Documentation
¶
Overview ¶
Package security is the client.Policies.Security namespace.
Normalized object: Entry
Index ¶
- func RulesMatch(a, b Entry) bool
- type Entry
- type Firewall
- func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)
- func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
- func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, ...) error
- func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)
- func (c *Firewall) Delete(vsys string, e ...interface{}) error
- func (c *Firewall) DeleteAll(vsys string) error
- func (c *Firewall) Edit(vsys string, e Entry) error
- func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)
- func (c *Firewall) Get(vsys, name string) (Entry, error)
- func (c *Firewall) GetAll(vsys string) ([]Entry, error)
- func (c *Firewall) GetList(vsys string) ([]string, error)
- func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)
- func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error
- func (c *Firewall) Set(vsys string, e ...Entry) error
- func (c *Firewall) SetAuditComment(vsys, rule, comment string) error
- func (c *Firewall) Show(vsys, name string) (Entry, error)
- func (c *Firewall) ShowAll(vsys string) ([]Entry, error)
- func (c *Firewall) ShowList(vsys string) ([]string, error)
- func (c *Firewall) VerifiableEdit(vsys string, e ...Entry) error
- func (c *Firewall) VerifiableSet(vsys string, e ...Entry) error
- type Panorama
- func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)
- func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
- func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, ...) error
- func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)
- func (c *Panorama) Delete(dg, base string, e ...interface{}) error
- func (c *Panorama) DeleteAll(dg, base string) error
- func (c *Panorama) Edit(dg, base string, e Entry) error
- func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)
- func (c *Panorama) Get(dg, base, name string) (Entry, error)
- func (c *Panorama) GetAll(dg, base string) ([]Entry, error)
- func (c *Panorama) GetList(dg, base string) ([]string, error)
- func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error
- func (c *Panorama) Set(dg, base string, e ...Entry) error
- func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error
- func (c *Panorama) Show(dg, base, name string) (Entry, error)
- func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)
- func (c *Panorama) ShowList(dg, base string) ([]string, error)
- func (c *Panorama) VerifiableEdit(dg, base string, e ...Entry) error
- func (c *Panorama) VerifiableSet(dg, base string, e ...Entry) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RulesMatch ¶ added in v0.7.0
Types ¶
type Entry ¶
type Entry struct {
Name string
Type string
Description string
Tags []string // ordered
SourceZones []string // unordered
SourceAddresses []string // unordered
NegateSource bool
SourceUsers []string // unordered
HipProfiles []string // unordered
DestinationZones []string // unordered
DestinationAddresses []string // unordered
NegateDestination bool
Applications []string // unordered
Services []string // unordered
Categories []string // unordered
Action string
LogSetting string
LogStart bool
LogEnd bool
Disabled bool
Schedule string
IcmpUnreachable bool
DisableServerResponseInspection bool
Group string
Targets map[string][]string
NegateTarget bool
Virus string
Spyware string
Vulnerability string
UrlFiltering string
FileBlocking string
WildFireAnalysis string
DataFiltering string
GroupTag string // PAN-OS 9.0+
Uuid string // PAN-OS 9.0+
SourceDevices []string // PAN-OS 10.0+
DestinationDevices []string // PAN-OS 10.0+
}
Entry is a normalized, version independent representation of a security rule.
Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).
func (*Entry) Copy ¶
Copy copies the information from source Entry `s` to this object. As the Name and Uuid fields relate to the identify of this object, they are not copied.
func (*Entry) Defaults ¶
func (o *Entry) Defaults()
Defaults sets params with uninitialized values to their GUI default setting.
The defaults are as follows:
- Type: "universal"
- SourceZones: ["any"]
- SourceAddresses: ["any"]
- SourceUsers: ["any"]
- DestinationZones: ["any"]
- DestinationAddresses: ["any"]
- Applications: ["any"]
- Services: ["application-default"]
- Categories: ["any"]
- Action: "allow"
- LogEnd: true
type Firewall ¶ added in v0.5.0
type Firewall struct {
// contains filtered or unexported fields
}
Firewall is the client.Policies.PolicyBasedForwarding namespace.
func FirewallNamespace ¶ added in v0.5.0
func FirewallNamespace(client util.XapiClient) *Firewall
FirewallNamespace returns an initialized namespace.
func (*Firewall) AllFromPanosConfig ¶ added in v0.7.0
AllFromPanosConfig retrieves all objects stored in the retrieved config.
func (*Firewall) AuditCommentHistory ¶ added in v0.6.0
func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
AuditCommentHistory returns a chunk of historical audit comment logs.
func (*Firewall) ConfigureRules ¶ added in v0.7.0
func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error
ConfigureRules configures the given rules on PAN-OS.
It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.
