From f4414df2240406ad45f8c658b372d60b912a8155 Mon Sep 17 00:00:00 2001
From: Migara Ekanayake <2110772+migara@users.noreply.github.com>
Date: Thu, 12 Sep 2024 15:12:30 +0100
Subject: [PATCH 1/4] remove old files

---
 client_test.go                                |  473 ------
 commit/const.go                               |   11 -
 commit/doc.go                                 |    4 -
 commit/fw.go                                  |   79 -
 commit/fw_test.go                             |  153 --
 commit/pano.go                                |  229 ---
 commit/pano_test.go                           |  271 ----
 connect.go                                    |   53 -
 dev/certificate/certs.go                      |   23 -
 dev/certificate/const.go                      |   12 -
 dev/certificate/doc.go                        |   20 -
 dev/certificate/entry.go                      |  174 --
 dev/certificate/funcs.go                      |   88 -
 dev/certificate/fw.go                         |  182 ---
 dev/certificate/fw_test.go                    |   36 -
 dev/certificate/pano.go                       |  212 ---
 dev/certificate/pano_test.go                  |   36 -
 dev/certificate/testdata_test.go              |   59 -
 dev/doc.go                                    |    2 -
 dev/fw.go                                     |   81 -
 dev/general/config.go                         | 1409 -----------------
 dev/general/const.go                          |   18 -
 dev/general/doc.go                            |    4 -
 dev/general/funcs.go                          |   46 -
 dev/general/fw.go                             |   56 -
 dev/general/fw_test.go                        |   36 -
 dev/general/testdata_test.go                  |  234 ---
 dev/ha/config.go                              |  752 ---------
 dev/ha/const.go                               |   51 -
 dev/ha/doc.go                                 |    6 -
 dev/ha/funcs.go                               |   52 -
 dev/ha/fw.go                                  |   60 -
 dev/ha/fw_test.go                             |  134 --
 dev/ha/monitor/link/const.go                  |   12 -
 dev/ha/monitor/link/doc.go                    |    6 -
 dev/ha/monitor/link/entry.go                  |   92 --
 dev/ha/monitor/link/funcs.go                  |   88 -
 dev/ha/monitor/link/fw.go                     |   94 --
 dev/ha/monitor/link/fw_test.go                |   36 -
 dev/ha/monitor/link/testdata_test.go          |   25 -
 dev/ha/monitor/path/const.go                  |   18 -
 dev/ha/monitor/path/doc.go                    |    6 -
 dev/ha/monitor/path/entry.go                  |  157 --
 dev/ha/monitor/path/funcs.go                  |   88 -
 dev/ha/monitor/path/fw.go                     |  104 --
 dev/ha/monitor/path/fw_test.go                |   36 -
 dev/ha/monitor/path/testdata_test.go          |  149 --
 dev/ha/testdata_test.go                       |  255 ---
 dev/localuserdb/group/const.go                |    6 -
 dev/localuserdb/group/doc.go                  |    6 -
 dev/localuserdb/group/entry.go                |   79 -
 dev/localuserdb/group/funcs.go                |   88 -
 dev/localuserdb/group/fw.go                   |  105 --
 dev/localuserdb/group/fw_test.go              |   35 -
 dev/localuserdb/group/pano.go                 |  112 --
 dev/localuserdb/group/pano_test.go            |   35 -
 dev/localuserdb/group/testdata_test.go        |   23 -
 dev/localuserdb/user/const.go                 |    6 -
 dev/localuserdb/user/doc.go                   |    6 -
 dev/localuserdb/user/entry.go                 |   84 -
 dev/localuserdb/user/funcs.go                 |   88 -
 dev/localuserdb/user/fw.go                    |  105 --
 dev/localuserdb/user/fw_test.go               |   35 -
 dev/localuserdb/user/pano.go                  |  112 --
 dev/localuserdb/user/pano_test.go             |   35 -
 dev/localuserdb/user/testdata_test.go         |   26 -
 dev/pano.go                                   |   67 -
 dev/profile/authentication/const.go           |   16 -
 dev/profile/authentication/doc.go             |   14 -
 dev/profile/authentication/entry.go           |  715 ---------
 dev/profile/authentication/funcs.go           |   94 --
 dev/profile/authentication/fw.go              |  108 --
 dev/profile/authentication/fw_test.go         |   36 -
 dev/profile/authentication/pano.go            |  117 --
 dev/profile/authentication/pano_test.go       |   36 -
 dev/profile/authentication/testdata_test.go   |  304 ----
 dev/profile/certificate/const.go              |   25 -
 dev/profile/certificate/doc.go                |   18 -
 dev/profile/certificate/entry.go              |  643 --------
 dev/profile/certificate/funcs.go              |   96 --
 dev/profile/certificate/fw.go                 |  104 --
 dev/profile/certificate/fw_test.go            |   34 -
 dev/profile/certificate/pano.go               |  129 --
 dev/profile/certificate/pano_test.go          |   34 -
 dev/profile/certificate/testdata_test.go      |  335 ----
 dev/profile/email/const.go                    |    6 -
 dev/profile/email/doc.go                      |   16 -
 dev/profile/email/entry.go                    |  639 --------
 dev/profile/email/funcs.go                    |   96 --
 dev/profile/email/fw.go                       |  109 --
 dev/profile/email/fw_test.go                  |   36 -
 dev/profile/email/pano.go                     |  118 --
 dev/profile/email/pano_test.go                |   36 -
 dev/profile/email/testdata_test.go            |  264 ---
 dev/profile/http/const.go                     |   12 -
 dev/profile/http/doc.go                       |   15 -
 dev/profile/http/entry.go                     |  687 --------
 dev/profile/http/funcs.go                     |   94 --
 dev/profile/http/fw.go                        |  109 --
 dev/profile/http/fw_test.go                   |   36 -
 dev/profile/http/pano.go                      |  118 --
 dev/profile/http/pano_test.go                 |   36 -
 dev/profile/http/testdata_test.go             | 1324 ----------------
 dev/profile/kerberos/const.go                 |    6 -
 dev/profile/kerberos/doc.go                   |   16 -
 dev/profile/kerberos/entry.go                 |  149 --
 dev/profile/kerberos/funcs.go                 |   88 -
 dev/profile/kerberos/fw.go                    |  109 --
 dev/profile/kerberos/fw_test.go               |   36 -
 dev/profile/kerberos/pano.go                  |  118 --
 dev/profile/kerberos/pano_test.go             |   36 -
 dev/profile/kerberos/testdata_test.go         |   47 -
 dev/profile/ldap/const.go                     |   13 -
 dev/profile/ldap/doc.go                       |   16 -
 dev/profile/ldap/entry.go                     |  218 ---
 dev/profile/ldap/funcs.go                     |   94 --
 dev/profile/ldap/fw.go                        |  109 --
 dev/profile/ldap/fw_test.go                   |   36 -
 dev/profile/ldap/pano.go                      |  118 --
 dev/profile/ldap/pano_test.go                 |   36 -
 dev/profile/ldap/testdata_test.go             |   56 -
 dev/profile/radius/const.go                   |    6 -
 dev/profile/radius/doc.go                     |   16 -
 dev/profile/radius/entry.go                   |  505 ------
 dev/profile/radius/funcs.go                   |   94 --
 dev/profile/radius/fw.go                      |  109 --
 dev/profile/radius/fw_test.go                 |   36 -
 dev/profile/radius/pano.go                    |  118 --
 dev/profile/radius/pano_test.go               |   36 -
 dev/profile/radius/testdata_test.go           |  155 --
 dev/profile/saml/const.go                     |   11 -
 dev/profile/saml/doc.go                       |   16 -
 dev/profile/saml/entry.go                     |  141 --
 dev/profile/saml/funcs.go                     |   92 --
 dev/profile/saml/fw.go                        |  109 --
 dev/profile/saml/fw_test.go                   |   36 -
 dev/profile/saml/pano.go                      |  118 --
 dev/profile/saml/pano_test.go                 |   36 -
 dev/profile/saml/testdata_test.go             |   55 -
 dev/profile/snmp/const.go                     |   12 -
 dev/profile/snmp/doc.go                       |   15 -
 dev/profile/snmp/entry.go                     |  201 ---
 dev/profile/snmp/funcs.go                     |   88 -
 dev/profile/snmp/fw.go                        |  109 --
 dev/profile/snmp/fw_test.go                   |   36 -
 dev/profile/snmp/pano.go                      |  118 --
 dev/profile/snmp/pano_test.go                 |   36 -
 dev/profile/snmp/testdata_test.go             |   39 -
 dev/profile/ssltls/const.go                   |   13 -
 dev/profile/ssltls/doc.go                     |   16 -
 dev/profile/ssltls/entry.go                   |  282 ----
 dev/profile/ssltls/funcs.go                   |   92 --
 dev/profile/ssltls/fw.go                      |  108 --
 dev/profile/ssltls/fw_test.go                 |   36 -
 dev/profile/ssltls/pano.go                    |  117 --
 dev/profile/ssltls/pano_test.go               |   36 -
 dev/profile/ssltls/testdata_test.go           |   36 -
 dev/profile/syslog/const.go                   |   32 -
 dev/profile/syslog/doc.go                     |   15 -
 dev/profile/syslog/entry.go                   |  657 --------
 dev/profile/syslog/funcs.go                   |   96 --
 dev/profile/syslog/fw.go                      |  109 --
 dev/profile/syslog/fw_test.go                 |   36 -
 dev/profile/syslog/pano.go                    |  118 --
 dev/profile/syslog/pano_test.go               |   36 -
 dev/profile/syslog/testdata_test.go           |  280 ----
 dev/profile/tacplus/const.go                  |    6 -
 dev/profile/tacplus/doc.go                    |   16 -
 dev/profile/tacplus/entry.go                  |  405 -----
 dev/profile/tacplus/funcs.go                  |   94 --
 dev/profile/tacplus/fw.go                     |  109 --
 dev/profile/tacplus/fw_test.go                |   36 -
 dev/profile/tacplus/pano.go                   |  118 --
 dev/profile/tacplus/pano_test.go              |   36 -
 dev/profile/tacplus/testdata_test.go          |  121 --
 dev/ssldecrypt/config.go                      |  181 ---
 dev/ssldecrypt/const.go                       |    5 -
 dev/ssldecrypt/doc.go                         |   10 -
 dev/ssldecrypt/funcs.go                       |   52 -
 dev/ssldecrypt/fw.go                          |  130 --
 dev/ssldecrypt/fw_test.go                     |   36 -
 dev/ssldecrypt/pano.go                        |  140 --
 dev/ssldecrypt/pano_test.go                   |   36 -
 dev/ssldecrypt/testdata_test.go               |   39 -
 dev/telemetry/config.go                       |  109 --
 dev/telemetry/const.go                        |    5 -
 dev/telemetry/doc.go                          |    6 -
 dev/telemetry/funcs.go                        |   40 -
 dev/telemetry/fw.go                           |   69 -
 dev/telemetry/fw_test.go                      |   36 -
 dev/telemetry/orig_fw.no                      |   90 --
 dev/telemetry/testdata_test.go                |   33 -
 dev/vminfosource/const.go                     |   12 -
 dev/vminfosource/doc.go                       |    6 -
 dev/vminfosource/entry.go                     |  544 -------
 dev/vminfosource/funcs.go                     |   92 --
 dev/vminfosource/fw.go                        |  104 --
 dev/vminfosource/fw_test.go                   |  118 --
 dev/vminfosource/pano.go                      |  111 --
 dev/vminfosource/pano_test.go                 |   35 -
 dev/vminfosource/testdata_test.go             |  211 ---
 doc.go                                        |   98 --
 example_addressgroup_test.go                  |  125 --
 example_firewall_commit_test.go               |   78 -
 example_info_test.go                          |   61 -
 example_interface_test.go                     |   52 -
 fw.go                                         |  174 --
 licen/licen.go                                |  158 --
 licen/licen_test.go                           |   74 -
 multiconf.go                                  |   98 --
 multiconf_test.go                             |  169 --
 namespace/common.go                           |  189 ---
 namespace/doc.go                              |    7 -
 namespace/funcs.go                            |   20 -
 namespace/importable.go                       |  181 ---
 namespace/interfaces.go                       |   54 -
 namespace/plugin.go                           |  110 --
 namespace/policy.go                           |  144 --
 namespace/standard.go                         |  315 ----
 netw/dhcp/const.go                            |    6 -
 netw/dhcp/doc.go                              |    6 -
 netw/dhcp/entry.go                            |  191 ---
 netw/dhcp/funcs.go                            |   88 -
 netw/dhcp/fw.go                               |  105 --
 netw/dhcp/fw_test.go                          |   36 -
 netw/dhcp/testdata_test.go                    |   84 -
 netw/doc.go                                   |    7 -
 netw/fw.go                                    |  155 --
 netw/ikegw/const.go                           |   41 -
 netw/ikegw/doc.go                             |    4 -
 netw/ikegw/entry.go                           | 1158 --------------
 netw/ikegw/funcs.go                           |   96 --
 netw/ikegw/fw.go                              |  105 --
 netw/ikegw/fw_test.go                         |   34 -
 netw/ikegw/pano.go                            |  115 --
 netw/ikegw/pano_test.go                       |   34 -
 netw/ikegw/testdata_test.go                   |  643 --------
 netw/interface/aggregate/const.go             |   27 -
 netw/interface/aggregate/doc.go               |    6 -
 netw/interface/aggregate/entry.go             | 1307 ---------------
 netw/interface/aggregate/funcs.go             |   96 --
 netw/interface/aggregate/fw.go                |  105 --
 netw/interface/aggregate/fw_test.go           |   36 -
 netw/interface/aggregate/pano.go              |  115 --
 netw/interface/aggregate/pano_test.go         |   36 -
 netw/interface/aggregate/testdata_test.go     |  422 -----
 netw/interface/arp/const.go                   |   13 -
 netw/interface/arp/doc.go                     |    9 -
 netw/interface/arp/entry.go                   |   81 -
 netw/interface/arp/funcs.go                   |   88 -
 netw/interface/arp/fw.go                      |  135 --
 netw/interface/arp/fw_test.go                 |   34 -
 netw/interface/arp/pano.go                    |  139 --
 netw/interface/arp/pano_test.go               |   34 -
 netw/interface/arp/testdata_test.go           |   35 -
 netw/interface/eth/const.go                   |   17 -
 netw/interface/eth/doc.go                     |   14 -
 netw/interface/eth/entry.go                   | 1392 ----------------
 netw/interface/eth/funcs.go                   |   98 --
 netw/interface/eth/fw.go                      |  105 --
 netw/interface/eth/fw_test.go                 |   43 -
 netw/interface/eth/pano.go                    |  108 --
 netw/interface/eth/pano_test.go               |   43 -
 netw/interface/eth/testdata_test.go           |  406 -----
 netw/interface/ipv6/address/const.go          |   15 -
 netw/interface/ipv6/address/doc.go            |    9 -
 netw/interface/ipv6/address/entry.go          |  143 --
 netw/interface/ipv6/address/funcs.go          |   88 -
 netw/interface/ipv6/address/fw.go             |  141 --
 netw/interface/ipv6/address/fw_test.go        |   37 -
 netw/interface/ipv6/address/pano.go           |  146 --
 netw/interface/ipv6/address/pano_test.go      |   37 -
 netw/interface/ipv6/address/testdata_test.go  |   44 -
 netw/interface/ipv6/neighbor/config.go        |  320 ----
 netw/interface/ipv6/neighbor/const.go         |   19 -
 netw/interface/ipv6/neighbor/doc.go           |   11 -
 netw/interface/ipv6/neighbor/funcs.go         |   52 -
 netw/interface/ipv6/neighbor/fw.go            |  104 --
 netw/interface/ipv6/neighbor/fw_test.go       |   36 -
 netw/interface/ipv6/neighbor/pano.go          |  109 --
 netw/interface/ipv6/neighbor/pano_test.go     |   36 -
 netw/interface/ipv6/neighbor/testdata_test.go |   77 -
 netw/interface/loopback/const.go              |    6 -
 netw/interface/loopback/doc.go                |    4 -
 netw/interface/loopback/entry.go              |  239 ---
 netw/interface/loopback/funcs.go              |   94 --
 netw/interface/loopback/fw.go                 |  106 --
 netw/interface/loopback/fw_test.go            |   43 -
 netw/interface/loopback/pano.go               |  116 --
 netw/interface/loopback/pano_test.go          |   50 -
 netw/interface/loopback/testdata_test.go      |   87 -
 netw/interface/subinterface/layer2/const.go   |   18 -
 netw/interface/subinterface/layer2/doc.go     |    4 -
 netw/interface/subinterface/layer2/entry.go   |   88 -
 netw/interface/subinterface/layer2/funcs.go   |   90 --
 netw/interface/subinterface/layer2/fw.go      |  128 --
 netw/interface/subinterface/layer2/fw_test.go |   43 -
 netw/interface/subinterface/layer2/pano.go    |  135 --
 .../subinterface/layer2/pano_test.go          |   43 -
 .../subinterface/layer2/testdata_test.go      |   25 -
 netw/interface/subinterface/layer3/const.go   |   12 -
 netw/interface/subinterface/layer3/doc.go     |    4 -
 netw/interface/subinterface/layer3/entry.go   |  543 -------
 netw/interface/subinterface/layer3/funcs.go   |   96 --
 netw/interface/subinterface/layer3/fw.go      |  121 --
 netw/interface/subinterface/layer3/fw_test.go |   43 -
 netw/interface/subinterface/layer3/pano.go    |  128 --
 .../subinterface/layer3/pano_test.go          |   43 -
 .../subinterface/layer3/testdata_test.go      |  185 ---
 netw/interface/tunnel/const.go                |    6 -
 netw/interface/tunnel/doc.go                  |    4 -
 netw/interface/tunnel/entry.go                |  138 --
 netw/interface/tunnel/funcs.go                |   90 --
 netw/interface/tunnel/fw.go                   |  106 --
 netw/interface/tunnel/fw_test.go              |   43 -
 netw/interface/tunnel/pano.go                 |  116 --
 netw/interface/tunnel/pano_test.go            |   46 -
 netw/interface/tunnel/testdata_test.go        |   42 -
 netw/interface/vlan/const.go                  |    6 -
 netw/interface/vlan/doc.go                    |    4 -
 netw/interface/vlan/entry.go                  |  326 ----
 netw/interface/vlan/funcs.go                  |   94 --
 netw/interface/vlan/fw.go                     |  106 --
 netw/interface/vlan/fw_test.go                |   43 -
 netw/interface/vlan/pano.go                   |  116 --
 netw/interface/vlan/pano_test.go              |   46 -
 netw/interface/vlan/testdata_test.go          |  101 --
 netw/ipsectunnel/const.go                     |   35 -
 netw/ipsectunnel/doc.go                       |    4 -
 netw/ipsectunnel/entry.go                     | 1086 -------------
 netw/ipsectunnel/funcs.go                     |   94 --
 netw/ipsectunnel/fw.go                        |  105 --
 netw/ipsectunnel/fw_test.go                   |   34 -
 netw/ipsectunnel/pano.go                      |  115 --
 netw/ipsectunnel/pano_test.go                 |   34 -
 netw/ipsectunnel/proxyid/ipv4/const.go        |    6 -
 netw/ipsectunnel/proxyid/ipv4/doc.go          |    6 -
 netw/ipsectunnel/proxyid/ipv4/entry.go        |  143 --
 netw/ipsectunnel/proxyid/ipv4/funcs.go        |   88 -
 netw/ipsectunnel/proxyid/ipv4/fw.go           |  114 --
 netw/ipsectunnel/proxyid/ipv4/fw_test.go      |   33 -
 netw/ipsectunnel/proxyid/ipv4/pano.go         |  121 --
 netw/ipsectunnel/proxyid/ipv4/pano_test.go    |   33 -
 .../ipsectunnel/proxyid/ipv4/testdata_test.go |   37 -
 netw/ipsectunnel/testdata_test.go             |  686 --------
 netw/pano.go                                  |  152 --
 netw/profile/bfd/const.go                     |   12 -
 netw/profile/bfd/doc.go                       |    4 -
 netw/profile/bfd/entry.go                     |  112 --
 netw/profile/bfd/funcs.go                     |   88 -
 netw/profile/bfd/fw.go                        |  105 --
 netw/profile/bfd/fw_test.go                   |   33 -
 netw/profile/bfd/pano.go                      |  115 --
 netw/profile/bfd/pano_test.go                 |   33 -
 netw/profile/bfd/testdata_test.go             |   28 -
 netw/profile/gp/const.go                      |   17 -
 netw/profile/gp/doc.go                        |    4 -
 netw/profile/gp/entry.go                      |   84 -
 netw/profile/gp/funcs.go                      |   88 -
 netw/profile/gp/fw.go                         |  106 --
 netw/profile/gp/fw_test.go                    |   33 -
 netw/profile/gp/pano.go                       |  116 --
 netw/profile/gp/pano_test.go                  |   33 -
 netw/profile/gp/testdata_test.go              |   26 -
 netw/profile/ike/const.go                     |   25 -
 netw/profile/ike/doc.go                       |    4 -
 netw/profile/ike/entry.go                     |  325 ----
 netw/profile/ike/funcs.go                     |   92 --
 netw/profile/ike/fw.go                        |  106 --
 netw/profile/ike/fw_test.go                   |   34 -
 netw/profile/ike/pano.go                      |  116 --
 netw/profile/ike/pano_test.go                 |   34 -
 netw/profile/ike/testdata_test.go             |   82 -
 netw/profile/ipsec/const.go                   |   36 -
 netw/profile/ipsec/doc.go                     |    4 -
 netw/profile/ipsec/entry.go                   |  412 -----
 netw/profile/ipsec/funcs.go                   |   92 --
 netw/profile/ipsec/fw.go                      |  106 --
 netw/profile/ipsec/fw_test.go                 |   34 -
 netw/profile/ipsec/pano.go                    |  116 --
 netw/profile/ipsec/pano_test.go               |   34 -
 netw/profile/ipsec/testdata_test.go           |  111 --
 netw/profile/mngtprof/const.go                |    6 -
 netw/profile/mngtprof/doc.go                  |    4 -
 netw/profile/mngtprof/entry.go                |  139 --
 netw/profile/mngtprof/funcs.go                |   88 -
 netw/profile/mngtprof/fw.go                   |  105 --
 netw/profile/mngtprof/fw_test.go              |   33 -
 netw/profile/mngtprof/pano.go                 |  115 --
 netw/profile/mngtprof/pano_test.go            |   33 -
 netw/profile/mngtprof/testdata_test.go        |   33 -
 netw/profile/monitor/const.go                 |   12 -
 netw/profile/monitor/doc.go                   |    6 -
 netw/profile/monitor/entry.go                 |   88 -
 netw/profile/monitor/funcs.go                 |   88 -
 netw/profile/monitor/fw.go                    |  105 --
 netw/profile/monitor/fw_test.go               |   36 -
 netw/profile/monitor/pano.go                  |  115 --
 netw/profile/monitor/pano_test.go             |   36 -
 netw/profile/monitor/testdata_test.go         |   25 -
 netw/routing/profile/redist/ipv4/const.go     |   29 -
 netw/routing/profile/redist/ipv4/doc.go       |    6 -
 netw/routing/profile/redist/ipv4/entry.go     |  228 ---
 netw/routing/profile/redist/ipv4/funcs.go     |   88 -
 netw/routing/profile/redist/ipv4/fw.go        |  113 --
 netw/routing/profile/redist/ipv4/fw_test.go   |   35 -
 netw/routing/profile/redist/ipv4/pano.go      |  120 --
 netw/routing/profile/redist/ipv4/pano_test.go |   35 -
 .../profile/redist/ipv4/testdata_test.go      |   51 -
 netw/routing/protocol/bgp/aggregate/const.go  |   40 -
 netw/routing/protocol/bgp/aggregate/doc.go    |    6 -
 netw/routing/protocol/bgp/aggregate/entry.go  |  302 ----
 .../bgp/aggregate/filter/advertise/const.go   |   13 -
 .../bgp/aggregate/filter/advertise/doc.go     |    6 -
 .../bgp/aggregate/filter/advertise/entry.go   |  305 ----
 .../bgp/aggregate/filter/advertise/funcs.go   |   92 --
 .../bgp/aggregate/filter/advertise/fw.go      |  121 --
 .../bgp/aggregate/filter/advertise/fw_test.go |   36 -
 .../bgp/aggregate/filter/advertise/pano.go    |  127 --
 .../aggregate/filter/advertise/pano_test.go   |   36 -
 .../filter/advertise/testdata_test.go         |   57 -
 .../bgp/aggregate/filter/suppress/const.go    |   13 -
 .../bgp/aggregate/filter/suppress/doc.go      |    6 -
 .../bgp/aggregate/filter/suppress/entry.go    |  305 ----
 .../bgp/aggregate/filter/suppress/funcs.go    |   92 --
 .../bgp/aggregate/filter/suppress/fw.go       |  121 --
 .../bgp/aggregate/filter/suppress/fw_test.go  |   36 -
 .../bgp/aggregate/filter/suppress/pano.go     |  127 --
 .../aggregate/filter/suppress/pano_test.go    |   36 -
 .../filter/suppress/testdata_test.go          |   57 -
 netw/routing/protocol/bgp/aggregate/funcs.go  |   88 -
 netw/routing/protocol/bgp/aggregate/fw.go     |  116 --
 .../routing/protocol/bgp/aggregate/fw_test.go |   35 -
 netw/routing/protocol/bgp/aggregate/pano.go   |  123 --
 .../protocol/bgp/aggregate/pano_test.go       |   35 -
 .../protocol/bgp/aggregate/testdata_test.go   |  113 --
 netw/routing/protocol/bgp/conadv/const.go     |    6 -
 netw/routing/protocol/bgp/conadv/doc.go       |    6 -
 netw/routing/protocol/bgp/conadv/entry.go     |  106 --
 .../bgp/conadv/filter/advertise/const.go      |   13 -
 .../bgp/conadv/filter/advertise/doc.go        |    6 -
 .../bgp/conadv/filter/advertise/entry.go      |  238 ---
 .../bgp/conadv/filter/advertise/funcs.go      |   92 --
 .../bgp/conadv/filter/advertise/fw.go         |  121 --
 .../bgp/conadv/filter/advertise/fw_test.go    |   36 -
 .../bgp/conadv/filter/advertise/pano.go       |  128 --
 .../bgp/conadv/filter/advertise/pano_test.go  |   36 -
 .../conadv/filter/advertise/testdata_test.go  |   47 -
 .../bgp/conadv/filter/nonexist/const.go       |   13 -
 .../bgp/conadv/filter/nonexist/doc.go         |    6 -
 .../bgp/conadv/filter/nonexist/entry.go       |  238 ---
 .../bgp/conadv/filter/nonexist/funcs.go       |   92 --
 .../protocol/bgp/conadv/filter/nonexist/fw.go |  121 --
 .../bgp/conadv/filter/nonexist/fw_test.go     |   36 -
 .../bgp/conadv/filter/nonexist/pano.go        |  128 --
 .../bgp/conadv/filter/nonexist/pano_test.go   |   36 -
 .../conadv/filter/nonexist/testdata_test.go   |   47 -
 netw/routing/protocol/bgp/conadv/funcs.go     |   88 -
 netw/routing/protocol/bgp/conadv/fw.go        |  116 --
 netw/routing/protocol/bgp/conadv/fw_test.go   |   35 -
 netw/routing/protocol/bgp/conadv/pano.go      |  123 --
 netw/routing/protocol/bgp/conadv/pano_test.go |   35 -
 .../protocol/bgp/conadv/testdata_test.go      |   29 -
 netw/routing/protocol/bgp/config.go           |  821 ----------
 netw/routing/protocol/bgp/const.go            |   11 -
 netw/routing/protocol/bgp/doc.go              |    6 -
 netw/routing/protocol/bgp/exp/const.go        |   52 -
 netw/routing/protocol/bgp/exp/doc.go          |    6 -
 netw/routing/protocol/bgp/exp/entry.go        |  680 --------
 netw/routing/protocol/bgp/exp/funcs.go        |   92 --
 netw/routing/protocol/bgp/exp/fw.go           |  158 --
 netw/routing/protocol/bgp/exp/fw_test.go      |   36 -
 netw/routing/protocol/bgp/exp/pano.go         |  165 --
 netw/routing/protocol/bgp/exp/pano_test.go    |   36 -
 .../routing/protocol/bgp/exp/testdata_test.go |  313 ----
 netw/routing/protocol/bgp/funcs.go            |   60 -
 netw/routing/protocol/bgp/fw.go               |   76 -
 netw/routing/protocol/bgp/fw_test.go          |   36 -
 netw/routing/protocol/bgp/imp/const.go        |   50 -
 netw/routing/protocol/bgp/imp/doc.go          |    6 -
 netw/routing/protocol/bgp/imp/entry.go        |  664 --------
 netw/routing/protocol/bgp/imp/funcs.go        |   92 --
 netw/routing/protocol/bgp/imp/fw.go           |  158 --
 netw/routing/protocol/bgp/imp/fw_test.go      |   36 -
 netw/routing/protocol/bgp/imp/pano.go         |  165 --
 netw/routing/protocol/bgp/imp/pano_test.go    |   36 -
 .../routing/protocol/bgp/imp/testdata_test.go |  303 ----
 netw/routing/protocol/bgp/pano.go             |   83 -
 netw/routing/protocol/bgp/pano_test.go        |   36 -
 netw/routing/protocol/bgp/peer/const.go       |   34 -
 netw/routing/protocol/bgp/peer/doc.go         |    8 -
