v2.0.34

UTILS:

• UTIL API - introduce postman_collection
• UTIL type=device actions=display-shadowrule | improve JSON output
• UTIL develop - introduce create_template_mgmt_permittedips.php
• UTIL type=device | introduce actions==sp_spg-create-BP
• UTIL type=device | extend actions=actions=sp_spg-create-BP:true/false,SP-NAME - with SP-NAME defined only the OUTBOUND profile is created with the defined SP-NAME
• UTIL optimise test_filter script for QA

BUGFIX:

• UTIL API - bugfix related to JSON output
• UTIL type=rule | bugfix 'filter=(rule is.unused.fast)' if searching via API mode on Panorama
• class PanAPIConnector | bugfix to avoid using shadow-apikeynohidden for PAN-OS >=9 if Panorama is used as proxy
• UTIL type=rule 'filter=(src has OBJECTNAME)' - fix if object does not exist at same DG level or above - filter is now returning false
• UTIL type=tag | bugfix for 'filter=(reflocation is shared )'

GENERAL:

• introduce UTIL actions test script
• framework | bugfixes for different CLASSES related to UTIL test_filter / test_action found issues

v2.0.33

UTILS:

• UTIL type=address | introduce 'filter=(ip.count >,<,=! VALUE)' AND 'actions=move-range2network'
• UTIL bash-autocompletion | introduce argument "outputformatset="
• UTIL type=address | actions=exportToExcel:FILE.html - extend with ip.count value
• UTIL type=ALLMERGER | extend argument 'exportCSV' to 'exportCSV=FILE.html' which export the info into EXCEL / HTML format
• UTIL develop display-xpath-for-node-filter | add argument fullxpath - to display also for template info the full. output
• UTIL develop display-xpath-value | introduce argument displayattributename - to only display the attribute, not full content
• UTIL type=service | introduce actions=split-large-service-groups:MAXnumber
• UTIL type=[ALLMERGER] - duplicate code reduction - output improvements
• UTIL type=device | introduce new actions=DefaultSecurityRule-SecurityProfile-SetAlert/ DefaultSecurityRule-SecurityProfileGroup-Set:SECPROFGROUP
• UTIL API - move from develop into production

BUGFIX:

• class DeviceGroup / Template - remove $xmlroot as already defined in trait XmlConvertible
• UTIL ALLMERGER scripts | bugfix for argument exportCSV=FILE.html - to display all merged objects

v2.0.32

UTILS:

• UTIL type=rule | rework 'filter=(service port.counter)' is now 'filter=(service.port.count >,<,=,! COUNT)')
• UTIL type=rule | extend actions=exportToExcel with service Counter
• UTIL type=protocoll-number-download | introduction for future usage
• UTIL type=rule | actions=exportToExcel - introduce 'rulebase' column
• UTIL type=rule | 'filter=(schedule expire.in.days XYZ) renamed to 'filter=(schedule.expire.in.days >,<,=,! XYZ)'
• UTIL type=securityProfilegroup actions=exporttoexcel | introduce information about used location and counter
• UTIL UI - introduce additional arguments for playbook JSON file
• UTIL type=playbook | introduce argument location= handling
• UTIL type=rule | actions=exporttoexcel:file.html,ResolveServiceSummary | improvement for Service Counters

BUGFIX:

• UTIL type=rule | actions=exportToExcel - bugfix for service.count if application-default is set
• UTIL type=rule | 'filter=(service.port.count = PORTCOUNT)' - bugfix to change in code to '=='
• class IP4MAP | bugfix for all filters where IP calculation is used e.g. UTIL type=rule 'filter=(src is.partially.or.fully.included.in.list LIST)'
• class SecurityProfileGroupStrore | bugfix to search for available object name only in current Store
• UTIL type=address actions=move:XYZ,removeifmatch | bugfix if address-group has same nested address-group member, but this nested group has different members
• UTIL type=service actions=move:XYZ,removeifmatch | bugfix for nested servicegroups with different members
• class DeviceCloud/FawkesConf/PanoramaConfg - bugfix to calculate parentCentralStore
• class Devicecloud / FawkesConfig | bugfix to handle securityProfileStore correctly
• class SecurityProfileGroup | bugfix to get correct reference calculation
• UTIL type=device actions=display-shadowrule | bugfix for nat rules
• UTIL type=rule actions=exporttoExcel:FILE.html,ResolveScheduleSummary | bugfix to display all type of schedule
• class Rule.php methode zonecalculation - bugfix for NAT to
• UTIL type=service-merger - class ServiceGroup | bugfix to not delete ServiceGroup members during merge, if this member is available in same name and value at upperlevel

GENERAL:

v.2.0.31

UTILS:

• pan-os-php type=xml-issue | extend fix for custom-url-category
• UTIL type=application | introduce new 'filters=( decoder has XYZ )' / (decoder is.set)
• UTIL type=securityprofile securityprofiletype=custom-url-category | actions=exporttoexcel introduce display of member information
• UTIL BETA ssh_connector.php | extend with argument setcommand-maxline=20
• UTIL type=rule | introduce new 'filter=(service port.counter.greater.than 1000)' / service port.tcp.counter.greater.than 1000 / service port.udp.counter.greater.than
• UTIL type=service | introduce new actions=show-dstportmapping
• UTIL type=address | improvement for actions=showip4mapping to display unresolved objects

BUGFIX:

• UTIL type=diff | replace derr() with mwarning() - fix for argument outputformatset
• class SecurityProfilStore | bugfix to handle parentStore correctly
• UTIL type=securityprofile | bugfix missing array variable declaration
• UTIL type=rule | bugfix for 'filter=(service has.value.recursive PORT-RANGE)'
• UTIL type=rule 'filter=(service has.value.recursive PORT-RANGE)' | bugfix if searched PORT-RANGE is partial available, and if multiple port-range are available in service-group
• UTIL type=rule | bugfix for 'filter=(service has.value.recursive PORT-RANGE)' to match if two different nested groups has combined the filtered PORT-RANGE
• UTIL type=rule | class ServiceDstPortMapping - bugfix to for 'filter=(service port.counter.greater.than 10)'

GENERAL:

• framework all Object Classes | improve code for usage of single method parentCentralStore()

v2.0.30

UTILS:

• UTIL pan-os-php type=device | introduce actions=find-zone-from-IP:IPADDRESS (working on devicetype=virtualsystem / manageddevice)
• UTIL pan-os-php type=xml-to-json | improve for cycleconnectedfirewalls
• UTIL pan-os-php type=address/service | introduce actions=create-address/create-addressgroup - actions=create-service/create-servicegroup
• UTIL type=config-size | extend big XML nodes with information about how many objects are available
• UTIL pan-os-php | introduce type=config-commit - class CONFIG_COMMIT__.php , extend bash-autocompletion
• UTIL all object merger | improve output which object get delete if ancestor is found
• UTIL pan-os-php type=securityprofile | introduce 'actions=custom-url-category-add-ending-token' for securityProfileType=custom-url-category
• UTIL all script argument 'outputformatset' | improve display set commands
• UTIL develop | introduce new script - display-xpath-value - display-xpath-for-node-filter
• UTIL UI | per-default always set shadow-ignoreinvalidaddressobjects
• UTIL pan-os-php type=xml-issue | introduce new check if address/-group/service/-group/secRule/natRule objectname has double spaces in it
• UTIL type=xml-issue | introduce additional validation if service/-group is available with name 'application-default'
• UTIL pan-os-php type=service | actions=name-rename:$$timeout$$ - introduce VARIABLE $$timeout$$
• UTIL argument 'outputformatset' - correction of 'set commands' order print
• UTIL develop/ssh_connector.php | introduce argument 'setcommandfile=FILE' for quick validation check of create "set commands"
• UTIL type=securityprofile actions=custom-url-category-add-ending-token - improvement avoid adding token if '*' is already available at end of string
• UTIL type=device | improvments for JSON output
• UTIL argument outputformatset | improvement to move exceptions to separate method()
• class SecurityRule - optimisation of rewriteXML if no SecurityProfile/SecurityProfileGroup is set
• UTIL type=device | rename actions=securityprofile-create-only => actions=sp_spg-create-alert-only-bp
• UTIL type=device | introduce actions=defaultsecurityrule-action-set:[all|intrazone|interzone],[allow|deny]

