachedInterfaces->load_from_domxml($node);
$node = DH::findXPath('/routing-table/ip/static-route/entry', $xml);
if ($node !== false) {
for ($i = 0; $i < $node->length; $i++) {
$newRoute = new StaticRoute('***tmp**', $this);
$newRoute->load_from_xml($node->item($i));
$this->_staticRoutes[] = $newRoute;
}
}
}
/**
* @param $xml DOMElement
*/
function load_from_xml($xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("static-route name not found\n");
}
$dstNode = DH::findFirstElementOrDie('destination', $xml);
$this->_destination = $dstNode->textContent;
$ifNode = DH::findFirstElement('interface', $xml);
if ($ifNode !== false) {
$this->_interface = $this->owner->owner->owner->network->findInterfaceOrCreateTmp($ifNode->textContent);
}
$fhNode = DH::findFirstElement('nexthop', $xml);
if ($fhNode !== false) {
$fhTypeNode = DH::findFirstElement('ip-address', $fhNode);
if ($fhTypeNode !== false) {
$this->_nexthopType = 'ip-address';
$this->_nexthopIP = $fhTypeNode->textContent;
}
}
}
/**
* Return an array['start']= startip and ['end']= endip
* @return IP4Map
*/
public function getIP4Mapping()
{
if (isset($this->_ip4Map)) {
return $this->_ip4Map;
}
if ($this->isTmpAddr()) {
if (filter_var($this->name, FILTER_VALIDATE_IP) === false) {
derr('cannot resolve a Temporary object !');
}
$this->_ip4Map = IP4Map::mapFromText($this->name);
} elseif ($this->type != self::TypeIpRange && $this->type != self::TypeIpNetmask) {
derr('cannot resolve an object of type ' . $this->type());
} elseif ($this->type == self::TypeIpNetmask || $this->type == self::TypeIpRange) {
$this->_ip4Map = IP4Map::mapFromText($this->value);
} else {
derr("unexpected type");
}
return $this->_ip4Map;
}
/**
* @param $text
* @return ServiceDstPortMapping
*/
public static function mappingFromText($text, $tcp = true)
{
$newMapping = new ServiceDstPortMapping();
$commaExplode = explode(',', $text);
foreach ($commaExplode as &$comma) {
$dashExplode = explode('-', $comma);
if (count($dashExplode) == 1) {
$port =& $dashExplode[0];
if (!is_string($port) || strlen($port) == 0) {
derr("unsupported port number: '{$port}'");
}
if (!is_numeric($port)) {
derr("port is not an integer: '{$port}'");
}
$port = (int) $port;
if ($port < 0 || $port > 65535) {
derr('port value is not within 0-65535');
}
if ($tcp) {
$newMapping->tcpPortMap[] = array('start' => $port, 'end' => $port);
} else {
$newMapping->udpPortMap[] = array('start' => $port, 'end' => $port);
}
} else {
if (count($dashExplode) > 2) {
derr("invalid port range syntax: '{$comma}'");
}
$port = $dashExplode[0];
if (!is_string($port) || strlen($port) == 0) {
derr("unsupported port number: '{$port}'");
}
if (!is_numeric($port)) {
derr("port is not an integer: '{$port}'");
}
$port = (int) $port;
if ($port < 0 || $port > 65535) {
derr('port value is not within 0-65535');
}
$portStart = $port;
$port = $dashExplode[1];
if (!is_string($port) || strlen($port) == 0) {
derr("unsupported port number: '{$port}'");
}
if (!is_numeric($port)) {
derr("port is not an integer: '{$port}'");
}
$port = (int) $port;
if ($port < 0 || $port > 65535) {
derr('port value is not within 0-65535');
}
$portEnd = $port;
if ($tcp) {
$newMapping->tcpPortMap[] = array('start' => $portStart, 'end' => $portEnd);
} else {
$newMapping->udpPortMap[] = array('start' => $portStart, 'end' => $portEnd);
}
}
}
$newMapping->mergeOverlappingMappings();
return $newMapping;
}
/**
* @return IP4Map
*/
public function getIP4Mapping()
{
$result = array('unresolved' => array());
$mapObject = new IP4Map();
foreach ($this->members as $member) {
if ($member->isTmpAddr()) {
$result['unresolved'][] = $member;
continue;
} elseif ($member->isAddress()) {
$localMap = $member->getIP4Mapping();
$mapObject->addMap($localMap, true);
} elseif ($member->isGroup()) {
$localMap = $member->getIP4Mapping();
$mapObject->addMap($localMap, true);
} else {
derr('unsupported type of objects ' . $member->toString());
}
}
$mapObject->sortAndRecalculate();
return $mapObject;
}
*
*
*****************************************************************************/
// load PAN-Configurator library
require_once "../lib/panconfigurator.php";
// input and output files
$origfile = "sample-configs/panorama-example.xml";
$outputfile = "output.xml";
$targetDG = 'Perimeter-FWs';
$targetProfile = 'Shared Production Profile';
// We're going to load a PANConf object (PANConf is for PANOS Firewall,
// PanoramaConf is obviously for Panorama which is covered in another example)
$panc = new PanoramaConf();
$panc->load_from_file($origfile);
// Did we find VSYS1 ?