 netw/routing/protocol/bgp/peer/entry.go       |  662 --------
 netw/routing/protocol/bgp/peer/funcs.go       |   96 --
 netw/routing/protocol/bgp/peer/fw.go          |  119 --
 netw/routing/protocol/bgp/peer/fw_test.go     |   36 -
 netw/routing/protocol/bgp/peer/group/const.go |   24 -
 netw/routing/protocol/bgp/peer/group/doc.go   |    6 -
 netw/routing/protocol/bgp/peer/group/entry.go |  175 --
 netw/routing/protocol/bgp/peer/group/funcs.go |   88 -
 netw/routing/protocol/bgp/peer/group/fw.go    |  114 --
 .../protocol/bgp/peer/group/fw_test.go        |   35 -
 netw/routing/protocol/bgp/peer/group/pano.go  |  121 --
 .../protocol/bgp/peer/group/pano_test.go      |   35 -
 .../protocol/bgp/peer/group/testdata_test.go  |   58 -
 netw/routing/protocol/bgp/peer/pano.go        |  126 --
 netw/routing/protocol/bgp/peer/pano_test.go   |   36 -
 .../protocol/bgp/peer/testdata_test.go        |  112 --
 .../protocol/bgp/profile/auth/const.go        |    6 -
 netw/routing/protocol/bgp/profile/auth/doc.go |    6 -
 .../protocol/bgp/profile/auth/entry.go        |   77 -
 .../protocol/bgp/profile/auth/funcs.go        |   88 -
 netw/routing/protocol/bgp/profile/auth/fw.go  |  114 --
 .../protocol/bgp/profile/auth/fw_test.go      |   35 -
 .../routing/protocol/bgp/profile/auth/pano.go |  121 --
 .../protocol/bgp/profile/auth/pano_test.go    |   35 -
 .../bgp/profile/auth/testdata_test.go         |   18 -
 .../protocol/bgp/profile/dampening/const.go   |    6 -
 .../protocol/bgp/profile/dampening/doc.go     |    6 -
 .../protocol/bgp/profile/dampening/entry.go   |  104 --
 .../protocol/bgp/profile/dampening/funcs.go   |   88 -
 .../protocol/bgp/profile/dampening/fw.go      |  114 --
 .../protocol/bgp/profile/dampening/fw_test.go |   35 -
 .../protocol/bgp/profile/dampening/pano.go    |  121 --
 .../bgp/profile/dampening/pano_test.go        |   35 -
 .../bgp/profile/dampening/testdata_test.go    |   29 -
 netw/routing/protocol/bgp/redist/const.go     |   26 -
 netw/routing/protocol/bgp/redist/doc.go       |    6 -
 netw/routing/protocol/bgp/redist/entry.go     |  191 ---
 netw/routing/protocol/bgp/redist/funcs.go     |   92 --
 netw/routing/protocol/bgp/redist/fw.go        |  114 --
 netw/routing/protocol/bgp/redist/fw_test.go   |   36 -
 netw/routing/protocol/bgp/redist/pano.go      |  121 --
 netw/routing/protocol/bgp/redist/pano_test.go |   36 -
 .../protocol/bgp/redist/testdata_test.go      |   63 -
 netw/routing/protocol/bgp/testdata_test.go    |  212 ---
 netw/routing/protocol/ospf/area/const.go      |   21 -
 netw/routing/protocol/ospf/area/doc.go        |    6 -
 netw/routing/protocol/ospf/area/entry.go      |  285 ----
 netw/routing/protocol/ospf/area/funcs.go      |   88 -
 netw/routing/protocol/ospf/area/fw.go         |  114 --
 netw/routing/protocol/ospf/area/fw_test.go    |   37 -
 .../routing/protocol/ospf/area/iface/const.go |   13 -
 netw/routing/protocol/ospf/area/iface/doc.go  |    6 -
 .../routing/protocol/ospf/area/iface/entry.go |  195 ---
 .../routing/protocol/ospf/area/iface/funcs.go |   88 -
 netw/routing/protocol/ospf/area/iface/fw.go   |  119 --
 .../protocol/ospf/area/iface/fw_test.go       |   79 -
 netw/routing/protocol/ospf/area/iface/pano.go |  126 --
 .../protocol/ospf/area/iface/pano_test.go     |   79 -
 .../protocol/ospf/area/iface/testdata_test.go |   65 -
 netw/routing/protocol/ospf/area/pano.go       |  121 --
 netw/routing/protocol/ospf/area/pano_test.go  |   37 -
 .../protocol/ospf/area/testdata_test.go       |   67 -
 .../routing/protocol/ospf/area/vlink/const.go |    6 -
 netw/routing/protocol/ospf/area/vlink/doc.go  |    6 -
 .../routing/protocol/ospf/area/vlink/entry.go |  127 --
 .../routing/protocol/ospf/area/vlink/funcs.go |   88 -
 netw/routing/protocol/ospf/area/vlink/fw.go   |  119 --
 .../protocol/ospf/area/vlink/fw_test.go       |   38 -
 netw/routing/protocol/ospf/area/vlink/pano.go |  126 --
 .../protocol/ospf/area/vlink/pano_test.go     |   38 -
 .../protocol/ospf/area/vlink/testdata_test.go |   28 -
 netw/routing/protocol/ospf/config.go          |  201 ---
 netw/routing/protocol/ospf/const.go           |    5 -
 netw/routing/protocol/ospf/doc.go             |    6 -
 netw/routing/protocol/ospf/exp/const.go       |   12 -
 netw/routing/protocol/ospf/exp/doc.go         |    6 -
 netw/routing/protocol/ospf/exp/entry.go       |   86 -
 netw/routing/protocol/ospf/exp/funcs.go       |   88 -
 netw/routing/protocol/ospf/exp/fw.go          |  114 --
 netw/routing/protocol/ospf/exp/fw_test.go     |   37 -
 netw/routing/protocol/ospf/exp/pano.go        |  121 --
 netw/routing/protocol/ospf/exp/pano_test.go   |   37 -
 .../protocol/ospf/exp/testdata_test.go        |   22 -
 netw/routing/protocol/ospf/funcs.go           |   52 -
 netw/routing/protocol/ospf/fw.go              |   76 -
 netw/routing/protocol/ospf/fw_test.go         |   37 -
 netw/routing/protocol/ospf/pano.go            |   83 -
 netw/routing/protocol/ospf/pano_test.go       |   36 -
 .../protocol/ospf/profile/auth/const.go       |   12 -
 .../routing/protocol/ospf/profile/auth/doc.go |    6 -
 .../protocol/ospf/profile/auth/entry.go       |  133 --
 .../protocol/ospf/profile/auth/funcs.go       |   88 -
 netw/routing/protocol/ospf/profile/auth/fw.go |  114 --
 .../protocol/ospf/profile/auth/fw_test.go     |   37 -
 .../protocol/ospf/profile/auth/pano.go        |  121 --
 .../protocol/ospf/profile/auth/pano_test.go   |   37 -
 .../ospf/profile/auth/testdata_test.go        |   37 -
 netw/routing/protocol/ospf/testdata_test.go   |   51 -
 netw/routing/route/static/ipv4/const.go       |   21 -
 netw/routing/route/static/ipv4/doc.go         |    6 -
 netw/routing/route/static/ipv4/entry.go       |  373 -----
 netw/routing/route/static/ipv4/funcs.go       |   94 --
 netw/routing/route/static/ipv4/fw.go          |  114 --
 netw/routing/route/static/ipv4/fw_test.go     |   36 -
 netw/routing/route/static/ipv4/pano.go        |  121 --
 netw/routing/route/static/ipv4/pano_test.go   |   36 -
 .../route/static/ipv4/testdata_test.go        |  128 --
 netw/routing/route/static/ipv6/const.go       |   20 -
 netw/routing/route/static/ipv6/doc.go         |    6 -
 netw/routing/route/static/ipv6/entry.go       |  526 ------
 netw/routing/route/static/ipv6/funcs.go       |   94 --
 netw/routing/route/static/ipv6/fw.go          |  114 --
 netw/routing/route/static/ipv6/fw_test.go     |   36 -
 netw/routing/route/static/ipv6/pano.go        |  121 --
 netw/routing/route/static/ipv6/pano_test.go   |   36 -
 .../route/static/ipv6/testdata_test.go        |  182 ---
 netw/routing/router/const.go                  |   14 -
 netw/routing/router/doc.go                    |    8 -
 netw/routing/router/entry.go                  |  367 -----
 netw/routing/router/funcs.go                  |   90 --
 netw/routing/router/fw.go                     |  157 --
 netw/routing/router/fw_test.go                |  104 --
 netw/routing/router/pano.go                   |  173 --
 netw/routing/router/pano_test.go              |  110 --
 netw/routing/router/testdata_test.go          |  124 --
 netw/tunnel/gre/const.go                      |   12 -
 netw/tunnel/gre/doc.go                        |   12 -
 netw/tunnel/gre/entry.go                      |  168 --
 netw/tunnel/gre/funcs.go                      |   88 -
 netw/tunnel/gre/fw.go                         |  105 --
 netw/tunnel/gre/fw_test.go                    |   36 -
 netw/tunnel/gre/pano.go                       |  115 --
 netw/tunnel/gre/pano_test.go                  |   36 -
 netw/tunnel/gre/testdata_test.go              |   51 -
 netw/vlan/const.go                            |    6 -
 netw/vlan/doc.go                              |    4 -
 netw/vlan/entry.go                            |  128 --
 netw/vlan/funcs.go                            |   90 --
 netw/vlan/fw.go                               |  215 ---
 netw/vlan/fw_test.go                          |   41 -
 netw/vlan/pano.go                             |  224 ---
 netw/vlan/pano_test.go                        |   47 -
 netw/vlan/testdata_test.go                    |   26 -
 netw/zone/const.go                            |   16 -
 netw/zone/doc.go                              |    4 -
 netw/zone/entry.go                            |  448 ------
 netw/zone/funcs.go                            |   94 --
 netw/zone/fw.go                               |  170 --
 netw/zone/fw_test.go                          |   35 -
 netw/zone/pano.go                             |  174 --
 netw/zone/pano_test.go                        |   35 -
 netw/zone/testdata_test.go                    |  170 --
 objs/addr/const.go                            |   14 -
 objs/addr/doc.go                              |    6 -
 objs/addr/entry.go                            |  195 ---
 objs/addr/funcs.go                            |  100 --
 objs/addr/fw.go                               |  162 --
 objs/addr/fw_test.go                          |   35 -
 objs/addr/pano.go                             |  162 --
 objs/addr/pano_test.go                        |   35 -
 objs/addr/testdata_test.go                    |   64 -
 objs/addrgrp/const.go                         |    6 -
 objs/addrgrp/doc.go                           |    6 -
 objs/addrgrp/entry.go                         |  114 --
 objs/addrgrp/funcs.go                         |   88 -
 objs/addrgrp/fw.go                            |   90 --
 objs/addrgrp/fw_test.go                       |   61 -
 objs/addrgrp/pano.go                          |   90 --
 objs/addrgrp/pano_test.go                     |   34 -
 objs/addrgrp/testdata_test.go                 |   33 -
 objs/app/const.go                             |   15 -
 objs/app/doc.go                               |    6 -
 objs/app/entry.go                             |  461 ------
 objs/app/funcs.go                             |  106 --
 objs/app/fw.go                                |   99 --
 objs/app/fw_test.go                           |   36 -
 objs/app/group/const.go                       |    6 -
 objs/app/group/doc.go                         |    6 -
 objs/app/group/entry.go                       |   53 -
 objs/app/group/fw.go                          |  150 --
 objs/app/group/fw_test.go                     |   37 -
 objs/app/group/pano.go                        |  154 --
 objs/app/group/pano_test.go                   |   37 -
 objs/app/group/testdata_test.go               |   23 -
 objs/app/pano.go                              |   90 --
 objs/app/pano_test.go                         |   36 -
 objs/app/predefined.go                        |   70 -
 objs/app/signature/andcond/const.go           |    6 -
 objs/app/signature/andcond/doc.go             |    6 -
 objs/app/signature/andcond/entry.go           |   65 -
 objs/app/signature/andcond/fw.go              |  168 --
 objs/app/signature/andcond/fw_test.go         |   37 -
 objs/app/signature/andcond/pano.go            |  172 --
 objs/app/signature/andcond/pano_test.go       |   37 -
 objs/app/signature/andcond/testdata_test.go   |   25 -
 objs/app/signature/const.go                   |   14 -
 objs/app/signature/doc.go                     |    6 -
 objs/app/signature/entry.go                   |   92 --
 objs/app/signature/fw.go                      |  160 --
 objs/app/signature/fw_test.go                 |   37 -
 objs/app/signature/orcond/const.go            |   14 -
 objs/app/signature/orcond/doc.go              |    6 -
 objs/app/signature/orcond/entry.go            |  169 --
 objs/app/signature/orcond/fw.go               |  176 --
 objs/app/signature/orcond/fw_test.go          |   37 -
 objs/app/signature/orcond/pano.go             |  174 --
 objs/app/signature/orcond/pano_test.go        |   37 -
 objs/app/signature/orcond/testdata_test.go    |   78 -
 objs/app/signature/pano.go                    |  164 --
 objs/app/signature/pano_test.go               |   37 -
 objs/app/signature/testdata_test.go           |   36 -
 objs/app/testdata_test.go                     |  269 ----
 objs/custom/data/const.go                     |   13 -
 objs/custom/data/doc.go                       |    9 -
 objs/custom/data/entry.go                     |  284 ----
 objs/custom/data/funcs.go                     |   90 --
 objs/custom/data/fw.go                        |   91 --
 objs/custom/data/fw_test.go                   |   36 -
 objs/custom/data/pano.go                      |   91 --
 objs/custom/data/pano_test.go                 |   36 -
 objs/custom/data/testdata_test.go             |   52 -
 objs/custom/spyware/const.go                  |   17 -
 objs/custom/spyware/doc.go                    |    8 -
 objs/custom/spyware/entry.go                  | 1088 -------------
 objs/custom/spyware/funcs.go                  |   92 --
 objs/custom/spyware/fw.go                     |   91 --
 objs/custom/spyware/fw_test.go                |   36 -
 objs/custom/spyware/pano.go                   |   91 --
 objs/custom/spyware/pano_test.go              |   36 -
 objs/custom/spyware/testdata_test.go          | 1349 ----------------
 objs/custom/url/const.go                      |    6 -
 objs/custom/url/doc.go                        |    6 -
 objs/custom/url/entry.go                      |  139 --
 objs/custom/url/funcs.go                      |   92 --
 objs/custom/url/fw.go                         |  119 --
 objs/custom/url/fw_test.go                    |   35 -
 objs/custom/url/pano.go                       |  119 --
 objs/custom/url/pano_test.go                  |   35 -
 objs/custom/url/testdata_test.go              |   27 -
 objs/custom/vulnerability/const.go            |   17 -
 objs/custom/vulnerability/doc.go              |    8 -
 objs/custom/vulnerability/entry.go            | 1111 -------------
 objs/custom/vulnerability/funcs.go            |   92 --
 objs/custom/vulnerability/fw.go               |   91 --
 objs/custom/vulnerability/fw_test.go          |   36 -
 objs/custom/vulnerability/pano.go             |   91 --
 objs/custom/vulnerability/pano_test.go        |   36 -
 objs/custom/vulnerability/testdata_test.go    | 1353 ----------------
 objs/doc.go                                   |    4 -
 objs/dug/const.go                             |    6 -
 objs/dug/doc.go                               |    8 -
 objs/dug/entry.go                             |   94 --
 objs/dug/funcs.go                             |   88 -
 objs/dug/fw.go                                |   90 --
 objs/dug/fw_test.go                           |   35 -
 objs/dug/pano.go                              |   90 --
 objs/dug/pano_test.go                         |   35 -
 objs/dug/testdata_test.go                     |   29 -
 objs/edl/const.go                             |   25 -
 objs/edl/doc.go                               |    6 -
 objs/edl/entry.go                             |  649 --------
 objs/edl/funcs.go                             |   96 --
 objs/edl/fw.go                                |   90 --
 objs/edl/fw_test.go                           |   35 -
 objs/edl/pano.go                              |   90 --
 objs/edl/pano_test.go                         |   35 -
 objs/edl/testdata_test.go                     |  226 ---
 objs/fw.go                                    |  112 --
 objs/pano.go                                  |  112 --
 objs/profile/logfwd/const.go                  |    6 -
 objs/profile/logfwd/doc.go                    |    6 -
 objs/profile/logfwd/entry.go                  |  153 --
 objs/profile/logfwd/funcs.go                  |   92 --
 objs/profile/logfwd/fw.go                     |  114 --
 objs/profile/logfwd/fw_test.go                |   36 -
 objs/profile/logfwd/matchlist/action/const.go |   32 -
 objs/profile/logfwd/matchlist/action/doc.go   |    6 -
 objs/profile/logfwd/matchlist/action/entry.go |  276 ----
 objs/profile/logfwd/matchlist/action/fw.go    |  182 ---
 .../logfwd/matchlist/action/fw_test.go        |   37 -
 objs/profile/logfwd/matchlist/action/pano.go  |  182 ---
 .../logfwd/matchlist/action/pano_test.go      |   37 -
 .../logfwd/matchlist/action/testdata_test.go  |  107 --
 objs/profile/logfwd/matchlist/const.go        |   22 -
 objs/profile/logfwd/matchlist/doc.go          |    6 -
 objs/profile/logfwd/matchlist/entry.go        |  103 --
 objs/profile/logfwd/matchlist/fw.go           |  165 --
 objs/profile/logfwd/matchlist/fw_test.go      |   37 -
 objs/profile/logfwd/matchlist/pano.go         |  165 --
 objs/profile/logfwd/matchlist/pano_test.go    |   37 -
 .../profile/logfwd/matchlist/testdata_test.go |   35 -
 objs/profile/logfwd/pano.go                   |  110 --
 objs/profile/logfwd/pano_test.go              |   36 -
 objs/profile/logfwd/testdata_test.go          |   41 -
 objs/profile/security/data/const.go           |   13 -
 objs/profile/security/data/doc.go             |    6 -
 objs/profile/security/data/entry.go           |  278 ----
 objs/profile/security/data/funcs.go           |   92 --
 objs/profile/security/data/fw.go              |   91 --
 objs/profile/security/data/fw_test.go         |   36 -
 objs/profile/security/data/pano.go            |   91 --
 objs/profile/security/data/pano_test.go       |   36 -
 objs/profile/security/data/testdata_test.go   |   57 -
 objs/profile/security/dos/const.go            |   18 -
 objs/profile/security/dos/doc.go              |    6 -
 objs/profile/security/dos/entry.go            |  425 -----
 objs/profile/security/dos/funcs.go            |   88 -
 objs/profile/security/dos/fw.go               |   91 --
 objs/profile/security/dos/fw_test.go          |   36 -
 objs/profile/security/dos/pano.go             |   91 --
 objs/profile/security/dos/pano_test.go        |   36 -
 objs/profile/security/dos/testdata_test.go    |   93 --
 objs/profile/security/file/const.go           |   23 -
 objs/profile/security/file/doc.go             |    6 -
 objs/profile/security/file/entry.go           |  154 --
 objs/profile/security/file/funcs.go           |   90 --
 objs/profile/security/file/fw.go              |   91 --
 objs/profile/security/file/fw_test.go         |   36 -
 objs/profile/security/file/pano.go            |   91 --
 objs/profile/security/file/pano_test.go       |   36 -
 objs/profile/security/file/testdata_test.go   |   61 -
 objs/profile/security/group/const.go          |    6 -
 objs/profile/security/group/doc.go            |    6 -
 objs/profile/security/group/entry.go          |  310 ----
 objs/profile/security/group/funcs.go          |   96 --
 objs/profile/security/group/fw.go             |  104 --
 objs/profile/security/group/fw_test.go        |   36 -
 objs/profile/security/group/pano.go           |  104 --
 objs/profile/security/group/pano_test.go      |   36 -
 objs/profile/security/group/testdata_test.go  |   88 -
 objs/profile/security/spyware/const.go        |   44 -
 objs/profile/security/spyware/doc.go          |    8 -
 objs/profile/security/spyware/entry.go        | 1263 ---------------
 objs/profile/security/spyware/funcs.go        |   94 --
 objs/profile/security/spyware/fw.go           |   91 --
 objs/profile/security/spyware/fw_test.go      |   36 -
 objs/profile/security/spyware/pano.go         |   91 --
 objs/profile/security/spyware/pano_test.go    |   36 -
 .../profile/security/spyware/testdata_test.go |  467 ------
 objs/profile/security/url/const.go            |   14 -
 objs/profile/security/url/doc.go              |    6 -
 objs/profile/security/url/entry.go            | 1160 --------------
 objs/profile/security/url/funcs.go            |   98 --
 objs/profile/security/url/fw.go               |   91 --
 objs/profile/security/url/fw_test.go          |   36 -
 objs/profile/security/url/pano.go             |   91 --
 objs/profile/security/url/pano_test.go        |   36 -
 objs/profile/security/url/testdata_test.go    |  493 ------
 objs/profile/security/virus/const.go          |   26 -
 objs/profile/security/virus/doc.go            |    6 -
 objs/profile/security/virus/entry.go          |  420 -----
 objs/profile/security/virus/funcs.go          |   95 --
 objs/profile/security/virus/fw.go             |   91 --
 objs/profile/security/virus/fw_test.go        |   36 -
 objs/profile/security/virus/pano.go           |   91 --
 objs/profile/security/virus/pano_test.go      |   36 -
 objs/profile/security/virus/testdata_test.go  |  148 --
 objs/profile/security/vulnerability/const.go  |   55 -
 objs/profile/security/vulnerability/doc.go    |    6 -
 objs/profile/security/vulnerability/entry.go  |  700 --------
 objs/profile/security/vulnerability/funcs.go  |   92 --
 objs/profile/security/vulnerability/fw.go     |   91 --
 .../profile/security/vulnerability/fw_test.go |   36 -
 objs/profile/security/vulnerability/pano.go   |   91 --
 .../security/vulnerability/pano_test.go       |   36 -
 .../security/vulnerability/testdata_test.go   |  403 -----
 objs/profile/security/wildfire/const.go       |   19 -
 objs/profile/security/wildfire/doc.go         |    8 -
 objs/profile/security/wildfire/entry.go       |  153 --
 objs/profile/security/wildfire/funcs.go       |   88 -
 objs/profile/security/wildfire/fw.go          |   91 --
 objs/profile/security/wildfire/fw_test.go     |   36 -
 objs/profile/security/wildfire/pano.go        |   91 --
 objs/profile/security/wildfire/pano_test.go   |   36 -
 .../security/wildfire/testdata_test.go        |   40 -
 objs/srvc/const.go                            |   13 -
 objs/srvc/doc.go                              |    4 -
 objs/srvc/entry.go                            |  278 ----
 objs/srvc/funcs.go                            |  106 --
 objs/srvc/fw.go                               |   90 --
 objs/srvc/fw_test.go                          |   36 -
 objs/srvc/pano.go                             |   90 --
 objs/srvc/pano_test.go                        |   36 -
 objs/srvc/predefined.go                       |   70 -
 objs/srvc/testdata_test.go                    |  158 --
 objs/srvcgrp/const.go                         |    6 -
 objs/srvcgrp/doc.go                           |    6 -
 objs/srvcgrp/entry.go                         |   94 --
 objs/srvcgrp/funcs.go                         |   88 -
 objs/srvcgrp/fw.go                            |   90 --
 objs/srvcgrp/fw_test.go                       |   34 -
 objs/srvcgrp/pano.go                          |   90 --
 objs/srvcgrp/pano_test.go                     |   34 -
 objs/srvcgrp/testdata_test.go                 |   24 -
 objs/tags/const.go                            |   55 -
 objs/tags/doc.go                              |    4 -
 objs/tags/entry.go                            |  102 --
 objs/tags/funcs.go                            |   88 -
 objs/tags/fw.go                               |   90 --
 objs/tags/fw_test.go                          |   34 -
 objs/tags/pano.go                             |   90 --
 objs/tags/pano_test.go                        |   34 -
 objs/tags/testdata_test.go                    |   28 -
 pano.go                                       |  230 ---
 panosplugin/cloudwatch/config.go              |   98 --
 panosplugin/cloudwatch/const.go               |    5 -
 panosplugin/cloudwatch/doc.go                 |    9 -
 panosplugin/cloudwatch/funcs.go               |   65 -
 panosplugin/cloudwatch/fw.go                  |   68 -
 panosplugin/cloudwatch/fw_test.go             |   37 -
 panosplugin/cloudwatch/testdata_test.go       |   25 -
 panosplugin/fw.go                             |   16 -
 pnrm/dg/const.go                              |    6 -
 pnrm/dg/doc.go                                |    6 -
 pnrm/dg/entry.go                              |  322 ----
 pnrm/dg/funcs.go                              |   75 -
 pnrm/dg/pano.go                               |  269 ----
 pnrm/dg/pano_test.go                          |  105 --
 pnrm/dg/testdata_test.go                      |   58 -
 pnrm/pano.go                                  |   45 -
 pnrm/plugins/gcp/account/const.go             |   12 -
 pnrm/plugins/gcp/account/doc.go               |    6 -
 pnrm/plugins/gcp/account/entry.go             |  121 --
 pnrm/plugins/gcp/account/funcs.go             |   90 --
 pnrm/plugins/gcp/account/pano.go              |  110 --
 pnrm/plugins/gcp/account/pano_test.go         |   37 -
 pnrm/plugins/gcp/account/testdata_test.go     |   23 -
 pnrm/plugins/gcp/gke/cluster/const.go         |    6 -
 pnrm/plugins/gcp/gke/cluster/doc.go           |    6 -
 pnrm/plugins/gcp/gke/cluster/entry.go         |   86 -
 pnrm/plugins/gcp/gke/cluster/funcs.go         |   90 --
 pnrm/plugins/gcp/gke/cluster/group/const.go   |    6 -
 pnrm/plugins/gcp/gke/cluster/group/doc.go     |    6 -
 pnrm/plugins/gcp/gke/cluster/group/entry.go   |   96 --
 pnrm/plugins/gcp/gke/cluster/group/funcs.go   |   90 --
 pnrm/plugins/gcp/gke/cluster/group/pano.go    |  135 --
 .../gcp/gke/cluster/group/pano_test.go        |   37 -
 pnrm/plugins/gcp/gke/cluster/group/portmap.go |   74 -
 .../gcp/gke/cluster/group/testdata_test.go    |   23 -
 pnrm/plugins/gcp/gke/cluster/pano.go          |  117 --
 pnrm/plugins/gcp/gke/cluster/pano_test.go     |   37 -
 pnrm/plugins/gcp/gke/cluster/testdata_test.go |   21 -
 .../plugins/swfwlicense/bootstrapdef/const.go |    7 -
 pnrm/plugins/swfwlicense/bootstrapdef/doc.go  |    9 -
 .../plugins/swfwlicense/bootstrapdef/entry.go |   91 --
 .../plugins/swfwlicense/bootstrapdef/funcs.go |   91 --
 pnrm/plugins/swfwlicense/bootstrapdef/pano.go |  109 --
 .../swfwlicense/bootstrapdef/pano_test.go     |   37 -
 .../swfwlicense/bootstrapdef/testdata_test.go |   24 -
 pnrm/plugins/swfwlicense/manager/const.go     |    7 -
 pnrm/plugins/swfwlicense/manager/doc.go       |    9 -
 pnrm/plugins/swfwlicense/manager/entry.go     |  106 --
 pnrm/plugins/swfwlicense/manager/funcs.go     |   91 --
 pnrm/plugins/swfwlicense/manager/pano.go      |  128 --
 pnrm/plugins/swfwlicense/manager/pano_test.go |   37 -
 .../swfwlicense/manager/testdata_test.go      |   28 -
 pnrm/template/const.go                        |    6 -
 pnrm/template/doc.go                          |    4 -
 pnrm/template/entry.go                        |  322 ----
 pnrm/template/funcs.go                        |   81 -
 pnrm/template/pano.go                         |  197 ---
 pnrm/template/pano_test.go                    |   93 --
 pnrm/template/stack/const.go                  |    6 -
 pnrm/template/stack/doc.go                    |    4 -
 pnrm/template/stack/entry.go                  |  134 --
 pnrm/template/stack/funcs.go                  |   75 -
 pnrm/template/stack/pano.go                   |  178 ---
 pnrm/template/stack/pano_test.go              |   62 -
 pnrm/template/variable/const.go               |   15 -
 pnrm/template/variable/doc.go                 |    4 -
 pnrm/template/variable/entry.go               |  114 --
 pnrm/template/variable/funcs.go               |   75 -
 pnrm/template/variable/pano.go                |   96 --
 pnrm/template/variable/pano_test.go           |   63 -
 poli/decryption/const.go                      |   22 -
 poli/decryption/doc.go                        |    6 -
 poli/decryption/entry.go                      |  789 ---------
 poli/decryption/funcs.go                      |  132 --
 poli/decryption/fw.go                         |  304 ----
 poli/decryption/fw_test.go                    |   64 -
 poli/decryption/pano.go                       |  299 ----
 poli/decryption/pano_test.go                  |   38 -
 poli/decryption/testdata_test.go              |  479 ------
 poli/doc.go                                   |    2 -
 poli/fw.go                                    |   27 -
 poli/nat/const.go                             |   41 -
 poli/nat/doc.go                               |    6 -
 poli/nat/entry.go                             |  838 ----------
 poli/nat/funcs.go                             |  130 --
 poli/nat/fw.go                                |  304 ----
 poli/nat/fw_test.go                           |   35 -
 poli/nat/pano.go                              |  300 ----
 poli/nat/pano_test.go                         |   36 -
 poli/nat/testdata_test.go                     |  182 ---
 poli/pano.go                                  |   27 -
