Use panxapi and place rule

L2 Linker

Use panxapi and place rule

I've successfully created a rule on my firewall using panxapi, but it puts the rule at the bottom.  How can I use panxapi to put a rule in a location other than the bottom (last) rule?

L4 Transporter

Re: Use panxapi and place rule

bart - XML API supports moving policy up and down. however panxapi doesn't support this. how important this is for you ?

thanks,
krishna

L2 Linker

Re: Use panxapi and place rule

Very.  For several reasons:

  1. I have been tasked with cleaning up our firewall policies and creating a naming convention for all objects, etc.  So all my rules and objects on my existing configuration across six firewalls are going obsolete.  I'd like to be able to create rules and import and place them into the configuration using panxapi.
  2. The GUI interface only allows moving up and down one at a time or moving to top or bottom.  The old 3.x GUI used to at least offer to move a rule either above or below a listed one.  In my opinion, that was nice - it is not now.
  3. I'm going to be importing rules over several weeks because we don't want to induce too much change at any one time, so I need a fast and flexible way to add rules - possibly even remove them or move existing ones around.
  4. As slow as the GUI is, having a command line option that can be scripted would ease administration changes immensely.

I've noticed that rules are ordered on the firewall as they are sequentially ordered in the XML.  I would propose adding an index number to each rule and order them in that manner.  A rule with a number, or index would be awesome!!

Is there any way this is possible?

L4 Transporter

Re: Use panxapi and place rule

bart - we are looking into expanding panxapi to support policy moving functionality. I will update you on monday.  could you please send me an email at ksomu@paloaltonetworks.com. I would like to talk to you

thanks,
krishna

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!