Skip to content

type=diff

Jump to bottom
Sven Waschkut edited this page Mar 21, 2023 · 3 revisions

pan-os-php type=diff file1=original.xml file2=changed.xml

the diff utility is available for a long time, and can also produce pan-os set commands to implement the changes from your offline config files to your production.

1. compare full config

pan-os-php type=diff file1=original.xml file2=changed.xml outputformatset=setcommands.txt

2. compare running and candidate config via PAN-OS XML API

pan-os-php type=diff in=api://MGMT-IP

3. compare specific xPATH:

pan-os-php type=diff file1=original.xml file2=changed.xml "filter=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='DG-name']/pre-rules"

4. compare two DeviceGroups from same file:

pan-os-php type=diff file1=diff.xml "filter=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='$$name$$']/pre-rules" name1=testDG name2=testDG1

5. combine include / exclude and multiple other parts into a JSON file

what is new: pan-os-php type=diff file1=orig.xml file2=new.xml filter=file.json

The filter JSON extension is to better control XML file comparement and accept defined xPath if they are newly added or removed.

the JSON file to filter on the diff output was extended with:

  • move - define two entries: - if fromxpath and toxpath is identical no DIFF output
    • from - from xpath moved to:
    • to - destination xpath
  • added
  • deleted

previously available

  • include - to only include a specific xPath for diff output
  • exclude - to exclude one or more xPath for diff check

JSON file syntax: check output of: pan-os-php type=diff help

{

"include": [
    "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/address",
    "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/tag",
    "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/service",
    "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/address-group"
],
"exclude": [
	"/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/service-group",
	"/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='$$name$$']/address"
],
"move": [
    {
        "from": "/template/config/shared/ssl-decrypt",
        "to": "/template/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ssl-decrypt"
    }
],
"added": [
	"/template/config/devices/entry[@name='localhost.localdomain']/network/routing-profile"
],
"deleted": [
	"/template/config/shared/response-page"
]

}

Clone this wiki locally