$dg = $panc->findDeviceGroup($targetDG);
if (is_null($dg)) {
derr("DeviceGroup {$targetDV} was not found ? Exit\n");
}
print "\n***********************************************\n\n";
// Going after each pre-Security rules to add a profile
foreach ($dg->securityRules->rules() as $rule) {
print "Rule '" . $rule->name() . "' modified\n";
$rule->setSecurityProfileGroup($targetProfile);
}
print "\n***********************************************\n";
$panc->save_to_file($outputfile);
//display some statistics
$panc->display_statistics();
//more debugging infos
memory_and_gc('end');
/**
* @param $panConfObject
* @return PANConf|PanoramaConf
* @throws Exception
*/
public static function findRootObjectOrDie($panConfObject)
{
while (true) {
$class = get_class($panConfObject);
if ($class == 'PANConf' || $class == 'PanoramaConf') {
return $panConfObject;
}
if (isset($panConfObject->owner) && is_object($panConfObject->owner)) {
$panConfObject = $panConfObject->owner;
} else {
break;
}
}
derr("cannot find PanoramaConf or PANConf object");
}
/**
* @param DOMElement $source
* @param DOMElement $target
* @return int
* @throws Exception
*/
public static function moveChildElementsToNewParentNode(DOMElement $source, DOMElement $target)
{
$sourceOwner = $source->ownerDocument;
$targetOwner = $target->ownerDocument;
if (!$sourceOwner->isSameNode($targetOwner)) {
derr('source and target must be part of same XML Document');
}
if ($source->nodeType != XML_ELEMENT_NODE) {
derr('source is not an Element type node');
}
if ($target->nodeType != XML_ELEMENT_NODE) {
derr('target is not an Element type node');
}
$toMove = array();
foreach ($source->childNodes as $child) {
if ($child->nodeType != XML_ELEMENT_NODE) {
continue;
}
$toMove[] = $child;
}
foreach ($toMove as $child) {
$target->appendChild($child);
}
return count($toMove);
}
public function &getXPath()
{
$str = '';
$ownerClass = get_class($this->owner);
if ($ownerClass == 'VirtualSystem' || $ownerClass == 'DeviceGroup') {
$str = $this->owner->getXPath();
} elseif ($ownerClass == 'PanoramaConf') {
$str = '/config/shared';
} else {
derr('unsupported');
}
$str = $str . '/tag';
return $str;
}
/**
* returns true if $object is in this store. False if not
*
*/
public function inStore($object)
{
if (is_null($object)) {
derr('a NULL object, really ?');
}
if (isset($this->fastMemToIndex[spl_object_hash($object)])) {
return true;
}
return false;
}
public function getLayer3IPv4Addresses()
{
if ($this->type != 'layer3') {
derr('cannot be requested from a non Layer3 Interface');
}
if ($this->l3ipv4Addresses === null) {
return array();
}
return $this->l3ipv4Addresses;
}
public function setDNAT($host, $ports = null)
{
if (is_null($host)) {
derr(" Host cannot be NULL");
}
if (!is_null($this->dnathost)) {
$this->dnathost->removeReference($this);
}
if (!isset($this->dnatroot) || $this->dnatroot === FALSE) {
$this->dnatroot = $this->xmlroot->ownerDocument->createElement('destination-translation');
}
if (!isset($this->dnatrootTAroot) || $this->dnatrootTAroot === FALSE) {
$this->subdnatTAroot = $this->xmlroot->ownerDocument->createElement('translated-address');
}
if (!isset($this->dnatrootTAroot) || $this->dnatrootTAroot === FALSE) {
$this->subdnatTProot = $this->xmlroot->ownerDocument->createElement('translated-port');
}
if (!is_null($host)) {
$this->dnatroot = $this->xmlroot->appendChild($this->dnatroot);
$this->subdnatTAroot = $this->dnatroot->appendChild($this->subdnatTAroot);
DH::setDomNodeText($this->subdnatTAroot, $host->name());
}
$this->dnathost = $host;
$this->dnathost->addReference($this);
$this->dnatports = $ports;
if (is_null($ports)) {
