decryption

package

v0.10.2 Latest Latest Go to latest Published: Feb 16, 2023 License: ISC Imports: 7 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/PaloAltoNetworks/pango

Links

Open Source Insights

Documentation ¶

Overview ¶

Package decryption is the client.Policies.Decryption namespace.

Normalized object: Entry

Index ¶

Constants
func RulesMatch(a, b Entry) bool
type Entry
- func (o *Entry) Copy(s Entry)
- func (o Entry) Specify(v version.Number) (string, interface{})
type Firewall
- func FirewallNamespace(client util.XapiClient) *Firewall
type Panorama
- func PanoramaNamespace(client util.XapiClient) *Panorama

Constants ¶

View Source

const (
	ActionNoDecrypt         = "no-decrypt"
	ActionDecrypt           = "decrypt"
	ActionDecryptAndForward = "decrypt-and-forward"
)

Valid Action values.

Decrypt and forward is PAN-OS 8.1+.

View Source

const (
	DecryptionTypeSslForwardProxy      = "ssl-forward-proxy"
	DecryptionTypeSshProxy             = "ssh-proxy"
	DecryptionTypeSslInboundInspection = "ssl-inbound-inspection"
)

Valid DecryptionType values.

Variables ¶

This section is empty.

Functions ¶

func RulesMatch ¶

func RulesMatch(a, b Entry) bool

Types ¶

type Entry ¶

type Entry struct {
	Name                       string
	Description                string
	SourceZones                []string // unordered
	SourceAddresses            []string // unordered
	NegateSource               bool
	SourceUsers                []string // unordered
	DestinationZones           []string // unordered
	DestinationAddresses       []string // unordered
	NegateDestination          bool
	Tags                       []string // ordered
	Disabled                   bool
	Services                   []string // unordered
	UrlCategories              []string
	Action                     string
	DecryptionType             string
	SslCertificate             string
	DecryptionProfile          string
	Targets                    map[string][]string
	NegateTarget               bool
	ForwardingProfile          string   // PAN-OS 8.1+
	Uuid                       string   // PAN-OS 9.0+
	GroupTag                   string   // PAN-OS 9.0+
	SourceHips                 []string // PAN-OS 10.0+
	DestinationHips            []string // PAN-OS 10.0+
	LogSuccessfulTlsHandshakes bool     // PAN-OS 10.0+
	LogFailedTlsHandshakes     bool     // PAN-OS 10.0+
	LogSetting                 string   // PAN-OS 10.0+
	SslCertificates            []string // PAN-OS 10.2+, unordered
}

Entry is a normalized, version independent representation of a decryption rule.

Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).

func (*Entry) Copy ¶

func (o *Entry) Copy(s Entry)

Copy copies the information from source Entry `s` to this object. As the Name and Uuid fields relate to the identify of this object, they are not copied.

func (Entry) Specify ¶

func (o Entry) Specify(v version.Number) (string, interface{})

type Firewall ¶

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall is the client.Policies.PolicyBasedForwarding namespace.

func FirewallNamespace ¶

func FirewallNamespace(client util.XapiClient) *Firewall

FirewallNamespace returns an initialized namespace.

func (*Firewall) AllFromPanosConfig ¶

func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Firewall) AuditCommentHistory ¶

func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Firewall) ConfigureRules ¶

func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Firewall) CurrentAuditComment ¶

func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Firewall) Delete ¶

func (c *Firewall) Delete(vsys string, e ...interface{}) error

Delete performs DELETE to remove the specified objects.

Objects can be either a string or an Entry object.

func (*Firewall) Edit ¶

func (c *Firewall) Edit(vsys string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Firewall) FromPanosConfig ¶

func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Firewall) Get ¶

func (c *Firewall) Get(vsys, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Firewall) GetAll ¶

func (c *Firewall) GetAll(vsys string) ([]Entry, error)

GetAll performs GET to retrieve all objects configured.

func (*Firewall) GetList ¶

func (c *Firewall) GetList(vsys string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Firewall) HitCount ¶

func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)

HitCount gets the rule hit count for the given rules.

If the rules param is nil, then the hit count for all rules is returned.

func (*Firewall) MoveGroup ¶

func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Firewall) Set ¶

func (c *Firewall) Set(vsys string, e ...Entry) error

Set performs SET to configure the specified objects.

func (*Firewall) SetAuditComment ¶

func (c *Firewall) SetAuditComment(vsys, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Firewall) Show ¶

func (c *Firewall) Show(vsys, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Firewall) ShowAll ¶

func (c *Firewall) ShowAll(vsys string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Firewall) ShowList ¶

func (c *Firewall) ShowList(vsys string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

type Panorama ¶

type Panorama struct {
	// contains filtered or unexported fields
}

Panorama is the client.Policies.Security namespace.

The "dg" param in these functions is the device group.

The "base" param in these functions should be one of the rulebase constants in the "util" package.

func PanoramaNamespace ¶

func PanoramaNamespace(client util.XapiClient) *Panorama

PanoramaNamespace returns an initialized namespace.

func (*Panorama) AllFromPanosConfig ¶

func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Panorama) AuditCommentHistory ¶

func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Panorama) ConfigureRules ¶

func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Panorama) CurrentAuditComment ¶

func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Panorama) Delete ¶

func (c *Panorama) Delete(dg, base string, e ...interface{}) error

Delete removes the given objects.

Objects can be a string or an Entry object.

func (*Panorama) Edit ¶

func (c *Panorama) Edit(dg, base string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Panorama) FromPanosConfig ¶

func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Panorama) Get ¶

func (c *Panorama) Get(dg, base, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Panorama) GetAll ¶

func (c *Panorama) GetAll(dg, base string) ([]Entry, error)

GetAll performs GET to retrieve information for all objects.

func (*Panorama) GetList ¶

func (c *Panorama) GetList(dg, base string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Panorama) MoveGroup ¶

func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Panorama) Set ¶

func (c *Panorama) Set(dg, base string, e ...Entry) error

Set performs SET to create / update one or more objects.

func (*Panorama) SetAuditComment ¶

func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Panorama) Show ¶

func (c *Panorama) Show(dg, base, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Panorama) ShowAll ¶

func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Panorama) ShowList ¶

func (c *Panorama) ShowList(dg, base string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL