Closed 2ps closed 2 years ago
:tada: Thanks for opening your first issue here! Welcome to the community!
PAN-OS 10.1.5-h1 pan-os-python 1.7.1
Expected: source-hip or destination-hip
Observed: hip-profiles
Msg: hip-profiles unexpected here
This is fixed in 1.7.2
Patch in SDK 1.7.2 fixes the issue for PAN-OS 10.1.5+ Same issue is also affecting PAN-OS 10.0.9, can you please also apply same patch to that release ?
Hi, the above issue was also observed on 11.0.2. how can we go ahead for resolution?
Patch in SDK 1.7.2 fixes the issue for PAN-OS 10.1.5+ Same issue is also affecting PAN-OS 10.0.9, can you please also apply same patch to that release ?
How can I do a patch in SDK 1.7.2? do I have to replace the SDK version?
Describe the bug
When using ansible or the panos python sdk to create security rules, the panos python sdk will add a default element of
hip-profiles
with the value ofAny
into the request xml. Such requests will fail on 10.1.5 and 10.2.x because support for thehip-profiles
element in security policies has been removed. This breaks all ansible playbooks that manage security policies on newer versions of panos. Yuck!Expected behavior
Security policies creation or updates should succeed without failure.
Current behavior
security policy creation and commits fail because of extraneous
hip-profiles
elements in the request xml.Possible solution
Modify versioning so that on version 10.1.5 and 10.2.x,
hip-profiles
elements are not submitted.Steps to reproduce
Your Environment
AWS vm-series firewall running PanOS 10.1.5 (we were afraid to upgrade to 10.2.0 because of the whole "you might lose your ip addresses from time-to-time" issue.