Module: device

Inheritance diagram

Inheritance diagram of panos.device

Configuration tree diagram

digraph configtree { graph [rankdir=LR, fontsize=10, margin=0.001]; node [shape=box, fontsize=10, height=0.001, margin=0.1, ordering=out]; EmailServerProfile [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.EmailServerProfile" target="_top"]; EmailServer [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.EmailServer" target="_top"]; EmailServerProfile -> EmailServer; HttpServerProfile [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpServerProfile" target="_top"]; HttpAuthHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpAuthHeader" target="_top"]; HttpServerProfile -> HttpAuthHeader; HttpAuthParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpAuthParam" target="_top"]; HttpServerProfile -> HttpAuthParam; HttpConfigHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpConfigHeader" target="_top"]; HttpServerProfile -> HttpConfigHeader; HttpConfigParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpConfigParam" target="_top"]; HttpServerProfile -> HttpConfigParam; HttpDataHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpDataHeader" target="_top"]; HttpServerProfile -> HttpDataHeader; HttpDataParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpDataParam" target="_top"]; HttpServerProfile -> HttpDataParam; HttpGtpHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpGtpHeader" target="_top"]; HttpServerProfile -> HttpGtpHeader; HttpGtpParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpGtpParam" target="_top"]; HttpServerProfile -> HttpGtpParam; HttpHipMatchHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpHipMatchHeader" target="_top"]; HttpServerProfile -> HttpHipMatchHeader; HttpHipMatchParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpHipMatchParam" target="_top"]; HttpServerProfile -> HttpHipMatchParam; HttpIpTagHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpIpTagHeader" target="_top"]; HttpServerProfile -> HttpIpTagHeader; HttpIpTagParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpIpTagParam" target="_top"]; HttpServerProfile -> HttpIpTagParam; HttpSctpHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpSctpHeader" target="_top"]; HttpServerProfile -> HttpSctpHeader; HttpSctpParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpSctpParam" target="_top"]; HttpServerProfile -> HttpSctpParam; HttpServer [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpServer" target="_top"]; HttpServerProfile -> HttpServer; HttpSystemHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpSystemHeader" target="_top"]; HttpServerProfile -> HttpSystemHeader; HttpSystemParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpSystemParam" target="_top"]; HttpServerProfile -> HttpSystemParam; HttpThreatHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpThreatHeader" target="_top"]; HttpServerProfile -> HttpThreatHeader; HttpThreatParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpThreatParam" target="_top"]; HttpServerProfile -> HttpThreatParam; HttpTrafficHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpTrafficHeader" target="_top"]; HttpServerProfile -> HttpTrafficHeader; HttpTrafficParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpTrafficParam" target="_top"]; HttpServerProfile -> HttpTrafficParam; HttpTunnelHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpTunnelHeader" target="_top"]; HttpServerProfile -> HttpTunnelHeader; HttpTunnelParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpTunnelParam" target="_top"]; HttpServerProfile -> HttpTunnelParam; HttpUrlHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpUrlHeader" target="_top"]; HttpServerProfile -> HttpUrlHeader; HttpUrlParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpUrlParam" target="_top"]; HttpServerProfile -> HttpUrlParam; HttpUserIdHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpUserIdHeader" target="_top"]; HttpServerProfile -> HttpUserIdHeader; HttpUserIdParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpUserIdParam" target="_top"]; HttpServerProfile -> HttpUserIdParam; HttpWildfireHeader [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpWildfireHeader" target="_top"]; HttpServerProfile -> HttpWildfireHeader; HttpWildfireParam [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.HttpWildfireParam" target="_top"]; HttpServerProfile -> HttpWildfireParam; SnmpServerProfile [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SnmpServerProfile" target="_top"]; SnmpV2cServer [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SnmpV2cServer" target="_top"]; SnmpServerProfile -> SnmpV2cServer; SnmpV3Server [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SnmpV3Server" target="_top"]; SnmpServerProfile -> SnmpV3Server; SyslogServerProfile [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SyslogServerProfile" target="_top"]; SyslogServer [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SyslogServer" target="_top"]; SyslogServerProfile -> SyslogServer; SystemSettings [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.SystemSettings" target="_top"]; NTPServerPrimary [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.NTPServerPrimary" target="_top"]; SystemSettings -> NTPServerPrimary; NTPServerSecondary [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.NTPServerSecondary" target="_top"]; SystemSettings -> NTPServerSecondary; Telemetry [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.Telemetry" target="_top"]; SystemSettings -> Telemetry; Vsys [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.Vsys" target="_top"]; Vsys -> EmailServerProfile; Vsys -> HttpServerProfile; Vsys -> SnmpServerProfile; Vsys -> SyslogServerProfile; VsysResources [style=filled fillcolor=lightpink URL="../module-device.html#panos.device.VsysResources" target="_top"]; Vsys -> VsysResources; AggregateInterface [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.AggregateInterface" target="_top"]; Vsys -> AggregateInterface; EthernetInterface [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.EthernetInterface" target="_top"]; Vsys -> EthernetInterface; LoopbackInterface [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.LoopbackInterface" target="_top"]; Vsys -> LoopbackInterface; TunnelInterface [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.TunnelInterface" target="_top"]; Vsys -> TunnelInterface; VirtualRouter [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.VirtualRouter" target="_top"]; Vsys -> VirtualRouter; VirtualWire [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.VirtualWire" target="_top"]; Vsys -> VirtualWire; Vlan [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.Vlan" target="_top"]; Vsys -> Vlan; VlanInterface [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.VlanInterface" target="_top"]; Vsys -> VlanInterface; Zone [style=filled fillcolor=lightcyan URL="../module-network.html#panos.network.Zone" target="_top"]; Vsys -> Zone; AddressGroup [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.AddressGroup" target="_top"]; Vsys -> AddressGroup; AddressObject [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.AddressObject" target="_top"]; Vsys -> AddressObject; ApplicationFilter [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ApplicationFilter" target="_top"]; Vsys -> ApplicationFilter; ApplicationGroup [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ApplicationGroup" target="_top"]; Vsys -> ApplicationGroup; ApplicationObject [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ApplicationObject" target="_top"]; Vsys -> ApplicationObject; CustomUrlCategory [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.CustomUrlCategory" target="_top"]; Vsys -> CustomUrlCategory; DynamicUserGroup [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.DynamicUserGroup" target="_top"]; Vsys -> DynamicUserGroup; LogForwardingProfile [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.LogForwardingProfile" target="_top"]; Vsys -> LogForwardingProfile; Region [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.Region" target="_top"]; Vsys -> Region; ScheduleObject [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ScheduleObject" target="_top"]; Vsys -> ScheduleObject; SecurityProfileGroup [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.SecurityProfileGroup" target="_top"]; Vsys -> SecurityProfileGroup; ServiceGroup [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ServiceGroup" target="_top"]; Vsys -> ServiceGroup; ServiceObject [style=filled fillcolor=lemonchiffon URL="../module-objects.html#panos.objects.ServiceObject" target="_top"]; Vsys -> ServiceObject; Rulebase [style=filled fillcolor=lightsalmon URL="../module-policies.html#panos.policies.Rulebase" target="_top"]; Vsys -> Rulebase; }

