This Nominated Discussion Article is based on the post "What do you people's think of this script?" by @hfakoor2
I wrote a Python script that returns the differences in policies across firwealls. Here's the github description:
Firewall policies contain object groups, hundreds of ip addresses and ACL's, services, address objects etc. This script compares a set of firewall policies with the same name, across many firewalls, and return differences in services, source/destination, address objects, ACL's etc, to a Python dictionary. We use a XML path api call to obtain the configuration files, so no need for token authentication. The script also returns object groups that exist in one firewall and not the other. So if your firewalls have similar named policies with dozens of rules, this script can save time in validating the policies by hand.
There's video of the code running against 10.0.4 vm_eval editions.
the code is under folder compare_Object_ACL's
Please let me know what you think, and where I can improve on.
Also like or follow my github page for more scripts
That is a very nice script!
If someone were going to use your script in production, then I would store the username and password (or API keys) in local environment variables and not the script. That is not required, but definitely a best practice especially if they use Git or another development platform where the code is shared. Your scripts have the default usernames and passwords. So, no sensitive information is exposed in your example.