pan-os-python icon indicating copy to clipboard operation
pan-os-python copied to clipboard
verified publisher icon PaloAltoNetworks

network interfaces unavailable when firewall config queried via panorama proxy

Open fettigcj opened this issue 5 years ago • 1 comments

Describe the bug

network.EthernetInterface.refreshall(FIREWALL) does not enumerate & add network interface configuration if the connection is proxied through panorama

e.g.

fw = pandevice.firewall.Firewall(panAddress,panUser,panPass)
network.EthernetInterface.refreshall(fw)

works, but

pano = pandevice.panorama.Panorama(panAddress, panUser, panPass)
fw = pano.find(fwSerial)
network.EthernetInterface.refreshall(fw)

doesn't.

Expected behavior

Config query should return the list of ethernet interfaces and add them as children to the firewall object whether the query is sent to the firewall directly or proxied to the firewall via panorama

Current behavior

interface child objects are only added if the query is submitted directly to the firewall. Proxied API returns an empty / null set.

Steps to reproduce

  1. Add a firewall to panorama, configure its interfaces via template
  2. Attempt to poll the firewall's config via panorama as detailed above

fettigcj avatar Feb 21 '20 05:02 fettigcj

Stumbled upon this issue and just wanted to share how I access ethernet interfaces proxied through Panorama.

>>> from panos.panorama import Panorama
>>> from panos.firewall import Firewall
>>> import panos.network as network
>>> 
>>> pano = Panorama(hostname="panAddress", api_username="panUser", api_password="panPass")
>>> devices = pano.refresh_devices(expand_vsys=False, include_device_groups=False)
>>> 
>>> for device in devices:
...     fw = Firewall(serial=device.serial)
...     pano.add(fw)
... 
<Firewall 'xxx' None at 0x1073a4e80>
<Firewall 'yyy' None at 0x107623340>
>>> for fw in pano.children:
...     network.EthernetInterface.refreshall(fw, add=True)
... 
[<EthernetInterface ethernet1/1 0x107626760>, <EthernetInterface ethernet1/2 0x1076460d0>, <EthernetInterface ethernet1/3 0x1076544f0>, <EthernetInterface ethernet1/5 0x10765adc0>, <EthernetInterface ethernet1/6 0x107663df0>, <EthernetInterface ethernet1/4 0x10766aac0>]
[<EthernetInterface ethernet1/1 0x107474550>, <EthernetInterface ethernet1/2 0x107474580>, <EthernetInterface ethernet1/3 0x107687be0>, <EthernetInterface ethernet1/5 0x107690fa0>, <EthernetInterface ethernet1/6 0x10760e0a0>, <EthernetInterface ethernet1/4 0x1076a0d30>]
>>> 
>>> type(pano.children[0].children[0])
<class 'panos.network.EthernetInterface'>

msafdal avatar Apr 16 '21 14:04 msafdal