Class Reference

Device module contains objects that exist in the ‘Device’ tab in the firewall GUI

class panos.device.Administrator(*args, **kwargs)[source]

Administrator object

Parameters:
  • name (str) – Admin name
  • authentication_profile (str) – The authentication profile
  • web_client_cert_only (bool) – Use only client certificate authentication (Web)
  • superuser (bool) – Admin type - superuser
  • superuser_read_only (bool) – Admin type - superuser, read only
  • panorama_admin (bool) – Panonrama - a panorama admin only
  • device_admin (bool) – Admin type - device admin
  • device_admin_read_only (bool) – Admin type - device admin, read only
  • vsys (list/str) – Physical firewalls: the vsys this admin should manage
  • vsys_read_only (list/str) – Physical firewalls: the vsys this read only admin should manage
  • ssh_public_key (str) – Use Public Key Authentication (SSH)
  • role_profile (str) – The role based profile
  • password_hash (encrypted str) – The encrypted password
  • password_profile (str) – The password profile for this user
change_password(new_password)[source]

Update the password.

Modifies the live device

Parameters:new_password (str) – The new password for this user.
class panos.device.EmailServer(*args, **kwargs)[source]

An email server in a email server profile.

Parameters:
  • name (str) – The name
  • display_name (str) – Display name
  • from (str) – From email address
  • to (str) – To email address
  • also_to (str) – Additional destination email address
  • email_gateway (str) – IP address or FQDN of email gateway to use
class panos.device.EmailServerProfile(*args, **kwargs)[source]

An email server profile.

Parameters:
  • name (str) – The name
  • config (str) – Custom config log format
  • system (str) – Custom system log format
  • threat (str) – Custom threat log format
  • traffic (str) – Custom traffic log format
  • hip_match (str) – Custom HIP match log format
  • url (str) – (PAN-OS 8.0+) Custom URL log format
  • data (str) – (PAN-OS 8.0+) Custom data log format
  • wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format
  • tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format
  • user_id (str) – (PAN-OS 8.0+) Custom user-ID log format
  • gtp (str) – (PAN-OS 8.0+) Custom GTP log format
  • auth (str) – (PAN-OS 8.0+) Custom authentication log format
  • sctp (str) – (PAN-OS 8.1+) Custom SCTP log format
  • iptag (str) – (PAN-OS 9.0+) Custom Iptag log format
  • escaped_characters (str) – Characters to be escaped
  • escape_character (str) – Escape character
class panos.device.HttpAuthHeader(*args, **kwargs)[source]

HTTP header for auth.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpAuthParam(*args, **kwargs)[source]

HTTP param for auth.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpConfigHeader(*args, **kwargs)[source]

HTTP header for config.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpConfigParam(*args, **kwargs)[source]

HTTP param for config.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpDataHeader(*args, **kwargs)[source]

HTTP header for data.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpDataParam(*args, **kwargs)[source]

HTTP param for data.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpGtpHeader(*args, **kwargs)[source]

HTTP header for GTP.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpGtpParam(*args, **kwargs)[source]

HTTP param for GTP.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpHipMatchHeader(*args, **kwargs)[source]

HTTP header for HIP match.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpHipMatchParam(*args, **kwargs)[source]

HTTP param for HIP match.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpIpTagHeader(*args, **kwargs)[source]

HTTP header for IP tag.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpIpTagParam(*args, **kwargs)[source]

HTTP param for IP tag.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpSctpHeader(*args, **kwargs)[source]

HTTP header for SCTP.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpSctpParam(*args, **kwargs)[source]

HTTP param for SCTP.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpServer(*args, **kwargs)[source]

A single HTTP server in a HTTP server profile.

Parameters:
  • name (str) – The name
  • address (str) – IP address or FQDN of HTTP server to use
  • protocol (str) – HTTPS (default) or HTTP
  • port (int) – Port number (default: 443).
  • tls_version (str) – (PAN-OS 9.0+) TLS handshake protocol version. Valid values are 1.0, 1.1, or 1.2.
  • certificate_profile (str) – (PAN-OS 9.0+) Certificate profile for validating server certificate
  • http_method (str) – HTTP method to use (default: POST).
  • username (str) – Username for basic HTTP auth
  • password (str) – Password for basic HTTP auth
class panos.device.HttpServerProfile(*args, **kwargs)[source]

A HTTP server profile.

Note: This is valid for PAN-OS 8.0+.