 poli/pbf/const.go                             |   26 -
 poli/pbf/doc.go                               |    6 -
 poli/pbf/entry.go                             |  516 ------
 poli/pbf/funcs.go                             |  127 --
 poli/pbf/fw.go                                |  304 ----
 poli/pbf/fw_test.go                           |   36 -
 poli/pbf/pano.go                              |  300 ----
 poli/pbf/pano_test.go                         |   36 -
 poli/pbf/testdata_test.go                     |  237 ---
 poli/security/const.go                        |    6 -
 poli/security/doc.go                          |    6 -
 poli/security/entry.go                        |  881 -----------
 poli/security/funcs.go                        |  140 --
 poli/security/fw.go                           |  393 -----
 poli/security/fw_test.go                      |  106 --
 poli/security/pano.go                         |  388 -----
 poli/security/pano_test.go                    |   71 -
 poli/security/testdata_test.go                |  380 -----
 predefined/dlp/filetype/const.go              |    6 -
 predefined/dlp/filetype/doc.go                |    6 -
 predefined/dlp/filetype/entry.go              |  121 --
 predefined/dlp/filetype/funcs.go              |   88 -
 predefined/dlp/filetype/fw.go                 |   76 -
 predefined/dlp/filetype/fw_test.go            |   35 -
 predefined/dlp/filetype/pano.go               |   76 -
 predefined/dlp/filetype/pano_test.go          |   35 -
 predefined/dlp/filetype/testdata_test.go      |   29 -
 predefined/fw.go                              |   28 -
 predefined/pano.go                            |   28 -
 predefined/tdb/filetype/const.go              |    6 -
 predefined/tdb/filetype/doc.go                |    6 -
 predefined/tdb/filetype/entry.go              |  103 --
 predefined/tdb/filetype/funcs.go              |  101 --
 predefined/tdb/filetype/fw.go                 |   96 --
 predefined/tdb/filetype/fw_test.go            |   35 -
 predefined/tdb/filetype/pano.go               |   96 --
 predefined/tdb/filetype/pano_test.go          |   35 -
 predefined/tdb/filetype/testdata_test.go      |   37 -
 predefined/threat/const.go                    |   12 -
 predefined/threat/doc.go                      |   10 -
 predefined/threat/entry.go                    |   78 -
 predefined/threat/funcs.go                    |  101 --
 predefined/threat/fw.go                       |  103 --
 predefined/threat/fw_test.go                  |   35 -
 predefined/threat/pano.go                     |  103 --
 predefined/threat/pano_test.go                |   35 -
 predefined/threat/testdata_test.go            |   25 -
 testdata/testdata.go                          |  280 ----
 userid/doc.go                                 |    8 -
 userid/groups.go                              |  118 --
 userid/groups_test.go                         |  102 --
 userid/iptags.go                              |  151 --
 userid/iptags_test.go                         |   36 -
 userid/logins.go                              |   79 -
 userid/message.go                             |  319 ----
 userid/userid.go                              |   54 -
 userid/userid_test.go                         |   81 -
 userid/usertags.go                            |   97 --
 userid/usertags_test.go                       |   82 -
 vsys/const.go                                 |    6 -
 vsys/doc.go                                   |   12 -
 vsys/entry.go                                 |  222 ---
 vsys/funcs.go                                 |   92 --
 vsys/fw.go                                    |   84 -
 vsys/fw_test.go                               |   35 -
 vsys/pano.go                                  |   94 --
 vsys/pano_test.go                             |   35 -
 vsys/testdata_test.go                         |   76 -
 xmlapi/generic.go                             |   13 -
 xmlapiclient.go                               |  565 -------
 1056 files changed, 112385 deletions(-)
 delete mode 100644 client_test.go
 delete mode 100644 commit/const.go
 delete mode 100644 commit/doc.go
 delete mode 100644 commit/fw.go
 delete mode 100644 commit/fw_test.go
 delete mode 100644 commit/pano.go
 delete mode 100644 commit/pano_test.go
 delete mode 100644 connect.go
 delete mode 100644 dev/certificate/certs.go
 delete mode 100644 dev/certificate/const.go
 delete mode 100644 dev/certificate/doc.go
 delete mode 100644 dev/certificate/entry.go
 delete mode 100644 dev/certificate/funcs.go
 delete mode 100644 dev/certificate/fw.go
 delete mode 100644 dev/certificate/fw_test.go
 delete mode 100644 dev/certificate/pano.go
 delete mode 100644 dev/certificate/pano_test.go
 delete mode 100644 dev/certificate/testdata_test.go
 delete mode 100644 dev/doc.go
 delete mode 100644 dev/fw.go
 delete mode 100644 dev/general/config.go
 delete mode 100644 dev/general/const.go
 delete mode 100644 dev/general/doc.go
 delete mode 100644 dev/general/funcs.go
 delete mode 100644 dev/general/fw.go
 delete mode 100644 dev/general/fw_test.go
 delete mode 100644 dev/general/testdata_test.go
 delete mode 100644 dev/ha/config.go
 delete mode 100644 dev/ha/const.go
 delete mode 100644 dev/ha/doc.go
 delete mode 100644 dev/ha/funcs.go
 delete mode 100644 dev/ha/fw.go
 delete mode 100644 dev/ha/fw_test.go
 delete mode 100644 dev/ha/monitor/link/const.go
 delete mode 100644 dev/ha/monitor/link/doc.go
 delete mode 100644 dev/ha/monitor/link/entry.go
 delete mode 100644 dev/ha/monitor/link/funcs.go
 delete mode 100644 dev/ha/monitor/link/fw.go
 delete mode 100644 dev/ha/monitor/link/fw_test.go
 delete mode 100644 dev/ha/monitor/link/testdata_test.go
 delete mode 100644 dev/ha/monitor/path/const.go
 delete mode 100644 dev/ha/monitor/path/doc.go
 delete mode 100644 dev/ha/monitor/path/entry.go
 delete mode 100644 dev/ha/monitor/path/funcs.go
 delete mode 100644 dev/ha/monitor/path/fw.go
 delete mode 100644 dev/ha/monitor/path/fw_test.go
 delete mode 100644 dev/ha/monitor/path/testdata_test.go
 delete mode 100644 dev/ha/testdata_test.go
 delete mode 100644 dev/localuserdb/group/const.go
 delete mode 100644 dev/localuserdb/group/doc.go
 delete mode 100644 dev/localuserdb/group/entry.go
 delete mode 100644 dev/localuserdb/group/funcs.go
 delete mode 100644 dev/localuserdb/group/fw.go
 delete mode 100644 dev/localuserdb/group/fw_test.go
 delete mode 100644 dev/localuserdb/group/pano.go
 delete mode 100644 dev/localuserdb/group/pano_test.go
 delete mode 100644 dev/localuserdb/group/testdata_test.go
 delete mode 100644 dev/localuserdb/user/const.go
 delete mode 100644 dev/localuserdb/user/doc.go
 delete mode 100644 dev/localuserdb/user/entry.go
 delete mode 100644 dev/localuserdb/user/funcs.go
 delete mode 100644 dev/localuserdb/user/fw.go
 delete mode 100644 dev/localuserdb/user/fw_test.go
 delete mode 100644 dev/localuserdb/user/pano.go
 delete mode 100644 dev/localuserdb/user/pano_test.go
 delete mode 100644 dev/localuserdb/user/testdata_test.go
 delete mode 100644 dev/pano.go
 delete mode 100644 dev/profile/authentication/const.go
 delete mode 100644 dev/profile/authentication/doc.go
 delete mode 100644 dev/profile/authentication/entry.go
 delete mode 100644 dev/profile/authentication/funcs.go
 delete mode 100644 dev/profile/authentication/fw.go
 delete mode 100644 dev/profile/authentication/fw_test.go
 delete mode 100644 dev/profile/authentication/pano.go
 delete mode 100644 dev/profile/authentication/pano_test.go
 delete mode 100644 dev/profile/authentication/testdata_test.go
 delete mode 100644 dev/profile/certificate/const.go
 delete mode 100644 dev/profile/certificate/doc.go
 delete mode 100644 dev/profile/certificate/entry.go
 delete mode 100644 dev/profile/certificate/funcs.go
 delete mode 100644 dev/profile/certificate/fw.go
 delete mode 100644 dev/profile/certificate/fw_test.go
 delete mode 100644 dev/profile/certificate/pano.go
 delete mode 100644 dev/profile/certificate/pano_test.go
 delete mode 100644 dev/profile/certificate/testdata_test.go
 delete mode 100644 dev/profile/email/const.go
 delete mode 100644 dev/profile/email/doc.go
 delete mode 100644 dev/profile/email/entry.go
 delete mode 100644 dev/profile/email/funcs.go
 delete mode 100644 dev/profile/email/fw.go
 delete mode 100644 dev/profile/email/fw_test.go
 delete mode 100644 dev/profile/email/pano.go
 delete mode 100644 dev/profile/email/pano_test.go
 delete mode 100644 dev/profile/email/testdata_test.go
 delete mode 100644 dev/profile/http/const.go
 delete mode 100644 dev/profile/http/doc.go
 delete mode 100644 dev/profile/http/entry.go
 delete mode 100644 dev/profile/http/funcs.go
 delete mode 100644 dev/profile/http/fw.go
 delete mode 100644 dev/profile/http/fw_test.go
 delete mode 100644 dev/profile/http/pano.go
 delete mode 100644 dev/profile/http/pano_test.go
 delete mode 100644 dev/profile/http/testdata_test.go
 delete mode 100644 dev/profile/kerberos/const.go
 delete mode 100644 dev/profile/kerberos/doc.go
 delete mode 100644 dev/profile/kerberos/entry.go
 delete mode 100644 dev/profile/kerberos/funcs.go
 delete mode 100644 dev/profile/kerberos/fw.go
 delete mode 100644 dev/profile/kerberos/fw_test.go
 delete mode 100644 dev/profile/kerberos/pano.go
 delete mode 100644 dev/profile/kerberos/pano_test.go
 delete mode 100644 dev/profile/kerberos/testdata_test.go
 delete mode 100644 dev/profile/ldap/const.go
 delete mode 100644 dev/profile/ldap/doc.go
 delete mode 100644 dev/profile/ldap/entry.go
 delete mode 100644 dev/profile/ldap/funcs.go
 delete mode 100644 dev/profile/ldap/fw.go
 delete mode 100644 dev/profile/ldap/fw_test.go
 delete mode 100644 dev/profile/ldap/pano.go
 delete mode 100644 dev/profile/ldap/pano_test.go
 delete mode 100644 dev/profile/ldap/testdata_test.go
 delete mode 100644 dev/profile/radius/const.go
 delete mode 100644 dev/profile/radius/doc.go
 delete mode 100644 dev/profile/radius/entry.go
 delete mode 100644 dev/profile/radius/funcs.go
 delete mode 100644 dev/profile/radius/fw.go
 delete mode 100644 dev/profile/radius/fw_test.go
 delete mode 100644 dev/profile/radius/pano.go
 delete mode 100644 dev/profile/radius/pano_test.go
 delete mode 100644 dev/profile/radius/testdata_test.go
 delete mode 100644 dev/profile/saml/const.go
 delete mode 100644 dev/profile/saml/doc.go
 delete mode 100644 dev/profile/saml/entry.go
 delete mode 100644 dev/profile/saml/funcs.go
 delete mode 100644 dev/profile/saml/fw.go
 delete mode 100644 dev/profile/saml/fw_test.go
 delete mode 100644 dev/profile/saml/pano.go
 delete mode 100644 dev/profile/saml/pano_test.go
 delete mode 100644 dev/profile/saml/testdata_test.go
 delete mode 100644 dev/profile/snmp/const.go
 delete mode 100644 dev/profile/snmp/doc.go
 delete mode 100644 dev/profile/snmp/entry.go
 delete mode 100644 dev/profile/snmp/funcs.go
 delete mode 100644 dev/profile/snmp/fw.go
 delete mode 100644 dev/profile/snmp/fw_test.go
 delete mode 100644 dev/profile/snmp/pano.go
 delete mode 100644 dev/profile/snmp/pano_test.go
 delete mode 100644 dev/profile/snmp/testdata_test.go
 delete mode 100644 dev/profile/ssltls/const.go
 delete mode 100644 dev/profile/ssltls/doc.go
 delete mode 100644 dev/profile/ssltls/entry.go
 delete mode 100644 dev/profile/ssltls/funcs.go
 delete mode 100644 dev/profile/ssltls/fw.go
 delete mode 100644 dev/profile/ssltls/fw_test.go
 delete mode 100644 dev/profile/ssltls/pano.go
 delete mode 100644 dev/profile/ssltls/pano_test.go
 delete mode 100644 dev/profile/ssltls/testdata_test.go
 delete mode 100644 dev/profile/syslog/const.go
 delete mode 100644 dev/profile/syslog/doc.go
 delete mode 100644 dev/profile/syslog/entry.go
 delete mode 100644 dev/profile/syslog/funcs.go
 delete mode 100644 dev/profile/syslog/fw.go
 delete mode 100644 dev/profile/syslog/fw_test.go
 delete mode 100644 dev/profile/syslog/pano.go
 delete mode 100644 dev/profile/syslog/pano_test.go
 delete mode 100644 dev/profile/syslog/testdata_test.go
 delete mode 100644 dev/profile/tacplus/const.go
 delete mode 100644 dev/profile/tacplus/doc.go
 delete mode 100644 dev/profile/tacplus/entry.go
 delete mode 100644 dev/profile/tacplus/funcs.go
 delete mode 100644 dev/profile/tacplus/fw.go
 delete mode 100644 dev/profile/tacplus/fw_test.go
 delete mode 100644 dev/profile/tacplus/pano.go
 delete mode 100644 dev/profile/tacplus/pano_test.go
 delete mode 100644 dev/profile/tacplus/testdata_test.go
 delete mode 100644 dev/ssldecrypt/config.go
 delete mode 100644 dev/ssldecrypt/const.go
 delete mode 100644 dev/ssldecrypt/doc.go
 delete mode 100644 dev/ssldecrypt/funcs.go
 delete mode 100644 dev/ssldecrypt/fw.go
 delete mode 100644 dev/ssldecrypt/fw_test.go
 delete mode 100644 dev/ssldecrypt/pano.go
 delete mode 100644 dev/ssldecrypt/pano_test.go
 delete mode 100644 dev/ssldecrypt/testdata_test.go
 delete mode 100644 dev/telemetry/config.go
 delete mode 100644 dev/telemetry/const.go
 delete mode 100644 dev/telemetry/doc.go
 delete mode 100644 dev/telemetry/funcs.go
 delete mode 100644 dev/telemetry/fw.go
 delete mode 100644 dev/telemetry/fw_test.go
 delete mode 100644 dev/telemetry/orig_fw.no
 delete mode 100644 dev/telemetry/testdata_test.go
 delete mode 100644 dev/vminfosource/const.go
 delete mode 100644 dev/vminfosource/doc.go
 delete mode 100644 dev/vminfosource/entry.go
 delete mode 100644 dev/vminfosource/funcs.go
 delete mode 100644 dev/vminfosource/fw.go
 delete mode 100644 dev/vminfosource/fw_test.go
 delete mode 100644 dev/vminfosource/pano.go
 delete mode 100644 dev/vminfosource/pano_test.go
 delete mode 100644 dev/vminfosource/testdata_test.go
 delete mode 100644 doc.go
 delete mode 100644 example_addressgroup_test.go
 delete mode 100644 example_firewall_commit_test.go
 delete mode 100644 example_info_test.go
 delete mode 100644 example_interface_test.go
 delete mode 100644 fw.go
 delete mode 100644 licen/licen.go
 delete mode 100644 licen/licen_test.go
 delete mode 100644 multiconf.go
 delete mode 100644 multiconf_test.go
 delete mode 100644 namespace/common.go
 delete mode 100644 namespace/doc.go
 delete mode 100644 namespace/funcs.go
 delete mode 100644 namespace/importable.go
 delete mode 100644 namespace/interfaces.go
 delete mode 100644 namespace/plugin.go
 delete mode 100644 namespace/policy.go
 delete mode 100644 namespace/standard.go
 delete mode 100644 netw/dhcp/const.go
 delete mode 100644 netw/dhcp/doc.go
 delete mode 100644 netw/dhcp/entry.go
 delete mode 100644 netw/dhcp/funcs.go
 delete mode 100644 netw/dhcp/fw.go
 delete mode 100644 netw/dhcp/fw_test.go
 delete mode 100644 netw/dhcp/testdata_test.go
 delete mode 100644 netw/doc.go
 delete mode 100644 netw/fw.go
 delete mode 100644 netw/ikegw/const.go
 delete mode 100644 netw/ikegw/doc.go
 delete mode 100644 netw/ikegw/entry.go
 delete mode 100644 netw/ikegw/funcs.go
 delete mode 100644 netw/ikegw/fw.go
 delete mode 100644 netw/ikegw/fw_test.go
 delete mode 100644 netw/ikegw/pano.go
 delete mode 100644 netw/ikegw/pano_test.go
 delete mode 100644 netw/ikegw/testdata_test.go
 delete mode 100644 netw/interface/aggregate/const.go
 delete mode 100644 netw/interface/aggregate/doc.go
 delete mode 100644 netw/interface/aggregate/entry.go
 delete mode 100644 netw/interface/aggregate/funcs.go
 delete mode 100644 netw/interface/aggregate/fw.go
 delete mode 100644 netw/interface/aggregate/fw_test.go
 delete mode 100644 netw/interface/aggregate/pano.go
 delete mode 100644 netw/interface/aggregate/pano_test.go
 delete mode 100644 netw/interface/aggregate/testdata_test.go
 delete mode 100644 netw/interface/arp/const.go
 delete mode 100644 netw/interface/arp/doc.go
 delete mode 100644 netw/interface/arp/entry.go
 delete mode 100644 netw/interface/arp/funcs.go
 delete mode 100644 netw/interface/arp/fw.go
 delete mode 100644 netw/interface/arp/fw_test.go
 delete mode 100644 netw/interface/arp/pano.go
 delete mode 100644 netw/interface/arp/pano_test.go
 delete mode 100644 netw/interface/arp/testdata_test.go
 delete mode 100644 netw/interface/eth/const.go
 delete mode 100644 netw/interface/eth/doc.go
 delete mode 100644 netw/interface/eth/entry.go
 delete mode 100644 netw/interface/eth/funcs.go
 delete mode 100644 netw/interface/eth/fw.go
 delete mode 100644 netw/interface/eth/fw_test.go
 delete mode 100644 netw/interface/eth/pano.go
 delete mode 100644 netw/interface/eth/pano_test.go
 delete mode 100644 netw/interface/eth/testdata_test.go
 delete mode 100644 netw/interface/ipv6/address/const.go
 delete mode 100644 netw/interface/ipv6/address/doc.go
 delete mode 100644 netw/interface/ipv6/address/entry.go
 delete mode 100644 netw/interface/ipv6/address/funcs.go
 delete mode 100644 netw/interface/ipv6/address/fw.go
 delete mode 100644 netw/interface/ipv6/address/fw_test.go
 delete mode 100644 netw/interface/ipv6/address/pano.go
 delete mode 100644 netw/interface/ipv6/address/pano_test.go
 delete mode 100644 netw/interface/ipv6/address/testdata_test.go
 delete mode 100644 netw/interface/ipv6/neighbor/config.go
 delete mode 100644 netw/interface/ipv6/neighbor/const.go
 delete mode 100644 netw/interface/ipv6/neighbor/doc.go
 delete mode 100644 netw/interface/ipv6/neighbor/funcs.go
 delete mode 100644 netw/interface/ipv6/neighbor/fw.go
 delete mode 100644 netw/interface/ipv6/neighbor/fw_test.go
 delete mode 100644 netw/interface/ipv6/neighbor/pano.go
 delete mode 100644 netw/interface/ipv6/neighbor/pano_test.go
 delete mode 100644 netw/interface/ipv6/neighbor/testdata_test.go
 delete mode 100644 netw/interface/loopback/const.go
 delete mode 100644 netw/interface/loopback/doc.go
 delete mode 100644 netw/interface/loopback/entry.go
 delete mode 100644 netw/interface/loopback/funcs.go
 delete mode 100644 netw/interface/loopback/fw.go
 delete mode 100644 netw/interface/loopback/fw_test.go
 delete mode 100644 netw/interface/loopback/pano.go
 delete mode 100644 netw/interface/loopback/pano_test.go
 delete mode 100644 netw/interface/loopback/testdata_test.go
 delete mode 100644 netw/interface/subinterface/layer2/const.go
 delete mode 100644 netw/interface/subinterface/layer2/doc.go
 delete mode 100644 netw/interface/subinterface/layer2/entry.go
 delete mode 100644 netw/interface/subinterface/layer2/funcs.go
 delete mode 100644 netw/interface/subinterface/layer2/fw.go
 delete mode 100644 netw/interface/subinterface/layer2/fw_test.go
 delete mode 100644 netw/interface/subinterface/layer2/pano.go
 delete mode 100644 netw/interface/subinterface/layer2/pano_test.go
 delete mode 100644 netw/interface/subinterface/layer2/testdata_test.go
 delete mode 100644 netw/interface/subinterface/layer3/const.go
 delete mode 100644 netw/interface/subinterface/layer3/doc.go
 delete mode 100644 netw/interface/subinterface/layer3/entry.go
 delete mode 100644 netw/interface/subinterface/layer3/funcs.go
 delete mode 100644 netw/interface/subinterface/layer3/fw.go
 delete mode 100644 netw/interface/subinterface/layer3/fw_test.go
 delete mode 100644 netw/interface/subinterface/layer3/pano.go
 delete mode 100644 netw/interface/subinterface/layer3/pano_test.go
 delete mode 100644 netw/interface/subinterface/layer3/testdata_test.go
 delete mode 100644 netw/interface/tunnel/const.go
 delete mode 100644 netw/interface/tunnel/doc.go
 delete mode 100644 netw/interface/tunnel/entry.go
 delete mode 100644 netw/interface/tunnel/funcs.go
 delete mode 100644 netw/interface/tunnel/fw.go
 delete mode 100644 netw/interface/tunnel/fw_test.go
 delete mode 100644 netw/interface/tunnel/pano.go
 delete mode 100644 netw/interface/tunnel/pano_test.go
 delete mode 100644 netw/interface/tunnel/testdata_test.go
 delete mode 100644 netw/interface/vlan/const.go
 delete mode 100644 netw/interface/vlan/doc.go
 delete mode 100644 netw/interface/vlan/entry.go
 delete mode 100644 netw/interface/vlan/funcs.go
 delete mode 100644 netw/interface/vlan/fw.go
 delete mode 100644 netw/interface/vlan/fw_test.go
 delete mode 100644 netw/interface/vlan/pano.go
 delete mode 100644 netw/interface/vlan/pano_test.go
 delete mode 100644 netw/interface/vlan/testdata_test.go
 delete mode 100644 netw/ipsectunnel/const.go
 delete mode 100644 netw/ipsectunnel/doc.go
 delete mode 100644 netw/ipsectunnel/entry.go
 delete mode 100644 netw/ipsectunnel/funcs.go
 delete mode 100644 netw/ipsectunnel/fw.go
 delete mode 100644 netw/ipsectunnel/fw_test.go
 delete mode 100644 netw/ipsectunnel/pano.go
 delete mode 100644 netw/ipsectunnel/pano_test.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/const.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/doc.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/entry.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/funcs.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/fw.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/fw_test.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/pano.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/pano_test.go
 delete mode 100644 netw/ipsectunnel/proxyid/ipv4/testdata_test.go
 delete mode 100644 netw/ipsectunnel/testdata_test.go
 delete mode 100644 netw/pano.go
 delete mode 100644 netw/profile/bfd/const.go
 delete mode 100644 netw/profile/bfd/doc.go
 delete mode 100644 netw/profile/bfd/entry.go
 delete mode 100644 netw/profile/bfd/funcs.go
 delete mode 100644 netw/profile/bfd/fw.go
 delete mode 100644 netw/profile/bfd/fw_test.go
 delete mode 100644 netw/profile/bfd/pano.go
 delete mode 100644 netw/profile/bfd/pano_test.go
 delete mode 100644 netw/profile/bfd/testdata_test.go
 delete mode 100644 netw/profile/gp/const.go
 delete mode 100644 netw/profile/gp/doc.go
 delete mode 100644 netw/profile/gp/entry.go
 delete mode 100644 netw/profile/gp/funcs.go
 delete mode 100644 netw/profile/gp/fw.go
 delete mode 100644 netw/profile/gp/fw_test.go
 delete mode 100644 netw/profile/gp/pano.go
 delete mode 100644 netw/profile/gp/pano_test.go
 delete mode 100644 netw/profile/gp/testdata_test.go
 delete mode 100644 netw/profile/ike/const.go
 delete mode 100644 netw/profile/ike/doc.go
 delete mode 100644 netw/profile/ike/entry.go
 delete mode 100644 netw/profile/ike/funcs.go
 delete mode 100644 netw/profile/ike/fw.go
 delete mode 100644 netw/profile/ike/fw_test.go
 delete mode 100644 netw/profile/ike/pano.go
 delete mode 100644 netw/profile/ike/pano_test.go
 delete mode 100644 netw/profile/ike/testdata_test.go
 delete mode 100644 netw/profile/ipsec/const.go
 delete mode 100644 netw/profile/ipsec/doc.go
 delete mode 100644 netw/profile/ipsec/entry.go
 delete mode 100644 netw/profile/ipsec/funcs.go
 delete mode 100644 netw/profile/ipsec/fw.go
 delete mode 100644 netw/profile/ipsec/fw_test.go
 delete mode 100644 netw/profile/ipsec/pano.go
 delete mode 100644 netw/profile/ipsec/pano_test.go
 delete mode 100644 netw/profile/ipsec/testdata_test.go
 delete mode 100644 netw/profile/mngtprof/const.go
 delete mode 100644 netw/profile/mngtprof/doc.go
 delete mode 100644 netw/profile/mngtprof/entry.go
 delete mode 100644 netw/profile/mngtprof/funcs.go
 delete mode 100644 netw/profile/mngtprof/fw.go
 delete mode 100644 netw/profile/mngtprof/fw_test.go
 delete mode 100644 netw/profile/mngtprof/pano.go
 delete mode 100644 netw/profile/mngtprof/pano_test.go
 delete mode 100644 netw/profile/mngtprof/testdata_test.go
 delete mode 100644 netw/profile/monitor/const.go
 delete mode 100644 netw/profile/monitor/doc.go
 delete mode 100644 netw/profile/monitor/entry.go
 delete mode 100644 netw/profile/monitor/funcs.go
 delete mode 100644 netw/profile/monitor/fw.go
 delete mode 100644 netw/profile/monitor/fw_test.go
 delete mode 100644 netw/profile/monitor/pano.go
 delete mode 100644 netw/profile/monitor/pano_test.go
 delete mode 100644 netw/profile/monitor/testdata_test.go
 delete mode 100644 netw/routing/profile/redist/ipv4/const.go
 delete mode 100644 netw/routing/profile/redist/ipv4/doc.go
 delete mode 100644 netw/routing/profile/redist/ipv4/entry.go
 delete mode 100644 netw/routing/profile/redist/ipv4/funcs.go
 delete mode 100644 netw/routing/profile/redist/ipv4/fw.go
 delete mode 100644 netw/routing/profile/redist/ipv4/fw_test.go
 delete mode 100644 netw/routing/profile/redist/ipv4/pano.go
 delete mode 100644 netw/routing/profile/redist/ipv4/pano_test.go
 delete mode 100644 netw/routing/profile/redist/ipv4/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/const.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/doc.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/entry.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/const.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/doc.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/entry.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/fw.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/pano.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/advertise/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/const.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/doc.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/entry.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/fw.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/pano.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/filter/suppress/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/fw.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/pano.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/aggregate/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/const.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/doc.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/entry.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/const.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/doc.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/entry.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/fw.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/pano.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/advertise/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/const.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/doc.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/entry.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/fw.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/pano.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/filter/nonexist/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/fw.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/pano.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/conadv/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/config.go
 delete mode 100644 netw/routing/protocol/bgp/const.go
 delete mode 100644 netw/routing/protocol/bgp/doc.go
 delete mode 100644 netw/routing/protocol/bgp/exp/const.go
 delete mode 100644 netw/routing/protocol/bgp/exp/doc.go
 delete mode 100644 netw/routing/protocol/bgp/exp/entry.go
 delete mode 100644 netw/routing/protocol/bgp/exp/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/exp/fw.go
 delete mode 100644 netw/routing/protocol/bgp/exp/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/exp/pano.go
 delete mode 100644 netw/routing/protocol/bgp/exp/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/exp/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/fw.go
 delete mode 100644 netw/routing/protocol/bgp/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/imp/const.go
 delete mode 100644 netw/routing/protocol/bgp/imp/doc.go
 delete mode 100644 netw/routing/protocol/bgp/imp/entry.go
 delete mode 100644 netw/routing/protocol/bgp/imp/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/imp/fw.go
 delete mode 100644 netw/routing/protocol/bgp/imp/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/imp/pano.go
 delete mode 100644 netw/routing/protocol/bgp/imp/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/imp/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/pano.go
 delete mode 100644 netw/routing/protocol/bgp/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/const.go
 delete mode 100644 netw/routing/protocol/bgp/peer/doc.go
 delete mode 100644 netw/routing/protocol/bgp/peer/entry.go
 delete mode 100644 netw/routing/protocol/bgp/peer/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/peer/fw.go
