This is a parser for Zone-Based firewall configurations generated by Cisco vManage (Catalyst SD-WAN Manager).
Parser can lookup for objects like zone-pair, policy-map, class-maps, access-lists and object-groups based on input parameters like Source VPN number, Destination VPN number, Source IP address or FQDN, Destination IP address or FQDN.
FQDN objects must have dots escaped, e.g. enk37\.cisco\.com.
Usage example:
$ python3 ./sdwan_zbfw_parser.py ios.cfg 30 0 10.10.37.31 software\.cisco\.com
### Zone-pair: ZP_VPN1_VPN0_BE__-805553288
### Policy-name: BE_FW_VPN1_VPN0_V17_9
### All matching src group-objects: {'network': ['BE_FW_VPN1_VPN0_V17_9-SUP_RPR--INET_2-nw-src_'], 'fqdn': []}
### All matching dst group-objects: {'network': [], 'fqdn': ['BE_H_EXT_L_4']}
### All matching access lists: ['BE_FW_VPN1_VPN0_V17_9-seq-SUP_ARP--INET_2-acl_']
### Relevant class-maps:
BE_FW_VPN1_VPN0_V17_9-seq-31-cm_