Parameters:
  • name (str) – The name
  • tag_registration (bool) – The server should have User-ID agent running in order for tag registration to work
  • config_name (str) – Name for custom config format
  • config_uri_format (str) – URI format for custom config format
  • config_payload (str) – Payload for custom config format
  • system_name (str) – Name for custom system format
  • system_uri_format (str) – URI format for custom system format
  • system_payload (str) – Payload for custom system format
  • threat_name (str) – Name for custom threat format
  • threat_uri_format (str) – URI format for custom threat format
  • threat_payload (str) – Payload for custom threat format
  • traffic_name (str) – Name for custom traffic format
  • traffic_uri_format (str) – URI format for custom traffic format
  • traffic_payload (str) – Payload for custom traffic format
  • hip_match_name (str) – Name for custom HIP match format
  • hip_match_uri_format (str) – URI format for custom HIP match format
  • hip_match_payload (str) – Payload for custom HIP match format
  • url_name (str) – Name for custom url format
  • url_uri_format (str) – URI format for custom url format
  • url_payload (str) – Payload for custom url format
  • data_name (str) – Name for custom data format
  • data_uri_format (str) – URI format for custom data format
  • data_payload (str) – Payload for custom data format
  • wildfire_name (str) – Name for custom wildfire format
  • wildfire_uri_format (str) – URI format for custom wildfire format
  • wildfire_payload (str) – Payload for custom wildfire format
  • tunnel_name (str) – Name for custom tunnel format
  • tunnel_uri_format (str) – URI format for custom tunnel format
  • tunnel_payload (str) – Payload for custom tunnel format
  • user_id_name (str) – Name for custom User-ID format
  • user_id_uri_format (str) – URI format for custom User-ID format
  • user_id_payload (str) – Payload for custom User-ID format
  • gtp_name (str) – Name for custom GTP format
  • gtp_uri_format (str) – URI format for custom GTP format
  • gtp_payload (str) – Payload for custom GTP format
  • auth_name (str) – Name for custom auth format
  • auth_uri_format (str) – URI format for custom auth format
  • auth_payload (str) – Payload for custom auth format
  • sctp_name (str) – (PAN-OS 8.1+) Name for custom SCTP format
  • sctp_uri_format (str) – (PAN-OS 8.1+) URI format for custom SCTP format
  • sctp_payload (str) – (PAN-OS 8.1+) Payload for custom SCTP format
  • iptag_name (str) – (PAN-OS 9.0+) Name for custom IP tag format
  • iptag_uri_format (str) – (PAN-OS 9.0+) URI format for custom IP tag format
  • iptag_payload (str) – (PAN-OS 9.0+) Payload for custom IP tag format
class panos.device.HttpSystemHeader(*args, **kwargs)[source]

HTTP header for system.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpSystemParam(*args, **kwargs)[source]

HTTP param for system.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpThreatHeader(*args, **kwargs)[source]

HTTP header for threat.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpThreatParam(*args, **kwargs)[source]

HTTP param for threat.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpTrafficHeader(*args, **kwargs)[source]

HTTP header for traffic.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpTrafficParam(*args, **kwargs)[source]

HTTP param for traffic.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpTunnelHeader(*args, **kwargs)[source]

HTTP header for tunnel.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpTunnelParam(*args, **kwargs)[source]

HTTP param for tunnel.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpUrlHeader(*args, **kwargs)[source]

HTTP header for URL.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpUrlParam(*args, **kwargs)[source]

HTTP param for URL.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpUserIdHeader(*args, **kwargs)[source]

HTTP header for user-ID.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpUserIdParam(*args, **kwargs)[source]

HTTP param for user-ID.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.HttpWildfireHeader(*args, **kwargs)[source]

HTTP header for WildFire.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The header name
  • value (str) – The header value
class panos.device.HttpWildfireParam(*args, **kwargs)[source]

HTTP param for WildFire.

Note: This is valid for PAN-OS 8.0+

Parameters:
  • name (str) – The param name
  • value (str) – The param value
class panos.device.NTPServer(*args, **kwargs)[source]

A primary or secondary NTP server

This is an abstract base class, do not instantiate it.