 delete mode 100644 netw/routing/protocol/bgp/peer/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/const.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/doc.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/entry.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/fw.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/pano.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/group/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/pano.go
 delete mode 100644 netw/routing/protocol/bgp/peer/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/peer/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/const.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/doc.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/entry.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/fw.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/pano.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/auth/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/const.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/doc.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/entry.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/fw.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/pano.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/profile/dampening/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/redist/const.go
 delete mode 100644 netw/routing/protocol/bgp/redist/doc.go
 delete mode 100644 netw/routing/protocol/bgp/redist/entry.go
 delete mode 100644 netw/routing/protocol/bgp/redist/funcs.go
 delete mode 100644 netw/routing/protocol/bgp/redist/fw.go
 delete mode 100644 netw/routing/protocol/bgp/redist/fw_test.go
 delete mode 100644 netw/routing/protocol/bgp/redist/pano.go
 delete mode 100644 netw/routing/protocol/bgp/redist/pano_test.go
 delete mode 100644 netw/routing/protocol/bgp/redist/testdata_test.go
 delete mode 100644 netw/routing/protocol/bgp/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/const.go
 delete mode 100644 netw/routing/protocol/ospf/area/doc.go
 delete mode 100644 netw/routing/protocol/ospf/area/entry.go
 delete mode 100644 netw/routing/protocol/ospf/area/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/area/fw.go
 delete mode 100644 netw/routing/protocol/ospf/area/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/const.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/doc.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/entry.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/fw.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/pano.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/iface/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/pano.go
 delete mode 100644 netw/routing/protocol/ospf/area/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/const.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/doc.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/entry.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/fw.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/pano.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/area/vlink/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/config.go
 delete mode 100644 netw/routing/protocol/ospf/const.go
 delete mode 100644 netw/routing/protocol/ospf/doc.go
 delete mode 100644 netw/routing/protocol/ospf/exp/const.go
 delete mode 100644 netw/routing/protocol/ospf/exp/doc.go
 delete mode 100644 netw/routing/protocol/ospf/exp/entry.go
 delete mode 100644 netw/routing/protocol/ospf/exp/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/exp/fw.go
 delete mode 100644 netw/routing/protocol/ospf/exp/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/exp/pano.go
 delete mode 100644 netw/routing/protocol/ospf/exp/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/exp/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/fw.go
 delete mode 100644 netw/routing/protocol/ospf/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/pano.go
 delete mode 100644 netw/routing/protocol/ospf/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/const.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/doc.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/entry.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/funcs.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/fw.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/fw_test.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/pano.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/pano_test.go
 delete mode 100644 netw/routing/protocol/ospf/profile/auth/testdata_test.go
 delete mode 100644 netw/routing/protocol/ospf/testdata_test.go
 delete mode 100644 netw/routing/route/static/ipv4/const.go
 delete mode 100644 netw/routing/route/static/ipv4/doc.go
 delete mode 100644 netw/routing/route/static/ipv4/entry.go
 delete mode 100644 netw/routing/route/static/ipv4/funcs.go
 delete mode 100644 netw/routing/route/static/ipv4/fw.go
 delete mode 100644 netw/routing/route/static/ipv4/fw_test.go
 delete mode 100644 netw/routing/route/static/ipv4/pano.go
 delete mode 100644 netw/routing/route/static/ipv4/pano_test.go
 delete mode 100644 netw/routing/route/static/ipv4/testdata_test.go
 delete mode 100644 netw/routing/route/static/ipv6/const.go
 delete mode 100644 netw/routing/route/static/ipv6/doc.go
 delete mode 100644 netw/routing/route/static/ipv6/entry.go
 delete mode 100644 netw/routing/route/static/ipv6/funcs.go
 delete mode 100644 netw/routing/route/static/ipv6/fw.go
 delete mode 100644 netw/routing/route/static/ipv6/fw_test.go
 delete mode 100644 netw/routing/route/static/ipv6/pano.go
 delete mode 100644 netw/routing/route/static/ipv6/pano_test.go
 delete mode 100644 netw/routing/route/static/ipv6/testdata_test.go
 delete mode 100644 netw/routing/router/const.go
 delete mode 100644 netw/routing/router/doc.go
 delete mode 100644 netw/routing/router/entry.go
 delete mode 100644 netw/routing/router/funcs.go
 delete mode 100644 netw/routing/router/fw.go
 delete mode 100644 netw/routing/router/fw_test.go
 delete mode 100644 netw/routing/router/pano.go
 delete mode 100644 netw/routing/router/pano_test.go
 delete mode 100644 netw/routing/router/testdata_test.go
 delete mode 100644 netw/tunnel/gre/const.go
 delete mode 100644 netw/tunnel/gre/doc.go
 delete mode 100644 netw/tunnel/gre/entry.go
 delete mode 100644 netw/tunnel/gre/funcs.go
 delete mode 100644 netw/tunnel/gre/fw.go
 delete mode 100644 netw/tunnel/gre/fw_test.go
 delete mode 100644 netw/tunnel/gre/pano.go
 delete mode 100644 netw/tunnel/gre/pano_test.go
 delete mode 100644 netw/tunnel/gre/testdata_test.go
 delete mode 100644 netw/vlan/const.go
 delete mode 100644 netw/vlan/doc.go
 delete mode 100644 netw/vlan/entry.go
 delete mode 100644 netw/vlan/funcs.go
 delete mode 100644 netw/vlan/fw.go
 delete mode 100644 netw/vlan/fw_test.go
 delete mode 100644 netw/vlan/pano.go
 delete mode 100644 netw/vlan/pano_test.go
 delete mode 100644 netw/vlan/testdata_test.go
 delete mode 100644 netw/zone/const.go
 delete mode 100644 netw/zone/doc.go
 delete mode 100644 netw/zone/entry.go
 delete mode 100644 netw/zone/funcs.go
 delete mode 100644 netw/zone/fw.go
 delete mode 100644 netw/zone/fw_test.go
 delete mode 100644 netw/zone/pano.go
 delete mode 100644 netw/zone/pano_test.go
 delete mode 100644 netw/zone/testdata_test.go
 delete mode 100644 objs/addr/const.go
 delete mode 100644 objs/addr/doc.go
 delete mode 100644 objs/addr/entry.go
 delete mode 100644 objs/addr/funcs.go
 delete mode 100644 objs/addr/fw.go
 delete mode 100644 objs/addr/fw_test.go
 delete mode 100644 objs/addr/pano.go
 delete mode 100644 objs/addr/pano_test.go
 delete mode 100644 objs/addr/testdata_test.go
 delete mode 100644 objs/addrgrp/const.go
 delete mode 100644 objs/addrgrp/doc.go
 delete mode 100644 objs/addrgrp/entry.go
 delete mode 100644 objs/addrgrp/funcs.go
 delete mode 100644 objs/addrgrp/fw.go
 delete mode 100644 objs/addrgrp/fw_test.go
 delete mode 100644 objs/addrgrp/pano.go
 delete mode 100644 objs/addrgrp/pano_test.go
 delete mode 100644 objs/addrgrp/testdata_test.go
 delete mode 100644 objs/app/const.go
 delete mode 100644 objs/app/doc.go
 delete mode 100644 objs/app/entry.go
 delete mode 100644 objs/app/funcs.go
 delete mode 100644 objs/app/fw.go
 delete mode 100644 objs/app/fw_test.go
 delete mode 100644 objs/app/group/const.go
 delete mode 100644 objs/app/group/doc.go
 delete mode 100644 objs/app/group/entry.go
 delete mode 100644 objs/app/group/fw.go
 delete mode 100644 objs/app/group/fw_test.go
 delete mode 100644 objs/app/group/pano.go
 delete mode 100644 objs/app/group/pano_test.go
 delete mode 100644 objs/app/group/testdata_test.go
 delete mode 100644 objs/app/pano.go
 delete mode 100644 objs/app/pano_test.go
 delete mode 100644 objs/app/predefined.go
 delete mode 100644 objs/app/signature/andcond/const.go
 delete mode 100644 objs/app/signature/andcond/doc.go
 delete mode 100644 objs/app/signature/andcond/entry.go
 delete mode 100644 objs/app/signature/andcond/fw.go
 delete mode 100644 objs/app/signature/andcond/fw_test.go
 delete mode 100644 objs/app/signature/andcond/pano.go
 delete mode 100644 objs/app/signature/andcond/pano_test.go
 delete mode 100644 objs/app/signature/andcond/testdata_test.go
 delete mode 100644 objs/app/signature/const.go
 delete mode 100644 objs/app/signature/doc.go
 delete mode 100644 objs/app/signature/entry.go
 delete mode 100644 objs/app/signature/fw.go
 delete mode 100644 objs/app/signature/fw_test.go
 delete mode 100644 objs/app/signature/orcond/const.go
 delete mode 100644 objs/app/signature/orcond/doc.go
 delete mode 100644 objs/app/signature/orcond/entry.go
 delete mode 100644 objs/app/signature/orcond/fw.go
 delete mode 100644 objs/app/signature/orcond/fw_test.go
 delete mode 100644 objs/app/signature/orcond/pano.go
 delete mode 100644 objs/app/signature/orcond/pano_test.go
 delete mode 100644 objs/app/signature/orcond/testdata_test.go
 delete mode 100644 objs/app/signature/pano.go
 delete mode 100644 objs/app/signature/pano_test.go
 delete mode 100644 objs/app/signature/testdata_test.go
 delete mode 100644 objs/app/testdata_test.go
 delete mode 100644 objs/custom/data/const.go
 delete mode 100644 objs/custom/data/doc.go
 delete mode 100644 objs/custom/data/entry.go
 delete mode 100644 objs/custom/data/funcs.go
 delete mode 100644 objs/custom/data/fw.go
 delete mode 100644 objs/custom/data/fw_test.go
 delete mode 100644 objs/custom/data/pano.go
 delete mode 100644 objs/custom/data/pano_test.go
 delete mode 100644 objs/custom/data/testdata_test.go
 delete mode 100644 objs/custom/spyware/const.go
 delete mode 100644 objs/custom/spyware/doc.go
 delete mode 100644 objs/custom/spyware/entry.go
 delete mode 100644 objs/custom/spyware/funcs.go
 delete mode 100644 objs/custom/spyware/fw.go
 delete mode 100644 objs/custom/spyware/fw_test.go
 delete mode 100644 objs/custom/spyware/pano.go
 delete mode 100644 objs/custom/spyware/pano_test.go
 delete mode 100644 objs/custom/spyware/testdata_test.go
 delete mode 100644 objs/custom/url/const.go
 delete mode 100644 objs/custom/url/doc.go
 delete mode 100644 objs/custom/url/entry.go
 delete mode 100644 objs/custom/url/funcs.go
 delete mode 100644 objs/custom/url/fw.go
 delete mode 100644 objs/custom/url/fw_test.go
 delete mode 100644 objs/custom/url/pano.go
 delete mode 100644 objs/custom/url/pano_test.go
 delete mode 100644 objs/custom/url/testdata_test.go
 delete mode 100644 objs/custom/vulnerability/const.go
 delete mode 100644 objs/custom/vulnerability/doc.go
 delete mode 100644 objs/custom/vulnerability/entry.go
 delete mode 100644 objs/custom/vulnerability/funcs.go
 delete mode 100644 objs/custom/vulnerability/fw.go
 delete mode 100644 objs/custom/vulnerability/fw_test.go
 delete mode 100644 objs/custom/vulnerability/pano.go
 delete mode 100644 objs/custom/vulnerability/pano_test.go
 delete mode 100644 objs/custom/vulnerability/testdata_test.go
 delete mode 100644 objs/doc.go
 delete mode 100644 objs/dug/const.go
 delete mode 100644 objs/dug/doc.go
 delete mode 100644 objs/dug/entry.go
 delete mode 100644 objs/dug/funcs.go
 delete mode 100644 objs/dug/fw.go
 delete mode 100644 objs/dug/fw_test.go
 delete mode 100644 objs/dug/pano.go
 delete mode 100644 objs/dug/pano_test.go
 delete mode 100644 objs/dug/testdata_test.go
 delete mode 100644 objs/edl/const.go
 delete mode 100644 objs/edl/doc.go
 delete mode 100644 objs/edl/entry.go
 delete mode 100644 objs/edl/funcs.go
 delete mode 100644 objs/edl/fw.go
 delete mode 100644 objs/edl/fw_test.go
 delete mode 100644 objs/edl/pano.go
 delete mode 100644 objs/edl/pano_test.go
 delete mode 100644 objs/edl/testdata_test.go
 delete mode 100644 objs/fw.go
 delete mode 100644 objs/pano.go
 delete mode 100644 objs/profile/logfwd/const.go
 delete mode 100644 objs/profile/logfwd/doc.go
 delete mode 100644 objs/profile/logfwd/entry.go
 delete mode 100644 objs/profile/logfwd/funcs.go
 delete mode 100644 objs/profile/logfwd/fw.go
 delete mode 100644 objs/profile/logfwd/fw_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/const.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/doc.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/entry.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/fw.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/fw_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/pano.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/pano_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/action/testdata_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/const.go
 delete mode 100644 objs/profile/logfwd/matchlist/doc.go
 delete mode 100644 objs/profile/logfwd/matchlist/entry.go
 delete mode 100644 objs/profile/logfwd/matchlist/fw.go
 delete mode 100644 objs/profile/logfwd/matchlist/fw_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/pano.go
 delete mode 100644 objs/profile/logfwd/matchlist/pano_test.go
 delete mode 100644 objs/profile/logfwd/matchlist/testdata_test.go
 delete mode 100644 objs/profile/logfwd/pano.go
 delete mode 100644 objs/profile/logfwd/pano_test.go
 delete mode 100644 objs/profile/logfwd/testdata_test.go
 delete mode 100644 objs/profile/security/data/const.go
 delete mode 100644 objs/profile/security/data/doc.go
 delete mode 100644 objs/profile/security/data/entry.go
 delete mode 100644 objs/profile/security/data/funcs.go
 delete mode 100644 objs/profile/security/data/fw.go
 delete mode 100644 objs/profile/security/data/fw_test.go
 delete mode 100644 objs/profile/security/data/pano.go
 delete mode 100644 objs/profile/security/data/pano_test.go
 delete mode 100644 objs/profile/security/data/testdata_test.go
 delete mode 100644 objs/profile/security/dos/const.go
 delete mode 100644 objs/profile/security/dos/doc.go
 delete mode 100644 objs/profile/security/dos/entry.go
 delete mode 100644 objs/profile/security/dos/funcs.go
 delete mode 100644 objs/profile/security/dos/fw.go
 delete mode 100644 objs/profile/security/dos/fw_test.go
 delete mode 100644 objs/profile/security/dos/pano.go
 delete mode 100644 objs/profile/security/dos/pano_test.go
 delete mode 100644 objs/profile/security/dos/testdata_test.go
 delete mode 100644 objs/profile/security/file/const.go
 delete mode 100644 objs/profile/security/file/doc.go
 delete mode 100644 objs/profile/security/file/entry.go
 delete mode 100644 objs/profile/security/file/funcs.go
 delete mode 100644 objs/profile/security/file/fw.go
 delete mode 100644 objs/profile/security/file/fw_test.go
 delete mode 100644 objs/profile/security/file/pano.go
 delete mode 100644 objs/profile/security/file/pano_test.go
 delete mode 100644 objs/profile/security/file/testdata_test.go
 delete mode 100644 objs/profile/security/group/const.go
 delete mode 100644 objs/profile/security/group/doc.go
 delete mode 100644 objs/profile/security/group/entry.go
 delete mode 100644 objs/profile/security/group/funcs.go
 delete mode 100644 objs/profile/security/group/fw.go
 delete mode 100644 objs/profile/security/group/fw_test.go
 delete mode 100644 objs/profile/security/group/pano.go
 delete mode 100644 objs/profile/security/group/pano_test.go
 delete mode 100644 objs/profile/security/group/testdata_test.go
 delete mode 100644 objs/profile/security/spyware/const.go
 delete mode 100644 objs/profile/security/spyware/doc.go
 delete mode 100644 objs/profile/security/spyware/entry.go
 delete mode 100644 objs/profile/security/spyware/funcs.go
 delete mode 100644 objs/profile/security/spyware/fw.go
 delete mode 100644 objs/profile/security/spyware/fw_test.go
 delete mode 100644 objs/profile/security/spyware/pano.go
 delete mode 100644 objs/profile/security/spyware/pano_test.go
 delete mode 100644 objs/profile/security/spyware/testdata_test.go
 delete mode 100644 objs/profile/security/url/const.go
 delete mode 100644 objs/profile/security/url/doc.go
 delete mode 100644 objs/profile/security/url/entry.go
 delete mode 100644 objs/profile/security/url/funcs.go
 delete mode 100644 objs/profile/security/url/fw.go
 delete mode 100644 objs/profile/security/url/fw_test.go
 delete mode 100644 objs/profile/security/url/pano.go
 delete mode 100644 objs/profile/security/url/pano_test.go
 delete mode 100644 objs/profile/security/url/testdata_test.go
 delete mode 100644 objs/profile/security/virus/const.go
 delete mode 100644 objs/profile/security/virus/doc.go
 delete mode 100644 objs/profile/security/virus/entry.go
 delete mode 100644 objs/profile/security/virus/funcs.go
 delete mode 100644 objs/profile/security/virus/fw.go
 delete mode 100644 objs/profile/security/virus/fw_test.go
 delete mode 100644 objs/profile/security/virus/pano.go
 delete mode 100644 objs/profile/security/virus/pano_test.go
 delete mode 100644 objs/profile/security/virus/testdata_test.go
 delete mode 100644 objs/profile/security/vulnerability/const.go
 delete mode 100644 objs/profile/security/vulnerability/doc.go
 delete mode 100644 objs/profile/security/vulnerability/entry.go
 delete mode 100644 objs/profile/security/vulnerability/funcs.go
 delete mode 100644 objs/profile/security/vulnerability/fw.go
 delete mode 100644 objs/profile/security/vulnerability/fw_test.go
 delete mode 100644 objs/profile/security/vulnerability/pano.go
 delete mode 100644 objs/profile/security/vulnerability/pano_test.go
 delete mode 100644 objs/profile/security/vulnerability/testdata_test.go
 delete mode 100644 objs/profile/security/wildfire/const.go
 delete mode 100644 objs/profile/security/wildfire/doc.go
 delete mode 100644 objs/profile/security/wildfire/entry.go
 delete mode 100644 objs/profile/security/wildfire/funcs.go
 delete mode 100644 objs/profile/security/wildfire/fw.go
 delete mode 100644 objs/profile/security/wildfire/fw_test.go
 delete mode 100644 objs/profile/security/wildfire/pano.go
 delete mode 100644 objs/profile/security/wildfire/pano_test.go
 delete mode 100644 objs/profile/security/wildfire/testdata_test.go
 delete mode 100644 objs/srvc/const.go
 delete mode 100644 objs/srvc/doc.go
 delete mode 100644 objs/srvc/entry.go
 delete mode 100644 objs/srvc/funcs.go
 delete mode 100644 objs/srvc/fw.go
 delete mode 100644 objs/srvc/fw_test.go
 delete mode 100644 objs/srvc/pano.go
 delete mode 100644 objs/srvc/pano_test.go
 delete mode 100644 objs/srvc/predefined.go
 delete mode 100644 objs/srvc/testdata_test.go
 delete mode 100644 objs/srvcgrp/const.go
 delete mode 100644 objs/srvcgrp/doc.go
 delete mode 100644 objs/srvcgrp/entry.go
 delete mode 100644 objs/srvcgrp/funcs.go
 delete mode 100644 objs/srvcgrp/fw.go
 delete mode 100644 objs/srvcgrp/fw_test.go
 delete mode 100644 objs/srvcgrp/pano.go
 delete mode 100644 objs/srvcgrp/pano_test.go
 delete mode 100644 objs/srvcgrp/testdata_test.go
 delete mode 100644 objs/tags/const.go
 delete mode 100644 objs/tags/doc.go
 delete mode 100644 objs/tags/entry.go
 delete mode 100644 objs/tags/funcs.go
 delete mode 100644 objs/tags/fw.go
 delete mode 100644 objs/tags/fw_test.go
 delete mode 100644 objs/tags/pano.go
 delete mode 100644 objs/tags/pano_test.go
 delete mode 100644 objs/tags/testdata_test.go
 delete mode 100644 pano.go
 delete mode 100644 panosplugin/cloudwatch/config.go
 delete mode 100644 panosplugin/cloudwatch/const.go
 delete mode 100644 panosplugin/cloudwatch/doc.go
 delete mode 100644 panosplugin/cloudwatch/funcs.go
 delete mode 100644 panosplugin/cloudwatch/fw.go
 delete mode 100644 panosplugin/cloudwatch/fw_test.go
 delete mode 100644 panosplugin/cloudwatch/testdata_test.go
 delete mode 100644 panosplugin/fw.go
 delete mode 100644 pnrm/dg/const.go
 delete mode 100644 pnrm/dg/doc.go
 delete mode 100644 pnrm/dg/entry.go
 delete mode 100644 pnrm/dg/funcs.go
 delete mode 100644 pnrm/dg/pano.go
 delete mode 100644 pnrm/dg/pano_test.go
 delete mode 100644 pnrm/dg/testdata_test.go
 delete mode 100644 pnrm/pano.go
 delete mode 100644 pnrm/plugins/gcp/account/const.go
 delete mode 100644 pnrm/plugins/gcp/account/doc.go
 delete mode 100644 pnrm/plugins/gcp/account/entry.go
 delete mode 100644 pnrm/plugins/gcp/account/funcs.go
 delete mode 100644 pnrm/plugins/gcp/account/pano.go
 delete mode 100644 pnrm/plugins/gcp/account/pano_test.go
 delete mode 100644 pnrm/plugins/gcp/account/testdata_test.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/const.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/doc.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/entry.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/funcs.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/const.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/doc.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/entry.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/funcs.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/pano.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/pano_test.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/portmap.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/group/testdata_test.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/pano.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/pano_test.go
 delete mode 100644 pnrm/plugins/gcp/gke/cluster/testdata_test.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/const.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/doc.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/entry.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/funcs.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/pano.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/pano_test.go
 delete mode 100644 pnrm/plugins/swfwlicense/bootstrapdef/testdata_test.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/const.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/doc.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/entry.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/funcs.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/pano.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/pano_test.go
 delete mode 100644 pnrm/plugins/swfwlicense/manager/testdata_test.go
 delete mode 100644 pnrm/template/const.go
 delete mode 100644 pnrm/template/doc.go
 delete mode 100644 pnrm/template/entry.go
 delete mode 100644 pnrm/template/funcs.go
 delete mode 100644 pnrm/template/pano.go
 delete mode 100644 pnrm/template/pano_test.go
 delete mode 100644 pnrm/template/stack/const.go
 delete mode 100644 pnrm/template/stack/doc.go
 delete mode 100644 pnrm/template/stack/entry.go
 delete mode 100644 pnrm/template/stack/funcs.go
 delete mode 100644 pnrm/template/stack/pano.go
 delete mode 100644 pnrm/template/stack/pano_test.go
 delete mode 100644 pnrm/template/variable/const.go
 delete mode 100644 pnrm/template/variable/doc.go
 delete mode 100644 pnrm/template/variable/entry.go
 delete mode 100644 pnrm/template/variable/funcs.go
 delete mode 100644 pnrm/template/variable/pano.go
 delete mode 100644 pnrm/template/variable/pano_test.go
 delete mode 100644 poli/decryption/const.go
 delete mode 100644 poli/decryption/doc.go
 delete mode 100644 poli/decryption/entry.go
 delete mode 100644 poli/decryption/funcs.go
 delete mode 100644 poli/decryption/fw.go
 delete mode 100644 poli/decryption/fw_test.go
 delete mode 100644 poli/decryption/pano.go
 delete mode 100644 poli/decryption/pano_test.go
 delete mode 100644 poli/decryption/testdata_test.go
 delete mode 100644 poli/doc.go
 delete mode 100644 poli/fw.go
 delete mode 100644 poli/nat/const.go
 delete mode 100644 poli/nat/doc.go
 delete mode 100644 poli/nat/entry.go
 delete mode 100644 poli/nat/funcs.go
 delete mode 100644 poli/nat/fw.go
 delete mode 100644 poli/nat/fw_test.go
 delete mode 100644 poli/nat/pano.go
 delete mode 100644 poli/nat/pano_test.go
 delete mode 100644 poli/nat/testdata_test.go
 delete mode 100644 poli/pano.go
 delete mode 100644 poli/pbf/const.go
 delete mode 100644 poli/pbf/doc.go
 delete mode 100644 poli/pbf/entry.go
 delete mode 100644 poli/pbf/funcs.go
 delete mode 100644 poli/pbf/fw.go
 delete mode 100644 poli/pbf/fw_test.go
 delete mode 100644 poli/pbf/pano.go
 delete mode 100644 poli/pbf/pano_test.go
 delete mode 100644 poli/pbf/testdata_test.go
 delete mode 100644 poli/security/const.go
 delete mode 100644 poli/security/doc.go
 delete mode 100644 poli/security/entry.go
 delete mode 100644 poli/security/funcs.go
 delete mode 100644 poli/security/fw.go
 delete mode 100644 poli/security/fw_test.go
 delete mode 100644 poli/security/pano.go
 delete mode 100644 poli/security/pano_test.go
 delete mode 100644 poli/security/testdata_test.go
 delete mode 100644 predefined/dlp/filetype/const.go
 delete mode 100644 predefined/dlp/filetype/doc.go
 delete mode 100644 predefined/dlp/filetype/entry.go
 delete mode 100644 predefined/dlp/filetype/funcs.go
 delete mode 100644 predefined/dlp/filetype/fw.go
 delete mode 100644 predefined/dlp/filetype/fw_test.go
 delete mode 100644 predefined/dlp/filetype/pano.go
 delete mode 100644 predefined/dlp/filetype/pano_test.go
 delete mode 100644 predefined/dlp/filetype/testdata_test.go
 delete mode 100644 predefined/fw.go
 delete mode 100644 predefined/pano.go
 delete mode 100644 predefined/tdb/filetype/const.go
 delete mode 100644 predefined/tdb/filetype/doc.go
 delete mode 100644 predefined/tdb/filetype/entry.go
 delete mode 100644 predefined/tdb/filetype/funcs.go
 delete mode 100644 predefined/tdb/filetype/fw.go
 delete mode 100644 predefined/tdb/filetype/fw_test.go
 delete mode 100644 predefined/tdb/filetype/pano.go
 delete mode 100644 predefined/tdb/filetype/pano_test.go
 delete mode 100644 predefined/tdb/filetype/testdata_test.go
 delete mode 100644 predefined/threat/const.go
 delete mode 100644 predefined/threat/doc.go
 delete mode 100644 predefined/threat/entry.go
 delete mode 100644 predefined/threat/funcs.go
 delete mode 100644 predefined/threat/fw.go
 delete mode 100644 predefined/threat/fw_test.go
 delete mode 100644 predefined/threat/pano.go
 delete mode 100644 predefined/threat/pano_test.go
 delete mode 100644 predefined/threat/testdata_test.go
 delete mode 100644 testdata/testdata.go
 delete mode 100644 userid/doc.go
 delete mode 100644 userid/groups.go
 delete mode 100644 userid/groups_test.go
 delete mode 100644 userid/iptags.go
 delete mode 100644 userid/iptags_test.go
 delete mode 100644 userid/logins.go
 delete mode 100644 userid/message.go
 delete mode 100644 userid/userid.go
 delete mode 100644 userid/userid_test.go
 delete mode 100644 userid/usertags.go
 delete mode 100644 userid/usertags_test.go
 delete mode 100644 vsys/const.go
 delete mode 100644 vsys/doc.go
 delete mode 100644 vsys/entry.go
 delete mode 100644 vsys/funcs.go
 delete mode 100644 vsys/fw.go
 delete mode 100644 vsys/fw_test.go
 delete mode 100644 vsys/pano.go
 delete mode 100644 vsys/pano_test.go
 delete mode 100644 vsys/testdata_test.go
 delete mode 100644 xmlapi/generic.go
 delete mode 100644 xmlapiclient.go

diff --git a/client_test.go b/client_test.go
deleted file mode 100644
index 24e7b36e..00000000
--- a/client_test.go
+++ /dev/null
@@ -1,473 +0,0 @@
-package pango
-
-import (
-	"bytes"
-	"encoding/xml"
-	"fmt"
-	"log"
-	"net/url"
-	"os"
-	"strings"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/commit"
-	"github.com/PaloAltoNetworks/pango/errors"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func init() {
-	log.SetFlags(0)
-}
-
-// rl restores the logger output to the default log location.
