welcome-to-palo-alto-networks[bot]
commented
1 year ago :tada: Thanks for opening your first issue here! Welcome to the community!
Open tintedcorals opened 1 year ago
welcome-to-palo-alto-networks[bot]
commented
1 year ago :tada: Thanks for opening your first issue here! Welcome to the community!
pechsteinma
commented
1 year ago The following fixes the problem for me:
In version 1.8.0 in network.py line 594 from
elif "__iter__" in dir(obj.interface) and self in obj.interface:
to
elif "__iter__" in dir(obj.interface) and str(self) in obj.interface:
Describe the bug
If a static route exists on the firewall which references an interface, a full_delete() will fail on a different interface.
Expected behavior
full_delete() should complete without throwing an exception
Current behavior
A TypeError exception is thrown, such as:
File "/work/panos/network.py", line 595, in fulldelete elif "__iter_\" in dir(obj.interface) and self in obj.interface: TypeError: 'in' requires string as left operand, not EthernetInterface
Possible solution
StaticRoute's interface attribute gets populated as a string, whereas the fulldelete code appears to expect a list (which is the case for other objects such as VirtualRouter or Zone). Since the str type will also pass the __iter_\ check, a more specific type check may be needed to avoid the
Steps to reproduce
Minimal pan-os-python reproduction without a live firewall (StaticRoute is being added directly to Firewall for brevity but error still triggers with VirtualRouter):
Context
This can be a really tricky situation to avoid since the StaticRoute that triggers the error is unrelated to the interface being changed. Routes targeted at interfaces rather than next-hops can be common in environments with IPSec tunnels, but the interface can also be present in addition to a next-hop for any static route.
Your Environment
Python 3.9.15 pan-os-python 1.7.3