Parameters:address (str) – The IP address of the NTP server
classmethod variables()[source]

Defines the variables that exist in this object. Override in each subclass.

class panos.device.NTPServerPrimary(*args, **kwargs)[source]

A primary NTP server

Add to a panos.device.SystemSettings object

Parameters:address (str) – IP address or hostname of NTP server
class panos.device.NTPServerSecondary(*args, **kwargs)[source]

A secondary NTP server

Add to a panos.device.SystemSettings object

Parameters:address (str) – IP address or hostname of NTP server
class panos.device.PasswordProfile(*args, **kwargs)[source]

Password profile object

Parameters:
  • name (str) – Password profile name
  • expiration (int) – Number of days until the password expires
  • warning (int) – Number of days warning before password expires
  • login_count (int) – Post expiration admin login count
  • grace_period (int) – Post expiration grace period
class panos.device.SnmpServerProfile(*args, **kwargs)[source]

SNMP server profile.

Parameters:
  • name (str) – The name
  • version (str) – SNMP version. Valid values are v2c (default) or v3.
class panos.device.SnmpV2cServer(*args, **kwargs)[source]

SNMP V2C server in a server.

Parameters:
  • name (str) – The name
  • manager (str) – IP address or FQDN of SNMP manager to use
  • community (str) – SNMP community
class panos.device.SnmpV3Server(*args, **kwargs)[source]

SNMP V3 server.

Parameters:
  • name (str) – The name
  • manager (str) – IP address or FQDN of SNMP manager to use
  • user (str) – User
  • engine_id (str) – A hex number
  • auth_password (str) – Authentication protocol password
  • priv_password (str) – Privacy protocol password
class panos.device.SyslogServer(*args, **kwargs)[source]

A single syslog server in a syslog server profile.

Parameters:
  • name (str) – The name
  • server (str) – IP address or FQDN of the syslog server
  • transport (str) – Syslog transport. Valid values are UDP (default), TCP, or SSL.
  • port (int) – Syslog port number.
  • format (str) – Format of the syslog message. Valid values are BSD (default) or IETF.
  • facility (str) – Syslog facility. Valid values are LOG_USER (default), or LOG_LOCAL0 through LOG_LOCAL7.
class panos.device.SyslogServerProfile(*args, **kwargs)[source]

A syslog server profile.

Parameters:
  • name (str) – The name
  • config (str) – Custom config log format
  • system (str) – Custom system log format
  • threat (str) – Custom threat log format
  • traffic (str) – Custom traffic log format
  • hip_match (str) – Custom HIP match log format
  • url (str) – (PAN-OS 8.0+) Custom URL log format
  • data (str) – (PAN-OS 8.0+) Custom data log format
  • wildfire (str) – (PAN-OS 8.0+) Custom WildFire log format
  • tunnel (str) – (PAN-OS 8.0+) Custom tunnel log format
  • user_id (str) – (PAN-OS 8.0+) Custom user-ID log format
  • gtp (str) – (PAN-OS 8.0+) Custom GTP log format
  • auth (str) – (PAN-OS 8.0+) Custom authentication log format
  • sctp (str) – (PAN-OS 8.1+) Custom SCTP log format
  • iptag (str) – (PAN-OS 9.0+) Custom Iptag log format
  • escaped_characters (str) – Characters to be escaped
  • escape_character (str) – Escape character
class panos.device.SystemSettings(*args, **kwargs)[source]

Firewall or Panorama device system settings

Add only one of these to a parent object.

If you want to configure DHCP on the management interface, you should specify settings for dhcp_send_hostname and dhcp_send_client_id.

