11-01-2022 06:15 AM
Hi Market,
you can use PANOS Python Module to do this task. It can be an alternative way. After i knew this module, i didn´t spend time trying use the Rest-API. However, there are some configuration that are more efficient through Rest-API. Anyway, hope that the following suggestions work for you:
#Import Modules
from panos import base
from panos import firewall
from panos import panorama
from panos import policies
from panos import objects
from panos import network
from panos import device
#Credentials
username = 'admin'
password = 'admin'
device_name = 'panoramalab.mylab.com'
#You need to instanciate a panorama login object:
pano = panorama.Panorama(device_name, username, password)
#You can use the bellow script to pull all Templates:
templates_pan = panorama.Template.refreshall(pano)
#You can use the bellow script to pull all DeviceGroups from Panorama:
device_grp_pan = panorama.DeviceGroup.refreshall(pano)
#Optional step: You will receive a list with Templates or Devicegroup python objects:
print(templates_pan)
print(device_grp_pan)
#Optional step:
#Since that the objects are an iterable object, you can do a 'for' through each object in the list:
for template in templates_pan:
'''You can use the "about" method to verify some Template parameters'''
print(template.about())
#Optional step:
#Since that the objects are an iterable object, you can do a 'for' through each object in the list:
for dg in device_grp_pan:
'''You can use the "about" method to verify some Device-Group parameters'''
print(dg.about())
#Optional step:
print(template_definition.about())
print(dg_definition.about())
#Since that we want to get Shared address, we have two options to get address from Shared DG:
#Method 1:
addresses = objects.AddressObject.refreshall(pano)
#And you can verify the addresses as below:
for addr in addresses:
print(addr.about())
#Method 2:
#Define the device group 'Shared'
source_dg = panorama.DeviceGroup('Shared')
pano.add(source_dg)
#Define the Destination Device-Group:
destination_df = panorama.DeviceGroup('Asimov_DG')
pano.add(destination_dg)
#Get address objects from Shared:
addresses = objects.AddressObject.refreshall(pano)
for addr in addresses:
print(addr.about())
#So since that you have the address from Shared DG, you can remove from the Shared DG:
#First, ensure that the object is not being used by any other device-group or address-group
#Or You will receive a similar error as below:
'''PanDeviceXapiError: 20.20.20.1 cannot be deleted because of references from:
shared -> address-group -> test -> static
shared -> address-group -> Test-1 -> static
'''
for addr in addresses:
delete_srv = objects.AddressObject(**addr.about())
pano.add(delete_srv)
#Use method "delete" to delete address
#You´re not commiting anything, if required you can do a rollback in the own panorama
delete_srv.delete()
print(f'[-] Object below removed from DG: {source_dg.name}')
print(addr.about())
print('*'*60)
#To apply the addresses in the destination DG, you can do this through another FOR:
for addr in addresses:
apply_in_dg = objects.AddressObject(**addr.about())
destination_dg.add(apply_in_dg)
apply_in_dg.create()
print(f'The following address is deployed in the Device-Group: {destination_dg.name}')
print(addr.about())
#OR, you can do delete from Shared and include in the Dedicated DG at once:
for addr in addresses:
address_object = objects.AddressObject(**addr.about())
pano.add(address_object)
#Use method "delete" to delete address
#You´re not commiting anything, if required you can do a rollback in the own panorama
address_object.delete()
print(f'[-] Object below removed from DG: {source_dg.name}')
print(addr.about())
print('*'*60)
destination_dg.add(address_object)
address_object.create()
print(f'The following address is deployed in the Device-Group: {destination_dg.name}')
print(addr.about())
