Implement the "exclude" parameter in the panos.objects.ApplicationFilter class

[nikolay-matveev-kkr]

Is your feature request related to a problem?

When creating Application Filters objects with "panos.objects.ApplicationFilter" class it's currently impossible to exclude individual applications from the filter. At the same time XML API does have support for this feature (see the path "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='<device_group_name>']/application-filter/entry[@name='<application_filter_name>']/exclude" on Panorama).

The feature is handy when there is a need to exclude an application from a filter which is otherwise impossible to do by just modifying filter selection criteria.

Describe the solution you'd like

Implement the "exclude" parameter that would take a list of application names that need to be excluded from the filter being created.

Describe alternatives you've considered

The only alternative I can think of is to modify the created filter with a direct XML API call.

Additional context

Say, you create a filter for the subcategory "internet-utility", you may want to allow pretty much all of apps in there but you want to exclude "web-browsing" because you'd normally want to treat it differently. Or, say, you want to block all apps from the "encrypted-tunnel" subcategory with an application filter, and yet you want to make an exception for "ssh" and "SSL" further below in the security policy - after the App Filter-based deny rule. The class in the SDK does not make this possible, unfortunately.