search

PaloAltoNetworks / pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
https://pan-os-python.readthedocs.io
ISC License
347 stars 172 forks source link

fix: bgp peer properties are flipped #583

Open rgangam-PAN opened 1 week ago

rgangam-PAN commented 1 week ago

Description

Reorder the peer-group properties.

Motivation and Context

We see that the order of BGP peer-group properties is important, otherwise the FW/Panorama will think there is a config change. By fixing the order same as how PANOS expects, there will be no additional commit required, if there is no change in BGP peer-group.

an_cfg_engine_execute_request(): set: Before str_len 5080, str: <virtual-router>
  <entry name="Main-Router">
    ...................
        <peer-group>
          <entry name="Prisma">
            <type>
              <ebgp>
                <remove-private-as>yes</remove-private-as>
                <import-nexthop>original</import-nexthop>
                <export-nexthop>resolve</export-nexthop>
              </ebgp>
            </type>
            <peer>

pan_cfg_engine_execute_request(): set: After str_len 5376, str: <virtual-router>
  <entry name="Main-Router">
      ............................
        <peer-group>
          <entry name="Prisma">
            <type>
              <ebgp>
                <export-nexthop>resolve</export-nexthop>
                <import-nexthop>original</import-nexthop>
                <remove-private-as>yes</remove-private-as>
              </ebgp>
            </type>
            <peer>

How Has This Been Tested?

1. Configure Peergroup ` BgpPeerGroup(name="pg-test", enable=True, aggregated_confed_as_path=True, soft_reset_with_stored_info=False, type="ebgp", remove_private_as=True, import_nexthop="original", export_nexthop="resolve")` 2. Commit the changes 3. Try to change any other config like adding a static route 4. Without fix, PANOS thinks there is a change in config due to incorrect order of parameters. With fix, We dont see any such config change request

Screenshots (if appropriate)

Types of changes

Checklist