v2.1.10

UTIL:

• type=address | introduce actions=move-wildcard2network

BUGFIX:

• type=custom-url-category-merger | bugfix to merge correctly objects in DG hierarchy - add reason for exportcsv=file.html
• type=custom-url-category-merger | introduce argument allowaddingmissingobjects
• type=playbook | adjustment to fit to PHP version 8.1.x

v2.1.9

UTIL:

• type=key-manager - extend support for new connection method "in=sase-api://"
• type=address/service/rule/tag/schedule | enable support for actions=display with method "in=sase-api://"
• type=rule | introduce 'filter=(group-tag is.regex /VALUE/)'
• type=tag-merger | extend output why it can not be merged
• different object classes | introduction of sase-api connection - update / separation between XML API and SaseAPI
• type=address-/addressgroup-/service-/servicegroup-/tag-merger | extend with in=sase-api:// support
• in=sase-api:// - Strate Cloud Manager | extend reading objects based on type=
• type=rule | actions=display/exporttoexcel - extend additional argument ResolveAddressSummary with name/ip value from nested members
• type=xml-issue | extend check with secRule category field for ANY + other category configured
• type=custom-url-catgory-merger | introduction of new merger utility
• type=XYZ | actions=exporttoexcel:file.html - introduce ID field
• type=addressgroup-merger exportcsv=file.html | extend skipped information with reason column

BUGFIX:

• class Zone.php | bugfix to create XML node "zone" if not yet available during creating of a new Zone
• type=address-merger | bugfix if overwritten object has not same value
• type=vendor-migration | bugfix for wildcard 0.0.0.0 - do not replace leading 0
• type=tag in=sase-api:// | bugfix to handle tag color information correctly
• type=address actions=move:DGNAME | bugfix if same object name is available on upperlevel
• type=rule actions=exporttoexcel:FILE.html,resolveAddresssummary | bugfix correction of 0.0.0.0/24 to 0.0.0.0/0
• type=address | bugfix for dynamic address-groups which are using address objects with tag filter from upper level
• type=rule-compare | bugfix for correct address-group member IP resolution calculation based on rule DG membership
• type=addressgroup-merger | bugfix to NOT replace a member with same name as the AddressGroup

GENERAL:

• develop - start sase.php _ first version to use sase-api
• develop sase.php | check also post rulebase
• introduce a new connection method "in=sase-api://"
• general | introduce argument shadow-saseapiqa for in=sase-api://

v2.1.8

UTIL:

• type=addressgroup-/servicegroup-merger - add additional output reason if groups can not be merged
• type=userid-mgr | correct usage of objectsLocation variable
• type=rule ruletype=nat | introduce 'actions=SNAT-set-interface:INTERFACE-NAME'
• type=dhcp | introduce 'actions=dhcp-server-reservation-create:IP,mac'
• type=service actions=name-charachter-replace:SEARCH,REPLACE - new default REPLACE value is ''
• type=service 'filter=(name regex /ARGUMENTS/) - introduce variables same way as type=address 'filter=(name regex //)- 'possible variables to bring in as argument: $$current.name$$ / $$protocol$$ / $$destinationport$$ / $$soruceport$$ / $$timeout$$'
• type=service | introduce actions=timeout-halfclose-set/timeout-timewait-set & filter=(timeout-halfclose is.set/timeout-timewait is.set / timeout-halfclose.value <>=! / timeout-timewait.value >,<,=,!
• type=address | introduce 'filter=(value netmask.blank32)'

BUGFIX:

• type=appid-toolbox | bugfix for none declared variable php 8.1
• type=rule | bugfix 'filter=(dst has.recursive.from.query subquer1)' - adjust behaviour as for 'src has.recursive.from.query'
• type=address actions=move:shared | bugfix - add validation if address object has tag, that this tag must be available at target DeviceGroup
• type=vendor-migration vendor=ciscoasa - bugfix if staticroute destination is using wildcard netmask
• type=rule ruletype=nat 'actions=snat-set-interface:ethernet1$$2' | bugfix to change config also in offline config mode
• type=application 'actions=move:DGname' | bugfix if XMLnode for TargetDG is not yet available
• type=software-remove - bugfix - skip wildfire remove - fix for PHP 8.1

GENERAL:

• develop f5_bigip.php | improvement - PANOS do not support ServiceGroup description
• general | dynamic content update to version 8721-8111

v2.1.7

UTIL:

• type=xml-issue | extend for duplicate search on readonly device-group

BUGFIX:

• type=address-/service-merger | bugfix if two childDGs are having same object name and value - but somewhere in parentDG hierarchy below the target location DG planned for creating merged object - object with different value is available
• type=tag-merger | bugfix to exclude only these tag with different value (different color) - and merge with same value

v2.1.6

UTIL:

• type=rule-compare | improve output to also fit for argument 'shadow-json'
• class Address/ServiceCommon | improve text output for type=address-/service-merger
• type=upload | extend to copy XML node from argument in= to argument out= - first version focus on Device-Group

BUGFIX:

• type=service-merger | bugfix for merging objects which are overwritten but with different protocol
• type=address/service-merger | bugfix - extend validation if objects can be merged
• class PanoramaConf | bugfix for type=device actions=devicegroup-create:NAME,parent - parentDG was not set correctly
• type=address/service actions=move:DG | bugfix - add additional validation for move to upper/lower level DG - if another object with same name will change behaviour
• f5_bigIP | bugfix for ServiceGroup which can not handle Description based on PAN-OS
• type=addressgroup-/servicegroup-merger | bugfix - extend validation to not merge/move objects if not same members
• type=xml-issue | bugfix - wrong XML node variable used for application Node deletion

GENERAL:

