pan-os-python icon indicating copy to clipboard operation
pan-os-python copied to clipboard

Published 20 hours ago verified publisher icon PaloAltoNetworks

Panorama set_ha_peers() method not working

Open vsurresh opened this issue 2 years ago • 0 comments

Describe the bug

https://pan-os-python.readthedocs.io/en/latest/howto.html > High Availability Pairs As per this guide, I can use the set_ha_peers() method directly on the Firewalls and push the configs to the currently active device. However, if I use it with Pannorama, it doesn't work.

Expected behavior

My understanding is that the method could also work with Panorama.

Current behavior

Just using this code as an example, I'm getting the below error (Same issue on Python 3.9 or 3.11)

from panos.policies import PreRulebase, SecurityRule

panorama_object = Panorama('panorama-1', 'username', 'password' )
panorama_object.set_ha_peers(Panorama('panorama-2', 'username', 'password'))
panorama_object.refresh_ha_active()

dg_object = DeviceGroup("office")
panorama_object.add(dg_object)

rules_object = dg_object.add(PreRulebase())
new_rule_object = SecurityRule(
    name='Allow DNS',
    fromzone=['any'],
    tozone=['any'],
    source=['any'],
    destination=['8.8.8.8'],
    application=['dns'],
    service=['application-default'],
    action='allow'
)

rules_object.add(new_rule_object)
new_rule_object.create()

Traceback (most recent call last):
  File "/Users/suresh/Documents/panos-python-training/panorama_rules.py", line 30, in <module>
    new_rule_object.create()
  File "/Users/suresh/Library/Python/3.9/lib/python/site-packages/panos/base.py", line 652, in create
    device.active().xapi.set(
  File "/Users/suresh/Library/Python/3.9/lib/python/site-packages/panos/base.py", line 3859, in method
    result = getattr(ha_peer.xapi, super_method_name)(*args, **kwargs)
  File "/Users/suresh/Library/Python/3.9/lib/python/site-packages/panos/base.py", line 3859, in method
    result = getattr(ha_peer.xapi, super_method_name)(*args, **kwargs)
  File "/Users/suresh/Library/Python/3.9/lib/python/site-packages/panos/base.py", line 3859, in method
    result = getattr(ha_peer.xapi, super_method_name)(*args, **kwargs)
  [Previous line repeated 994 more times]
  File "/Users/suresh/Library/Python/3.9/lib/python/site-packages/panos/base.py", line 3805, in method
    if super_method_name not in ("keygen", "op", "ad_hoc", "export")
RecursionError: maximum recursion depth exceeded in comparison

Possible solution

Can we use the same method with Panorama too? I can still call the methods such as active() or passive() after running refresh_ha_active() method. For example, panorama_object.active() will return the current active Panorama.

Steps to reproduce

I explained the issue here in detail with the sample code block - https://live.paloaltonetworks.com/t5/general-topics/pan-os-python-panorama-set-ha-peers-method-not-working/td-p/563900

Context

We have active/passive Panorama so, it would be good to get this working so, the configs are pushed to the current active device automatically.

Your Environment

  • Version used: Panorama 10.2.6
  • Environment name and version - Python 3.9 / 3.11
  • Operating System and version (desktop or mobile): MacOS M1 Sonoma
  • Link to your project:

vsurresh avatar Nov 06 '23 14:11 vsurresh