-func rl() {
-	log.SetOutput(os.Stderr)
-}
-
-func TestClientStringerHidesPasswords(t *testing.T) {
-	c := &Client{
-		Hostname: "foo",
-		Username: "admin",
-		Password: "secret",
-	}
-
-	if strings.Index(c.String(), "secret") != -1 {
-		t.Fail()
-	}
-}
-
-func TestClientStringerHidesApiKey(t *testing.T) {
-	c := &Client{
-		Hostname: "foo",
-		Username: "admin",
-		ApiKey:   "secret",
-	}
-
-	if strings.Index(c.String(), "secret") != -1 {
-		t.Fail()
-	}
-}
-
-func TestLogActionDisabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogQuiet,
-	}
-	c.LogAction("no")
-	if buf.String() != "" {
-		t.Fail()
-	}
-}
-
-func TestLogActionEnabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogAction,
-	}
-	c.LogAction("yes")
-	s := buf.String()
-	if s != "yes\n" {
-		t.Fail()
-	}
-}
-
-func TestLogQueryDisabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogQuiet,
-	}
-	c.LogQuery("no")
-	if buf.String() != "" {
-		t.Fail()
-	}
-}
-
-func TestLogQueryEnabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogQuery,
-	}
-	c.LogQuery("yes")
-	s := buf.String()
-	if s != "yes\n" {
-		t.Fail()
-	}
-}
-
-func TestLogOpDisabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogQuiet,
-	}
-	c.LogOp("no")
-	if buf.String() != "" {
-		t.Fail()
-	}
-}
-
-func TestLogOpEnabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogOp,
-	}
-	c.LogOp("yes")
-	s := buf.String()
-	if s != "yes\n" {
-		t.Fail()
-	}
-}
-
-func TestLogUidDisabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogQuiet,
-	}
-	c.LogUid("no")
-	if buf.String() != "" {
-		t.Fail()
-	}
-}
-
-func TestLogUidEnabled(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Logging: LogUid,
-	}
-	c.LogUid("yes")
-	s := buf.String()
-	if s != "yes\n" {
-		t.Fail()
-	}
-}
-
-func TestRetrieveApiKey(t *testing.T) {
-	c := &Client{}
-	c.rb = [][]byte{
-		[]byte(testdata.ApiKeyXml),
-	}
-	if err := c.Initialize(); err != nil {
-		t.Errorf("Initialize failed: %s", err)
-		return
-	}
-
-	err := c.RetrieveApiKey()
-	if err != nil {
-		t.Errorf("Failed to retrieve api key: %s", err)
-	} else if c.ApiKey != "secret" {
-		t.Fail()
-	}
-}
-
-func TestAsStringWithString(t *testing.T) {
-	expected := "foobar"
-	val, err := asString(expected, true)
-
-	if err != nil {
-		t.Errorf("Failed asString: %s", err)
-	} else if val != expected {
-		t.Errorf("Expected:%s got:%s", expected, val)
-	}
-}
-
-type StringerCheck struct{}
-
-func (o StringerCheck) String() string { return "hello" }
-
-func TestAsStringWithStringer(t *testing.T) {
-	x := StringerCheck{}
-	expected := x.String()
-
-	val, err := asString(x, true)
-	if err != nil {
-		t.Errorf("Failed asString: %s", err)
-	} else if val != expected {
-		t.Errorf("Expected:%s got:%s", expected, val)
-	}
-}
-
-func TestAsStringWithElementer(t *testing.T) {
-	x := commit.FirewallCommit{
-		Description: "hello",
-	}
-
-	expected, err := xml.Marshal(x.Element())
-	if err != nil {
-		t.Errorf("Failed to marshal firewall commit: %s", err)
-	}
-
-	val, err := asString(x, true)
-	if err != nil {
-		t.Errorf("Failed asString: %s", err)
-	} else if val != string(expected) {
-		t.Errorf("Expected:%s got:%s", expected, val)
-	}
-}
-
-func TestAsStringWithNil(t *testing.T) {
-	if _, err := asString(nil, true); err == nil {
-		t.Errorf("asString() returned no error on nil input")
-	}
-}
-
-func TestLogSendBasic(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		ApiKey:  "secret",
-		Logging: LogSend,
-	}
-	values := url.Values{
-		"type":     []string{"keygen"},
-		"user":     []string{"foo"},
-		"password": []string{"bar"},
-		"key":      []string{c.ApiKey},
-	}
-	c.logSend(values)
-
-	s := buf.String()
-	if s == "" {
-		t.Fail()
-	} else if strings.Contains(s, c.ApiKey) {
-		t.Errorf("API key was not masked")
-	} else {
-		for _, k := range []string{"type", "keygen", "user", "foo", "password", "bar"} {
-			if !strings.Contains(s, k) {
-				t.Errorf("%s is not present in basic logsend", k)
-			}
-		}
-	}
-}
-
-func TestLogSendOsxCurlWithoutPersonalDataWithoutElement(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Hostname: "127.0.0.1",
-		ApiKey:   "secret",
-		Protocol: "https",
-		Logging:  LogOsxCurl,
-	}
-	values := url.Values{
-		"type":   []string{"config"},
-		"action": []string{"delete"},
-		"xpath":  []string{"mypathhere"},
-		"key":    []string{"APIKEY"},
-	}
-	expected := fmt.Sprintf("curl -k 'https://HOST/api?%s'\n", values.Encode())
-	values.Set("key", c.ApiKey)
-	c.logSend(values)
-
-	s := buf.String()
-	if s == "" {
-		t.Fail()
-	} else if strings.Contains(s, c.ApiKey) {
-		t.Errorf("API key was included in the output")
-	} else if expected != s {
-		t.Errorf("expected: %q\ngot: %q", expected, s)
-	}
-}
-
-func TestLogSendOsxCurlVerifyCertificate(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Hostname:          "127.0.0.1",
-		ApiKey:            "secret",
-		Protocol:          "https",
-		VerifyCertificate: true,
-		Logging:           LogOsxCurl,
-	}
-	values := url.Values{
-		"type":   []string{"config"},
-		"action": []string{"delete"},
-		"xpath":  []string{"mypathhere"},
-		"key":    []string{c.ApiKey},
-	}
-	c.logSend(values)
-
-	s := buf.String()
-	if s == "" {
-		t.Fail()
-	} else if strings.Contains(s, c.ApiKey) {
-		t.Errorf("API key was included in the output")
-	} else if strings.Contains(s, " -k ") {
-		t.Errorf("Insecure flag was incorrectly present")
-	}
-}
-
-func TestLogSendOsxCurlWithoutPersonalDataWithElement(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Hostname: "127.0.0.1",
-		ApiKey:   "secret",
-		Protocol: "https",
-		Logging:  LogOsxCurl,
-		Headers: map[string]string{
-			"X-Header-1": "value",
-		},
-	}
-	element := "<my><xml/></my>"
-	values := url.Values{
-		"type":   []string{"config"},
-		"action": []string{"set"},
-		"xpath":  []string{"mypathhere"},
-		"key":    []string{"APIKEY"},
-	}
-	lines := []string{
-		fmt.Sprintf("curl -k --data-urlencode element@element.xml 'https://HOST/api?%s'\n", values.Encode()),
-		"element.xml:\n",
-		fmt.Sprintf("%s\n", element),
-	}
-	expected := strings.Join(lines, "")
-	values.Set("element", element)
-	values.Set("key", c.ApiKey)
-	c.logSend(values)
-
-	s := buf.String()
-	if s == "" {
-		t.Fail()
-	} else if strings.Contains(s, c.ApiKey) {
-		t.Errorf("API key was included in the output")
-	} else if strings.Contains(s, " --header ") {
-		t.Errorf("Header was incorrectly included")
-	} else if expected != s {
-		t.Errorf("expected: %q\ngot: %q", expected, s)
-	}
-}
-
-func TestLogSendOsxCurlWithPersonalDataHeadersWithValues(t *testing.T) {
-	var buf bytes.Buffer
-	log.SetOutput(&buf)
-	defer rl()
-
-	c := &Client{
-		Hostname: "127.0.0.1",
-		ApiKey:   "secret",
-		Protocol: "https",
-		Logging:  LogOsxCurl | LogCurlWithPersonalData,
-		Headers: map[string]string{
-			"X-Header-1": "wu tang clan",
-			"X-Do-Stuff": "daft punk",
-		},
-	}
-	values := url.Values{
-		"type":   []string{"config"},
-		"action": []string{"delete"},
-		"xpath":  []string{"mypathhere"},
-		"key":    []string{c.ApiKey},
-	}
-	c.logSend(values)
-
-	s := buf.String()
-
-	if s == "" {
-		t.Fail()
-	} else {
-		regular := []string{
-			" -k ",
-			c.Hostname,
-			c.ApiKey,
-		}
-		expected := make([]string, 0, len(regular)+len(c.Headers))
-		for _, k := range regular {
-			expected = append(expected, k)
-		}
-		for k, v := range c.Headers {
-			expected = append(expected, fmt.Sprintf(" --header '%s: %s'", k, v))
-		}
-		for _, v := range expected {
-			if !strings.Contains(s, v) {
-				t.Errorf("Could not find %q in output: %s", v, s)
-			}
-		}
-	}
-}
-
-func TestGetOnMissingObjectReturnsObjectNotFoundError(t *testing.T) {
-	resp := `<response status="success" code="7"><result/></response>`
-
-	c := &Client{}
-
-	err := c.endCommunication([]byte(resp), nil)
-	if err == nil {
-		t.Errorf("Error is nil")
-	}
-	e2, ok := err.(errors.Panos)
-	if !ok {
-		t.Errorf("Error is not an errors.Panos")
-	}
-	if !e2.ObjectNotFound() {
-		t.Errorf("Is not an object not found error")
-	}
-}
-
-func TestShowOnMissingObjectReturnsNoSuchNode(t *testing.T) {
-	expected := "No such node"
-	resp := `<response status="error"><msg><line>No such node</line></msg></response>`
-
-	c := &Client{}
-
-	err := c.endCommunication([]byte(resp), nil)
-	if err == nil {
-		t.Errorf("Error is nil")
-	}
-	e2, ok := err.(errors.Panos)
-	if !ok {
-		t.Errorf("Error is not an errors.Panos")
-	}
-	if e2.Msg != "No such node" {
-		t.Errorf("Error is %q, not %q", e2.Msg, expected)
-	}
-}
-
-func TestMultilineErrorMessage(t *testing.T) {
-	expected := "HTTP method must be GET"
-	resp := fmt.Sprintf(`<response status="error" code="12"><msg><line><![CDATA[ tf123456 -> server -> first server  is invalid. %s, Username/Password must not be empty when Tag Distribution is chosen]]></line><line><![CDATA[ tf123456 -> server is invalid]]></line></msg></response>`, expected)
-
-	c := &Client{}
-
-	err := c.endCommunication([]byte(resp), nil)
-	if err == nil {
-		t.Errorf("Error is nil")
-	}
-	e2, ok := err.(errors.Panos)
-	if !ok {
-		t.Errorf("Error is not an errors.Panos")
-	}
-	if !strings.Contains(e2.Msg, expected) {
-		t.Errorf("Error does not have the %q substring in the first error line", expected)
-	}
-}
diff --git a/commit/const.go b/commit/const.go
deleted file mode 100644
index e3de3bc3..00000000
--- a/commit/const.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package commit
-
-// Valid values for PanoramaCommitAll.Type.
-const (
-	TypeDeviceGroup       = "device group"
-	TypeTemplate          = "template"
-	TypeTemplateStack     = "template stack"
-	TypeLogCollectorGroup = "log collector group"
-	TypeWildfireAppliance = "wildfire appliance"
-	TypeWildfireCluster   = "wildfire cluster"
-)
diff --git a/commit/doc.go b/commit/doc.go
deleted file mode 100644
index 82b034fd..00000000
--- a/commit/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-/*
-Package commit contains normalizations for firewall and Panorama commits.
-*/
-package commit
diff --git a/commit/fw.go b/commit/fw.go
deleted file mode 100644
index 4034d3db..00000000
--- a/commit/fw.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package commit
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FirewallCommit is a normalized object for defining firewall commits.
-//
-// This is a commit type, designed to be passed in to Client.Commit().
-//
-// Admins is the list of admins whose changes should be committed.
-type FirewallCommit struct {
-	Description             string
-	Admins                  []string
-	ExcludeDeviceAndNetwork bool
-	ExcludeSharedObjects    bool
-	ExcludePolicyAndObjects bool
-	Force                   bool
-}
-
-// Action returns a commit action of an empty string.
-func (o FirewallCommit) Action() string { return "" }
-
-// Element returns an interface to be marshalled to perform the specified commit.
-func (o FirewallCommit) Element() interface{} {
-	ans := fwCommit{
-		Description: o.Description,
-	}
-
-	var p *fwPartialCommit
-	if len(o.Admins) > 0 ||
-		o.ExcludeDeviceAndNetwork || o.ExcludeSharedObjects || o.ExcludePolicyAndObjects {
-		p = &fwPartialCommit{
-			Admins: util.StrToMem(o.Admins),
-		}
-
-		if o.ExcludeDeviceAndNetwork {
-			p.ExcludeDeviceAndNetwork = "excluded"
-		}
-
-		if o.ExcludeSharedObjects {
-			p.ExcludeSharedObjects = "excluded"
-		}
-
-		if o.ExcludePolicyAndObjects {
-			p.ExcludePolicyAndObjects = "excluded"
-		}
-	}
-
-	if o.Force {
-		ans.Force = &fwForce{
-			Partial: p,
-		}
-	} else {
-		ans.Partial = p
-	}
-
-	return ans
-}
-
-type fwCommit struct {
-	XMLName     xml.Name         `xml:"commit"`
-	Description string           `xml:"description,omitempty"`
-	Force       *fwForce         `xml:"force"`
-	Partial     *fwPartialCommit `xml:"partial"`
-}
-
-type fwForce struct {
-	Partial *fwPartialCommit `xml:"partial"`
-}
-
-type fwPartialCommit struct {
-	Admins                  *util.MemberType `xml:"admin"`
-	ExcludeDeviceAndNetwork string           `xml:"device-and-network,omitempty"`
-	ExcludeSharedObjects    string           `xml:"shared-object,omitempty"`
-	ExcludePolicyAndObjects string           `xml:"policy-and-objects,omitempty"`
-}
diff --git a/commit/fw_test.go b/commit/fw_test.go
deleted file mode 100644
index 95bb1382..00000000
--- a/commit/fw_test.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package commit
-
-import (
-	"encoding/xml"
-	"strings"
-	"testing"
-)
-
-func TestFwNormalCommit(t *testing.T) {
-	expected := `<commit><description>Hello</description></commit>`
-
-	c := FirewallCommit{
-		Description: "Hello",
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPartialCommitWithAdmins(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>example</description>",
-		"<partial><admin>",
-		"<member>a1</member>",
-		"<member>a2</member>",
-		"</admin></partial>",
-		"</commit>",
-	}
-
-	expected := strings.Join(s, "")
-
-	c := FirewallCommit{
-		Description: "example",
-		Admins:      []string{"a1", "a2"},
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPartialExcludeDeviceAndNetwork(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>example</description>",
-		"<partial>",
-		"<device-and-network>excluded</device-and-network>",
-		"</partial>",
-		"</commit>",
-	}
-
-	expected := strings.Join(s, "")
-
-	c := FirewallCommit{
-		Description:             "example",
-		ExcludeDeviceAndNetwork: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPartialExcludePolicyAndObject(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>example</description>",
-		"<partial>",
-		"<policy-and-objects>excluded</policy-and-objects>",
-		"</partial>",
-		"</commit>",
-	}
-
-	expected := strings.Join(s, "")
-
-	c := FirewallCommit{
-		Description:             "example",
-		ExcludePolicyAndObjects: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPartialExcludeShared(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>example</description>",
-		"<partial>",
-		"<shared-object>excluded</shared-object>",
-		"</partial>",
-		"</commit>",
-	}
-
-	expected := strings.Join(s, "")
-
-	c := FirewallCommit{
-		Description:          "example",
-		ExcludeSharedObjects: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestFullPartial(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>check</description>",
-		"<partial>",
-		"<admin>",
-		"<member>user1</member>",
-		"<member>user2</member>",
-		"</admin>",
-		"<device-and-network>excluded</device-and-network>",
-		"<shared-object>excluded</shared-object>",
-		"<policy-and-objects>excluded</policy-and-objects>",
-		"</partial>",
-		"</commit>",
-	}
-
-	expected := strings.Join(s, "")
-
-	c := FirewallCommit{
-		Description:             "check",
-		Admins:                  []string{"user1", "user2"},
-		ExcludeDeviceAndNetwork: true,
-		ExcludeSharedObjects:    true,
-		ExcludePolicyAndObjects: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestFirewallAction(t *testing.T) {
-	c := FirewallCommit{}
-
-	if c.Action() != "" {
-		t.Errorf("Action is %q and not empty string", c.Action())
-	}
-}
diff --git a/commit/pano.go b/commit/pano.go
deleted file mode 100644
index 51437b34..00000000
--- a/commit/pano.go
+++ /dev/null
@@ -1,229 +0,0 @@
-package commit
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoramaCommit is a normalized Panorama commit.
-//
-// This is a commit type, designed to be passed in to Client.Commit().
-//
-// Admins is the list of admins whose changes should be committed.
-type PanoramaCommit struct {
-	Description             string
-	Admins                  []string
-	DeviceGroups            []string
-	Templates               []string
-	TemplateStacks          []string
-	WildfireAppliances      []string
-	WildfireClusters        []string
-	LogCollectors           []string
-	LogCollectorGroups      []string
-	ExcludeDeviceAndNetwork bool
-	ExcludeSharedObjects    bool
-	Force                   bool
-}
-
-// Action returns a commit action of an empty string.
-func (o PanoramaCommit) Action() string { return "" }
-
-// Element returns an interface to be marshalled to perform the specified commit.
-func (o PanoramaCommit) Element() interface{} {
-	ans := panoCommit{
-		Description: o.Description,
-	}
-
-	var p *panoPartialCommit
-	if len(o.Admins) > 0 || len(o.DeviceGroups) > 0 ||
-		len(o.WildfireAppliances) > 0 || len(o.WildfireClusters) > 0 ||
-		len(o.LogCollectors) > 0 || len(o.LogCollectorGroups) > 0 ||
-		len(o.Templates) > 0 || len(o.TemplateStacks) > 0 ||
-		o.ExcludeDeviceAndNetwork || o.ExcludeSharedObjects {
-		p = &panoPartialCommit{
-			Admins:             util.StrToMem(o.Admins),
-			DeviceGroups:       util.StrToMem(o.DeviceGroups),
-			Templates:          util.StrToMem(o.Templates),
-			TemplateStacks:     util.StrToMem(o.TemplateStacks),
-			WildfireAppliances: util.StrToMem(o.WildfireAppliances),
-			WildfireClusters:   util.StrToMem(o.WildfireClusters),
-			LogCollectors:      util.StrToMem(o.LogCollectors),
-			LogCollectorGroups: util.StrToMem(o.LogCollectorGroups),
-		}
-
-		if o.ExcludeDeviceAndNetwork {
-			p.ExcludeDeviceAndNetwork = "excluded"
-		}
-
-		if o.ExcludeSharedObjects {
-			p.ExcludeSharedObjects = "excluded"
-		}
-	}
-
-	if o.Force {
-		ans.Force = &panoForce{
-			Partial: p,
-		}
-	} else {
-		ans.Partial = p
-	}
-
-	return ans
-}
-
-type panoCommit struct {
-	XMLName     xml.Name           `xml:"commit"`
-	Description string             `xml:"description,omitempty"`
-	Force       *panoForce         `xml:"force"`
-	Partial     *panoPartialCommit `xml:"partial"`
-}
-
-type panoForce struct {
-	Partial *panoPartialCommit `xml:"partial"`
-}
-
-type panoPartialCommit struct {
-	Admins                  *util.MemberType `xml:"admin"`
-	DeviceGroups            *util.MemberType `xml:"device-group"`
-	Templates               *util.MemberType `xml:"template"`
-	TemplateStacks          *util.MemberType `xml:"template-stack"`
-	WildfireAppliances      *util.MemberType `xml:"wildfire-appliance"`
-	WildfireClusters        *util.MemberType `xml:"wildfire-appliance-cluster"`
-	LogCollectors           *util.MemberType `xml:"log-collector"`
-	LogCollectorGroups      *util.MemberType `xml:"log-collector-group"`
-	ExcludeDeviceAndNetwork string           `xml:"device-and-network,omitempty"`
-	ExcludeSharedObjects    string           `xml:"shared-object,omitempty"`
-}
-
-/*
-PanoramaCommitAll is a normalized Panorama commit-all.
-
-This is a commit type, designed to be passed in to Client.Commit().
-
-Depending on the type of commit specified, only certain parameters of this
-object are used.
-
-Regardless of the type given, all commits will use the Description  and Name params.
-
-TypeDeviceGroup types uses Devices, IncludeTemplate, and ForceTemplateValues.
-
-TypeTemplate and TypeTemplateStack uses Devices and ForceTemplateValues.
-*/
-type PanoramaCommitAll struct {
-	Type                string
-	Name                string
-	Description         string
-	IncludeTemplate     bool
-	ForceTemplateValues bool
-	Devices             []string
-}
-
-// Action returns a commit action of "all".
-func (o PanoramaCommitAll) Action() string { return "all" }
-
-// Element returns an interface to be marshalled to perform the specified commit.
-func (o PanoramaCommitAll) Element() interface{} {
-	var ans panoCommitAll
-
-	switch o.Type {
-	case TypeDeviceGroup:
-		ans = panoCommitAll{
-			DeviceGroup: &pcaDeviceGroup{
-				DgInfo: pcaDgInfo{
-					Entry: pcaDgInfoEntry{
-						Name:    o.Name,
-						Devices: util.StrToEnt(o.Devices),
-					},
-				},
-				Description:         o.Description,
-				IncludeTemplate:     util.YesNo(o.IncludeTemplate),
-				ForceTemplateValues: util.YesNo(o.ForceTemplateValues),
-			},
-		}
-	case TypeTemplate:
-		ans = panoCommitAll{
-			Template: &pcaTemplate{
-				Name:                o.Name,
-				Description:         o.Description,
-				ForceTemplateValues: util.YesNo(o.ForceTemplateValues),
-				Devices:             util.StrToMem(o.Devices),
-			},
-		}
-	case TypeTemplateStack:
-		ans = panoCommitAll{
-			TemplateStack: &pcaTemplate{
-				Name:                o.Name,
-				Description:         o.Description,
-				ForceTemplateValues: util.YesNo(o.ForceTemplateValues),
-				Devices:             util.StrToMem(o.Devices),
-			},
-		}
-	case TypeLogCollectorGroup:
-		ans = panoCommitAll{
-			LogCollectorGroup: &pcaLogCollectorGroup{
-				Name:        o.Name,
-				Description: o.Description,
-			},
-		}
-	case TypeWildfireAppliance:
-		ans = panoCommitAll{
-			Wildfire: &pcaWildfire{
-				Appliance:   o.Name,
-				Description: o.Description,
-			},
-		}
-	case TypeWildfireCluster:
-		ans = panoCommitAll{
-			Wildfire: &pcaWildfire{
-				Cluster:     o.Name,
-				Description: o.Description,
-			},
-		}
-	}
-
-	return ans
-}
-
-type panoCommitAll struct {
-	XMLName           xml.Name              `xml:"commit-all"`
-	DeviceGroup       *pcaDeviceGroup       `xml:"shared-policy"`
-	Template          *pcaTemplate          `xml:"template"`
-	TemplateStack     *pcaTemplate          `xml:"template-stack"`
-	LogCollectorGroup *pcaLogCollectorGroup `xml:"log-collector-config"`
-	Wildfire          *pcaWildfire          `xml:"wildfire-appliance-config"`
-}
-
-type pcaDeviceGroup struct {
-	DgInfo              pcaDgInfo `xml:"device-group"`
-	Description         string    `xml:"description,omitempty"`
-	IncludeTemplate     string    `xml:"include-template"`
-	ForceTemplateValues string    `xml:"force-template-values"`
-}
-
-type pcaDgInfo struct {
-	Entry pcaDgInfoEntry `xml:"entry"`
-}
-
-type pcaDgInfoEntry struct {
-	Name    string          `xml:"name,attr"`
-	Devices *util.EntryType `xml:"devices"`
-}
-
-type pcaTemplate struct {
-	Name                string           `xml:"name"`
-	Description         string           `xml:"description,omitempty"`
-	Devices             *util.MemberType `xml:"device"`
-	ForceTemplateValues string           `xml:"force-template-values"`
-}
-
-type pcaLogCollectorGroup struct {
-	Name        string `xml:"log-collector-group"`
-	Description string `xml:"description,omitempty"`
-}
-
-type pcaWildfire struct {
-	Description string `xml:"description,omitempty"`
-	Appliance   string `xml:"wildfire-appliance,omitempty"`
-	Cluster     string `xml:"wildfire-appliance-cluster,omitempty"`
-}
diff --git a/commit/pano_test.go b/commit/pano_test.go
deleted file mode 100644
index 523e40ca..00000000
--- a/commit/pano_test.go
+++ /dev/null
@@ -1,271 +0,0 @@
-package commit
-
-import (
-	"encoding/xml"
-	"strings"
-	"testing"
-)
-
-func TestPanoNormalCommit(t *testing.T) {
-	expected := `<commit><description>Hello</description></commit>`
-
-	c := PanoramaCommit{
-		Description: "Hello",
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoForcePartialCommit(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>forced partial commit</description>",
-		"<force>",
-		"<partial>",
-		"<device-group><member>dg1</member></device-group>",
-		"<shared-object>excluded</shared-object>",
-		"</partial>",
-		"</force>",
-		"</commit>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommit{
-		Description:          "forced partial commit",
-		DeviceGroups:         []string{"dg1"},
-		ExcludeSharedObjects: true,
-		Force:                true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoFullCommit(t *testing.T) {
-	s := []string{
-		"<commit>",
-		"<description>full</description>",
-		"<partial>",
-		"<admin><member>admin1</member><member>admin2</member></admin>",
-		"<device-group><member>dg1</member></device-group>",
-		"<template><member>tmpl1</member></template>",
-		"<template-stack><member>ts1</member></template-stack>",
-		"<wildfire-appliance><member>wfa1</member></wildfire-appliance>",
-		"<wildfire-appliance-cluster><member>wfc1</member></wildfire-appliance-cluster>",
-		"<log-collector><member>lc1</member></log-collector>",
-		"<log-collector-group><member>lcg1</member></log-collector-group>",
-		"<device-and-network>excluded</device-and-network>",
-		"<shared-object>excluded</shared-object>",
-		"</partial>",
-		"</commit>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommit{
-		Description:             "full",
-		Admins:                  []string{"admin1", "admin2"},
-		DeviceGroups:            []string{"dg1"},
-		Templates:               []string{"tmpl1"},
-		TemplateStacks:          []string{"ts1"},
-		WildfireAppliances:      []string{"wfa1"},
-		WildfireClusters:        []string{"wfc1"},
-		LogCollectors:           []string{"lc1"},
-		LogCollectorGroups:      []string{"lcg1"},
-		ExcludeDeviceAndNetwork: true,
-		ExcludeSharedObjects:    true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAction(t *testing.T) {
-	c := PanoramaCommit{}
-
-	if c.Action() != "" {
-		t.Errorf("Action is %q instead of empty string", c.Action())
-	}
-}
-
-func TestPanoBlankCommitAll(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllDeviceGroup(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<shared-policy>",
-		"<device-group>",
-		"<entry name=\"foo\"><devices><entry name=\"d1\"></entry></devices></entry>",
-		"</device-group>",
-		"<description>device group</description>",
-		"<include-template>yes</include-template>",
-		"<force-template-values>no</force-template-values>",
-		"</shared-policy>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:            TypeDeviceGroup,
-		Name:            "foo",
-		Description:     "device group",
-		Devices:         []string{"d1"},
-		IncludeTemplate: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllTemplate(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<template>",
-		"<name>tmpl1</name>",
-		"<description>template</description>",
-		"<device><member>12321</member></device>",
-		"<force-template-values>yes</force-template-values>",
-		"</template>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:                TypeTemplate,
-		Name:                "tmpl1",
-		Description:         "template",
-		Devices:             []string{"12321"},
-		ForceTemplateValues: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllTemplateStack(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<template-stack>",
-		"<name>ts1</name>",
-		"<description>template stack</description>",
-		"<device><member>12321</member></device>",
-		"<force-template-values>yes</force-template-values>",
-		"</template-stack>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:                TypeTemplateStack,
-		Name:                "ts1",
-		Description:         "template stack",
-		Devices:             []string{"12321"},
-		ForceTemplateValues: true,
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllLogCollectorGroup(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<log-collector-config>",
-		"<log-collector-group>lcg1</log-collector-group>",
-		"<description>log collector</description>",
-		"</log-collector-config>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:        TypeLogCollectorGroup,
-		Name:        "lcg1",
-		Description: "log collector",
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllWildfireAppliance(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<wildfire-appliance-config>",
-		"<description>wf check</description>",
-		"<wildfire-appliance>wfa1</wildfire-appliance>",
-		"</wildfire-appliance-config>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:        TypeWildfireAppliance,
-		Name:        "wfa1",
-		Description: "wf check",
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllWildfireCluster(t *testing.T) {
-	s := []string{
-		"<commit-all>",
-		"<wildfire-appliance-config>",
-		"<description>wf check</description>",
-		"<wildfire-appliance-cluster>wfc1</wildfire-appliance-cluster>",
-		"</wildfire-appliance-config>",
-		"</commit-all>",
-	}
-	expected := strings.Join(s, "")
-
-	c := PanoramaCommitAll{
-		Type:        TypeWildfireCluster,
-		Name:        "wfc1",
-		Description: "wf check",
-	}
-
-	b, _ := xml.Marshal(c.Element())
-	if expected != string(b) {
-		t.Errorf("Expected(%s) got(%s)", expected, b)
-	}
-}
-
-func TestPanoCommitAllAction(t *testing.T) {
-	c := PanoramaCommitAll{}
-	expected := "all"
-
-	if c.Action() != expected {
-		t.Errorf("Commit all action should be %q, not %q", expected, c.Action())
-	}
-}
diff --git a/connect.go b/connect.go
deleted file mode 100644
index 642a3afb..00000000
--- a/connect.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package pango
-
-/*
-Connect opens a connection to the PAN-OS client, then uses the "model" info
-to return a pointer to either a Firewall or Panorama struct.
