- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-25-2019 02:20 AM
Hi all, I feel a bit stupid asking the question, but surely, others had the same problem as me.
I am trying to create multiple address objects, service objects and rules from a CSV file input.
People are recommending using “pandevice”, however reading the documentation, it kind of assumes that the user is fluent with python. I did a lot of reading, but I am failing at just the basics of how to setup the python environment and create a script. Is there a simple guide of how to do, if you don’t have any python knowledge?
02-04-2019 10:16 AM
Ok, so python has a csv
module. You use that to parse the csv file, then using pandevice to create the security policies. So let me give the pandevice code you'll be using once you've parsed the csv file itself. In this example, the variable configs
is a list
of the parsed values from the csv file, and each entry in configs is a python dict
, where the key is the security rule parameter name, and the value is the value for that security rule.
from pandevice.firewall import Firewall from pandevice.policies import Rulebase, SecurityRule # Connect to the firewall. fw = Firewall(hostname, username, password) # Security rules are children of a rulebase, so create the rulebase object and # add it to the firewall as a child object. rb = Rulebase() fw.add(rb) # Load up the "configs" value here. Each entry in "configs" is a python dict, but you could # also just make it a list, it's up to you. configs = [] # Now just iterate over each security rule and add it to the firewall. for con_dict in configs: rule = SecurityRule(**con_dict) rb.add(rule) rule.create() # Commit only after you're sure the above code works. #fw.commit(sync=True)
01-25-2019 04:16 PM
Hey, just trying to clarify: are you asking for help getting a basic pandevice script to work? Or are you asking for help setting up python itself in your environment?
01-27-2019 11:55 PM
Thank you for your response @gfreeman
I have some scripting understanding, but no Python knowledge and was looking for some simpler scripts which I can then modify. Reading the pandevice documentation makes sense, but I am a bit lost of how to actually practiclly use the modules. There are some examples in the pandevcie github page, but they seem to be a bit more complicated with some advanced functions and checks.
I am just looking for crating bulk configuration items taking variables from file input. For example, a few hundred secruity polices from excel/csv file paramters.
I guess then principally it will be the same for any other configuration item, e.g. address and service objects.
02-04-2019 01:44 AM - edited 02-04-2019 09:21 AM
Can anyone assist? Let me rephrase the question: can you please recomend a method of creating a large amount of security policy from csv input file?
02-04-2019 10:16 AM
Ok, so python has a csv
module. You use that to parse the csv file, then using pandevice to create the security policies. So let me give the pandevice code you'll be using once you've parsed the csv file itself. In this example, the variable configs
is a list
of the parsed values from the csv file, and each entry in configs is a python dict
, where the key is the security rule parameter name, and the value is the value for that security rule.
from pandevice.firewall import Firewall from pandevice.policies import Rulebase, SecurityRule # Connect to the firewall. fw = Firewall(hostname, username, password) # Security rules are children of a rulebase, so create the rulebase object and # add it to the firewall as a child object. rb = Rulebase() fw.add(rb) # Load up the "configs" value here. Each entry in "configs" is a python dict, but you could # also just make it a list, it's up to you. configs = [] # Now just iterate over each security rule and add it to the firewall. for con_dict in configs: rule = SecurityRule(**con_dict) rb.add(rule) rule.create() # Commit only after you're sure the above code works. #fw.commit(sync=True)
02-05-2019 11:51 PM
@gfreeman Thank you for your reponse. It gives me better understanding and a good place to start. I will spend some time working on that over the next week.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!