BUGFIX:

• UTIL UI - still in BETA - bugfix to create correct JSON playbook file if location argument is used
• UTIL all MERGER | fix for location=any allowmergingwithupperlevel
• UTIL all MERGER | bugfix to calculate ancestor
• class InterfaceContainer | bugfix if xmlRoot === NULL
• class VirtualRouterContainer | bugfix if VSYS has no XMLnode available to import new Virtual-Router; xmlRoot === null
• UTIL type=xml-issue | bugfix for finding correct sec/natRule for double whitespaces in object name
• UTIL type=device - actions=logforwardingprofile-create-bp | bugfix FW can only have 'set shared log-settings'
• UTIL type=gratuitous-arp | bugfix to get feature working after the migration to classes
• UTIL argument 'outputformatset' | bugfix to include all XMLnode value information
• class IKEGateway | bugfix for reading XML if XMLnode is not available
• UTIL argument 'outputformatset' bugfix for attribute name
• UTIL argument "outputformatset" - bugfix to get all XMLnode without any child and no textContent
• UTIL argument 'outputformatset' another bugfix to define "set commands" correct
• class customURLProfile - bugfix to create correct "set commands" for version 91
• UTIL type=device - bugfix actions=DefaultSecurityRule-remove-override if no override is availalbe
• UTIL argument outputformatset | bugfix for zone-protection-profile - combine multiple set commands related to 'flood xyz red'
• UTIL type=device actions=defaultsecurityrule-securityprofile-remove:false | bugfix to remove secprof correctly in API mode

GENERAL:

• class PanAPIConnector | introduce method commitAll() and commitPartial( $user)
• framework | split README into multiple files to get better introduction
• framework | introduce new example - improve the example template
• framework | introduce bash script "create_all_docker_container.sh"

v2.0.29

UTILS:

• UTIL type=tag-merger | introduce help info for dupalgorithm=SameName
• UTIL all types | argument "outputformatset" status BETA - return all "set/delete commands" done by a PAN-OS-PHP UTIL script
• class UTIL | improve error handling for file not found if shadow-json is used
• UTIL type=securityprofilegroup | actions=securityProfile-Set - extend output if Profile is not found and skipped

BUGFIX:

• UTIL type=device | actions=securityprofile-create-alert-only - bugfix for PAN-OS 8.1 - including fix for ironskillet download
• class PanoramaConf | bugfix to handle initial PAN-OS panorama config files
• UTIL type=address / service actions=move:childDG | bugfix - correct nested object search and create XMLnode if not available

GENERAL:

• framework - update predefined to version 8519-7206
• update install scripts as for example ubuntu installation is only working correctly if root user is used
• framework - introduce update_pan-os-php.sh script

v2.0.28

UTILS:

• UTIL pan-os-php type=device | introduce PAN-OS API for actions=devicegroup-create / template-create
• UTIL pan-os-php type=device | introduce actions=template-delete
• UTIL development | introduce visibility_playbook.php
• UTIL pan-os-php type=device | move to iron-skilett usage for actions=securityprofile-create-alert-only / logforwardingprofile-create-bp / zoneprotectionprofile-create-bp
• UTIL ironskillet_update | disable SSL check
• UTIL pan-os-php | extend for type=playbook / ironskillet-update / maxmind-update / util_get-action-filter
• UTIL main entry pan-os-php script | start removing old single scripts maxmind / ironskillet / util_get-action-filter
• UTIL pan-os-php type=playbook | introduce PAN-OS API as argument in=api://
• UTIL system-log / traffic-log / software-remove / sendGARP - move to PHP classes
• UTIL pa_software-download / pa_software-preparation / pa_license move to PHP class - to make it useable for entry point pan-os-php type=
• UTIL API - improve error output for supported endpoints
• UTIL pan-os-php type=config-download-all | introduce type and move feature from development into php class
• UTIL UI update json_array.js to get actual info about script actions / filter
• UTIL get_action_filter | improve
• UTIL UI - extension for playbook JSON file reading and creation
• UTIL type=zone | introduce new 'filter=(zpp is.set) / (zpp is PROFILNAME)'
• UTIL type=address new 'actions=(description-replace-character:OLDone,NEWone )'
• UTIL UI update playground
• UTIL pan-os-php type=tag-merger | introduce dupalgorithm=samename
• UTIL pan-os-php type=device | actions=cleanuprule-create-bp:default - remove manipulation part on default SecurityRule
• UTIL pan-os-php type=device | introduce actions=DefaultSecurityRule-securityProfile-Remove / DefaultSecurityRule-logsetting-set / DefaultSecurityRule-logstart-disable / DefaultSecurityRule-logend-enable
• UTIL update actions / filter
• UTIL pan-os-php type=device | introduce actions=DefaultSecurityRule-create-BP

BUGFIX:

• UTIL pan-os-php type=device | bugfix actions=securityprofile-create-alert-only PAN-OS version <10 compare to >=10
• UTIL pan-os-php type=device | bugfix for actions=securityprofile-create-alert-only:true if no PAN-OS API method is used
• UTIL pan-os-php type=device | bugfix for all actions which are using IronSkillet snippets
• UTIL pan-os-php type=device | actions=zoneprotectionprofile-create-bp / logforwardingprofile-create-bp bugfix for PAN-OS API method
• UTIL pan-os-php type=device actions=securityprofile-create-alert-only | bugfix on offline config file to create profiles only once
• UTIL pan-os-php type=device actions=cleanuprule-create-bp | bugfix if same rulename is already available

v2.0.27

UTILS:

• pa_gratuitous-arp - extend for SNAT / improve if addressObject value has netmask, to send gARP to all IP Addresses
• all scripts - introduce new argument 'git=[BRANCHname]';
• ALIAS extension and correction
• pa_tag-edit | introduce new "actions=replace-with-object:TAGname" in combination with 'filter=(name eq OLDtagName)'
• UTIL develop - introduce interface_getIP
• UTIL all rule classes - improvements for PHP8.1
• UTIL | disable logging
• UTIL - PanAPIConnector | improve Exception handling
• UTIL pan-os-php type=device | introduce actions=logforwardingprofile-create-bp / zoneprotectionprofile-create-bp
• UTIL type=device | actions=securityprofile-create-alert-only extend with customerURLcategory
• UTIL pan-os-php type=device | introduce actions=template-create
• UTIL pan-os-php type=address-merger - improve merging value has /32 or only HOST IP address
• UTIL type=device | introduce actions=cleanuprule-create-bp
• UTIL type=device actions=cleanuprule-create-bp extend with PAN-OS API method
• UTIL introduce PAN-OS version for each script output
• UTIL pan-os-php type=device | introduce PAN-OS API. mode for actions=zoneprotectionprofile-create-bp / logforwardingprofile-create-bp
• UTIL pan-os-php type=device | actions=securityprofile-create-alert-only introduce PAN-OS API method for FWs
• UTIL pan-os-php type=device | introduce PAN-OS API call for Panorama for actions=cleanuprule-create-bp / logforwardingprofile-create-bp / securityprofile-create-alert-only
• UTIL pan-os-php type=device | introduce PAN-OS Panorama API call for actions=zoneprotectionprofile-create-bp

