XioNoX/pan2capi.py

## pan2capi.py
#!/usr/bin/python

from pandevice import base
from pandevice import firewall
from pandevice import panorama
from pandevice import policies
from pandevice import objects
from pandevice import network
from pandevice import device

pano = panorama.Panorama('hostname', 'username', 'password')

devicegroup = panorama.DeviceGroup('Office-Firewalls')
pano.add(devicegroup)
prerulebase = policies.PreRulebase()
devicegroup.add(prerulebase)
list_of_rules = policies.SecurityRule.refreshall(prerulebase)


pol_file = {}

for rule in list_of_rules:
    #print "Rule name: {0} - From zone: {1} - To zone: {2}".format(rule.name, rule.fromzone, rule.tozone)
    if(len(rule.fromzone) > 1 or len(rule.tozone) > 1):
        print("Process manually " + rule.name + " : has more than 1 source or dest zone.")
        continue
    if(rule.fromzone == rule.tozone) and (len(rule.fromzone) == 1) and rule.fromzone[0] != "untrust":
        print("Ignoring " + rule.name + " Source and destination are the same. Useless.")
        continue

    source_dest_zone = (rule.fromzone[0],rule.tozone[0])
    if source_dest_zone in pol_file:
        pol_file[source_dest_zone].append(rule)
    else:
        pol_file[source_dest_zone] = [rule]

for (src_zone, dest_zone), rules in pol_file.iteritems():
    header = """\nheader {
    target:: paloalto from-zone %s to-zone %s
}""" % (src_zone, dest_zone)
    print(header)
    for rule in rules:
        term = "term %s {\n" % (rule.name)
        if(rule.source[0] != "any"):
            term += "    source-address:: %s\n" % (' '.join(rule.source))
        if(rule.destination[0] != "any"):
            term += "    destination-address:: %s\n" % (' '.join(rule.destination))
        if(rule.application[0] != "any"):
            term += "    pan-application:: %s\n" % (' '.join(rule.application))
        if(rule.service[0] != "any"):
            term += "    destination-port:: %s\n" % (' '.join(rule.service))
            term += "    protocol::    <--- TODO\n"
        if(rule.description):
            term += "    description:: %s\n" % (rule.description)
        term += "    action:: accept\n"
        term += "}"
        print(term)
	#!/usr/bin/python

	from pandevice import base
	from pandevice import firewall
	from pandevice import panorama
	from pandevice import policies
	from pandevice import objects
	from pandevice import network
	from pandevice import device

	pano = panorama.Panorama('hostname', 'username', 'password')

	devicegroup = panorama.DeviceGroup('Office-Firewalls')
	pano.add(devicegroup)
	prerulebase = policies.PreRulebase()
	devicegroup.add(prerulebase)
	list_of_rules = policies.SecurityRule.refreshall(prerulebase)


	pol_file = {}

	for rule in list_of_rules:
	#print "Rule name: {0} - From zone: {1} - To zone: {2}".format(rule.name, rule.fromzone, rule.tozone)
	if(len(rule.fromzone) > 1 or len(rule.tozone) > 1):
	print("Process manually " + rule.name + " : has more than 1 source or dest zone.")
	continue
	if(rule.fromzone == rule.tozone) and (len(rule.fromzone) == 1) and rule.fromzone[0] != "untrust":
	print("Ignoring " + rule.name + " Source and destination are the same. Useless.")
	continue

	source_dest_zone = (rule.fromzone[0],rule.tozone[0])
	if source_dest_zone in pol_file:
	pol_file[source_dest_zone].append(rule)
	else:
	pol_file[source_dest_zone] = [rule]

	for (src_zone, dest_zone), rules in pol_file.iteritems():
	header = """\nheader {
	target:: paloalto from-zone %s to-zone %s
	}""" % (src_zone, dest_zone)
	print(header)
	for rule in rules:
	term = "term %s {\n" % (rule.name)
	if(rule.source[0] != "any"):
	term += " source-address:: %s\n" % (' '.join(rule.source))
	if(rule.destination[0] != "any"):
	term += " destination-address:: %s\n" % (' '.join(rule.destination))
	if(rule.application[0] != "any"):
	term += " pan-application:: %s\n" % (' '.join(rule.application))
	if(rule.service[0] != "any"):
	term += " destination-port:: %s\n" % (' '.join(rule.service))
	term += " protocol:: <--- TODO\n"
	if(rule.description):
	term += " description:: %s\n" % (rule.description)
	term += " action:: accept\n"
	term += "}"
	print(term)