• dynamic content updated to version: 8713-8071

v2.1.5

UTIL:

• develop utility | introduce rule_compare_src_dst_srv_summary
• type=device | introduce actions=template-clone:NEWtemplateNAME 'filter=(name eq OLDtemplateNAME'
• type=rule actions=exporttoexcel:file.html,ResolveAddressSummary | extend with resolveValue field
• class RulewithUserID - read user information always as lower case - no case sensitive needed
• type=rule-merger | argument additionalmatch - change supported argument from 'logprof' to 'logsetting'
• type=address 'filter=(object is.region)' - extend display with custom region value information
• type=rule-compare | introduce new utility - to compare rule SRC/DST/SRV of two files

BUGFIX:

• type=address | bugfix for filter=(value string.XYZ ) if Object of type Region is hit
• type=rule-merger | bugfix if panoramapostrules and no rule are set for exportcsv
• class UrlCategoryRuleContainer | bugfix for PHP 8.1 - variable not set
• type=address-merger | picketObject from upperlevel of type TMP is not possible - to not merge
• general - different classes - reordering reading of region objects - as these are taking precedence compare to address-group and address
• type=service-merger | bugfix to not delete object if merge is not possible - rare condition related to object overwritten at lower level
• type=address-/service-merger | bugfix to NOT replace an overwritten object with different value with an object from upper level

GENERAL:

• extend resources folder for ip_Protocol and Region IPv4/v6 files

v2.1.4

UTIL:

• type=vendor-migration | improve output if arguments are missing

BUGFIX:

• type=vendor-migration vendor=ciscoasa | fix to avoid none object to read isGroup()
• type=vendor-migration vendor=ciscoasa | bugfix for creating service - to not add e.g. tacacs as service port

GENERAL:

• update dynamic content to Device App-ID version: 8708-8036
• improvements for PHP8.2 - deprecated variable declaration | function utf8_encode()

v2.1.3

• type=rule ruletype=nat | introduce 'filter=(natruletype is XYZ)' - 'ipv4', 'nat64', 'nptv6'
• type=rule ruletype=nat | introduce 'filter=(snatinterface is.set)'
• type=rule ruletype=nat 'actions=exporttoexcel:test-export-service.html' | introduce nat_rule_type
• type=rule ruletype=nat | actions=display - introduce dnattype, dnatdistribution
• type=rule ruletype=nat | introduce 'filter=( dnattype is.dynamic ) | (dnattype is.static) | (dnatport eq SERIVCEport) | (dnatdistribution is.round-robin / is.source-ip-hash / is.ip-modulo / is.ip-hash / is.least-session)
• type=rule actions=exporttoexcel:file.html | extend with dnat_type, dnat_port, dnat_distribution field
• type=rule ruletype=nat | introduce 'filter=(dnatport is.set)' - improvements to handle dnat fields
• type=gcp | improve helper tool for specific mgmtsvc tenant
• type=rule ruletype=nat actions=exporttoexcel:file.html | extend NAT rule information with dst_interface and snat_interface
• type=rule actions=exporttoexcel:file.html - rename column 'type' to 'rule_type'

BUGFIX:

• type=rule ruletype=nat 'actions=exporttoexcel:test-export-service.html,ResolveServiceSummary' | bugfix for service count
• type=rule ruletype=nat | bugfix for 'filter=(dnatport eq 22)' - (dnatport has xxx) delete as missleading information

GENERAL:

• remove alias | pa_migraiton-parser, pa_appidtoolbox-* - as now covered with alias 'pan-os-php type='
• update utility information about actions / filter

v2.1.2

UTIL:

• type=rule-merger | introduce additionalmatch=logprof - to also check that only rules with same logging profile are merged
• type=device | introduce 'filter=(devicegroup with-no-serial)'
• type=gcp | introduce actions=offboard | extend authentication with automatically open Google Chrome
• type=appid-toolbox | introduction of new type | integrate appid migration run directly by using pan-os-php alias
• type=xpath | change all filter argument to start with "filter-"
• type=appid-toolbox | introduce additional arguments to better use in bash autocompletion script |p1-marker|p2-generator|p3-cloner|p5-activation|p6-cleaner
• type=rule ruletype=nat | introduce new 'filter=(snatinterface has.regex /VALUE/)'

BUGFIX:

• Dockerfiles | update
• type=device | fix object count for utilities
• type=vendor-migration vendor=ciscoasa | bugfix during original config storing
• class CONVERTER.php | bugfix for bidirNAT adjustment

GENERAL:

• class ServiceStore | loop detection - reduce mwarning output to a single finding per $groupName
• update bash_autocompletion/pan-os-php.sh
• introduce develop script cyclePanroama_ssh.php
• bash_autocompletion | class MAXMIND | class SSH_CONNECTOR - small adjustments
• develop start sonicwall.php EXP exported config migration

v2.1.0

UTIL:

• type=vendor-migration | introduce 3rd party Firewall configuration migration to PANOS XML config file
• type=vendor-migration | vendor=stonesoft - extend validation output
• type=register-ip | extend usage for Panorama registered-ip
• type=rule | actions=exporttoexcel - extend help information for applicationsee and hitcount
• type=xpath | introduce argument display-xmlLineNo

BUGFIX:

• class Snippet | bugfix add DataFilteringProfileStore
• type=address-merger | avoid error out on not yet supported classes Ethernet/TunnelInterface
• class Tag.php | bugfix for PHP 7

GENERAL:

• dockerfile update to ubuntu22 and php8.1
• general | introduce argument 'shadow-displayxmlnode'
• general | extend utilities for Fawkes/Buckbeak Snippets
• remove backtrace from mwarning - mostly related to Fawkes/Buckbeak Snippet config