09-08-2022 08:42 AM
Hi Czinu,
is possible to get routing tables using Python SDK and through API url. I prefer to use Python SDK. Follow bellow a sugestion:
1- Define authentication parameters:
from panos import network
from panos import policies
from panos import firewall
from panos import objects
api_user = 'admin'
api_password = 'admin'
device = 'fw.abc.com'
fw = firewall.Firewall(device, api_user, api_password)2- So now, you can get the vrouters names:
vrouters_list = network.VirtualRouter.refreshall(fw)
for vrouter in vrouters_list:
print(vrouter)#the output of commands above will be the name of vrouters created in your firewall.
If you want to know more details about each vrouter:
for vrouter in vrouters_list:
print(vrouter.about())#the output of commands above will be the name of vrouters created in your firewall plus interfaces, virtual router
parameters. Below an example:
output: {'interface': ['ae1.30', 'tunnel.10', 'tunnel.11', 'ae1.20'],
'ad_static': None,
'ad_static_ipv6': None,
'ad_ospf_int': None,
'ad_ospf_ext': None,
'ad_ospfv3_int': None,
'ad_ospfv3_ext': None,
'ad_ibgp': None,
'ad_ebgp': None,
'ad_rip': None,
'name': 'default'}4- To verify the static routes applied in a specific routing table:
vrouter = network.VirtualRouter(name='default')
fw.add(vrouter)
static_routes = network.StaticRoute.refreshall(vrouter)
for route in static_routes:
print(route.about())
#the output of commands above will be the details about each static route in the vrouter:
output: #{'destination': '10.11.77.11/32',
'nexthop_type': None,
'nexthop': None,
'interface': 'tunnel.22',
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.11.77.11_32'}
{'destination': '10.20.20.0/27',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.20.20.0_27'}
{'destination': '10.30.30.30/24',
'nexthop_type': 'ip-address',
'nexthop': '10.10.10.1',
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': '10.30.30.0_24'}
5 - To deploy a static route in a routing table, you can follow the following procedure:
5.a - First, create a dictionary with required parameters:
test_python_route = {'destination': '8.8.8.8/32',
'nexthop_type': None,
'nexthop': None,
'interface': None,
'admin_dist': 10,
'metric': 10,
'enable_path_monitor': False,
'failure_condition': 'any',
'preemptive_hold_time': 2,
'name': 'PYTHON_TESTE_GOOGLE_DNS'
}
#**If you don´t fill all the key values, the default value is assumed.
5.b - Second, you need to get the virtual routers configuration from the firewall:
network.VirtualRouter.refreshall(fw)5.c - So, you can "search" and/or "find" the virtual-router that will receive the new static route:
vrouter = fw.find('default', network.VirtualRouter)
5.d - So now, you can "build" the configuration and associate the "route dictionary":
deploy_route = network.StaticRoute(**test_python_route)
5.e - Bind the config to vrouter python instance:
vrouter.add(deploy_route)
5.f - create the route:
deploy_route.create()
5.g - My sugestion is, not commit from the script. But if required, you can commit from the script:
fw.commit()
#to confirm the commit process ocurring in the firewall go to GUI interface and verify in Task the commit status.
Hope that this be useful, and i my suggestion is verify how panos module really works in the official documentation.
I´m a beginer yet, but i already learned a lot. 🙂
