/pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

Primary LanguagePythonISC LicenseISC

Palo Alto Networks PAN-OS SDK for Python

The PAN-OS SDK for Python (pan-os-python) is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.


Latest version released on PyPi Python versions License Documentation Status Chat on GitHub Discussions

semantic-release Conventional Commits Powered by DepHell GitHub contributors


Features

  • Object model of Firewall and Panorama configuration
  • Multiple connection methods including Panorama as a proxy
  • All operations natively vsys-aware
  • Support for high availability pairs and retry/recovery during node failure
  • Batch User-ID operations
  • Device API exception classification

Status

Palo Alto Networks PAN-OS SDK for Python is considered stable. It is fully tested and used in many production environments. Semantic versioning is applied to indicate bug fixes, new features, and breaking changes in each version.

Install

Install using pip:

pip install pan-os-python

Upgrade to the latest version:

pip install --upgrade pan-os-python

If you have poetry installed, you can also add pan-os-python to your project:

poetry add pan-os-python

How to import

To use pan-os-python in a project:

import panos

You can also be more specific about which modules you want to import:

from panos import firewall
from panos import network

A few examples

For configuration tasks, create a tree structure using the classes in each module. Nodes hierarchy must follow the model in the Configuration Tree.

The following examples assume the modules were imported as such:

from panos import firewall
from panos import network

Create an interface and commit:

fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")
eth1 = network.EthernetInterface("ethernet1/1", mode="layer3")
fw.add(eth1)
eth1.create()
fw.commit()

Operational commands leverage the 'op' method of the device:

fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")
print fw.op("show system info")

Some operational commands have methods to refresh the variables in an object:

# populates the version, serial, and model variables from the live device
fw.refresh_system_info()

See more examples in the Usage Guide.

Upgrade from pandevice

This pan-os-python package is the evolution of the older pandevice package. To upgrade from pandevice to pan-os-python, follow these steps.

Step 1. Ensure you are using python3

Python2 is end-of-life and not supported by pan-os-python.

Step 2. Uninstall pandevice:

pip uninstall pandevice
 # or
poetry remove pandevice

Step 3. Install pan-os-python:

pip3 install pan-os-python
 # or
poetry add pan-os-python

Step 4. Change the import statements in your code from pandevice to panos. For example:

import pandevice
from pandevice.firewall import Firewall

 # would change to

import panos
from panos.firewall import Firewall

Step 5. Test your script or application

There are no known breaking changes between pandevice v0.14.0 and pan-os-python v1.0.0, but it is a major upgrade so please verify everything works as expected.

Contributors

Thank you to Kevin Steves, creator of the pan-python library