Framework and utilities to easily manage and edit Palo Alto Network PANOS devices
1.5.13
utils: address-edit: new filter tag has / has.nocase / has.regex and tag.count >,<,=,! / object is.recursive.member.of address-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is address-edit: new action description-append address-edit: new action add-member override-finder: supporting scenario where template defined objects are not present in candidate config rules-edit: new filter 'service has.recursive', 'secprof av-profile.is.set', 'secprof as-profile.is.set', 'secprof url-profile.is.set', 'secprof wf-profile.is.set', 'secprof vuln-profile.is.set' rules-edit: new filter 'secprof file-profile.is', 'secprof file-profile.is.set', 'secprof data-profile.is', 'secprof data-profile.is.set' rules-edit: new filter 'service has.only', 'user has', 'user has.regex', 'url.category is.any' rules-edit: new filter 'app technology.is', 'app category.is', 'app subcategory.is', 'app characteristic.has xxxx' rules-edit: new filter 'app includes.full.or.partial', 'app includes.full.or.partial.nocase', 'app included-in.full.or.partial', 'app included-in.full.or.partial.nocase' rules-edit: new filter 'service has.from.query' and 'service has.recursive.from.query' rules-edit: new filter 'location is.child.of [DG]' rules-edit: new filter 'service is.tcp','service is.tcp.only','service is.udp','service is.udp.only','service has.value [PORT_VALUE]','service has.value.recursive [PORT_VALUE]' rules-edit: new filter 'app custom.has.signature' rules-edit: new filter 'dnathost included-in.full', 'dnathost included-in.partial', 'dnathost included-in.full.or.partial', 'dnathost includes.full', 'dnathost includes.partial', 'dnathost includes.full.or.partial' rules-edit: action 'tag-Add-Force' new field 'tagColor' to setColor for forced Tag creation rules-edit: action 'description-append' new field 'newline' as boolean parameter no/yes rules-edit: action 'display' extend with logsetting information / URL category rules-edit: action 'exporttoexcel' extend with additionalFields choice ResolveServiceSummary rules-edit: action 'description-Prepend' service-edit: new actions tag-Add | tag-Add-Force | tag-Remove | tag-Remove-All | tag-Remove-Regex service-edit: new action 'name-rename' to allow renaming based on template string. ie: 'name-Rename:$$protocol$$-$$current.name$$' service-edit: new action description-append service-edit: improve action move - API mode now supported to move service objects to shared level service-edit: new filter tag has / has.nocase / has.regex and tag.count >,<,=,! / object is.recursive.member.of service-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is tag-edit: new action move tag-edit: new filter reflocation is / reflocation is.only / refstore is / reftype is useid-mgt: add argument debugapi doc update
bugfix:
1.5.12
utils: rules-edit: action 'exportToExcel' new fields 'dst_negated' and 'src_negated' to show when some fields are negated rules-edit: new action 'name-removePrefix' 'name-removeSuffix' 'app-add-force' rules-edit: action 'from/to-calculate-zones' add new mode 'unneeded-tag-add' to add rule tag (unneeded-from/to-zone) where unneeded zones are available rules-edit: filter 'is.unused.fast' extend for nat rules rules-edit: new filters 'src is.fully.included.in.list' rules-edit: new actions 'dst-Remove-Objects-Matching-Filter' and 'src-Remove-Objects-Matching-Filter' to remove objects matching a specific filter rules-edit: new action 'securityProfile-Profile-Set' to set individual profiles address-edit: new filter 'description regex' address-edit: new fields in exportToExcel : 'ResolveIP' and 'NestedMembers' service-edit: new filter 'description regex' generic: new filters 'location regex' tag-edit: new action 'setColor', 'addComments', 'deleteComments' tag-edit: new filter 'color eq', 'comments regex /XXX/', 'comments is.empty'
bugfix:
1.5.11
utils:
bugfix:
1.5.10
utils: upload-config: new argument 'extraFiltersOut' to strip unwanted XML parts out of the config before saving/uploading it. rules-edit: new actions 'from-replace', 'to-replace' to help replace Zones where required
bugfix:
utils: service-edit: new filters 'object is.unused.recursive' to check if an object is used in groups/nested groups which are not used either rules-edit: new actions 'src-Negate-Set','dst-Negate-Set' to enable/disable a rule Source/Destination negation 'target-Set-Any','target-Add-Device','target-Negate-Set','target-RemoveDevice' to manage targets 'clone' to clone rules before/after another rule and add a suffix rules-edit: improved 'calculate-zones' with NAT rules which will be cloned if several destination zones are found
bugfix:
utils: rules-edit : new filters 'target is.any' 'target has xxxxx/vsysX' 'snathost has xxxx' 'dnathost has xxxx' 'rule is.snat' 'rule is.dnat' 'rule is.snatbidir' 'snat is.static' 'snat is.dynamic-ip' 'snat is.dynamic-ip-and-port' 'natdstinterface is.set' 'rule is.universal' 'rule is.intrazone' 'rule is.interzone' rules-edit : new filters for security profiles: 'secprof av-profile.is' 'secprof as-profile.is' 'secprof vuln-profile.is' 'secprof wf-profile.is' rules-edit : new actions 'name-Append' and 'name-Prepend' 'split-bidirectionalnat' 'change-ruleType' address-edit : improved filter 'name regex' to allow external regular expression reference, permitting expression with parenthesis without the need to escape. ie: 'filter=(name regex %subquery1)' 'subquery1=/^(az)/' address-edit: new filters 'object is.unused.recursive' to check if an object is used in groups/nested groups which are not used either utilities: propose to enter a new login/password if previous ones are detected as invalid
bugfixes:
utils: rules-edit : loading of firewall configurations can now get panorama pushed config, use option 'loadPanoramaPushedConfig' rules-edit : added new filters for userid : 'user is.any' 'user is.unknown' 'user is.known' 'user is.prelogon' rules-edit : added security profile, log profile userid column in ExportToExcel
bugfixes:
1.5.5 core:
utils:
bugfixes:
1.5.0 Library:
Utilities: