to find all rules between two specific CIDR blocks.I have created a code. it might help you to understand
import xml.etree.ElementTree as ETimport panxapi '''# Panorama connection detailspanorama_host = "192.168.248.140"panorama_user = "admin"panorama_password = " "
# Initialize PAN-OS API connection to Panoramaxapi = panxapi(api_username=panorama_user, api_password=panorama_password, hostname=panorama_host,verify=False)
#xapi = panxapi.py -h 192.168.248.140 -l ***@***.***! -k
# Perform an API request to get all security policiesxpath = ***@***.******@***.***='vsys1']/rulebase/security/rules")
try: response = xapi.get(xpath=xpath) if response is None: raise Exception("Empty response from the API.")except Exception as e: print(f"Error: {e}") exit()
'''# Parse the XML responseroot = ET.parse("3882.xml")#print(root)
# Iterate through the security rulesfor rule in root.findall(".//entry"): source_objects = [] destination_objects = [] # Get the source and destination objects of the rule for element in rule.findall(".//source/member"): source_objects.append(element.text) for element in rule.findall(".//destination/member"): destination_objects.append(element.text) # Check if any source or destination object falls within the specified IP range in_range = False for obj in source_objects + destination_objects: subNetMask = obj.startswith("10.0.0.") and int(obj.split('/')[1]) if obj.startswith("10.0.0.") and (subNetMask >= 8) and (subNetMask <= 20): in_range = True break if in_range: # Print the rule name and other relevant information # rule_name = rule.find(".//tag").text rule_name = rule.attrib print(f"Rule Name: {rule_name}") print(f"Source Objects: {', '.join(source_objects)}") print(f"Destination Objects: {', '.join(destination_objects)}") print("\n")
# Disconnect from the Panorama device#xapi.logout()