-
-The Initialize function is invoked as part of this discovery, so there is no
-need to Initialize() the Client connection prior to invoking this.
-*/
-func Connect(c Client) (interface{}, error) {
-	var err error
-
-	logg := c.Logging
-	c.Logging = LogQuiet
-
-	if err = c.Initialize(); err != nil {
-		return nil, err
-	}
-
-	model := c.SystemInfo["model"]
-	if model == "Panorama" || model[:2] == "M-" {
-		pano := &Panorama{Client: c}
-		pano.Logging = logg
-		if err = pano.Initialize(); err != nil {
-			return nil, err
-		}
-		return pano, nil
-	} else {
-		fw := &Firewall{Client: c}
-		fw.Logging = logg
-		if err = fw.Initialize(); err != nil {
-			return nil, err
-		}
-		return fw, nil
-	}
-}
-
-/*
-ConnectUsing does Connect(), but takes in a filename that contains
-fallback authentication credentials if they aren't specified.
-
-The order of preference for auth / connection settings is:
-
-* explicitly set
-* environment variable (set chkenv to true to enable this)
-* json file
-*/
-func ConnectUsing(c Client, filename string, chkenv bool) (interface{}, error) {
-	c.CheckEnvironment = chkenv
-	c.credsFile = filename
-
-	return Connect(c)
-}
diff --git a/dev/certificate/certs.go b/dev/certificate/certs.go
deleted file mode 100644
index cad4c308..00000000
--- a/dev/certificate/certs.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package certificate
-
-// Pem is a PEM certificate suitable to be imported into PAN-OS.
-//
-// Importing the certificate and the private key are two separate API
-// calls.  If the PrivateKey is left unspecified, then the 2nd API call
-// will not be made.
-type Pem struct {
-	Name                string
-	Certificate         string
-	CertificateFilename string
-	PrivateKey          string
-	PrivateKeyFilename  string
-	Passphrase          string
-}
-
-// Pkcs12 is a PKCS12 certificate suitable to be imported into PAN-OS.
-type Pkcs12 struct {
-	Name                string
-	Certificate         string
-	CertificateFilename string
-	Passphrase          string
-}
diff --git a/dev/certificate/const.go b/dev/certificate/const.go
deleted file mode 100644
index d7c1c620..00000000
--- a/dev/certificate/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package certificate
-
-// Valid values for Entry.Status.
-const (
-	StatusValid   = "valid"
-	StatusRevoked = "revoked"
-)
-
-const (
-	singular = "certificate"
-	plural   = "certificates"
-)
diff --git a/dev/certificate/doc.go b/dev/certificate/doc.go
deleted file mode 100644
index c71bff14..00000000
--- a/dev/certificate/doc.go
+++ /dev/null
@@ -1,20 +0,0 @@
-/*
-Package certificate is the client.Device.Certificate namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects on Panorama, leave "tmpl" and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Configuring things such as "Forward Trust Certificate", "Forward Untrust
-Certificate", and "Trusted Root CA" is done from the Device.SslDecrypt
-namespace.
-
-Note: PAN-OS 7.1+
-
-Normalized object:  Entry
-*/
-package certificate
diff --git a/dev/certificate/entry.go b/dev/certificate/entry.go
deleted file mode 100644
index 00596cd7..00000000
--- a/dev/certificate/entry.go
+++ /dev/null
@@ -1,174 +0,0 @@
-package certificate
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// certificate.
-//
-// PAN-OS 7.1+.
-type Entry struct {
-	Name            string
-	CommonName      string
-	Algorithm       string
-	Ca              bool
-	NotValidAfter   string
-	NotValidBefore  string
-	ExpiryEpoch     string
-	Subject         string
-	SubjectHash     string
-	Issuer          string
-	IssuerHash      string
-	Csr             string
-	PublicKey       string
-	PrivateKey      string
-	PrivateKeyOnHsm bool
-	Status          string
-	RevokeDateEpoch string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.CommonName = s.CommonName
-	o.Algorithm = s.Algorithm
-	o.Ca = s.Ca
-	o.NotValidAfter = s.NotValidAfter
-	o.NotValidBefore = s.NotValidBefore
-	o.ExpiryEpoch = s.ExpiryEpoch
-	o.Subject = s.Subject
-	o.SubjectHash = s.SubjectHash
-	o.Issuer = s.Issuer
-	o.IssuerHash = s.IssuerHash
-	o.Csr = s.Csr
-	o.PublicKey = s.PublicKey
-	o.PrivateKey = s.PrivateKey
-	o.PrivateKeyOnHsm = s.PrivateKeyOnHsm
-	o.Status = s.Status
-	o.RevokeDateEpoch = s.RevokeDateEpoch
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		CommonName:      o.CommonName,
-		Algorithm:       o.Algorithm,
-		Ca:              util.AsBool(o.Ca),
-		NotValidAfter:   o.NotValidAfter,
-		NotValidBefore:  o.NotValidBefore,
-		ExpiryEpoch:     o.ExpiryEpoch,
-		Subject:         o.Subject,
-		SubjectHash:     o.SubjectHash,
-		Issuer:          o.Issuer,
-		IssuerHash:      o.IssuerHash,
-		Csr:             o.Csr,
-		PublicKey:       o.PublicKey,
-		PrivateKey:      o.PrivateKey,
-		PrivateKeyOnHsm: util.AsBool(o.PrivateKeyOnHsm),
-		Status:          o.Status,
-		RevokeDateEpoch: o.RevokeDateEpoch,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name `xml:"entry"`
-	Name            string   `xml:"name,attr"`
-	CommonName      string   `xml:"common-name"`
-	Algorithm       string   `xml:"algorithm,omitempty"`
-	Ca              string   `xml:"ca,omitempty"`
-	NotValidAfter   string   `xml:"not-valid-after,omitempty"`
-	NotValidBefore  string   `xml:"not-valid-before,omitempty"`
-	ExpiryEpoch     string   `xml:"expiry-epoch,omitempty"`
-	Subject         string   `xml:"subject,omitempty"`
-	SubjectHash     string   `xml:"subject-hash,omitempty"`
-	Issuer          string   `xml:"issuer,omitempty"`
-	IssuerHash      string   `xml:"issuer-hash,omitempty"`
-	Csr             string   `xml:"csr,omitempty"`
-	PublicKey       string   `xml:"public-key,omitempty"`
-	PrivateKey      string   `xml:"private-key,omitempty"`
-	PrivateKeyOnHsm string   `xml:"private-key-on-hsm,omitempty"`
-	Status          string   `xml:"status,omitempty"`
-	RevokeDateEpoch string   `xml:"revoke-date-epoch,omitempty"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		Status: StatusValid,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:            e.Name,
-		CommonName:      e.CommonName,
-		Algorithm:       e.Algorithm,
-		NotValidAfter:   e.NotValidAfter,
-		NotValidBefore:  e.NotValidBefore,
-		ExpiryEpoch:     e.ExpiryEpoch,
-		Subject:         e.Subject,
-		SubjectHash:     e.SubjectHash,
-		Issuer:          e.Issuer,
-		IssuerHash:      e.IssuerHash,
-		Csr:             e.Csr,
-		PublicKey:       e.PublicKey,
-		PrivateKey:      e.PrivateKey,
-		Status:          e.Status,
-		RevokeDateEpoch: e.RevokeDateEpoch,
-	}
-
-	if e.Ca {
-		ans.Ca = util.YesNo(e.Ca)
-	}
-
-	if e.PrivateKeyOnHsm {
-		ans.PrivateKeyOnHsm = util.YesNo(e.PrivateKeyOnHsm)
-	}
-
-	return ans
-}
diff --git a/dev/certificate/funcs.go b/dev/certificate/funcs.go
deleted file mode 100644
index 17860fc4..00000000
--- a/dev/certificate/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package certificate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/certificate/fw.go b/dev/certificate/fw.go
deleted file mode 100644
index 78c09e6b..00000000
--- a/dev/certificate/fw.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package certificate
-
-import (
-	"net/url"
-	"time"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.Certificate namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ImportPem imports a PEM certificate.
-func (c *Firewall) ImportPem(vsys string, timeout time.Duration, cert Pem) error {
-	var err error
-
-	c.ns.Client.LogImport("(import) pem %s: %s", singular, cert.Name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", cert.Name)
-	ex.Set("format", "pem")
-	if vsys != "" && vsys != "shared" {
-		ex.Set("vsys", vsys)
-	}
-
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
-
-	if err != nil || cert.PrivateKey == "" {
-		return err
-	}
-
-	ex.Set("passphrase", cert.Passphrase)
-
-	_, err = c.ns.Client.Import("private-key", cert.PrivateKey, cert.PrivateKeyFilename, "file", timeout, ex, nil)
-
-	return err
-}
-
-// ImportPkcs12 imports a PKCS12 certificate.
-func (c *Firewall) ImportPkcs12(vsys string, timeout time.Duration, cert Pkcs12) error {
-	var err error
-
-	c.ns.Client.LogImport("(import) pkcs12 %s: %s", singular, cert.Name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", cert.Name)
-	ex.Set("format", "pkcs12")
-	ex.Set("passphrase", cert.Passphrase)
-	if vsys != "" && vsys != "shared" {
-		ex.Set("vsys", vsys)
-	}
-
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
-
-	return err
-}
-
-// Export exports a certificate.
-//
-// The format param should be either "pem" or "pkcs12".
-//
-// The public key is always exported.
-//
-// Attempting to export a PKCS12 cert as a PEM cert will result in an error.
-//
-// Return values are the filename, file contents, and an error.
-func (c *Firewall) Export(format, vsys, name, passphrase string, includeKey bool, timeout time.Duration) (string, []byte, error) {
-	c.ns.Client.LogExport("(export) %s %s: %s", format, singular, name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", name)
-	ex.Set("format", format)
-	ex.Set("include-key", util.YesNo(includeKey))
-	if passphrase != "" {
-		ex.Set("passphrase", passphrase)
-	}
-	if vsys != "" && vsys != "shared" {
-		ex.Set("vsys", vsys)
-	}
-
-	return c.ns.Client.Export("certificate", timeout, ex, nil)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"certificate",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/certificate/fw_test.go b/dev/certificate/fw_test.go
deleted file mode 100644
index 5ca7e768..00000000
--- a/dev/certificate/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package certificate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/certificate/pano.go b/dev/certificate/pano.go
deleted file mode 100644
index ee33443f..00000000
--- a/dev/certificate/pano.go
+++ /dev/null
@@ -1,212 +0,0 @@
-package certificate
-
-import (
-	"net/url"
-	"time"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.Certificate namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(shared bool, tmpl, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(shared, tmpl, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(shared bool, tmpl, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(shared, tmpl, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(shared bool, tmpl, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(shared, tmpl, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(shared bool, tmpl, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(shared, tmpl, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(shared bool, tmpl, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(shared, tmpl, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(shared bool, tmpl, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(shared, tmpl, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(shared bool, tmpl, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(shared, tmpl, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(shared bool, tmpl, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(shared, tmpl, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(shared bool, tmpl, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(shared, tmpl, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(shared bool, tmpl, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(shared, tmpl, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(shared bool, tmpl, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(shared, tmpl, vsys), ans)
-	return all(ans, err)
-}
-
-// ImportPem imports a PEM certificate.
-func (c *Panorama) ImportPem(tmpl, vsys string, timeout time.Duration, cert Pem) error {
-	var err error
-
-	c.ns.Client.LogImport("(import) pem %s: %s", singular, cert.Name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", cert.Name)
-	ex.Set("format", "pem")
-
-	if tmpl != "" {
-		ex.Set("target-tpl", tmpl)
-		if vsys == "" {
-			vsys = "shared"
-		}
-		ex.Set("target-tpl-vsys", vsys)
-	}
-
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
-
-	if err != nil || cert.PrivateKey == "" {
-		return err
-	}
-
-	ex.Set("passphrase", cert.Passphrase)
-
-	_, err = c.ns.Client.Import("private-key", cert.PrivateKey, cert.PrivateKeyFilename, "file", timeout, ex, nil)
-
-	return err
-}
-
-// ImportPkcs12 imports a PKCS12 certificate.
-func (c *Panorama) ImportPkcs12(tmpl, vsys string, timeout time.Duration, cert Pkcs12) error {
-	var err error
-
-	c.ns.Client.LogImport("(import) pkcs12 %s: %s", singular, cert.Name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", cert.Name)
-	ex.Set("format", "pkcs12")
-	ex.Set("passphrase", cert.Passphrase)
-
-	if tmpl != "" {
-		ex.Set("target-tpl", tmpl)
-		if vsys == "" {
-			vsys = "shared"
-		}
-		ex.Set("target-tpl-vsys", vsys)
-	}
-
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
-
-	return err
-}
-
-// Export exports a certificate.
-//
-// The format param should be either "pem" or "pkcs12".
-//
-// The public key is always exported.
-//
-// Attempting to export a PKCS12 cert as a PEM cert will result in an error.
-//
-// Return values are the filename, file contents, and an error.
-func (c *Panorama) Export(format, tmpl, vsys, name, passphrase string, includeKey bool, timeout time.Duration) (string, []byte, error) {
-	c.ns.Client.LogExport("(export) %s %s: %s", format, singular, name)
-
-	ex := url.Values{}
-	ex.Set("certificate-name", name)
-	ex.Set("format", format)
-	ex.Set("include-key", util.YesNo(includeKey))
-	if passphrase != "" {
-		ex.Set("passphrase", passphrase)
-	}
-	if tmpl != "" {
-		ex.Set("target-tpl", tmpl)
-		if vsys != "" && vsys != "shared" {
-			// TODO: This doesn't seem to work, but it's what the docs say.
-			ex.Set("target-tpl-vsys", vsys)
-		}
-	}
-
-	return c.ns.Client.Export("certificate", timeout, ex, nil)
-}
-
-func (c *Panorama) pather(shared bool, tmpl, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(shared, tmpl, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(shared bool, tmpl, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" {
-		ans = make([]string, 0, 12)
-
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, "")...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 4)
-		if shared {
-			ans = append(ans,
-				"config",
-				"shared",
-			)
-		} else {
-			ans = append(ans,
-				"config",
-				"panorama",
-			)
-		}
-	}
-
-	ans = append(ans,
-		"certificate",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/certificate/pano_test.go b/dev/certificate/pano_test.go
deleted file mode 100644
index 4e541b7f..00000000
--- a/dev/certificate/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package certificate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(false, "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(false, "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/certificate/testdata_test.go b/dev/certificate/testdata_test.go
deleted file mode 100644
index 9b72c374..00000000
--- a/dev/certificate/testdata_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package certificate
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 bare", version.Number{7, 1, 0, ""}, Entry{
-			Name:       "foo",
-			CommonName: "common",
-			Status:     StatusValid,
-		}},
-		{"v1 basic with optional args", version.Number{7, 1, 0, ""}, Entry{
-			Name:           "foo",
-			CommonName:     "common",
-			Algorithm:      "rsa",
-			Ca:             false,
-			NotValidAfter:  "not valid after",
-			NotValidBefore: "not valid before",
-			ExpiryEpoch:    "expiryepoch",
-			Subject:        "subject",
-			SubjectHash:    "subject hash",
-			Issuer:         "issuer",
-			IssuerHash:     "issuer hash",
-			Status:         StatusRevoked,
-		}},
-		{"v1 with csr", version.Number{7, 1, 0, ""}, Entry{
-			Name:       "foo",
-			CommonName: "common",
-			Csr:        "csr",
-			Status:     StatusValid,
-		}},
-		{"v1 with public key", version.Number{7, 1, 0, ""}, Entry{
-			Name:       "foo",
-			CommonName: "common",
-			PublicKey:  "public",
-			Status:     StatusRevoked,
-		}},
-		{"v1 with private key", version.Number{7, 1, 0, ""}, Entry{
-			Name:       "foo",
-			CommonName: "common",
-			PrivateKey: "private key",
-			Status:     StatusValid,
-		}},
-		{"v1 with private key on hsm", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "foo",
-			CommonName:      "common",
-			PrivateKeyOnHsm: true,
-			Status:          StatusRevoked,
-		}},
-	}
-}
diff --git a/dev/doc.go b/dev/doc.go
deleted file mode 100644
index 428ed813..00000000
--- a/dev/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package dev is the client.Device namespace.
-package dev
diff --git a/dev/fw.go b/dev/fw.go
deleted file mode 100644
index bea569e1..00000000
--- a/dev/fw.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package dev
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	cert "github.com/PaloAltoNetworks/pango/dev/certificate"
-	"github.com/PaloAltoNetworks/pango/dev/general"
-	"github.com/PaloAltoNetworks/pango/dev/ha"
-	halink "github.com/PaloAltoNetworks/pango/dev/ha/monitor/link"
-	hapath "github.com/PaloAltoNetworks/pango/dev/ha/monitor/path"
-	"github.com/PaloAltoNetworks/pango/dev/localuserdb/group"
-	"github.com/PaloAltoNetworks/pango/dev/localuserdb/user"
-	"github.com/PaloAltoNetworks/pango/dev/profile/authentication"
-	"github.com/PaloAltoNetworks/pango/dev/profile/certificate"
-	"github.com/PaloAltoNetworks/pango/dev/profile/email"
-	"github.com/PaloAltoNetworks/pango/dev/profile/http"
-	"github.com/PaloAltoNetworks/pango/dev/profile/kerberos"
-	"github.com/PaloAltoNetworks/pango/dev/profile/ldap"
-	"github.com/PaloAltoNetworks/pango/dev/profile/radius"
-	"github.com/PaloAltoNetworks/pango/dev/profile/saml"
-	"github.com/PaloAltoNetworks/pango/dev/profile/snmp"
-	"github.com/PaloAltoNetworks/pango/dev/profile/ssltls"
-	"github.com/PaloAltoNetworks/pango/dev/profile/syslog"
-	"github.com/PaloAltoNetworks/pango/dev/profile/tacplus"
-	"github.com/PaloAltoNetworks/pango/dev/ssldecrypt"
-	"github.com/PaloAltoNetworks/pango/dev/telemetry"
-	"github.com/PaloAltoNetworks/pango/dev/vminfosource"
-)
-
-// Firewall is the client.Device namespace.
-type Firewall struct {
-	AuthenticationProfile *authentication.Firewall
-	Certificate           *cert.Firewall
-	CertificateProfile    *certificate.Firewall
-	EmailServerProfile    *email.Firewall
-	GeneralSettings       *general.Firewall
-	HaConfig              *ha.Firewall
-	HaLinkMonitorGroup    *halink.Firewall
-	HaPathMonitorGroup    *hapath.Firewall
-	HttpServerProfile     *http.Firewall
-	KerberosProfile       *kerberos.Firewall
-	LdapProfile           *ldap.Firewall
-	LocalUserDbGroup      *group.Firewall
-	LocalUserDbUser       *user.Firewall
-	RadiusProfile         *radius.Firewall
-	SamlProfile           *saml.Firewall
-	SslDecrypt            *ssldecrypt.Firewall
-	SslTlsServiceProfile  *ssltls.Firewall
-	SnmpServerProfile     *snmp.Firewall
-	SyslogServerProfile   *syslog.Firewall
-	TacacsPlusProfile     *tacplus.Firewall
-	Telemetry             *telemetry.Firewall
-	VmInfoSource          *vminfosource.Firewall
-}
-
-func FirewallNamespace(x util.XapiClient) *Firewall {
-	return &Firewall{
-		AuthenticationProfile: authentication.FirewallNamespace(x),
-		Certificate:           cert.FirewallNamespace(x),
-		CertificateProfile:    certificate.FirewallNamespace(x),
-		EmailServerProfile:    email.FirewallNamespace(x),
-		GeneralSettings:       general.FirewallNamespace(x),
-		HaConfig:              ha.FirewallNamespace(x),
-		HaLinkMonitorGroup:    halink.FirewallNamespace(x),
-		HaPathMonitorGroup:    hapath.FirewallNamespace(x),
-		HttpServerProfile:     http.FirewallNamespace(x),
-		KerberosProfile:       kerberos.FirewallNamespace(x),
-		LdapProfile:           ldap.FirewallNamespace(x),
-		LocalUserDbGroup:      group.FirewallNamespace(x),
-		LocalUserDbUser:       user.FirewallNamespace(x),
-		RadiusProfile:         radius.FirewallNamespace(x),
-		SamlProfile:           saml.FirewallNamespace(x),
-		SslTlsServiceProfile:  ssltls.FirewallNamespace(x),
-		SslDecrypt:            ssldecrypt.FirewallNamespace(x),
-		SnmpServerProfile:     snmp.FirewallNamespace(x),
-		SyslogServerProfile:   syslog.FirewallNamespace(x),
-		TacacsPlusProfile:     tacplus.FirewallNamespace(x),
-		Telemetry:             telemetry.FirewallNamespace(x),
-		VmInfoSource:          vminfosource.FirewallNamespace(x),
-	}
-}
diff --git a/dev/general/config.go b/dev/general/config.go
deleted file mode 100644
index 4141d886..00000000
--- a/dev/general/config.go
+++ /dev/null
@@ -1,1409 +0,0 @@
-package general
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of a device's
-// general settings.
-type Config struct {
-	Hostname              string
-	IpAddress             string
-	Netmask               string
-	Gateway               string
-	Timezone              string
-	Domain                string
-	UpdateServer          string
-	VerifyUpdateServer    bool
-	LoginBanner           string
-	PanoramaPrimary       string
-	PanoramaSecondary     string
-	ProxyServer           string
-	ProxyPort             int
-	ProxyUser             string
-	ProxyPassword         string
-	DnsPrimary            string
-	DnsSecondary          string
-	NtpPrimaryAddress     string
-	NtpPrimaryAuthType    string
-	NtpPrimaryKeyId       int
-	NtpPrimaryAlgorithm   string
-	NtpPrimaryAuthKey     string
-	NtpSecondaryAddress   string
-	NtpSecondaryAuthType  string
-	NtpSecondaryKeyId     int
-	NtpSecondaryAlgorithm string
-	NtpSecondaryAuthKey   string
-
-	raw map[string]string
-}
-
-// Defaults sets params with uninitialized values to their GUI default setting.
