pan-os-python icon indicating copy to clipboard operation
pan-os-python copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Add support for Security Profiles

Open nikolay-matveev-kkr opened this issue 3 years ago • 4 comments

Is your feature request related to a problem?

I am unable to create a complete firewall security policy solely via pan-os-python because it is missing support for Security Profiles. The SDK supports Profile Groups but this is not enough to build a comprehensive policy with the SDK.

Describe the solution you'd like

I would like to have the ability to create, modify, and delete all types of Security Profiles:

  • Vulnerability
  • Antivirus
  • Anti-spyware
  • URL-filtering
  • File blocking
  • Data filtering
  • Wildfire

There should be individual classes for all these types of profiles under panos.objects

Describe alternatives you've considered

The current alternatives are to pre-create the required objects manually (which ruins the whole idea of having and managing policy-as-a-code), or to use XML API "patches" (which ruins the elegance of object-oriented programming with the SDK).

Additional context

We are building a next-gen risk-based web-filtering policy for our firm. It leverages a lot of PAN-OS/pan-os-python features (amongst others) such as Security and Decryption rules, Application Groups and Filters, Custom URL categories, Tags, EDLs and Profile Groups. The latter one operates with some 15 different individual Security Profiles.

The policy is being designed to be portable so that we were able to deploy it to different device groups and different Panorama instances as well as standalone firewalls. Thus, a need for the manual creation of any policy elements (such as Security Profiles) becomes a significant shortcoming of the solution.

nikolay-matveev-kkr avatar Oct 21 '22 11:10 nikolay-matveev-kkr

:tada: Thanks for opening your first issue here! Welcome to the community!

welcome-to-palo-alto-networks[bot] avatar Oct 21 '22 11:10 welcome-to-palo-alto-networks[bot]

Thanks for this enhancement request @nikolay-matveev-kkr - Hoping someone from Palo Alto can pick this up and help out with it.

ibenrodriguez avatar Oct 25 '22 16:10 ibenrodriguez

We also need support for security profiles, and it would be great if someone from the team confirms if there is a plan to add the functionality any time soon and if not, we can start developing it ourselves

BatD2 avatar Oct 27 '22 07:10 BatD2

I am also looking forward to this feature. I inherited some firewalls with a few URL Security Profiles with many nested Custom URL objects. I would like to use this SDK to simplify, consolidate and make it easier to manage Security Profiles.

laserspeed5 avatar Mar 01 '23 23:03 laserspeed5