04-05-2019 11:38 AM - edited 09-23-2019 07:45 AM
Hi all,
I'm using PaloAlto's API for the first time.
My idea is the following:
- for each rule, I would like to apply a security profile based on the service setted.
Reading some docs online i wrote this pseudocode.
HOSTNAME = '192.168.55.10' API_KEY = 'My_Api_Key' fw = pandevice.firewall.Firewall(hostname=HOSTNAME, api_key=API_KEY) rulebase = pandevice.policies.Rulebase() fw.add(rulebase) rules = pandevice.policies.SecurityRule.refreshall(rulebase) for rule in rules: if (rule.service is ugual to any): //set security_profile (like av,URL Filtering Profiles,Vulnerability Protection Profiles,etc...) rule.apply() fw.commit(sync=True)
Do you have any ideas ? Could you help me?
Thanks in advice!
04-07-2019 01:38 AM - edited 09-23-2019 07:44 AM
Yes i know that my script as written will not work.
I worte a pseudocode. I don't know what is the method that allows me to set the security profile. I didn't find it in the documentation.
Could you tell me what is the method?
Thanks in advice.
05-11-2020 02:21 AM
Hi Changò,
use this:
for rule in rules: rule.virus = "my-antivirus-profile"
Regards
04-05-2019 12:45 PM
My advice would be to really learn the api before you even attempt to do something that actually makes changes to your policy. Spend some time messing around and reading the docs before you attempt to modify your rulebase, and when you start modifing the rulebase focus on modifying a set rule instead of attempting such a brod modfication as your first script.
04-05-2019 01:06 PM - edited 04-06-2019 03:13 AM
Hi BPri, thanks for the answer.
Yes sure, i know. I will try it in a test environment.
If possible I'd like to have some advice aboute the code.
04-06-2019 06:47 PM
I don't give any support for code unless I've directly supplied it to address a users issues; this is a long-standing policy I've had in this forum to avoid any potential issues due to untested code.
The only thing I'll mention is that your script as written will 100% not work as expected, as I'm sure you are already fully aware. For starters, where you have "if (service is equal to any):" you'll simply get a error since you've never defined 'service'. To get the service of the rule you would need to do something like the following:
for rule in rules:
if (rule.service is equal to any):That any statement also won't work due to how the value actually returns.
04-07-2019 01:38 AM - edited 09-23-2019 07:44 AM
Yes i know that my script as written will not work.
I worte a pseudocode. I don't know what is the method that allows me to set the security profile. I didn't find it in the documentation.
Could you tell me what is the method?
Thanks in advice.
09-23-2019 07:43 AM
Hi Changò,
use this:
for rule in rules: rule.virus = "my-antivirus-profile"
05-11-2020 02:21 AM
Hi Changò,
use this:
for rule in rules: rule.virus = "my-antivirus-profile"
Regards
08-18-2020 04:18 AM
What are the values that we need to set for the spyware,virus,vulnerability arguments in SecurityRule ?
I found that the values going to be default, strict,allow,drop...etc like that by referring the below link
https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/policy/security-profiles
But also in some examples they said like this
rule.virus = "my-antivirus-profile"
Which one is right ? Either we have to specify the profile of our own and give it as values or default,strict ...those acts as values ? please help me on this
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
