public function load_from_domxml(DOMElement $xml)
{
$this->xmlroot = $xml;
$this->name = DH::findAttribute('name', $xml);
if ($this->name === FALSE) {
derr("zone name not found\n", $xml);
}
$tmp = DH::findFirstElementOrDie('config', $xml);
$this->deviceConfiguration->load_from_domxml($tmp);
}
private function &getBaseXPath()
{
$str = '';
$class = get_class($this->owner);
if ($class == 'PanoramaConf' || $class == 'PANConf') {
$str = "/config/shared";
} else {
$str = $this->owner->getXPath();
}
return $str;
}
public function &getXPath(Rule $contextRule)
{
$class = get_class($this->owner);
$serial = spl_object_hash($contextRule);
$str = '';
if ($class == 'VirtualSystem') {
$str = $this->owner->getXPath() . '/rulebase';
} else {
if ($class == 'DeviceGroup') {
if ($contextRule->isPreRule()) {
$str = $this->owner->getXPath() . '/pre-rulebase';
} else {
if ($contextRule->isPostRule()) {
$str = $this->owner->getXPath() . '/post-rulebase';
} else {
derr('unsupported mode');
}
}
} else {
if ($class == 'PANConf') {
derr('unsupported');
} else {
if ($class == 'PanoramaConf') {
if ($contextRule->isPreRule()) {
$str = "/config/shared/pre-rulebase";
} else {
if ($contextRule->isPostRule()) {
$str = "/config/shared/post-rulebase";
} else {
derr('unsupported mode');
}
}
} else {
derr('unsupported mode');
}
}
}
}
$str .= '/' . self::$storeNameByType[$this->type]['xpathRoot'] . '/rules';
return $str;
}
/*****************************************************************************
*
* This script is doing basic use PAN-Configurator API.
*
* It will load a sample PANOS config and make some rules and object
* editing.
*
*****************************************************************************/
// load PAN-Configurator library
require_once "../lib/panconfigurator.php";
// input and output files
$origfile = "sample-configs/policy-best-practices.xml";
$outputfile = "output.xml";
// We're going to load a PANConf object (PANConf is for PANOS Firewall,
// PanoramaConf is obviously for Panorama which is covered in another example)
$panc = new PANConf();
$panc->load_from_file($origfile);
// Did we find VSYS1 ?
$vsys1 = $panc->findVirtualSystem('vsys1');
if (is_null($vsys1)) {
derr("vsys1 was not found ? Exit\n");
}
print "\n***********************************************\n\n";
print "\n\n************ Security Rules before changes *********\n\n";
// $vsys1->securityRules is an object containing all VSYS1 rules. Here we call display() to print them in console.
$vsys1->securityRules->display();
// Here we look for a rule named 'Mail Server incoming mails'
$mailServerRule = $vsys1->securityRules->find('Mail Server incoming mails');
// exit if that rule was not found
if ($mailServerRule === null) {
derr("ERROR : Cannot find rule 'Mail Server incoming mails'\n");
$inputfile = 'sample-configs/panorama-example4.xml';
$outputfile = 'output.xml';
$largeGroupsCount = 491;
$splitCount = 490;
// is it a Panorma or PANOS config ?
if ($mode == 'panorama') {
// Create Panorama object
$p = new PanoramaConf();
// and load it from a XML file
$p->load_from_file($inputfile);
// load the list of DeviceGroups in an array
$subs = $p->deviceGroups;
} else {
if ($mode == 'panos') {
// Create new PanConf object
$p = new PANConf();
// load it from XML file
$p->load_from_file($inputfile);
// load the list of VSYS in an array
$subs = $p->virtualSystems;
} else {
derr('Please set mode="panos" or mode ="panorama"');
}
}
print "\n***********\n\n";
// For every VSYS/DeviceGroups we're going to list Groups and count their members.
foreach ($subs as $sub) {
print "Found DeviceGroup/VirtualSystem named '" . $sub->name() . "'\n";
$countGroups = $sub->addressStore->countAddressGroups();
print " Found {$countGroups} AddressGroups in this DV";
$Groups = $sub->addressStore->addressGroups();
/**
* load all managed firewalls configs from a directory
*/
public function loadManagedFirewallsConfigs($fromDirectory = './')
{
$this->managedFirewalls = array();
$files = scandir($fromDirectory);
foreach ($this->managedFirewallsSerials as &$serial) {
$fw = FALSE;
foreach ($files as &$file) {
$pos = strpos($file, $serial);
if ($pos !== FALSE) {
//$fc = file_get_contents($file);
//if( $fc === FALSE )
// derr("could not open file '$file'");
print "Loading FW '{$serial}' from file '{$file}'.\n";
$fw = new PANConf($this, $serial);
$fw->load_from_file($fromDirectory . '/' . $file);
$this->managedFirewalls[] = $fw;
break;
}
}
if ($fw === FALSE) {
derr("couldn't find a suitable file to load for FW '{$serial}'");
}
}
//derr('not implemented yet');
}
<?php
/********************************************************************************************
This sample script will connect to a live firewall and do some live changes.
*********************************************************************************************/
// load 'PAN Configurator' library
require_once "../lib/panconfigurator.php";
$apikey = 'LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09';
$apihost = '192.168.50.10';
$con = new PanAPIConnector($apihost, $apikey, 'panos');
// enable connector to show us API calls on the go
$con->setShowApiCalls(true);
$panc = new PANConf();
$panc->API_load_from_candidate($con);
// Did we find VSYS1 ?
$vsys1 = $panc->findVirtualSystem('vsys1');
if (is_null($vsys1)) {
derr("vsys1 was not found ? Exit\n");
}
print "\n***********************************************\n\n";
//display rules
$vsys1->securityRules->display();
// look for an object named 'User-Networks'
$object = $vsys1->addressStore->find('User-Networks');
if (is_null($object)) {
derr("Error: object not found\n");
}
// want to know xpath of an object ?
print "displaying XPATH of object named " . $object->name() . " : " . $object->getXPath() . "\r\n";
* This script will list all rules in vsys et and make them use
* security group $targetProfile
*
*
*
*
*****************************************************************************/
// load PAN-Configurator library
require_once "../lib/panconfigurator.php";
// input and output files
$origfile = "sample-configs/policy-best-practices.xml";
$targetVSYS = 'vsys1';
$targetProfile = 'SecProf1';
$outputfile = "output.xml";
// We're going to load a PANConf object (PANConf is for PANOS Firewall,
$panc = new PANConf();
$panc->load_from_file($origfile);
// Did we find VSYS1 ?
$vsys1 = $panc->findVirtualSystem($targetVSYS);
if (is_null($vsys1)) {
derr("vsys1 was not found ? Exit\n");
}
print "\n***********************************************\n\n";
// first get the list of rules in an array
$rules = $vsys1->securityRules->rules();
// for every rule we set the security profile
foreach ($rules as $rule) {
print "- Updating rule '" . $rule->name() . "' with security profile '{$targetProfile}'\n";
$rule->setSecurityProfileGroup($targetProfile);
}
print "\n***********************************************\n";