Open nexusops opened 2 years ago
swaschkut
commented
2 years ago first part available here:
docker run -v ${PWD}:/share -it swaschkut/pan-os-php:develop --pull always
with this command: pan-os-php type=securityprofilegroup actions=exporttoexcel:file.html location=any in=input.xml
swaschkut
commented
2 years ago the counters regarding SecurityRules and how many of them have:
I am planning to extend this: pan-os-php type=stats in=config.xml location=any
for this output
how helpful this would be?
nexusops
commented
2 years ago given the amount of information available in the stats type, I think it's a good fit. And it would add to the 360 bird's eye view of the entire configuration and its scale.
Is your feature request related to a problem?
I am looking for a possibility to create a breakdown of how many rules reference each specific Security Profile Group (SPG) and how many rules are referencing Security Profiles directly without using an SPG.
Describe the solution you'd like
The script should be able to identify all SPGs inside Shared and then create a list of how many rules per each Device Group reference said SPG. Then it needs to go through SPGs inside each Device Group and list the number of rules referencing those. Lastly, it should be able to identify the number of rules which use Security Profiles instead of an SPG. If it's possible to create a breakdown for each Security Profile and how many times it's used directly inside a rule, that would be an added bonus. But at least being able to identify the number of rules with Sec Profiles instead of an SPG, should be enough for reporting purposes.
Describe alternatives you've considered
The breakdown is currently possible using Excel Pivot Tables and Global Search in PAN-OS. The problem is that the Global Search has to be done per SPG.
Additional context
Here is an example of the SPG breakdown across all Device Groups
Here is an example of the Shared SPG breakdown showing per-DG use