NAME

Device::Firewall::PaloAlto::Test - Test module for Palo Alto firewalls

VERSION

version 0.1.8

SYNOPSIS

use Test::More;
my $test = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin')->auth->test;
ok( $test->interfaces(['ethernet1/1', 'ethernet1/2']), 'Interfaces are up' );

# Test whether a flow would pass through the firewall
my $result = $fw->test->rulebase(
    from => 'Trust',
    to => 'Untrust',
    source => '192.0.2.1',
    to => '203.0.113.0',
    destination-p

DESCRIPTION

This module holds methods that perform tests on the current state of the firewall.

METHODS

new

The new() method can be used, but in general it's easier to call the test() method from the Device::Firewall::PaloAlto module.

# Can use it in this manner
my $fw = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin');
$fw->auth or croak "Could not authenticate to the firewall";
my $test = Device::Firewall::PaloAlto::Test->new($fw);

# Generally better to use it in this manner
my $test = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin')->auth->test or croak "Could not create test module";

interfaces

Takes a list of interface names and returns true if all interfaces are up, or false if any interfaces are down.

Returns false if the operation to retreive the interfaces fails.

ok( $fw->test->interfaces('ethernet1/1'), 'Internet interface' );

arp

Takes a list of IP address and returns true if all of them have entries in the ARP table. Returns false if any IP does not have and entry.

ARP entries are considered valid if their state is 'static' or 'complete'.

sec_policy

This function takes arguments related to a traffic flow through the firewall and determines the action the security rulebase would have taken on the flow.

It returns a Device::Firewall::PaloAlto::Test::SecPolicy object.

my $result = $fw->test->sec_policy {
    from => 'Trust',
    to => 'Untrust',
    src_ip => '192.0.2.1',
    dst_ip => '203.0.113.1',
    protocol => 6,
    dst_port => 443,
    app => 'any',
    category => 'any',
    user => 'test\test_user'
);

nat_policy

This function takes arguments related to a traffic flow through the firewall and determines the action the NAT rulebase would have taken on the flow.

It returns a Device::Firewall::PaloAlto::Test::NATPolicy object.

my $result = $fw->test->nat_policy(
    from => 'Trust',
    to => 'Untrust',
    src_ip => '192.0.2.1',
    dst_ip => '203.0.113.1',
    src_port => 40514,
    dst_port => 443,
    protocol => 6,
    egress_interface => 'ethernet1/1'
);

AUTHOR

Greg Foletta <greg@foletta.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2019 by Greg Foletta.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.