BUGFIX:

• update installer scripts / issues with git-php not available
• update dockerfiles to support git-php
• Dockerfiles - extend with git and set git global
• UTIL pa_address-edit actions=decommission | bugfix not possible to remove object from dynamic address-group
• UTIL | improve service any usage to 0-65535 from any / dynamic improvements from 1024-65535 to 1025-65535
• UTIL pan-os-php type=device | bugfix for actions=securityprofile-create-alert-only
• class Address/AddressGroup/Service/ServiceGroup/Tag | bugfix if e.g. merger script like to create objects in previous empty ObjectStore
• class customURLProfile | bugfix to create new customURLProfile for PAN-OS version >= 9.0

GENERAL:

• update Readme and Install file / bring in information for PAN-OS-PHP on Windows WSLv2 installation

v2.0.26

UTILS:

• UTIL pan-os-php type=$utiltype is the only supported UTIL script for the future, all other UTIL script are set to deprecated
• UTIL pan-os-php UI - move to local file usage
• UTIL all script - introduce new argument "shadow-nojson"
• UTIL UI - improvement to get filter correctly working for operators like ">,<,=,!"
• UTIL UI - starting on extended version
• UTIL UI - extend to delete additional actions/filter column
• UTIL develop - add multiple script in specific for downloading PAN-OS software
• UTIL develop | introduce API creation testing script for different objects
• UTIL develop | introduce reset-config and software-remove script
• UTIL develop | software-downloader.php improve exception support
• UTIL introduce new ALIAS: pa_license / pa_software-preparation / pa_software-downloader / pa_config-commit / pa_config-reset / pa_get_system-user-info / pa_software-remove / pa_system-log / pa_traffic-log

BUGFIX:

• UTIL pan-os-php API - bugfix in relation to shadow-json and previous code reduction
• UTIL pa_key-manager | bugfix to add host like license-apikey/bpa-apikey/ldap-password/maxmind-licensekey only once and delete previous available key
• UTIL class UTIL.php | bugfix for adding Audit-Comment
• UTIL pa_key-manager | bugfix to correctly add password/licensekey if used with add=ldap-password/maxmind-licensekey

GENERAL:

• Dockerfiles - extend to different PHP versions
• App-ID version: 8497-7093 update
• framework examples | update 'example-panapiconnector.php'

v2.0.25

UTILS:

• PAN-OS-PHP API - bugfix for PHP8.1
• all edit script with method PAN-OS API - introduce sending audit-comment information - default setting "PAN-OS-PHP $UTILtype $timedate"
• pa_rule-edit | 'actions=exportToExcel:FILE.html,ResolveAddressSummary|ResolveserviceSummary|ResolveApplicationsummary' - improve resolveservicesummary, if application-default is used in service and app-id has specified apps
• pa_zone-edit | introduce actions=name-rename:NewZoneNAME
• UTIL all script | introduce new argument "auditComment=XYZ" to bring in your custom auditComment
• UTIL all script - remove duplicate header / footer
• UTIL all script - optimise to always use single method entry from PAN-OS-PHP

BUGFIX:

• UTIL script download predefined PAN-OS content data - bugfix/workaround if PAN-OS API bring in double <return
• pa_tag-edit | actions=created:NewTag - bugfix to not error out on PAN-OS API - first check if NewTag is already availalble
• framework class App | bugfix as FawkesConf has no appstore at shared level / has no SHARED level
• UTIL pa_rule-edit | actions=display,ResolveServiceSummary bringing back consistent output for port and application-default app-id port
• class PanAPIConnector - bugfix if connection timeout

GENERAL:

• framework - content id update to version 8494-7079
• class PanAPIConnector - extend AuditComment usage to all kind of manipulation API request set/rename/delete/edit
• class PanAPIConnector | improve behaviour to request username / password if wrong APIKEY is stored in .panconfkeystore