FR-02-may-2023-2 Add columns into ExportToExcel action for Destination NAT type, Destination NAT Port, and Session Distribution Method

Question

FR-02-may-2023-2 Add columns into ExportToExcel action for Destination NAT type, Destination NAT Port, and Session Distribution Method

nexusops opened this issue 2 years ago · 5 comments

nexusops commented 2 years ago

Is your feature request related to a problem?

ExportToExcel action currently doesn't export the following destination NAT related fields:

Translation type
Translated port
Session Distribution Method

Describe the solution you'd like

Include the above mentioned fields in the export

Additional context

Answer 1 · 2023-05-02T11:51:41.000Z

Here are snippets of config which contain the relevant DNAT options

Dynamic DNAT with Round Robin - Notice that the Round Robin option doesn't appear in the config. This is because it's the default option

            <entry name="DNAT-1" uuid="19e9e68f-cbd2-474f-9e63-16494f909e48">
              <dynamic-destination-translation>
                <translated-address>8.8.8.8</translated-address>
                <translated-port>8181</translated-port>
              </dynamic-destination-translation>
              <to>
                <member>LAB-70-LAN</member>
              </to>
              <from>
                <member>any</member>
              </from>
              <source>
                <member>any</member>
              </source>
              <destination>
                <member>any</member>
              </destination>
              <service>any</service>
            </entry>

Answer 2 · 2023-05-02T11:52:23.000Z

Dynamic DNAT with source-ip-hash option

            <entry name="DNAT-2" uuid="4af75cc1-c3d0-4b2f-ac0b-9fdce3eaf993">
              <dynamic-destination-translation>
                <translated-address>8.8.8.8</translated-address>
                <translated-port>8181</translated-port>
                <distribution>source-ip-hash</distribution>
              </dynamic-destination-translation>
              <to>
                <member>LAB-70-LAN</member>
              </to>
              <from>
                <member>any</member>
              </from>
              <source>
                <member>any</member>
              </source>
              <destination>
                <member>any</member>
              </destination>
              <service>any</service>
            </entry>

Answer 3 · 2023-05-02T11:54:06.000Z

Please note that when a distribution method is changed from "non-Round Robin" option (such as source-ip-hash above), then the Round Robin option is explicitly mentioned in the config. Like so

        <entry name="DNAT-2" uuid="4af75cc1-c3d0-4b2f-ac0b-9fdce3eaf993">
          <dynamic-destination-translation>
            <translated-address>8.8.8.8</translated-address>
            <translated-port>8181</translated-port>
            <distribution>round-robin</distribution>
          </dynamic-destination-translation>
          <to>
            <member>LAB-70-LAN</member>
          </to>
          <from>
            <member>any</member>
          </from>
          <source>
            <member>any</member>
          </source>
          <destination>
            <member>any</member>
          </destination>
          <service>any</service>
        </entry>

Answer 4 · 2023-05-04T16:32:33.000Z

validation of PAN-OS-PHP develop container / branch for this FR needed, as mentioned via different communication

Answer 5 · 2023-05-10T14:46:12.000Z

introduce with #747