DH::removeChild($this->dnatroot, $this->subdnatTProot);
} else {
$this->subdnatTProot = $this->dnatroot->appendChild($this->subdnatTProot);
setDomNodeText($this->subdnatTProot, $ports);
}
}
} elseif ($configInput['type'] == 'api') {
if ($debugAPI) {
$configInput['connector']->setShowApiCalls(true);
}
print " - Downloading config from API... ";
$xmlDoc = $configInput['connector']->getCandidateConfig();
print "OK!\n";
} else {
derr('not supported yet');
}
//
// Determine if PANOS or Panorama
//
$xpathResult = DH::findXPath('/config/devices/entry/vsys', $xmlDoc);
if ($xpathResult === FALSE) {
derr('XPath error happened');
}
if ($xpathResult->length < 1) {
$configType = 'panorama';
} else {
$configType = 'panos';
}
unset($xpathResult);
if ($configType == 'panos') {
$pan = new PANConf();
} else {
$pan = new PanoramaConf();
}
print " - Detected platform type is '{$configType}'\n";
if ($configInput['type'] == 'api') {
$pan->connector = $configInput['connector'];
public function load_from_domxml(DOMElement $xml)
{
foreach ($xml->childNodes as $appx) {
if ($appx->nodeType != XML_ELEMENT_NODE) {
continue;
}
$appName = DH::findAttribute('name', $appx);
if ($appName === FALSE) {
derr("app name not found\n");
}
$app = new App($appName, $this);
$app->type = 'predefined';
$this->add($app);
$cursor = DH::findFirstElement('default', $appx);
if ($cursor === false) {
continue;
}
$protocur = DH::findFirstElement('ident-by-ip-protocol', $cursor);
if ($protocur !== false) {
$app->proto = $protocur->textContent;
}
$icmpcur = DH::findFirstElement('ident-by-icmp-type', $cursor);
if ($icmpcur !== false) {
$app->icmpsub = $icmpcur->textContent;
}
$cursor = DH::findFirstElement('port', $cursor);
if ($cursor === false) {
continue;
}
foreach ($cursor->childNodes as $portx) {
if ($portx->nodeType != XML_ELEMENT_NODE) {
continue;
}
/** @var $portx DOMElement */
$ex = explode('/', $portx->textContent);
if (count($ex) != 2) {
derr('unsupported port description: ' . $portx->textContent);
}
if ($ex[0] == 'tcp') {
$exports = explode(',', $ex[1]);
$ports = array();
if (count($exports) < 1) {
derr('unsupported port description: ' . $portx->textContent);
}
foreach ($exports as &$sport) {
if ($sport == 'dynamic') {
$ports[] = array(0 => 'dynamic');
continue;
}
$tmpex = explode('-', $sport);
if (count($tmpex) < 2) {
$ports[] = array(0 => 'single', 1 => $sport);
continue;
}
$ports[] = array(0 => 'range', 1 => $tmpex[0], 2 => $tmpex[1]);
}
//print_r($ports);
if (is_null($app->tcp)) {
$app->tcp = $ports;
} else {
$app->tcp = array_merge($app->tcp, $ports);
}
} elseif ($ex[0] == 'udp') {
$exports = explode(',', $ex[1]);
$ports = array();
if (count($exports) < 1) {
derr('unsupported port description: ' . $portx->textContent);
}
foreach ($exports as &$sport) {
if ($sport == 'dynamic') {
$ports[] = array(0 => 'dynamic');
continue;
}
$tmpex = explode('-', $sport);
if (count($tmpex) < 2) {
$ports[] = array(0 => 'single', 1 => $sport);
continue;
}
$ports[] = array(0 => 'range', 1 => $tmpex[0], 2 => $tmpex[1]);
}
//print_r($ports);
if (is_null($app->udp)) {
$app->udp = $ports;
} else {
$app->udp = array_merge($app->udp, $ports);
}
} elseif ($ex[0] == 'icmp') {
$app->icmp = $ex[1];
} else {
derr('unsupported port description: ' . $portx->textContent);
}
}
}
}
/**
* @param string $deviceSerial
* @param string $vsysName
* @return DeviceGroup|bool
*/
public function findApplicableDGForVsys($deviceSerial, $vsysName)
{
if (is_null($deviceSerial) || strlen($deviceSerial) < 1) {
derr('invalid serial provided!');
}
if (is_null($vsysName) || strlen($vsysName) < 1) {
derr('invalid serial provided!');
}
