Network Configuration Objects

Overview

This section covers the configuration of network features provided by the Palo Alto Networks Strata Cloud Manager SDK. Each configuration object corresponds to a resource in the Strata Cloud Manager and provides methods for CRUD (Create, Read, Update, Delete) operations.

Available Network Objects

Network Interfaces

Aggregate Interfaces - Configure aggregate (bonded) ethernet interfaces with LACP
Ethernet Interfaces - Configure physical ethernet interfaces (Layer 2, Layer 3, TAP modes)
Layer2 Subinterfaces - Configure Layer 2 VLAN subinterfaces
Layer3 Subinterfaces - Configure Layer 3 VLAN subinterfaces with IP addressing
Loopback Interfaces - Configure loopback interfaces for management and services
Tunnel Interfaces - Configure tunnel interfaces for VPN connections
VLAN Interfaces - Configure VLAN interfaces for inter-VLAN routing

VPN Configuration

IKE Crypto Profiles - Configure Internet Key Exchange crypto profiles for VPN tunnels
IKE Gateways - Configure Internet Key Exchange gateways for VPN tunnel endpoints
IPsec Crypto Profiles - Configure IPsec crypto profiles for VPN tunnels
IPsec Tunnels - Configure IPsec tunnels for encrypted site-to-site VPN connectivity

Other Network Objects

DHCP Interfaces - Configure DHCP server and relay on firewall interfaces
DNS Proxies - Configure DNS proxy services with domain-specific rules and caching
Interface Management Profiles - Configure management service access on interfaces
NAT Rules - Configure Network Address Translation rules for traffic handling
PBF Rules - Configure Policy-Based Forwarding rules for traffic routing overrides
QoS Profiles - Configure Quality of Service profiles for bandwidth management
QoS Rules - Configure QoS policy rules for traffic classification and prioritization
Security Zones - Configure Security Zones for network segmentation
Zone Protection Profiles - Configure zone-level protection against floods, scans, and packet-based attacks

Routing Configuration

Logical Router - Configure logical routers with VRF, BGP, OSPF, ECMP, and static routes

Routing Profiles

BGP Address Family Profile - Configure BGP address family settings for peer groups
BGP Auth Profile - Configure BGP MD5 authentication profiles
BGP Filtering Profile - Configure BGP filtering profiles for route filtering
BGP Redistribution Profile - Configure BGP route redistribution between protocols
BGP Route Map - Configure BGP route maps for import/export policy control
BGP Route Map Redistribution - Configure BGP route map redistribution with protocol crossover patterns
OSPF Auth Profile - Configure OSPF authentication profiles
Route Access List - Configure route access lists for route filtering
Route Prefix List - Configure route prefix lists for prefix-based filtering

Common Features

All network configuration objects provide standard operations:

Create new network configurations
Read existing network objects
Update network properties
Delete network objects
List and filter network objects with pagination support

The network objects also enforce:

Container validation (folder/device/snippet)
Data validation with detailed error messages
Consistent API patterns across all network object types

Usage Example

from scm.client import ScmClient

# Initialize client
client = ScmClient(
   client_id="your_client_id",
   client_secret="your_client_secret",
   tsg_id="your_tsg_id"
)

# Create a NAT rule
client.nat_rule.create({
   "name": "outbound-nat",
   "nat_type": "ipv4",
   "source": ["10.0.0.0/24"],
   "destination": ["any"],
   "service": "any",
   "source_translation": {
      "dynamic_ip_and_port": {
         "type": "dynamic_ip_and_port",
         "translated_address": ["192.168.1.100"]
      }
   },
   "folder": "NAT Rules"
})

# List NAT rules
nat_rules = client.nat_rule.list(folder="NAT Rules")

# Print the results
for rule in nat_rules:
   print(f"NAT Rule: {rule.name}, Type: {rule.nat_type}")

Select an object from the list above to view detailed documentation, including methods, parameters, and examples.