/**
* send current config to the firewall and save under name $config_name
*
*/
public function API_uploadConfig($config_name = 'panconfigurator-default.xml')
{
print "Uploadig config to device....";
$url = "&type=import&category=configuration&category=configuration";
$answer =& $this->connector->sendRequest($url, false, DH::dom_to_xml($this->xmlroot), $config_name);
print "OK!\n";
}
/**
* @param $str
* @param bool $checkFileExists
* @return string[]
*/
public static function &processIOMethod($str, $checkFileExists)
{
$ret = array('status' => 'fail');
$ret['filename'] = null;
$pos = strpos($str, 'api://');
if ($pos !== false) {
PanAPIConnector::loadConnectorsFromUserHome();
$host = substr($str, strlen('api://'));
$hostExplode = explode('@', $host);
if (count($hostExplode) == 1) {
$fileExplode = explode('/', $host);
if (count($fileExplode) == 2) {
$ret['filename'] = $fileExplode[1];
$host = $fileExplode[0];
}
$connector = PanAPIConnector::findOrCreateConnectorFromHost($host);
} else {
$fileExplode = explode('/', $hostExplode[1]);
if (count($fileExplode) == 2) {
$ret['filename'] = $fileExplode[1];
$hostExplode[1] = $fileExplode[0];
}
$connector = PanAPIConnector::findOrCreateConnectorFromHost($hostExplode[1]);
$connector->setType('panos-via-panorama', $hostExplode[0]);
}
$ret['status'] = 'ok';
$ret['type'] = 'api';
$ret['connector'] = $connector;
} else {
//assuming it's a file
if ($checkFileExists && !file_exists($str)) {
$ret['msg'] = 'file "' . $str . '" does not exist';
return $ret;
}
$ret['status'] = 'ok';
$ret['type'] = 'file';
$ret['filename'] = $str;
}
return $ret;
}
<?php
/********************************************************************************************
This sample script will connect to a live firewall and do some live changes.
*********************************************************************************************/
// load 'PAN Configurator' library
require_once "../lib/panconfigurator.php";
$apikey = 'LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09';
$apihost = '192.168.50.10';
$con = new PanAPIConnector($apihost, $apikey, 'panos');
// enable connector to show us API calls on the go
$con->setShowApiCalls(true);
$panc = new PANConf();
$panc->API_load_from_candidate($con);
// Did we find VSYS1 ?
$vsys1 = $panc->findVirtualSystem('vsys1');
if (is_null($vsys1)) {
derr("vsys1 was not found ? Exit\n");
}
print "\n***********************************************\n\n";
//display rules
$vsys1->securityRules->display();
// look for an object named 'User-Networks'
$object = $vsys1->addressStore->find('User-Networks');
if (is_null($object)) {
derr("Error: object not found\n");
}
// want to know xpath of an object ?
print "displaying XPATH of object named " . $object->name() . " : " . $object->getXPath() . "\r\n";
function tagObjects(&$list, $tagName, $modePANOS, PanAPIConnector $connector)
{
print "creating tag '{$tagName}'...";
$xpath = '/config/shared/tag';
$element = "<entry name='" . $tagName . "'></entry>";
$connector->sendSetRequest($xpath, $element);
print " OK!\n";
foreach ($list as &$o) {
$xpath = '/' . $o['type'] . "/entry[@name='" . $o['name'] . "']/tag";
$element = "<member>{$tagName}</member>";
if ($o['sub'] == 'shared') {
$xpath = '/config/shared' . $xpath;
} else {
if ($modePANOS) {
$xpath = "/config/devices/entry/vsys/entry[@name='" . $o['sub'] . "']" . $xpath;
} else {
$xpath = "/config/devices/entry/device-group/entry[@name='" . $o['sub'] . "']" . $xpath;
}
}
print "Tagging object " . $o['sub'] . "/" . $o['name'] . "... ";
//$connector->setShowApiCalls(true);
$connector->sendSetRequest($xpath, $element);
print "OK!\n";
}
}
/**
* @param string $host
* @param string $apiKey
* @param bool $promptForKey
* @param bool $checkConnectivity
* @return PanAPIConnector
*/
public static function findOrCreateConnectorFromHost($host, $apiKey = null, $promptForKey = true, $checkConnectivity = true)
{
self::loadConnectorsFromUserHome();
$host = strtolower($host);
foreach (self::$savedConnectors as $connector) {
if ($connector->apihost == $host) {
return $connector;
}
}
if ($apiKey === null && $promptForKey === false) {
derr('API host/key not found and apiKey is blank + promptForKey is disabled');
}
if ($apiKey !== null) {
$connection = new PanAPIConnector($host, $apiKey, 'panos');
} elseif ($promptForKey) {
print "** Request API access to host '{$host}' but API was not found in cache.\n" . "** Please enter API key or username below and hit enter: ";
$handle = fopen("php://stdin", "r");
$line = fgets($handle);
$apiKey = trim($line);
if (strlen($apiKey) < 19) {
$user = $apiKey;
print "* you input user '{$user}' , please enter password now: ";
$line = fgets($handle);
$password = trim($line);
print "* Now generating an API key from '{$host}'...";
$con = new PanAPIConnector($host, '');
$url = "type=keygen&user={$user}&password={$password}";
$res = $con->sendRequest($url);
$res = DH::findFirstElement('response', $res);
if ($res === false) {
derr('missing <response> from API answer');
}
$res = DH::findFirstElement('result', $res);
if ($res === false) {
derr('missing <result> from API answer');
}
$res = DH::findFirstElement('key', $res);
if ($res === false) {
derr('unsupported response from PANOS API');
}
$apiKey = $res->textContent;
print "OK, key is {$apiKey}\n\n";
}
fclose($handle);
$connection = new PanAPIConnector($host, $apiKey, 'panos');
}
if ($checkConnectivity) {
$connection->testConnectivity();
self::$savedConnectors[] = $connection;
self::saveConnectorsToUserHome();
}
return $connection;
}
