test_security_policy_match limitation with pan version 8

Reply
Highlighted
L3 Networker

test_security_policy_match limitation with pan version 8

HI, @gfreeman and all ,

 

Just wanted to confirm , if we have limitation for test_security_policy_match cmd for Pan version 8 , getting error while pulling  security rule name ? Same cmd is working fine for me if i am running for firewall having version 9 .

 

I tried to pull output using fw.xapi.op as well but same result .

 

Thanks 


Accepted Solutions
Highlighted
L4 Transporter

Re: test_security_policy_match limitation with pan version 8

Please try updating your pandevice/base.py file as shown here and tell me if this fixes it:

 

https://github.com/PaloAltoNetworks/pandevice/commit/284710ac8633330fed1ef2d96180a2e955785e90

View solution in original post

Highlighted
L3 Networker

Re: test_security_policy_match limitation with pan version 8

HI @gfreeman 

 

I have tested it and working as excepted .

 

Thanks a lot for your help   

 

 

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: test_security_policy_match limitation with pan version 8

I believe this command was added to pandevice in the 8.x timeframe, so it should work.

 

What is the command you're running against both firewalls, and what is the error you're seeing when running against the 8.x firewall?

Highlighted
L3 Networker

Re: test_security_policy_match limitation with pan version 8

HI @gfreeman  ,

 

Please find error details below against fw version 8:

 

==============Policy detail==================
Traceback (most recent call last):
File "finaltestversion.py", line 67, in <module>
x = fw.test_security_policy_match(from_zone=srczone, to_zone=dstzone, source=srcip, destination=dstip, port=dstport, protocol=proto)
File "C:\U\site-packages\pandevice\base.py", line 4873, in test_security_policy_match
'name': elm.attrib['name'],
KeyError: 'name'

 

However again version 9 i am getting output as expected i.e policy name , index and action .

Highlighted
L3 Networker

Re: test_security_policy_match limitation with pan version 8

hi @gfreeman ,

 

just checking if you got a chance to check for error .

 

Thanks .

Highlighted
L4 Transporter

Re: test_security_policy_match limitation with pan version 8

Please try updating your pandevice/base.py file as shown here and tell me if this fixes it:

 

https://github.com/PaloAltoNetworks/pandevice/commit/284710ac8633330fed1ef2d96180a2e955785e90

View solution in original post

Highlighted
L3 Networker

Re: test_security_policy_match limitation with pan version 8

@gfreeman ,

 

Thanks ,  i will test this and update you.

 

 

Highlighted
L3 Networker

Re: test_security_policy_match limitation with pan version 8

HI @gfreeman 

 

I have tested it and working as excepted .

 

Thanks a lot for your help   

 

 

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!