PAN-OS create or edit policy
This playbook will automate the process of creating or editing a policy. The first task in the playbook checks if there is a security policy that matches the playbook inputs. If there is no security policy that matches, a new policy will be created. If there is a security policy that matches, the user will be able to modify the existing policy or create a new hardened policy.
Change Management · 19 tasks · 17 inputs · 0 outputs
Inputs
Destination—Source—Protocol— The IP protocol numberAction— Action for the rule (allow, deny, drop)Application— A comma-separated list of application object names for the rule to create.Destination_zone— A comma-separated list of destination zones.Log_forwarding— Log forwarding profile.Profile_setting— A profile setting group.Rulename— Name of the rule to create.Service— A comma-separated list of service object names for the rule.Source_zone— A comma-separated list of source zones.Email— The email of the network/security team.Rule_position— Pre rule or Post rule (Panorama instances). Possible options: - post-rulebase - pre-rulebaseDestination_port—Target— Target number of the firewall. Use only for a Panorama instance.Vsys— Target vsys of the firewall. Use only for a Panorama instance.Limit— Maximum number of API requests that the PanoramaSecurityPolicyMatchWrapper script will send. The default is 500.
Commands used
pan-os-create-rule
setIncident