Parameters:
  • hostname (str) – The hostname of the device
  • domain (str) – The domain of the device
  • ip_address (str) – Management interface IP address
  • netmask (str) – Management interface netmask
  • default_gateway (str) – Management interface default gateway
  • ipv6_address (str) – Management interface IPv6 address
  • ipv6_default_gateway (str) – Management interface IPv6 default gateway
  • dns_primary (str) – Primary DNS server IP address
  • dns_secondary (str) – Secondary DNS server IP address
  • timezone (str) – Device timezone
  • panorama (str) – IP address of primary Panorama
  • panorama2 (str) – IP address of secondary Panorama
  • login_banner (str) – Login banner text
  • update_server (str) – IP or hostname of the update server
  • verify_update_server (bool) – Verify the update server identity
  • dhcp_send_hostname (bool) – (DHCP Mngt) Send Hostname
  • dhcp_send_client_id (bool) – (DHCP Mngt) Send Client ID
  • accept_dhcp_hostname (bool) – (DHCP Mngt) Accept DHCP hostname
  • accept_dhcp_domain (bool) – (DHCP Mngt) Accept DHCP domain name
class panos.device.Telemetry(*args, **kwargs)[source]

Share telemetry data with Palo Alto Networks.

Join other Palo Alto Networks customers in a global sharing community, helping to raise the bar against the latest attack techniques. Your participation allows us to deliver new threat prevention controls across the attack lifecycle. Choose the type of data you share across applications, threat intelligence, and device health information to improve the fidelity of the protections we deliver. This is an opt-in feature controlled with granular policy, and we encourage you to join the community.

Add only one of these to a firewall.

Parameters:
  • app_reports (bool) – Application reports
  • threat_reports (bool) – Threat preventioin reports
  • url_reports (bool) – URL reports
  • file_type_reports (bool) – File type identification reports
  • threat_data (bool) – Threat prevention data
  • threat_pcaps (bool) – Enable sending packet captures with threat prevention information. This requires that “threat_data” also be enabled.
  • product_usage_stats (bool) – Health and performance reports
  • passive_dns_monitoring (bool) – Passive DNS monitoring
class panos.device.Vsys(*args, **kwargs)[source]

Virtual System (VSYS)

You can interact with virtual systems in two different ways:

Method 1. Use a panos.firewall.Firewall object with the ‘vsys’ variable set to a vsys identifier (eg. ‘vsys2’). In this case, you don’t need to use this Vsys class. Add other PanObject instances (like panos.objects.AddressObject) to the Firewall instance

Method 2. Add an instance of this Vsys class to a panos.firewall.Firewall object. It is best practice to set the Firewall instance’s ‘shared’ variable to True when using this method. Add other PanObject instances (like panos.objects.AddressObject) to the Vsys instance.

Parameters:
  • name (str) – Vsys identifier (eg. ‘vsys1’, ‘vsys5’, etc)
  • display_name (str) – Friendly name of the vsys
  • interface (list) – A list of strings with names of interfaces or a list of panos.network.Interface objects
  • vlans (list) – A list of strings of VLANs
  • virtual_wires (list) – A list of strings of virtual wires
  • virtual_routers (list) – A list of strings of virtual routers
  • visible_vsys (list) – A list of strings of the vsys visible
  • dns_proxy (str) – DNS Proxy server
  • decrypt_forwarding (bool) – Allow forwarding of decrypted content
vsys

Return the vsys for this object

Traverses the tree to determine the vsys from a panos.firewall.Firewall or panos.device.Vsys instance somewhere before this node in the tree.

Returns:The vsys id (eg. vsys2)
Return type:str
class panos.device.VsysResources(*args, **kwargs)[source]

Resource constraints for a Vsys

Parameters:
  • max_security_rules (int) – Maximum security rules
  • max_nat_rules (int) – Maximum nat rules
  • max_ssl_decryption_rules (int) – Maximum ssl decryption rules
  • max_qos_rules (int) – Maximum QOS rules
  • max_application_override_rules (int) – Maximum application override rules
  • max_pbf_rules (int) – Maximum policy based forwarding rules
  • max_cp_rules (int) – Maximum captive portal rules
  • max_dos_rules (int) – Maximum DOS rules
  • max_site_to_site_vpn_tunnels (int) – Maximum site-to-site VPN tunnels
  • max_concurrent_ssl_vpn_tunnels (int) – Maximum ssl VPN tunnels
  • max_sessions (int) – Maximum sessions