-
|
I have a SecurityRule array. The class SecurityRule provides many properties and methods, but what I can't seem to find is a way to find the (what I think might be) AddressStore associated with the Rule, containing source and destination addresses for this specific rule. So there might be more than one AddressStore associated. If I start with an Address Group instance, and use $addressgroup->display_references(); I get a list like this:
As is indicated, my Address Group is used in the source for this specific SecurityRule. Now when I use $addressgroup->findAssociatedSecurityRules(); I get a nice array with Security rules. But I don't methods to find source and destination, or any reference to some sort of container that has those. Thank you |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
You can always think about a PAN-OS XML configuration syntax:
But if you think about how AddressObject can be used in a SecurityRule: These both of Class AddressContainer, contains references to all used AddressObjects. Please see below an example.
I assume you try to handle a Firewall configuration based on the other discussion we had.
|
Beta Was this translation helpful? Give feedback.
-
|
Yes perfect, that will do! I just didn't seem to find those methods in the class documentation, maybe I just missed it. In the future I'll just have a look at the class definitions like pan-os-php/lib/rule-classes/SecurityRule.php - everything's in there as well |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/PaloAltoNetworks/pan-os-php/blob/main/doc/class-AddressRuleContainer.html |
Beta Was this translation helpful? Give feedback.
-
|
another option is to create a plugin for a specific predefined UTIL script: pan-os-php type=rule 'loadplugin=[fullpathto]/pan-os-php/examples/example_plugin_rule_display_source_destination.php' in=api://MGMT-IP 'actions=example_plugin_source_destination' |
Beta Was this translation helpful? Give feedback.
You can always think about a PAN-OS XML configuration syntax:
address/address-group => addressStore->...
service/service-group => serviceStore->...
Security Rules ->securityRules->...
But if you think about how AddressObject can be used in a SecurityRule:
$rule->source
$rule->destination
These both of Class AddressContainer, contains references to all used AddressObjects.
Please see below an example.
You can always check the predefined UTIL script how it is done there,
where I like to mention that you should NOT reinvent the wheel and if available using existing Scripts.
pan-os-php type=rule actions=display 'filter=(src has ADROBJNAME)'pan-os-php type=rule actions=display 'filter…