//print "looking for serial $deviceSerial and vsys $vsysName\n";
foreach ($this->deviceGroups as $dv) {
$ds = $dv->getDevicesInGroup();
foreach ($ds as &$d) {
if ($d['serial'] == $deviceSerial) {
//print "serial found\n";
if (array_search($vsysName, $d['vsyslist']) !== FALSE) {
//print "match!\n";
return $dv;
}
}
}
}
return false;
}
/**
* !! Should not be used outside of a PANConf constructor. !!
*
*/
public function load_from_domxml($xml)
{
$this->xmlroot = $xml;
// this VSYS has a name ?
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("VirtualSystem name not found\n", $xml);
}
//print "VSYS '".$this->name."' found\n";
// this VSYS has a display-name ?
$displayNameNode = DH::findFirstElement('display-name', $xml);
if ($displayNameNode !== FALSE) {
$this->_alternativeName = $displayNameNode->textContent;
}
//
// loading the imported objects list
//
$this->importroot = DH::findFirstElementOrCreate('import', $xml);
$networkRoot = DH::findFirstElementOrCreate('network', $this->importroot);
$tmp = DH::findFirstElementOrCreate('interface', $networkRoot);
$this->importedInterfaces->load_from_domxml($tmp);
//
$this->rulebaseroot = DH::findFirstElementOrCreate('rulebase', $xml);
if ($this->owner->owner === null) {
//
// Extract Tag objects
//
if ($this->owner->version >= 60) {
$tmp = DH::findFirstElementOrCreate('tag', $xml);
$this->tagStore->load_from_domxml($tmp);
}
// End of Tag objects extraction
//
// Extract address objects
//
$tmp = DH::findFirstElementOrCreate('address', $xml);
$this->addressStore->load_addresses_from_domxml($tmp);
//print "VSYS '".$this->name."' address objectsloaded\n" ;
// End of address objects extraction
//
// Extract address groups in this DV
//
$tmp = DH::findFirstElementOrCreate('address-group', $xml);
$this->addressStore->load_addressgroups_from_domxml($tmp);
//print "VSYS '".$this->name."' address groups loaded\n" ;
// End of address groups extraction
// //
// Extract service objects in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service', $xml);
$this->serviceStore->load_services_from_domxml($tmp);
//print "VSYS '".$this->name."' service objects\n" ;
// End of <service> extraction
// //
// Extract service groups in this VSYS //
// //
$tmp = DH::findFirstElementOrCreate('service-group', $xml);
$this->serviceStore->load_servicegroups_from_domxml($tmp);
//print "VSYS '".$this->name."' service groups loaded\n" ;
// End of <service-group> extraction
}
//
// Extract Zone objects
//
$tmp = DH::findFirstElementOrCreate('zone', $xml);
$this->zoneStore->load_from_domxml($tmp);
// End of Zone objects extraction
if ($this->owner->owner === null) {
//
// Security Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('security', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->securityRules->load_from_domxml($tmprulesroot);
//
// Nat Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('nat', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->natRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('decryption', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->decryptionRules->load_from_domxml($tmprulesroot);
//
// Decryption Rules extraction
//
$tmproot = DH::findFirstElementOrCreate('application-override', $this->rulebaseroot);
$tmprulesroot = DH::findFirstElementOrCreate('rules', $tmproot);
$this->appOverrideRules->load_from_domxml($tmprulesroot);
}
}
derr("vsys1 was not found ? Exit\n");
}
print "\n***********************************************\n\n";
print "\n\n************ Security Rules before changes *********\n\n";
// $vsys1->securityRules is an object containing all VSYS1 rules. Here we call display() to print them in console.
