search

PaloAltoNetworks / pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
https://pan-os-python.readthedocs.io
ISC License
340 stars 168 forks source link

Add support for Security Profiles #480

Open nikolay-matveev-kkr opened 1 year ago

nikolay-matveev-kkr commented 1 year ago

Is your feature request related to a problem?

I am unable to create a complete firewall security policy solely via pan-os-python because it is missing support for Security Profiles. The SDK supports Profile Groups but this is not enough to build a comprehensive policy with the SDK.

Describe the solution you'd like

I would like to have the ability to create, modify, and delete all types of Security Profiles:

There should be individual classes for all these types of profiles under panos.objects

Describe alternatives you've considered

The current alternatives are to pre-create the required objects manually (which ruins the whole idea of having and managing policy-as-a-code), or to use XML API "patches" (which ruins the elegance of object-oriented programming with the SDK).

Additional context

We are building a next-gen risk-based web-filtering policy for our firm. It leverages a lot of PAN-OS/pan-os-python features (amongst others) such as Security and Decryption rules, Application Groups and Filters, Custom URL categories, Tags, EDLs and Profile Groups. The latter one operates with some 15 different individual Security Profiles.

The policy is being designed to be portable so that we were able to deploy it to different device groups and different Panorama instances as well as standalone firewalls. Thus, a need for the manual creation of any policy elements (such as Security Profiles) becomes a significant shortcoming of the solution.

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

ibenrodriguez commented 1 year ago

Thanks for this enhancement request @nikolay-matveev-kkr - Hoping someone from Palo Alto can pick this up and help out with it.

BatD2 commented 1 year ago

We also need support for security profiles, and it would be great if someone from the team confirms if there is a plan to add the functionality any time soon and if not, we can start developing it ourselves

laserspeed5 commented 1 year ago

I am also looking forward to this feature. I inherited some firewalls with a few URL Security Profiles with many nested Custom URL objects. I would like to use this SDK to simplify, consolidate and make it easier to manage Security Profiles.