FR-02-may-2023-2 Add columns into ExportToExcel action for Destination NAT type, Destination NAT Port, and Session Distribution Method

PaloAltoNetworks / pan-os-php

Framework and utilities to easily manage and edit Palo Alto Network PANOS devices

ISC License

72 stars 15 forks source link

FR-02-may-2023-2 Add columns into ExportToExcel action for Destination NAT type, Destination NAT Port, and Session Distribution Method #746

Closed nexusops closed 1 year ago

nexusops commented 1 year ago

Is your feature request related to a problem?

ExportToExcel action currently doesn't export the following destination NAT related fields: 1) Translation type 2) Translated port 3) Session Distribution Method

Describe the solution you'd like

Include the above mentioned fields in the export

Additional context

nexusops commented 1 year ago

Here are snippets of config which contain the relevant DNAT options

Dynamic DNAT with Round Robin - Notice that the Round Robin option doesn't appear in the config. This is because it's the default option

            <entry name="DNAT-1" uuid="19e9e68f-cbd2-474f-9e63-16494f909e48">
              <dynamic-destination-translation>
                <translated-address>8.8.8.8</translated-address>
                <translated-port>8181</translated-port>
              </dynamic-destination-translation>
              <to>
                <member>LAB-70-LAN</member>
              </to>
              <from>
                <member>any</member>
              </from>
              <source>
                <member>any</member>
              </source>
              <destination>
                <member>any</member>
              </destination>
              <service>any</service>
            </entry>

nexusops commented 1 year ago

Dynamic DNAT with source-ip-hash option

            <entry name="DNAT-2" uuid="4af75cc1-c3d0-4b2f-ac0b-9fdce3eaf993">
              <dynamic-destination-translation>
                <translated-address>8.8.8.8</translated-address>
                <translated-port>8181</translated-port>
                <distribution>source-ip-hash</distribution>
              </dynamic-destination-translation>
              <to>
                <member>LAB-70-LAN</member>
              </to>
              <from>
                <member>any</member>
              </from>
              <source>
                <member>any</member>
              </source>
              <destination>
                <member>any</member>
              </destination>
              <service>any</service>
            </entry>

nexusops commented 1 year ago

Please note that when a distribution method is changed from "non-Round Robin" option (such as source-ip-hash above), then the Round Robin option is explicitly mentioned in the config. Like so

        <entry name="DNAT-2" uuid="4af75cc1-c3d0-4b2f-ac0b-9fdce3eaf993">
          <dynamic-destination-translation>
            <translated-address>8.8.8.8</translated-address>
            <translated-port>8181</translated-port>
            <distribution>round-robin</distribution>
          </dynamic-destination-translation>
          <to>
            <member>LAB-70-LAN</member>
          </to>
          <from>
            <member>any</member>
          </from>
          <source>
            <member>any</member>
          </source>
          <destination>
            <member>any</member>
          </destination>
          <service>any</service>
        </entry>

swaschkut commented 1 year ago

validation of PAN-OS-PHP develop container / branch for this FR needed, as mentioned via different communication

swaschkut commented 1 year ago

introduce with #747