Audit comments are applied only for rules which are either SET or EDIT'ed.
If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.
Params move and oRule are for moving the group into place after configuration.
Any rule name that appears in prevRules but not in the rules param will be deleted.
func (*Firewall) CurrentAuditComment ¶ added in v0.6.0
CurrentAuditComment returns the current audit comment.
func (*Firewall) Delete ¶ added in v0.5.0
Delete performs DELETE to remove the specified objects.
Objects can be either a string or an Entry object.
func (*Firewall) DeleteAll ¶ added in v0.5.0
DeleteAll removes all security policies from the specified vsys.
func (*Firewall) FromPanosConfig ¶ added in v0.7.0
FromPanosConfig retrieves the object stored in the retrieved config.
func (*Firewall) Get ¶ added in v0.5.0
Get performs GET to retrieve information for the given object.
func (*Firewall) HitCount ¶ added in v0.5.0
HitCount gets the rule hit count for the given rules.
If the rules param is nil, then the hit count for all rules is returned.
func (*Firewall) MoveGroup ¶ added in v0.5.0
MoveGroup moves a logical group of security rules somewhere in relation to another security policy.
The `movement` param should be one of the Move constants in the util package.
The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.
func (*Firewall) SetAuditComment ¶ added in v0.6.0
SetAuditComment sets the audit comment for the given rule.
func (*Firewall) Show ¶ added in v0.5.0
Show performs SHOW to retrieve information for the given object.
func (*Firewall) ShowAll ¶ added in v0.5.0
ShowAll performs SHOW to retrieve information for all objects.
func (*Firewall) ShowList ¶ added in v0.5.0
ShowList performs SHOW to retrieve a list of all objects.
func (*Firewall) VerifiableEdit ¶ added in v0.5.0
VerifiableEdit behaves like Edit(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.
NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.
This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.
func (*Firewall) VerifiableSet ¶ added in v0.5.0
VerifiableSet behaves like Set(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.
NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.
This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.
type Panorama ¶ added in v0.5.0
type Panorama struct {
// contains filtered or unexported fields
}
Panorama is the client.Policies.Security namespace.
The "dg" param in these functions is the device group.
The "base" param in these functions should be one of the rulebase constants in the "util" package.
func PanoramaNamespace ¶ added in v0.5.0
func PanoramaNamespace(client util.XapiClient) *Panorama
PanoramaNamespace returns an initialized namespace.
func (*Panorama) AllFromPanosConfig ¶ added in v0.7.0
AllFromPanosConfig retrieves all objects stored in the retrieved config.
func (*Panorama) AuditCommentHistory ¶ added in v0.6.0
func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)
AuditCommentHistory returns a chunk of historical audit comment logs.
func (*Panorama) ConfigureRules ¶ added in v0.7.0
func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error
ConfigureRules configures the given rules on PAN-OS.
It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.
Audit comments are applied only for rules which are either SET or EDIT'ed.
If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.
Params move and oRule are for moving the group into place after configuration.
Any rule name that appears in prevRules but not in the rules param will be deleted.
func (*Panorama) CurrentAuditComment ¶ added in v0.6.0
CurrentAuditComment returns the current audit comment.
func (*Panorama) Delete ¶ added in v0.5.0
Delete removes the given objects.
Objects can be a string or an Entry object.
func (*Panorama) DeleteAll ¶ added in v0.5.0
DeleteAll removes all security policies from the specified dg / rulebase.
func (*Panorama) FromPanosConfig ¶ added in v0.7.0
FromPanosConfig retrieves the object stored in the retrieved config.
func (*Panorama) Get ¶ added in v0.5.0
Get performs GET to retrieve information for the given object.
func (*Panorama) GetAll ¶ added in v0.5.0
GetAll performs GET to retrieve information for all objects.
func (*Panorama) MoveGroup ¶ added in v0.5.0
MoveGroup moves a logical group of security rules somewhere in relation to another rule.
The `movement` param should be one of the Move constants in the util package.
The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.
func (*Panorama) SetAuditComment ¶ added in v0.6.0
SetAuditComment sets the audit comment for the given rule.
func (*Panorama) Show ¶ added in v0.5.0
Show performs SHOW to retrieve information for the given object.
func (*Panorama) ShowAll ¶ added in v0.5.0
ShowAll performs SHOW to retrieve information for all objects.
func (*Panorama) ShowList ¶ added in v0.5.0
ShowList performs SHOW to retrieve a list of all objects.
func (*Panorama) VerifiableEdit ¶ added in v0.5.0
VerifiableEdit behaves like Edit(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.
NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.
This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.
func (*Panorama) VerifiableSet ¶ added in v0.5.0
VerifiableSet behaves like Set(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.
NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.
This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.
Source Files