$vsys1->securityRules->display();
// Here we look for a rule named 'Mail Server incoming mails'
$mailServerRule = $vsys1->securityRules->find('Mail Server incoming mails');
// exit if that rule was not found
if ($mailServerRule === null) {
derr("ERROR : Cannot find rule 'Mail Server incoming mails'\n");
}
// now look for an object named 'mail-server2'
$objectMailServer2 = $vsys1->addressStore->find('mail-server2');
if ($objectMailServer2 === null) {
derr("ERROR : Cannot find object named 'mail-server2'\n");
}
// add 'mail-server2' in rule 'Mail Server' source.
$mailServerRule->source->addObject($objectMailServer2);
// now we rename object 'mail-server2' into mail 'mail-server3'
$objectMailServer2->setName('mail-server3');
// create a Tag called 'MAIL RULES'
$tagMailRules = $vsys1->tagStore->findOrCreate('MAIL RULES');
// add this tag to the rule 'Mail Server incoming mails'
$mailServerRule->tags->addTag($tagMailRules);
// set Security Group Profile 'SecProf2' on that rule
$mailServerRule->setSecurityProfileGroup('SecProf2');
// disable a rule
$mailServerRule->setDisabled(true);
// rename it
$mailServerRule->setName('Incoming SMTP');
/**
* @param $rule SecurityRule
* @param $ruleToMerge SecurityRule
* @param $method int
* @throws Exception
*/
function mergeRules($rule, $ruleToMerge, $method)
{
/* 'matchFromToSrcDstApp' => 1 ,
'matchFromToSrcDstSvc' => 2 ,
'matchFromToSrcSvcApp' => 3 ,
'matchFromToDstSvcApp' => 4 ,
'matchFromSrcDstSvcApp' => 5 ,
'matchToSrcDstSvcApp' => 6 ,
'matchToDstSvcApp' => 7 ,
'matchFromSrcSvcApp' => 8 ,
'matchFromSrcSvcApp' => 9 ,
*/
global $hashTable;
if ($method == 1) {
$rule->services->merge($ruleToMerge->services);
} elseif ($method == 2) {
$rule->apps->merge($ruleToMerge->apps);
} elseif ($method == 3) {
$rule->destination->merge($ruleToMerge->destination);
} elseif ($method == 4) {
$rule->source->merge($ruleToMerge->source);
} elseif ($method == 5) {
$rule->to->merge($ruleToMerge->to);
} elseif ($method == 6) {
$rule->from->merge($ruleToMerge->from);
} elseif ($method == 7) {
$rule->from->merge($ruleToMerge->from);
$rule->source->merge($ruleToMerge->source);
} elseif ($method == 8) {
$rule->to->merge($ruleToMerge->to);
$rule->destination->merge($ruleToMerge->destination);
} elseif ($method == 9) {
//
} else {
derr("unsupported method #{$method}");
}
// clean this rule from hash table
unset($hashTable[$ruleToMerge->mergeHash][$rule->serial]);
$ruleToMerge->owner->remove($ruleToMerge);
$ruleToMerge->alreadyMerged = true;
//updateRuleHash($rule, $method);
}
public function &API_getServiceStats($timePeriod, $specificApps = null)
{
$con = findConnectorOrDie($this);
$query_appfilter = '';
if (!is_null($specificApps)) {
if (!is_array($specificApps)) {
if (is_string($specificApps)) {
$specificApps = explode(',', $specificApps);
} else {
derr('$specificApps is not an array or a string');
}
}
$query_appfilter = ' and (';
$first = true;
foreach ($specificApps as &$app) {
if (!$first) {
$query_appfilter .= ' or ';
} else {
$first = false;
}
$query_appfilter .= "(app eq {$app})";
}
$query_appfilter .= ') ';
}
$parentClass = get_class($this->owner->owner);
if ($parentClass == 'VirtualSystem') {
$type = 'traffic';
$dvq = '(vsys eq ' . $this->owner->owner->name() . ')';
} else {
$type = 'panorama-traffic';
$devices = $this->owner->owner->getDevicesInGroup();
//print_r($devices);
$first = true;
if (count($devices) == 0) {
derr('cannot request rule stats for a device group that has no member');
}
$dvq = '(' . array_to_devicequery($devices) . ')';
}
$query = 'type=report&reporttype=dynamic&reportname=custom-dynamic-report&cmd=<type>' . '<' . $type . '><aggregate-by><member>proto</member><member>dport</member></aggregate-by>' . '</' . $type . '></type><period>' . $timePeriod . '</period>' . '<topn>100</topn><topm>500</topm><caption>untitled</caption>' . '<query>' . "{$dvq} {$query_appfilter} and (rule eq '" . $this->name . "')</query>";
$ret = $con->getReport($query);
return $ret;
}
/**
* add a Tag to this container
* @param string|Tag
* @param bool
* @return bool
*/
public function addTag($Obj, $rewriteXML = true)
{
if (is_string($Obj)) {
$f = $this->parentCentralStore->findOrCreate($Obj);
if ($f === null) {
derr(": Error : cannot find tag named '" . $Obj . "'\n");
}
return $this->addTag($f);
}
$ret = $this->add($Obj);
if ($ret && $rewriteXML) {
$this->rewriteXML();
}
return $ret;
}
public function referencedObjectRenamed($h, $oldName)
{
if (!$this->inStore($h)) {
return false;
}
$newName = $h->name();
unset($this->all[$oldName]);
$this->all[$newName] = $h;
$class = get_class($h);
if ($class == 'Address') {
unset($this->addr[$oldName]);
$this->addr[$newName] = $h;
} elseif ($class == 'AddressGroup') {
unset($this->addrg[$oldName]);
$this->addrg[$newName] = $h;
} else {
derr('unsupported class');
}
return true;
}
// Create Panorama object
$p = new PanoramaConf();
// and load it from a XML file
$p->load_from_file($inputfile);
// load the list of DeviceGroups in an array
$subs = $p->deviceGroups;
} else {
if ($mode == 'panos') {
// Create new PanConf object
$p = new PANConf();
// load it from XML file
$p->load_from_file($inputfile);
// load the list of VSYS in an array
$subs = $p->virtualSystems;
} else {
derr('Please set mode="panos" or mode ="panorama"');
}
}
print "\n***********\n\n";
// For every VSYS/DeviceGroups we're going to list Groups and count their members.
foreach ($subs as $sub) {
print "Found DeviceGroup/VirtualSystem named '" . $sub->name() . "'\n";
$countGroups = $sub->addressStore->countAddressGroups();
print " Found {$countGroups} AddressGroups in this DV";
$Groups = $sub->addressStore->addressGroups();
foreach ($Groups as $group) {
$membersCount = $group->count();
// if this group has more members than $largeGroupsCount then we must split it
if ($membersCount > $largeGroupsCount) {
print " AddressGroup named '" . $group->name() . "' with {$membersCount} members \n";
// get member list in $members
public function API_delete()
{
if ($this->isTmpSrv()) {
derr('cannot be called on a Tmp service object');
}
return $this->owner->API_remove($this);
}
while ($newO === null) {
$newOName = $oName;
if ($newOcounter > 0) {
$newOName .= '-' . $newOcounter;
}
$newO = $store->find($newOName);
if ($newO !== null) {
if ($newO->value() == $oValue) {
break;
} else {
$newO = null;
}
} else {
$newO = $store->newAddress($newOName, 'ip-range', $oValue, '', false);
if ($newO === null) {
derr('object creation error ???');
}
}
$newOcounter++;
}
print " --> " . $newO->name() . "\n";
$groupToProcess->add($newO, false);
}
}
}
unset($incl);
$groupToProcess->rewriteXML();
$store->rewriteAddressStoreXML();
print "\n ** Total Ranges dynamically needed for group '" . $groupToProcess->name() . "' : " . count($finalInclMapping) . "\n";
print "\n* done *\n\n";
}
public function newZone($name, $type)
{
$found = $this->find($name, null);
if ($found !== null) {
derr("cannot create Zone named '" . $name . "' as this name is already in use ");
}
$ns = new Zone($name, $this, true);
$this->addZone($ns);
return $ns;
}