[PAN-OS] Add Ipv4/IPv6 sinkhole arguments #27622
Conversation
samuelFain
changed the title
| @@ -7275,6 +7277,7 @@ def apply_dns_signature_policy_command(args: dict) -> CommandResults: | |||
| f'<entry name="{edl}"><packet-capture>{packet_capture}</packet-capture>' | |||
| f'<action><{action}/></action></entry>' | |||
| f'</lists>' | |||
| f'<sinkhole><ipv4-address>{ipv4_address}</ipv4-address><ipv6-address>{ipv6_adderss}</ipv6-address></sinkhole>' | |||
There was a problem hiding this comment.
@samuelFain don't you need this only in case the action is sinkhole? and not in every case?
There was a problem hiding this comment.
Using the PAN-OS debugger, it seems that the default IPv4/IPv6 sinkhole values are sent even when a different action is used, not just sinkhole.
My guess is that these values are always sent by default, but only used when action=sinkhole.
It does not seem to interfere with any working pan-os-apply-dns-signature-policy command variations.
There was a problem hiding this comment.
Do we have a TPB to make sure that all other commands pass successfully with the additional parameters' default values?
There was a problem hiding this comment.
@ShacharKidor
There is a TPB that executing this command, but it is not among the TPBs that run during the build. I ran it separately and it passed successfully.
Also, it's important to note that these default values are sent with every command use-case, and they do not impact any other use-case of this command except when action=sinkhole is used. We have already tested this specific case to ensure its functionality.
Packs/PAN-OS/ReleaseNotes/1_17_12.md
Outdated
|
|
||
| ##### Palo Alto Networks PAN-OS | ||
|
|
||
| - Fixed an issue where ***pan-os-apply-dns-signature-policy*** command failed when used the sinkhole action due to lack of default IPv4/Ipv6 sinkhole IP addresses. |
There was a problem hiding this comment.
| - Fixed an issue where ***pan-os-apply-dns-signature-policy*** command failed when used the sinkhole action due to lack of default IPv4/Ipv6 sinkhole IP addresses. | |
| - Fixed an issue where the ***pan-os-apply-dns-signature-policy*** command failed when using the sinkhole action due to lack of default IPv4/Ipv6 sinkhole IP addresses. |
There was a problem hiding this comment.
Implemented suggestion.
| @@ -7275,6 +7277,7 @@ def apply_dns_signature_policy_command(args: dict) -> CommandResults: | |||
| f'<entry name="{edl}"><packet-capture>{packet_capture}</packet-capture>' | |||
| f'<action><{action}/></action></entry>' | |||
| f'</lists>' | |||
| f'<sinkhole><ipv4-address>{ipv4_address}</ipv4-address><ipv6-address>{ipv6_adderss}</ipv6-address></sinkhole>' | |||
There was a problem hiding this comment.
Do we have a TPB to make sure that all other commands pass successfully with the additional parameters' default values?
samuelFain
deleted the
bugfix/CIAC-7081/pan-os-apply-dns-signature-policy
branch
* Add Ipv4/IPv6 arguments * Update ipv4/ipv6 yml description * Update release notes * Add IPv4/IPv6 to panorama_apply_dns_command UT * Implemented RN suggestion; Fix linting issue
* Add Ipv4/IPv6 arguments * Update ipv4/ipv6 yml description * Update release notes * Add IPv4/IPv6 to panorama_apply_dns_command UT * Implemented RN suggestion; Fix linting issue
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: CIAC-7081
Description
PAN-OS's
pan-os-apply-dns-signature-policycommand returns error whensinkholeaction is used, but not currently set for a given policy.This PR adds the missing default IPv4/IPv6 sinkhole to http request parameters, and the option to set non-default IPv4/IPv6 sinkhole addresses with matching command arguments.
Screenshots
Paste here any images that will help the reviewer
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have