pan-os-python Panorama set_ha_peers() method not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

pan-os-python Panorama set_ha_peers() method not working

L1 Bithead

The document I'm referring to - https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs

 

I've been working with the pan-os-python SDK, specifically with a Panorama High Availability (HA) pair. I'm following the documentation that guides on using specific methods with 'firewall pairs'. The primary advantage, as described in the documentation, is that these methods handle sending configurations to the currently 'active' device, eliminating the need for manual specification.

However, I've encountered a problem when trying to use these methods with my 'Panorama HA pair'. Here's the error I'm getting.

 

    if super_method_name not in ("keygen", "op", "ad_hoc", "export")
RecursionError: maximum recursion depth exceeded in comparison

 

 

I'd like to note a couple of things:

  • I can successfully configure each Panorama device directly without resorting to the HA pair methods. For instance, if I set panorama-1 as active, I'm able to push configurations to it. The same goes for panorama-2.
  • This behaviour confirms that there are no access or permission issues between my environment and the Panorama devices.
  • Also confirms the code is working without using the ha_pair method
  • If I target Firewalls then it does work

Considering the above, has anyone experienced a similar issue or could provide some insights into what might be causing this? Any help or pointers would be much appreciated! Here is the code

 

 

from panos.panorama import Panorama, DeviceGroup
from panos.policies import PreRulebase, SecurityRule

panorama_object = Panorama('panorama-1', 'username', 'password' )
panorama_object.set_ha_peers(Panorama('panorama-2', 'username', 'password'))
panorama_object.refresh_ha_active()

dg_object = DeviceGroup("office")
panorama_object.add(dg_object)

rules_object = dg_object.add(PreRulebase())
new_rule_object = SecurityRule(
    name='Allow DNS',
    fromzone=['any'],
    tozone=['any'],
    source=['any'],
    destination=['8.8.8.8'],
    application=['dns'],
    service=['application-default'],
    action='allow'
)

rules_object.add(new_rule_object)
new_rule_object.create()

 

1 REPLY 1

Community Team Member

Hi @vsurresh ,

 

I've reached out internally to assist you with this. Thanks for your patience!

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 928 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!