NAME
Device::Firewall::PaloAlto::Test - Test module for Palo Alto firewalls
VERSION
version 0.1.8
SYNOPSIS
use Test::More;
my $test = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin')->auth->test;
ok( $test->interfaces(['ethernet1/1', 'ethernet1/2']), 'Interfaces are up' );
# Test whether a flow would pass through the firewall
my $result = $fw->test->rulebase(
from => 'Trust',
to => 'Untrust',
source => '192.0.2.1',
to => '203.0.113.0',
destination-p
DESCRIPTION
This module holds methods that perform tests on the current state of the firewall.
METHODS
new
The new()
method can be used, but in general it's easier to call the test()
method from the Device::Firewall::PaloAlto module.
# Can use it in this manner
my $fw = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin');
$fw->auth or croak "Could not authenticate to the firewall";
my $test = Device::Firewall::PaloAlto::Test->new($fw);
# Generally better to use it in this manner
my $test = Device::Firewall::PaloAlto->new(username => 'admin', password => 'admin')->auth->test or croak "Could not create test module";
interfaces
Takes a list of interface names and returns true if all interfaces are up, or false if any interfaces are down.
Returns false if the operation to retreive the interfaces fails.
ok( $fw->test->interfaces('ethernet1/1'), 'Internet interface' );
arp
Takes a list of IP address and returns true if all of them have entries in the ARP table. Returns false if any IP does not have and entry.
ARP entries are considered valid if their state is 'static' or 'complete'.
sec_policy
This function takes arguments related to a traffic flow through the firewall and determines the action the security rulebase would have taken on the flow.
It returns a Device::Firewall::PaloAlto::Test::SecPolicy object.
my $result = $fw->test->sec_policy {
from => 'Trust',
to => 'Untrust',
src_ip => '192.0.2.1',
dst_ip => '203.0.113.1',
protocol => 6,
dst_port => 443,
app => 'any',
category => 'any',
user => 'test\test_user'
);
nat_policy
This function takes arguments related to a traffic flow through the firewall and determines the action the NAT rulebase would have taken on the flow.
It returns a Device::Firewall::PaloAlto::Test::NATPolicy object.
my $result = $fw->test->nat_policy(
from => 'Trust',
to => 'Untrust',
src_ip => '192.0.2.1',
dst_ip => '203.0.113.1',
src_port => 40514,
dst_port => 443,
protocol => 6,
egress_interface => 'ethernet1/1'
);
AUTHOR
Greg Foletta <greg@foletta.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2019 by Greg Foletta.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.