-//
-// The defaults are as follows:
-//      * UpdateServer: updates.paloaltonetworks.com
-func (o *Config) Defaults() {
-	if o.UpdateServer == "" {
-		o.UpdateServer = "updates.paloaltonetworks.com"
-	}
-}
-
-// Merge copies non connectivity variables from source Config `s` to this
-// object.  The fields that are not copied are as follows:
-//
-//      * IpAddress
-//      * Netmask
-//      * Gateway
-func (o *Config) Merge(s Config) {
-	if s.Hostname != "" {
-		o.Hostname = s.Hostname
-	}
-
-	if s.Timezone != "" {
-		o.Timezone = s.Timezone
-	}
-
-	if s.Domain != "" {
-		o.Domain = s.Domain
-	}
-
-	if s.UpdateServer != "" {
-		o.UpdateServer = s.UpdateServer
-	}
-
-	o.VerifyUpdateServer = s.VerifyUpdateServer
-
-	if s.LoginBanner != "" {
-		o.LoginBanner = s.LoginBanner
-	}
-
-	if s.PanoramaPrimary != "" {
-		o.PanoramaPrimary = s.PanoramaPrimary
-	}
-
-	if s.PanoramaSecondary != "" {
-		o.PanoramaSecondary = s.PanoramaSecondary
-	}
-
-	if s.DnsPrimary != "" {
-		o.DnsPrimary = s.DnsPrimary
-	}
-
-	if s.DnsSecondary != "" {
-		o.DnsSecondary = s.DnsSecondary
-	}
-
-	if s.NtpPrimaryAddress != "" {
-		o.NtpPrimaryAddress = s.NtpPrimaryAddress
-	}
-
-	if s.NtpPrimaryAuthType != "" {
-		o.NtpPrimaryAuthType = s.NtpPrimaryAuthType
-	}
-
-	if s.NtpPrimaryKeyId != 0 {
-		o.NtpPrimaryKeyId = s.NtpPrimaryKeyId
-	}
-
-	if s.NtpPrimaryAlgorithm != "" {
-		o.NtpPrimaryAlgorithm = s.NtpPrimaryAlgorithm
-	}
-
-	if s.NtpPrimaryAuthKey != "" {
-		o.NtpPrimaryAuthKey = s.NtpPrimaryAuthKey
-	}
-
-	if s.NtpSecondaryAddress != "" {
-		o.NtpSecondaryAddress = s.NtpSecondaryAddress
-	}
-
-	if s.NtpSecondaryAuthType != "" {
-		o.NtpSecondaryAuthType = s.NtpSecondaryAuthType
-	}
-
-	if s.NtpSecondaryKeyId != 0 {
-		o.NtpSecondaryKeyId = s.NtpSecondaryKeyId
-	}
-
-	if s.NtpSecondaryAlgorithm != "" {
-		o.NtpSecondaryAlgorithm = s.NtpSecondaryAlgorithm
-	}
-
-	if s.NtpSecondaryAuthKey != "" {
-		o.NtpSecondaryAuthKey = s.NtpSecondaryAuthKey
-	}
-
-	if s.ProxyServer != "" {
-		o.ProxyServer = s.ProxyServer
-	}
-
-	if s.ProxyPort != 0 {
-		o.ProxyPort = s.ProxyPort
-	}
-
-	if s.ProxyUser != "" {
-		o.ProxyUser = s.ProxyUser
-	}
-
-	if s.ProxyPassword != "" {
-		o.ProxyPassword = s.ProxyPassword
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-// 6.1+
-type container_v1 struct {
-	Answer []config_v1 `xml:"system"`
-}
-
-func (o *container_v1) Names() []string {
-	return nil
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *config_v1) normalize() Config {
-	ans := Config{
-		Hostname:           o.Hostname,
-		IpAddress:          o.IpAddress,
-		Netmask:            o.Netmask,
-		Gateway:            o.Gateway,
-		Timezone:           o.Timezone,
-		Domain:             o.Domain,
-		UpdateServer:       o.UpdateServer,
-		VerifyUpdateServer: util.AsBool(o.VerifyUpdateServer),
-		LoginBanner:        o.LoginBanner,
-		PanoramaPrimary:    o.PanoramaPrimary,
-		PanoramaSecondary:  o.PanoramaSecondary,
-		ProxyServer:        o.ProxyServer,
-		ProxyPort:          o.ProxyPort,
-		ProxyUser:          o.ProxyUser,
-		ProxyPassword:      o.ProxyPassword,
-	}
-
-	if o.Dns != nil {
-		ans.DnsPrimary = o.Dns.Primary
-		ans.DnsSecondary = o.Dns.Secondary
-	}
-
-	if o.Ntp != nil {
-		if o.Ntp.Primary != nil {
-			ans.NtpPrimaryAddress = o.Ntp.Primary.IpAddress
-
-			switch {
-			case o.Ntp.Primary.Auth.None != nil:
-				ans.NtpPrimaryAuthType = NoAuth
-			case o.Ntp.Primary.Auth.Autokey != nil:
-				ans.NtpPrimaryAuthType = AutokeyAuth
-			case o.Ntp.Primary.Auth.SymmetricKey != nil:
-				ans.NtpPrimaryAuthType = SymmetricKeyAuth
-				ans.NtpPrimaryKeyId = o.Ntp.Primary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpPrimaryAlgorithm = Sha1
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpPrimaryAlgorithm = Md5
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-
-		if o.Ntp.Secondary != nil {
-			ans.NtpSecondaryAddress = o.Ntp.Secondary.IpAddress
-
-			switch {
-			case o.Ntp.Secondary.Auth.None != nil:
-				ans.NtpSecondaryAuthType = NoAuth
-			case o.Ntp.Secondary.Auth.Autokey != nil:
-				ans.NtpSecondaryAuthType = AutokeyAuth
-			case o.Ntp.Secondary.Auth.SymmetricKey != nil:
-				ans.NtpSecondaryAuthType = SymmetricKeyAuth
-				ans.NtpSecondaryKeyId = o.Ntp.Secondary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpSecondaryAlgorithm = Sha1
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpSecondaryAlgorithm = Md5
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-	}
-
-	ans.raw = make(map[string]string)
-	if o.AckLoginBanner != nil {
-		ans.raw["alb"] = util.CleanRawXml(o.AckLoginBanner.Text)
-	}
-	if o.AuthenticationProfile != nil {
-		ans.raw["ap"] = util.CleanRawXml(o.AuthenticationProfile.Text)
-	}
-	if o.CertificateProfile != nil {
-		ans.raw["cp"] = util.CleanRawXml(o.CertificateProfile.Text)
-	}
-	if o.DomainLookupUrl != nil {
-		ans.raw["dlu"] = util.CleanRawXml(o.DomainLookupUrl.Text)
-	}
-	if o.FqdnForceRefreshTime != nil {
-		ans.raw["ffrt"] = util.CleanRawXml(o.FqdnForceRefreshTime.Text)
-	}
-	if o.FqdnRefreshTime != nil {
-		ans.raw["frt"] = util.CleanRawXml(o.FqdnRefreshTime.Text)
-	}
-	if o.GeoLocation != nil {
-		ans.raw["gl"] = util.CleanRawXml(o.GeoLocation.Text)
-	}
-	if o.HsmSettings != nil {
-		ans.raw["hs"] = util.CleanRawXml(o.HsmSettings.Text)
-	}
-	if o.IpAddressLookupUrl != nil {
-		ans.raw["ialu"] = util.CleanRawXml(o.IpAddressLookupUrl.Text)
-	}
-	if o.Ipv6Address != nil {
-		ans.raw["i6a"] = util.CleanRawXml(o.Ipv6Address.Text)
-	}
-	if o.Ipv6DefaultGateway != nil {
-		ans.raw["i6dg"] = util.CleanRawXml(o.Ipv6DefaultGateway.Text)
-	}
-	if o.Locale != nil {
-		ans.raw["locale"] = util.CleanRawXml(o.Locale.Text)
-	}
-	if o.LogExportSchedule != nil {
-		ans.raw["les"] = util.CleanRawXml(o.LogExportSchedule.Text)
-	}
-	if o.LogLink != nil {
-		ans.raw["ll"] = util.CleanRawXml(o.LogLink.Text)
-	}
-	if o.MotdAndBanner != nil {
-		ans.raw["mab"] = util.CleanRawXml(o.MotdAndBanner.Text)
-	}
-	if o.Mtu != nil {
-		ans.raw["mtu"] = util.CleanRawXml(o.Mtu.Text)
-	}
-	if o.PermittedIp != nil {
-		ans.raw["pi"] = util.CleanRawXml(o.PermittedIp.Text)
-	}
-	if o.Route != nil {
-		ans.raw["route"] = util.CleanRawXml(o.Route.Text)
-	}
-	if o.Service != nil {
-		ans.raw["service"] = util.CleanRawXml(o.Service.Text)
-	}
-	if o.SnmpSetting != nil {
-		ans.raw["ss"] = util.CleanRawXml(o.SnmpSetting.Text)
-	}
-	if o.SpeedDuplex != nil {
-		ans.raw["sd"] = util.CleanRawXml(o.SpeedDuplex.Text)
-	}
-	if o.Ssh != nil {
-		ans.raw["ssh"] = util.CleanRawXml(o.Ssh.Text)
-	}
-	if o.SslTlsServiceProfile != nil {
-		ans.raw["stsp"] = util.CleanRawXml(o.SslTlsServiceProfile.Text)
-	}
-	if o.SyslogCertificate != nil {
-		ans.raw["sc"] = util.CleanRawXml(o.SyslogCertificate.Text)
-	}
-	if o.Type != nil {
-		ans.raw["type"] = util.CleanRawXml(o.Type.Text)
-	}
-	if o.UpdateSchedule != nil {
-		ans.raw["us"] = util.CleanRawXml(o.UpdateSchedule.Text)
-	}
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type config_v1 struct {
-	XMLName               xml.Name     `xml:"system"`
-	Hostname              string       `xml:"hostname"`
-	IpAddress             string       `xml:"ip-address,omitempty"`
-	Netmask               string       `xml:"netmask,omitempty"`
-	Gateway               string       `xml:"default-gateway,omitempty"`
-	Timezone              string       `xml:"timezone,omitempty"`
-	Domain                string       `xml:"domain,omitempty"`
-	UpdateServer          string       `xml:"update-server,omitempty"`
-	VerifyUpdateServer    string       `xml:"server-verification"`
-	LoginBanner           string       `xml:"login-banner,omitempty"`
-	PanoramaPrimary       string       `xml:"panorama-server,omitempty"`
-	PanoramaSecondary     string       `xml:"panorama-server-2,omitempty"`
-	ProxyServer           string       `xml:"secure-proxy-server,omitempty"`
-	ProxyPort             int          `xml:"secure-proxy-port,omitempty"`
-	ProxyUser             string       `xml:"secure-proxy-user,omitempty"`
-	ProxyPassword         string       `xml:"secure-proxy-password,omitempty"`
-	Dns                   *deviceDns   `xml:"dns-setting"`
-	Ntp                   *deviceNtp   `xml:"ntp-servers"`
-	AckLoginBanner        *util.RawXml `xml:"ack-login-banner"`
-	AuthenticationProfile *util.RawXml `xml:"authentication-profile"`
-	CertificateProfile    *util.RawXml `xml:"certificate-profile"`
-	DomainLookupUrl       *util.RawXml `xml:"domain-lookup-url"`
-	FqdnForceRefreshTime  *util.RawXml `xml:"fqdn-forcerefresh-time"`
-	FqdnRefreshTime       *util.RawXml `xml:"fqdn-refresh-time"`
-	GeoLocation           *util.RawXml `xml:"geo-location"`
-	HsmSettings           *util.RawXml `xml:"hsm-settings"`
-	IpAddressLookupUrl    *util.RawXml `xml:"ip-address-lookup-url"`
-	Ipv6Address           *util.RawXml `xml:"ipv6-address"`
-	Ipv6DefaultGateway    *util.RawXml `xml:"ipv6-default-gateway"`
-	Locale                *util.RawXml `xml:"locale"`
-	LogExportSchedule     *util.RawXml `xml:"log-export-schedule"`
-	LogLink               *util.RawXml `xml:"log-link"`
-	MotdAndBanner         *util.RawXml `xml:"motd-and-banner"`
-	Mtu                   *util.RawXml `xml:"mtu"`
-	PermittedIp           *util.RawXml `xml:"permitted-ip"`
-	Route                 *util.RawXml `xml:"route"`
-	Service               *util.RawXml `xml:"service"`
-	SnmpSetting           *util.RawXml `xml:"snmp-setting"`
-	SpeedDuplex           *util.RawXml `xml:"speed-duplex"`
-	Ssh                   *util.RawXml `xml:"ssh"`
-	SslTlsServiceProfile  *util.RawXml `xml:"ssl-tls-service-profile"`
-	SyslogCertificate     *util.RawXml `xml:"syslog-certificate"`
-	Type                  *util.RawXml `xml:"type"`
-	UpdateSchedule        *util.RawXml `xml:"update-schedule"`
-}
-
-type deviceDns struct {
-	Primary   string `xml:"servers>primary,omitempty"`
-	Secondary string `xml:"servers>secondary,omitempty"`
-}
-
-type deviceNtp struct {
-	Primary   *ntpConfig `xml:"primary-ntp-server"`
-	Secondary *ntpConfig `xml:"secondary-ntp-server"`
-}
-
-type ntpConfig struct {
-	IpAddress string  `xml:"ntp-server-address"`
-	Auth      ntpAuth `xml:"authentication-type"`
-}
-
-type ntpAuth struct {
-	None         *string `xml:"none"`
-	Autokey      *string `xml:"autokey"`
-	SymmetricKey *symKey `xml:"symmetric-key"`
-}
-
-type symKey struct {
-	KeyId     int             `xml:"key-id"`
-	Algorithm symKeyAlgorithm `xml:"algorithm"`
-}
-
-type symKeyAlgorithm struct {
-	Sha1 *algorithmAuthKey `xml:"sha1"`
-	Md5  *algorithmAuthKey `xml:"md5"`
-}
-
-type algorithmAuthKey struct {
-	AuthenticationKey string `xml:"authentication-key"`
-}
-
-func specify_v1(c Config) interface{} {
-	ans := config_v1{
-		Hostname:           c.Hostname,
-		IpAddress:          c.IpAddress,
-		Netmask:            c.Netmask,
-		Gateway:            c.Gateway,
-		Timezone:           c.Timezone,
-		Domain:             c.Domain,
-		UpdateServer:       c.UpdateServer,
-		VerifyUpdateServer: util.YesNo(c.VerifyUpdateServer),
-		LoginBanner:        c.LoginBanner,
-		PanoramaPrimary:    c.PanoramaPrimary,
-		PanoramaSecondary:  c.PanoramaSecondary,
-		ProxyServer:        c.ProxyServer,
-		ProxyPort:          c.ProxyPort,
-		ProxyUser:          c.ProxyUser,
-		ProxyPassword:      c.ProxyPassword,
-	}
-
-	// DNS
-	if c.DnsPrimary != "" || c.DnsSecondary != "" {
-		ans.Dns = &deviceDns{
-			c.DnsPrimary,
-			c.DnsSecondary,
-		}
-	}
-
-	// NTP
-	ntp_config := &deviceNtp{}
-	if c.NtpPrimaryAddress != "" || c.NtpPrimaryAuthType != "" {
-		ntp_config.Primary = &ntpConfig{
-			IpAddress: c.NtpPrimaryAddress,
-		}
-		var es string
-		switch c.NtpPrimaryAuthType {
-		case NoAuth:
-			ntp_config.Primary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Primary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Primary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpPrimaryKeyId,
-			}
-			switch c.NtpPrimaryAlgorithm {
-			case Sha1:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			case Md5:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			}
-		}
-	}
-	if c.NtpSecondaryAddress != "" || c.NtpSecondaryAuthType != "" {
-		ntp_config.Secondary = &ntpConfig{
-			IpAddress: c.NtpSecondaryAddress,
-		}
-		var es string
-		switch c.NtpSecondaryAuthType {
-		case NoAuth:
-			ntp_config.Secondary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Secondary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Secondary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpSecondaryKeyId,
-			}
-			switch c.NtpSecondaryAlgorithm {
-			case Sha1:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			case Md5:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			}
-		}
-	}
-	if ntp_config.Primary != nil || ntp_config.Secondary != nil {
-		ans.Ntp = ntp_config
-	}
-
-	if text, present := c.raw["alb"]; present {
-		ans.AckLoginBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["ap"]; present {
-		ans.AuthenticationProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["cp"]; present {
-		ans.CertificateProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["dlu"]; present {
-		ans.DomainLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["ffrt"]; present {
-		ans.FqdnForceRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["frt"]; present {
-		ans.FqdnRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["gl"]; present {
-		ans.GeoLocation = &util.RawXml{text}
-	}
-	if text, present := c.raw["hs"]; present {
-		ans.HsmSettings = &util.RawXml{text}
-	}
-	if text, present := c.raw["ialu"]; present {
-		ans.IpAddressLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6a"]; present {
-		ans.Ipv6Address = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6dg"]; present {
-		ans.Ipv6DefaultGateway = &util.RawXml{text}
-	}
-	if text, present := c.raw["locale"]; present {
-		ans.Locale = &util.RawXml{text}
-	}
-	if text, present := c.raw["les"]; present {
-		ans.LogExportSchedule = &util.RawXml{text}
-	}
-	if text, present := c.raw["ll"]; present {
-		ans.LogLink = &util.RawXml{text}
-	}
-	if text, present := c.raw["mab"]; present {
-		ans.MotdAndBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["mtu"]; present {
-		ans.Mtu = &util.RawXml{text}
-	}
-	if text, present := c.raw["pi"]; present {
-		ans.PermittedIp = &util.RawXml{text}
-	}
-	if text, present := c.raw["route"]; present {
-		ans.Route = &util.RawXml{text}
-	}
-	if text, present := c.raw["service"]; present {
-		ans.Service = &util.RawXml{text}
-	}
-	if text, present := c.raw["ss"]; present {
-		ans.SnmpSetting = &util.RawXml{text}
-	}
-	if text, present := c.raw["sd"]; present {
-		ans.SpeedDuplex = &util.RawXml{text}
-	}
-	if text, present := c.raw["ssh"]; present {
-		ans.Ssh = &util.RawXml{text}
-	}
-	if text, present := c.raw["stsp"]; present {
-		ans.SslTlsServiceProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["sc"]; present {
-		ans.SyslogCertificate = &util.RawXml{text}
-	}
-	if text, present := c.raw["type"]; present {
-		ans.Type = &util.RawXml{text}
-	}
-	if text, present := c.raw["us"]; present {
-		ans.UpdateSchedule = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-// 9.0
-type container_v2 struct {
-	Answer []config_v2 `xml:"system"`
-}
-
-func (o *container_v2) Names() []string {
-	return nil
-}
-
-func (o *container_v2) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *config_v2) normalize() Config {
-	ans := Config{
-		Hostname:           o.Hostname,
-		IpAddress:          o.IpAddress,
-		Netmask:            o.Netmask,
-		Gateway:            o.Gateway,
-		Timezone:           o.Timezone,
-		Domain:             o.Domain,
-		UpdateServer:       o.UpdateServer,
-		VerifyUpdateServer: util.AsBool(o.VerifyUpdateServer),
-		LoginBanner:        o.LoginBanner,
-		ProxyServer:        o.ProxyServer,
-		ProxyPort:          o.ProxyPort,
-		ProxyUser:          o.ProxyUser,
-		ProxyPassword:      o.ProxyPassword,
-	}
-
-	if o.Panorama != nil {
-		if o.Panorama.Local != nil {
-			ans.PanoramaPrimary = o.Panorama.Local.PanoramaPrimary
-			ans.PanoramaSecondary = o.Panorama.Local.PanoramaSecondary
-		}
-	}
-
-	if o.Dns != nil {
-		ans.DnsPrimary = o.Dns.Primary
-		ans.DnsSecondary = o.Dns.Secondary
-	}
-
-	if o.Ntp != nil {
-		if o.Ntp.Primary != nil {
-			ans.NtpPrimaryAddress = o.Ntp.Primary.IpAddress
-
-			switch {
-			case o.Ntp.Primary.Auth.None != nil:
-				ans.NtpPrimaryAuthType = NoAuth
-			case o.Ntp.Primary.Auth.Autokey != nil:
-				ans.NtpPrimaryAuthType = AutokeyAuth
-			case o.Ntp.Primary.Auth.SymmetricKey != nil:
-				ans.NtpPrimaryAuthType = SymmetricKeyAuth
-				ans.NtpPrimaryKeyId = o.Ntp.Primary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpPrimaryAlgorithm = Sha1
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpPrimaryAlgorithm = Md5
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-
-		if o.Ntp.Secondary != nil {
-			ans.NtpSecondaryAddress = o.Ntp.Secondary.IpAddress
-
-			switch {
-			case o.Ntp.Secondary.Auth.None != nil:
-				ans.NtpSecondaryAuthType = NoAuth
-			case o.Ntp.Secondary.Auth.Autokey != nil:
-				ans.NtpSecondaryAuthType = AutokeyAuth
-			case o.Ntp.Secondary.Auth.SymmetricKey != nil:
-				ans.NtpSecondaryAuthType = SymmetricKeyAuth
-				ans.NtpSecondaryKeyId = o.Ntp.Secondary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpSecondaryAlgorithm = Sha1
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpSecondaryAlgorithm = Md5
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-	}
-
-	ans.raw = make(map[string]string)
-	if o.AckLoginBanner != nil {
-		ans.raw["alb"] = util.CleanRawXml(o.AckLoginBanner.Text)
-	}
-	if o.AuthenticationProfile != nil {
-		ans.raw["ap"] = util.CleanRawXml(o.AuthenticationProfile.Text)
-	}
-	if o.AutoRenewMkeyLifetime != nil {
-		ans.raw["autorenew"] = util.CleanRawXml(o.AutoRenewMkeyLifetime.Text)
-	}
-	if o.CertificateProfile != nil {
-		ans.raw["cp"] = util.CleanRawXml(o.CertificateProfile.Text)
-	}
-	if o.DomainLookupUrl != nil {
-		ans.raw["dlu"] = util.CleanRawXml(o.DomainLookupUrl.Text)
-	}
-	if o.FqdnForceRefreshTime != nil {
-		ans.raw["ffrt"] = util.CleanRawXml(o.FqdnForceRefreshTime.Text)
-	}
-	if o.FqdnRefreshTime != nil {
-		ans.raw["frt"] = util.CleanRawXml(o.FqdnRefreshTime.Text)
-	}
-	if o.FqdnStaleEntryTimeout != nil {
-		ans.raw["fqdnstale"] = util.CleanRawXml(o.FqdnStaleEntryTimeout.Text)
-	}
-	if o.GeoLocation != nil {
-		ans.raw["gl"] = util.CleanRawXml(o.GeoLocation.Text)
-	}
-	if o.HsmSettings != nil {
-		ans.raw["hs"] = util.CleanRawXml(o.HsmSettings.Text)
-	}
-	if o.IpAddressLookupUrl != nil {
-		ans.raw["ialu"] = util.CleanRawXml(o.IpAddressLookupUrl.Text)
-	}
-	if o.Ipv6Address != nil {
-		ans.raw["i6a"] = util.CleanRawXml(o.Ipv6Address.Text)
-	}
-	if o.Ipv6DefaultGateway != nil {
-		ans.raw["i6dg"] = util.CleanRawXml(o.Ipv6DefaultGateway.Text)
-	}
-	if o.Locale != nil {
-		ans.raw["locale"] = util.CleanRawXml(o.Locale.Text)
-	}
-	if o.LogExportSchedule != nil {
-		ans.raw["les"] = util.CleanRawXml(o.LogExportSchedule.Text)
-	}
-	if o.LogLink != nil {
-		ans.raw["ll"] = util.CleanRawXml(o.LogLink.Text)
-	}
-	if o.MotdAndBanner != nil {
-		ans.raw["mab"] = util.CleanRawXml(o.MotdAndBanner.Text)
-	}
-	if o.Mtu != nil {
-		ans.raw["mtu"] = util.CleanRawXml(o.Mtu.Text)
-	}
-	if o.PermittedIp != nil {
-		ans.raw["pi"] = util.CleanRawXml(o.PermittedIp.Text)
-	}
-	if o.Route != nil {
-		ans.raw["route"] = util.CleanRawXml(o.Route.Text)
-	}
-	if o.Service != nil {
-		ans.raw["service"] = util.CleanRawXml(o.Service.Text)
-	}
-	if o.SnmpSetting != nil {
-		ans.raw["ss"] = util.CleanRawXml(o.SnmpSetting.Text)
-	}
-	if o.SpeedDuplex != nil {
-		ans.raw["sd"] = util.CleanRawXml(o.SpeedDuplex.Text)
-	}
-	if o.Ssh != nil {
-		ans.raw["ssh"] = util.CleanRawXml(o.Ssh.Text)
-	}
-	if o.SslTlsServiceProfile != nil {
-		ans.raw["stsp"] = util.CleanRawXml(o.SslTlsServiceProfile.Text)
-	}
-	if o.SyslogCertificate != nil {
-		ans.raw["sc"] = util.CleanRawXml(o.SyslogCertificate.Text)
-	}
-	if o.Type != nil {
-		ans.raw["type"] = util.CleanRawXml(o.Type.Text)
-	}
-	if o.UpdateSchedule != nil {
-		ans.raw["us"] = util.CleanRawXml(o.UpdateSchedule.Text)
-	}
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type config_v2 struct {
-	XMLName               xml.Name     `xml:"system"`
-	Hostname              string       `xml:"hostname"`
-	IpAddress             string       `xml:"ip-address,omitempty"`
-	Netmask               string       `xml:"netmask,omitempty"`
-	Gateway               string       `xml:"default-gateway,omitempty"`
-	Timezone              string       `xml:"timezone,omitempty"`
-	Domain                string       `xml:"domain,omitempty"`
-	UpdateServer          string       `xml:"update-server,omitempty"`
-	VerifyUpdateServer    string       `xml:"server-verification"`
-	LoginBanner           string       `xml:"login-banner,omitempty"`
-	Panorama              *panorama    `xml:"panorama"`
-	ProxyServer           string       `xml:"secure-proxy-server,omitempty"`
-	ProxyPort             int          `xml:"secure-proxy-port,omitempty"`
-	ProxyUser             string       `xml:"secure-proxy-user,omitempty"`
-	ProxyPassword         string       `xml:"secure-proxy-password,omitempty"`
-	Dns                   *deviceDns   `xml:"dns-setting"`
-	Ntp                   *deviceNtp   `xml:"ntp-servers"`
-	AckLoginBanner        *util.RawXml `xml:"ack-login-banner"`
-	AuthenticationProfile *util.RawXml `xml:"authentication-profile"`
-	AutoRenewMkeyLifetime *util.RawXml `xml:"auto-renew-mkey-lifetime"`
-	CertificateProfile    *util.RawXml `xml:"certificate-profile"`
-	DomainLookupUrl       *util.RawXml `xml:"domain-lookup-url"`
-	FqdnForceRefreshTime  *util.RawXml `xml:"fqdn-forcerefresh-time"`
-	FqdnRefreshTime       *util.RawXml `xml:"fqdn-refresh-time"`
-	FqdnStaleEntryTimeout *util.RawXml `xml:"fqdn-stale-entry-timeout"`
-	GeoLocation           *util.RawXml `xml:"geo-location"`
-	HsmSettings           *util.RawXml `xml:"hsm-settings"`
-	IpAddressLookupUrl    *util.RawXml `xml:"ip-address-lookup-url"`
-	Ipv6Address           *util.RawXml `xml:"ipv6-address"`
-	Ipv6DefaultGateway    *util.RawXml `xml:"ipv6-default-gateway"`
-	Locale                *util.RawXml `xml:"locale"`
-	LogExportSchedule     *util.RawXml `xml:"log-export-schedule"`
-	LogLink               *util.RawXml `xml:"log-link"`
-	MotdAndBanner         *util.RawXml `xml:"motd-and-banner"`
-	Mtu                   *util.RawXml `xml:"mtu"`
-	PermittedIp           *util.RawXml `xml:"permitted-ip"`
-	Route                 *util.RawXml `xml:"route"`
-	Service               *util.RawXml `xml:"service"`
-	SnmpSetting           *util.RawXml `xml:"snmp-setting"`
-	SpeedDuplex           *util.RawXml `xml:"speed-duplex"`
-	Ssh                   *util.RawXml `xml:"ssh"`
-	SslTlsServiceProfile  *util.RawXml `xml:"ssl-tls-service-profile"`
-	SyslogCertificate     *util.RawXml `xml:"syslog-certificate"`
-	Type                  *util.RawXml `xml:"type"`
-	UpdateSchedule        *util.RawXml `xml:"update-schedule"`
-}
-
-type panorama struct {
-	Local *panoramaLocal `xml:"local-panorama"`
-}
-
-type panoramaLocal struct {
-	PanoramaPrimary   string `xml:"panorama-server,omitempty"`
-	PanoramaSecondary string `xml:"panorama-server-2,omitempty"`
-}
-
-func specify_v2(c Config) interface{} {
-	ans := config_v2{
-		Hostname:           c.Hostname,
-		IpAddress:          c.IpAddress,
-		Netmask:            c.Netmask,
-		Gateway:            c.Gateway,
-		Timezone:           c.Timezone,
-		Domain:             c.Domain,
-		UpdateServer:       c.UpdateServer,
-		VerifyUpdateServer: util.YesNo(c.VerifyUpdateServer),
-		LoginBanner:        c.LoginBanner,
-		ProxyServer:        c.ProxyServer,
-		ProxyPort:          c.ProxyPort,
-		ProxyUser:          c.ProxyUser,
-		ProxyPassword:      c.ProxyPassword,
-	}
-
-	// Panorama
-	if c.PanoramaPrimary != "" || c.PanoramaSecondary != "" {
-		ans.Panorama = &panorama{
-			Local: &panoramaLocal{
-				PanoramaPrimary:   c.PanoramaPrimary,
-				PanoramaSecondary: c.PanoramaSecondary,
-			},
-		}
-	}
-
-	// DNS
-	if c.DnsPrimary != "" || c.DnsSecondary != "" {
-		ans.Dns = &deviceDns{
-			c.DnsPrimary,
-			c.DnsSecondary,
-		}
-	}
-
-	// NTP
-	ntp_config := &deviceNtp{}
-	if c.NtpPrimaryAddress != "" || c.NtpPrimaryAuthType != "" {
-		ntp_config.Primary = &ntpConfig{
-			IpAddress: c.NtpPrimaryAddress,
-		}
-		var es string
-		switch c.NtpPrimaryAuthType {
-		case NoAuth:
-			ntp_config.Primary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Primary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Primary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpPrimaryKeyId,
-			}
-			switch c.NtpPrimaryAlgorithm {
-			case Sha1:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			case Md5:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			}
-		}
-	}
-	if c.NtpSecondaryAddress != "" || c.NtpSecondaryAuthType != "" {
-		ntp_config.Secondary = &ntpConfig{
-			IpAddress: c.NtpSecondaryAddress,
-		}
-		var es string
-		switch c.NtpSecondaryAuthType {
-		case NoAuth:
-			ntp_config.Secondary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Secondary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Secondary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpSecondaryKeyId,
-			}
-			switch c.NtpSecondaryAlgorithm {
-			case Sha1:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			case Md5:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			}
-		}
-	}
-	if ntp_config.Primary != nil || ntp_config.Secondary != nil {
-		ans.Ntp = ntp_config
-	}
-
-	if text, present := c.raw["alb"]; present {
-		ans.AckLoginBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["ap"]; present {
-		ans.AuthenticationProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["autorenew"]; present {
-		ans.AutoRenewMkeyLifetime = &util.RawXml{text}
-	}
-	if text, present := c.raw["cp"]; present {
-		ans.CertificateProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["dlu"]; present {
-		ans.DomainLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["ffrt"]; present {
-		ans.FqdnForceRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["frt"]; present {
-		ans.FqdnRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["fqdnstale"]; present {
-		ans.FqdnStaleEntryTimeout = &util.RawXml{text}
-	}
-	if text, present := c.raw["gl"]; present {
-		ans.GeoLocation = &util.RawXml{text}
-	}
-	if text, present := c.raw["hs"]; present {
-		ans.HsmSettings = &util.RawXml{text}
-	}
-	if text, present := c.raw["ialu"]; present {
-		ans.IpAddressLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6a"]; present {
-		ans.Ipv6Address = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6dg"]; present {
-		ans.Ipv6DefaultGateway = &util.RawXml{text}
-	}
-	if text, present := c.raw["locale"]; present {
-		ans.Locale = &util.RawXml{text}
-	}
-	if text, present := c.raw["les"]; present {
-		ans.LogExportSchedule = &util.RawXml{text}
-	}
-	if text, present := c.raw["ll"]; present {
-		ans.LogLink = &util.RawXml{text}
-	}
-	if text, present := c.raw["mab"]; present {
-		ans.MotdAndBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["mtu"]; present {
-		ans.Mtu = &util.RawXml{text}
-	}
-	if text, present := c.raw["pi"]; present {
-		ans.PermittedIp = &util.RawXml{text}
-	}
-	if text, present := c.raw["route"]; present {
-		ans.Route = &util.RawXml{text}
-	}
-	if text, present := c.raw["service"]; present {
-		ans.Service = &util.RawXml{text}
-	}
-	if text, present := c.raw["ss"]; present {
-		ans.SnmpSetting = &util.RawXml{text}
-	}
-	if text, present := c.raw["sd"]; present {
-		ans.SpeedDuplex = &util.RawXml{text}
-	}
-	if text, present := c.raw["ssh"]; present {
-		ans.Ssh = &util.RawXml{text}
-	}
-	if text, present := c.raw["stsp"]; present {
-		ans.SslTlsServiceProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["sc"]; present {
-		ans.SyslogCertificate = &util.RawXml{text}
-	}
-	if text, present := c.raw["type"]; present {
-		ans.Type = &util.RawXml{text}
-	}
-	if text, present := c.raw["us"]; present {
-		ans.UpdateSchedule = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-// 10.0
-type container_v3 struct {
-	Answer []config_v3 `xml:"system"`
-}
-
-func (o *container_v3) Names() []string {
-	return nil
-}
-
-func (o *container_v3) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *config_v3) normalize() Config {
-	ans := Config{
-		Hostname:           o.Hostname,
-		IpAddress:          o.IpAddress,
-		Netmask:            o.Netmask,
-		Gateway:            o.Gateway,
-		Timezone:           o.Timezone,
-		Domain:             o.Domain,
-		UpdateServer:       o.UpdateServer,
-		VerifyUpdateServer: util.AsBool(o.VerifyUpdateServer),
-		LoginBanner:        o.LoginBanner,
-		ProxyServer:        o.ProxyServer,
-		ProxyPort:          o.ProxyPort,
-		ProxyUser:          o.ProxyUser,
-		ProxyPassword:      o.ProxyPassword,
-	}
-
-	if o.Panorama != nil {
-		if o.Panorama.Local != nil {
-			ans.PanoramaPrimary = o.Panorama.Local.PanoramaPrimary
-			ans.PanoramaSecondary = o.Panorama.Local.PanoramaSecondary
-		}
-	}
-
-	if o.Dns != nil {
-		ans.DnsPrimary = o.Dns.Primary
-		ans.DnsSecondary = o.Dns.Secondary
-	}
-
-	if o.Ntp != nil {
-		if o.Ntp.Primary != nil {
-			ans.NtpPrimaryAddress = o.Ntp.Primary.IpAddress
-
-			switch {
-			case o.Ntp.Primary.Auth.None != nil:
-				ans.NtpPrimaryAuthType = NoAuth
-			case o.Ntp.Primary.Auth.Autokey != nil:
-				ans.NtpPrimaryAuthType = AutokeyAuth
-			case o.Ntp.Primary.Auth.SymmetricKey != nil:
-				ans.NtpPrimaryAuthType = SymmetricKeyAuth
-				ans.NtpPrimaryKeyId = o.Ntp.Primary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpPrimaryAlgorithm = Sha1
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpPrimaryAlgorithm = Md5
-					ans.NtpPrimaryAuthKey = o.Ntp.Primary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-
-		if o.Ntp.Secondary != nil {
-			ans.NtpSecondaryAddress = o.Ntp.Secondary.IpAddress
-
-			switch {
-			case o.Ntp.Secondary.Auth.None != nil:
-				ans.NtpSecondaryAuthType = NoAuth
-			case o.Ntp.Secondary.Auth.Autokey != nil:
-				ans.NtpSecondaryAuthType = AutokeyAuth
-			case o.Ntp.Secondary.Auth.SymmetricKey != nil:
-				ans.NtpSecondaryAuthType = SymmetricKeyAuth
-				ans.NtpSecondaryKeyId = o.Ntp.Secondary.Auth.SymmetricKey.KeyId
-				switch {
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1 != nil:
-					ans.NtpSecondaryAlgorithm = Sha1
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Sha1.AuthenticationKey
-				case o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5 != nil:
-					ans.NtpSecondaryAlgorithm = Md5
-					ans.NtpSecondaryAuthKey = o.Ntp.Secondary.Auth.SymmetricKey.Algorithm.Md5.AuthenticationKey
-				}
-			}
-		}
-	}
-
-	ans.raw = make(map[string]string)
-	if o.AckLoginBanner != nil {
-		ans.raw["alb"] = util.CleanRawXml(o.AckLoginBanner.Text)
-	}
-	if o.AuthenticationProfile != nil {
-		ans.raw["ap"] = util.CleanRawXml(o.AuthenticationProfile.Text)
-	}
-	if o.AutoRenewMkeyLifetime != nil {
-		ans.raw["autorenew"] = util.CleanRawXml(o.AutoRenewMkeyLifetime.Text)
-	}
-	if o.CertificateProfile != nil {
-		ans.raw["cp"] = util.CleanRawXml(o.CertificateProfile.Text)
-	}
-	if o.DeviceTelemetry != nil {
-		ans.raw["devtelem"] = util.CleanRawXml(o.DeviceTelemetry.Text)
-	}
-	if o.DomainLookupUrl != nil {
-		ans.raw["dlu"] = util.CleanRawXml(o.DomainLookupUrl.Text)
-	}
-	if o.FqdnForceRefreshTime != nil {
-		ans.raw["ffrt"] = util.CleanRawXml(o.FqdnForceRefreshTime.Text)
-	}
-	if o.FqdnRefreshTime != nil {
-		ans.raw["frt"] = util.CleanRawXml(o.FqdnRefreshTime.Text)
-	}
-	if o.FqdnStaleEntryTimeout != nil {
-		ans.raw["fqdnstale"] = util.CleanRawXml(o.FqdnStaleEntryTimeout.Text)
-	}
-	if o.GeoLocation != nil {
-		ans.raw["gl"] = util.CleanRawXml(o.GeoLocation.Text)
-	}
-	if o.HsmSettings != nil {
-		ans.raw["hs"] = util.CleanRawXml(o.HsmSettings.Text)
-	}
-	if o.IpAddressLookupUrl != nil {
-		ans.raw["ialu"] = util.CleanRawXml(o.IpAddressLookupUrl.Text)
-	}
-	if o.Ipv6Address != nil {
-		ans.raw["i6a"] = util.CleanRawXml(o.Ipv6Address.Text)
-	}
-	if o.Ipv6DefaultGateway != nil {
-		ans.raw["i6dg"] = util.CleanRawXml(o.Ipv6DefaultGateway.Text)
-	}
-	if o.Locale != nil {
-		ans.raw["locale"] = util.CleanRawXml(o.Locale.Text)
-	}
-	if o.LogExportSchedule != nil {
-		ans.raw["les"] = util.CleanRawXml(o.LogExportSchedule.Text)
-	}
-	if o.LogLink != nil {
-		ans.raw["ll"] = util.CleanRawXml(o.LogLink.Text)
-	}
-	if o.MotdAndBanner != nil {
-		ans.raw["mab"] = util.CleanRawXml(o.MotdAndBanner.Text)
-	}
-	if o.Mtu != nil {
-		ans.raw["mtu"] = util.CleanRawXml(o.Mtu.Text)
-	}
-	if o.PermittedIp != nil {
-		ans.raw["pi"] = util.CleanRawXml(o.PermittedIp.Text)
-	}
-	if o.Route != nil {
-		ans.raw["route"] = util.CleanRawXml(o.Route.Text)
-	}
-	if o.Service != nil {
-		ans.raw["service"] = util.CleanRawXml(o.Service.Text)
-	}
-	if o.SnmpSetting != nil {
-		ans.raw["ss"] = util.CleanRawXml(o.SnmpSetting.Text)
-	}
-	if o.SpeedDuplex != nil {
-		ans.raw["sd"] = util.CleanRawXml(o.SpeedDuplex.Text)
-	}
-	if o.Ssh != nil {
-		ans.raw["ssh"] = util.CleanRawXml(o.Ssh.Text)
-	}
-	if o.SslTlsServiceProfile != nil {
-		ans.raw["stsp"] = util.CleanRawXml(o.SslTlsServiceProfile.Text)
-	}
-	if o.SyslogCertificate != nil {
-		ans.raw["sc"] = util.CleanRawXml(o.SyslogCertificate.Text)
-	}
-	if o.Type != nil {
-		ans.raw["type"] = util.CleanRawXml(o.Type.Text)
-	}
-	if o.UpdateSchedule != nil {
-		ans.raw["us"] = util.CleanRawXml(o.UpdateSchedule.Text)
-	}
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type config_v3 struct {
-	XMLName               xml.Name     `xml:"system"`
-	Hostname              string       `xml:"hostname"`
-	IpAddress             string       `xml:"ip-address,omitempty"`
-	Netmask               string       `xml:"netmask,omitempty"`
-	Gateway               string       `xml:"default-gateway,omitempty"`
-	Timezone              string       `xml:"timezone,omitempty"`
-	Domain                string       `xml:"domain,omitempty"`
-	UpdateServer          string       `xml:"update-server,omitempty"`
-	VerifyUpdateServer    string       `xml:"server-verification"`
-	LoginBanner           string       `xml:"login-banner,omitempty"`
-	Panorama              *panorama    `xml:"panorama"`
-	ProxyServer           string       `xml:"secure-proxy-server,omitempty"`
-	ProxyPort             int          `xml:"secure-proxy-port,omitempty"`
-	ProxyUser             string       `xml:"secure-proxy-user,omitempty"`
-	ProxyPassword         string       `xml:"secure-proxy-password,omitempty"`
-	Dns                   *deviceDns   `xml:"dns-setting"`
-	Ntp                   *deviceNtp   `xml:"ntp-servers"`
-	AckLoginBanner        *util.RawXml `xml:"ack-login-banner"`
-	AuthenticationProfile *util.RawXml `xml:"authentication-profile"`
-	AutoRenewMkeyLifetime *util.RawXml `xml:"auto-renew-mkey-lifetime"`
-	CertificateProfile    *util.RawXml `xml:"certificate-profile"`
-	DeviceTelemetry       *util.RawXml `xml:"device-telemetry"`
-	DomainLookupUrl       *util.RawXml `xml:"domain-lookup-url"`
-	FqdnForceRefreshTime  *util.RawXml `xml:"fqdn-forcerefresh-time"`
-	FqdnRefreshTime       *util.RawXml `xml:"fqdn-refresh-time"`
-	FqdnStaleEntryTimeout *util.RawXml `xml:"fqdn-stale-entry-timeout"`
-	GeoLocation           *util.RawXml `xml:"geo-location"`
-	HsmSettings           *util.RawXml `xml:"hsm-settings"`
-	IpAddressLookupUrl    *util.RawXml `xml:"ip-address-lookup-url"`
-	Ipv6Address           *util.RawXml `xml:"ipv6-address"`
-	Ipv6DefaultGateway    *util.RawXml `xml:"ipv6-default-gateway"`
-	Locale                *util.RawXml `xml:"locale"`
-	LogExportSchedule     *util.RawXml `xml:"log-export-schedule"`
-	LogLink               *util.RawXml `xml:"log-link"`
-	MotdAndBanner         *util.RawXml `xml:"motd-and-banner"`
-	Mtu                   *util.RawXml `xml:"mtu"`
-	PermittedIp           *util.RawXml `xml:"permitted-ip"`
-	Route                 *util.RawXml `xml:"route"`
-	Service               *util.RawXml `xml:"service"`
-	SnmpSetting           *util.RawXml `xml:"snmp-setting"`
-	SpeedDuplex           *util.RawXml `xml:"speed-duplex"`
-	Ssh                   *util.RawXml `xml:"ssh"`
-	SslTlsServiceProfile  *util.RawXml `xml:"ssl-tls-service-profile"`
-	SyslogCertificate     *util.RawXml `xml:"syslog-certificate"`
-	Type                  *util.RawXml `xml:"type"`
-	UpdateSchedule        *util.RawXml `xml:"update-schedule"`
-}
-
-func specify_v3(c Config) interface{} {
-	ans := config_v3{
-		Hostname:           c.Hostname,
-		IpAddress:          c.IpAddress,
-		Netmask:            c.Netmask,
-		Gateway:            c.Gateway,
-		Timezone:           c.Timezone,
-		Domain:             c.Domain,
-		UpdateServer:       c.UpdateServer,
-		VerifyUpdateServer: util.YesNo(c.VerifyUpdateServer),
-		LoginBanner:        c.LoginBanner,
-		ProxyServer:        c.ProxyServer,
-		ProxyPort:          c.ProxyPort,
-		ProxyUser:          c.ProxyUser,
-		ProxyPassword:      c.ProxyPassword,
-	}
-
-	// Panorama
-	if c.PanoramaPrimary != "" || c.PanoramaSecondary != "" {
-		ans.Panorama = &panorama{
-			Local: &panoramaLocal{
-				PanoramaPrimary:   c.PanoramaPrimary,
-				PanoramaSecondary: c.PanoramaSecondary,
-			},
-		}
-	}
-
-	// DNS
-	if c.DnsPrimary != "" || c.DnsSecondary != "" {
-		ans.Dns = &deviceDns{
-			c.DnsPrimary,
-			c.DnsSecondary,
-		}
-	}
-
-	// NTP
-	ntp_config := &deviceNtp{}
-	if c.NtpPrimaryAddress != "" || c.NtpPrimaryAuthType != "" {
-		ntp_config.Primary = &ntpConfig{
-			IpAddress: c.NtpPrimaryAddress,
-		}
-		var es string
-		switch c.NtpPrimaryAuthType {
-		case NoAuth:
-			ntp_config.Primary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Primary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Primary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpPrimaryKeyId,
-			}
-			switch c.NtpPrimaryAlgorithm {
-			case Sha1:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			case Md5:
-				ntp_config.Primary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpPrimaryAuthKey}
-			}
-		}
-	}
-	if c.NtpSecondaryAddress != "" || c.NtpSecondaryAuthType != "" {
-		ntp_config.Secondary = &ntpConfig{
-			IpAddress: c.NtpSecondaryAddress,
-		}
-		var es string
-		switch c.NtpSecondaryAuthType {
-		case NoAuth:
-			ntp_config.Secondary.Auth.None = &es
-		case AutokeyAuth:
-			ntp_config.Secondary.Auth.Autokey = &es
-		case SymmetricKeyAuth:
-			ntp_config.Secondary.Auth.SymmetricKey = &symKey{
-				KeyId: c.NtpSecondaryKeyId,
-			}
-			switch c.NtpSecondaryAlgorithm {
-			case Sha1:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Sha1 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			case Md5:
-				ntp_config.Secondary.Auth.SymmetricKey.Algorithm.Md5 = &algorithmAuthKey{c.NtpSecondaryAuthKey}
-			}
-		}
-	}
-	if ntp_config.Primary != nil || ntp_config.Secondary != nil {
-		ans.Ntp = ntp_config
-	}
-
-	if text, present := c.raw["alb"]; present {
-		ans.AckLoginBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["ap"]; present {
-		ans.AuthenticationProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["autorenew"]; present {
-		ans.AutoRenewMkeyLifetime = &util.RawXml{text}
-	}
-	if text, present := c.raw["cp"]; present {
-		ans.CertificateProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["devtelem"]; present {
-		ans.DeviceTelemetry = &util.RawXml{text}
-	}
-	if text, present := c.raw["dlu"]; present {
-		ans.DomainLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["ffrt"]; present {
-		ans.FqdnForceRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["frt"]; present {
-		ans.FqdnRefreshTime = &util.RawXml{text}
-	}
-	if text, present := c.raw["fqdnstale"]; present {
-		ans.FqdnStaleEntryTimeout = &util.RawXml{text}
-	}
-	if text, present := c.raw["gl"]; present {
-		ans.GeoLocation = &util.RawXml{text}
-	}
-	if text, present := c.raw["hs"]; present {
-		ans.HsmSettings = &util.RawXml{text}
-	}
-	if text, present := c.raw["ialu"]; present {
-		ans.IpAddressLookupUrl = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6a"]; present {
-		ans.Ipv6Address = &util.RawXml{text}
-	}
-	if text, present := c.raw["i6dg"]; present {
-		ans.Ipv6DefaultGateway = &util.RawXml{text}
-	}
-	if text, present := c.raw["locale"]; present {
-		ans.Locale = &util.RawXml{text}
-	}
-	if text, present := c.raw["les"]; present {
-		ans.LogExportSchedule = &util.RawXml{text}
-	}
-	if text, present := c.raw["ll"]; present {
-		ans.LogLink = &util.RawXml{text}
-	}
-	if text, present := c.raw["mab"]; present {
-		ans.MotdAndBanner = &util.RawXml{text}
-	}
-	if text, present := c.raw["mtu"]; present {
-		ans.Mtu = &util.RawXml{text}
-	}
-	if text, present := c.raw["pi"]; present {
-		ans.PermittedIp = &util.RawXml{text}
-	}
-	if text, present := c.raw["route"]; present {
-		ans.Route = &util.RawXml{text}
-	}
-	if text, present := c.raw["service"]; present {
-		ans.Service = &util.RawXml{text}
-	}
-	if text, present := c.raw["ss"]; present {
-		ans.SnmpSetting = &util.RawXml{text}
-	}
-	if text, present := c.raw["sd"]; present {
-		ans.SpeedDuplex = &util.RawXml{text}
-	}
-	if text, present := c.raw["ssh"]; present {
-		ans.Ssh = &util.RawXml{text}
-	}
-	if text, present := c.raw["stsp"]; present {
-		ans.SslTlsServiceProfile = &util.RawXml{text}
-	}
-	if text, present := c.raw["sc"]; present {
-		ans.SyslogCertificate = &util.RawXml{text}
-	}
-	if text, present := c.raw["type"]; present {
-		ans.Type = &util.RawXml{text}
-	}
-	if text, present := c.raw["us"]; present {
-		ans.UpdateSchedule = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/dev/general/const.go b/dev/general/const.go
deleted file mode 100644
index 2f66a8cc..00000000
--- a/dev/general/const.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package general
-
-// Constants for NTP auth types.
-const (
-	NoAuth           = "none"
-	AutokeyAuth      = "autokey"
-	SymmetricKeyAuth = "symmetric-key"
-)
-
-// Constants for NTP algorithms.
-const (
-	Sha1 = "sha1"
-	Md5  = "md5"
-)
-
-const (
-	singular = "general config"
-)
diff --git a/dev/general/doc.go b/dev/general/doc.go
deleted file mode 100644
index 5357f3f2..00000000
--- a/dev/general/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package general is the client.Device.GeneralSettings namespace.
-//
-// Normalized object: Config
-package general
diff --git a/dev/general/funcs.go b/dev/general/funcs.go
deleted file mode 100644
index 5c021ad9..00000000
--- a/dev/general/funcs.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package general
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/general/fw.go b/dev/general/fw.go
deleted file mode 100644
index 82445744..00000000
--- a/dev/general/fw.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package general
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is a namespace struct, included as part of pango.Client.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve the device's general settings.
-func (c *Firewall) Get() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve the device's general settings.
-func (c *Firewall) Show() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to create / update the device's general settings.
-func (c *Firewall) Set(e Config) error {
-	return c.ns.Set(c.pather(), specifier(e))
-}
-
-// Edit performs EDIT to update the device's general settings.
-func (c *Firewall) Edit(e Config) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-/** Internal functions for the Firewall struct **/
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath()
-	}
-}
-
-func (c *Firewall) xpath() ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"system",
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/general/fw_test.go b/dev/general/fw_test.go
deleted file mode 100644
index 6756d44d..00000000
--- a/dev/general/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package general
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get()
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/general/testdata_test.go b/dev/general/testdata_test.go
deleted file mode 100644
index 14f2a25b..00000000
--- a/dev/general/testdata_test.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package general
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 with raw", version.Number{6, 1, 0, ""}, Config{
-			Hostname:              "host1",
-			IpAddress:             "10.1.1.2",
-			Netmask:               "255.255.255.0",
-			Gateway:               "10.1.1.1",
-			Timezone:              "US/Pacific",
-			Domain:                "example.com",
-			LoginBanner:           "this is my banner",
-			PanoramaPrimary:       "pano1",
-			PanoramaSecondary:     "pano2",
-			DnsPrimary:            "10.1.1.1",
-			DnsSecondary:          "10.1.1.50",
-			NtpPrimaryAddress:     "10.1.1.1",
-			NtpPrimaryAuthType:    NoAuth,
-			NtpSecondaryAddress:   "10.1.1.51",
-			NtpSecondaryAuthType:  SymmetricKeyAuth,
-			NtpSecondaryKeyId:     1,
-			NtpSecondaryAlgorithm: Sha1,
-			NtpSecondaryAuthKey:   "secret",
-			raw: map[string]string{
-				"alb":     "ack login banner",
-				"ap":      "auth profile",
-				"cp":      "certificate profile",
-				"dlu":     "domain lookup url",
-				"ffrt":    "fqdn force refresh time",
-				"frt":     "fqdn refresh time",
-				"gl":      "geo location",
-				"hs":      "hsm settings",
-				"ialu":    "ip address lookup url",
-				"i6a":     "ipv6 address",
-				"i6dg":    "ipv6 default gateway",
-				"locale":  "my locale",
-				"les":     "log export schedule",
-				"ll":      "log link",
-				"mab":     "motd and banner",
-				"mtu":     "mtu",
-				"pi":      "permitted ip",
-				"route":   "route",
-				"service": "service list",
-				"ss":      "snmp setting",
-				"sd":      "speed duplex",
-				"stsp":    "ssl tls service profile",
-				"ssh":     "ssh config",
-				"sc":      "syslog certificate",
-				"type":    "type",
-				"us":      "update schedule",
-			},
-		}},
-		{"v1 no raw", version.Number{6, 1, 0, ""}, Config{
-			IpAddress:            "10.2.1.2",
-			Netmask:              "255.255.0.0",
-			Gateway:              "10.2.1.1",
-			Timezone:             "UTC",
-			UpdateServer:         "updates.paloaltonetworks.com",
-			VerifyUpdateServer:   true,
-			LoginBanner:          "This is a secure system",
-			PanoramaPrimary:      "192.168.55.2",
-			PanoramaSecondary:    "192.168.55.3",
-			ProxyServer:          "proxy-server.com",
-			ProxyPort:            666,
-			ProxyUser:            "jack",
-			ProxyPassword:        "burton",
-			DnsPrimary:           "10.2.1.5",
-			NtpPrimaryAddress:    "10.2.5.7",
-			NtpPrimaryAuthType:   SymmetricKeyAuth,
-			NtpPrimaryKeyId:      5,
-			NtpPrimaryAlgorithm:  Md5,
-			NtpPrimaryAuthKey:    "password",
-			NtpSecondaryAddress:  "10.2.5.8",
-			NtpSecondaryAuthType: AutokeyAuth,
-		}},
-		{"v2 with raw", version.Number{9, 0, 0, ""}, Config{
-			Hostname:              "host1",
-			IpAddress:             "10.1.1.2",
-			Netmask:               "255.255.255.0",
-			Gateway:               "10.1.1.1",
-			Timezone:              "US/Pacific",
-			Domain:                "example.com",
-			LoginBanner:           "this is my banner",
-			PanoramaPrimary:       "pano1",
-			PanoramaSecondary:     "pano2",
-			DnsPrimary:            "10.1.1.1",
-			DnsSecondary:          "10.1.1.50",
-			NtpPrimaryAddress:     "10.1.1.1",
-			NtpPrimaryAuthType:    NoAuth,
-			NtpSecondaryAddress:   "10.1.1.51",
-			NtpSecondaryAuthType:  SymmetricKeyAuth,
-			NtpSecondaryKeyId:     1,
-			NtpSecondaryAlgorithm: Sha1,
-			NtpSecondaryAuthKey:   "secret",
-			raw: map[string]string{
-				"alb":       "ack login banner",
-				"ap":        "auth profile",
-				"autorenew": "auto renew mkey lifetime",
-				"cp":        "certificate profile",
-				"dlu":       "domain lookup url",
-				"ffrt":      "fqdn force refresh time",
-				"frt":       "fqdn refresh time",
-				"fqdnstale": "fqdn stale entry timeout",
-				"gl":        "geo location",
-				"hs":        "hsm settings",
-				"ialu":      "ip address lookup url",
-				"i6a":       "ipv6 address",
-				"i6dg":      "ipv6 default gateway",
-				"locale":    "my locale",
-				"les":       "log export schedule",
-				"ll":        "log link",
-				"mab":       "motd and banner",
-				"mtu":       "mtu",
-				"pi":        "permitted ip",
-				"route":     "route",
-				"service":   "service list",
-				"ss":        "snmp setting",
-				"sd":        "speed duplex",
-				"stsp":      "ssl tls service profile",
-				"ssh":       "ssh config",
-				"sc":        "syslog certificate",
-				"type":      "type",
-				"us":        "update schedule",
-			},
-		}},
-		{"v2 no raw", version.Number{9, 0, 0, ""}, Config{
-			IpAddress:            "10.2.1.2",
-			Netmask:              "255.255.0.0",
-			Gateway:              "10.2.1.1",
-			Timezone:             "UTC",
-			UpdateServer:         "updates.paloaltonetworks.com",
-			VerifyUpdateServer:   true,
-			LoginBanner:          "This is a secure system",
-			PanoramaPrimary:      "192.168.55.2",
-			PanoramaSecondary:    "192.168.55.3",
-			ProxyServer:          "proxy-server.com",
-			ProxyPort:            666,
-			ProxyUser:            "jack",
-			ProxyPassword:        "burton",
-			DnsPrimary:           "10.2.1.5",
-			NtpPrimaryAddress:    "10.2.5.7",
-			NtpPrimaryAuthType:   SymmetricKeyAuth,
-			NtpPrimaryKeyId:      5,
-			NtpPrimaryAlgorithm:  Md5,
-			NtpPrimaryAuthKey:    "password",
-			NtpSecondaryAddress:  "10.2.5.8",
-			NtpSecondaryAuthType: AutokeyAuth,
-		}},
-		{"v3 with raw", version.Number{10, 0, 0, ""}, Config{
-			Hostname:              "host1",
-			IpAddress:             "10.1.1.2",
-			Netmask:               "255.255.255.0",
-			Gateway:               "10.1.1.1",
-			Timezone:              "US/Pacific",
-			Domain:                "example.com",
-			LoginBanner:           "this is my banner",
-			PanoramaPrimary:       "pano1",
-			PanoramaSecondary:     "pano2",
-			DnsPrimary:            "10.1.1.1",
-			DnsSecondary:          "10.1.1.50",
-			NtpPrimaryAddress:     "10.1.1.1",
-			NtpPrimaryAuthType:    NoAuth,
-			NtpSecondaryAddress:   "10.1.1.51",
-			NtpSecondaryAuthType:  SymmetricKeyAuth,
-			NtpSecondaryKeyId:     1,
-			NtpSecondaryAlgorithm: Sha1,
-			NtpSecondaryAuthKey:   "secret",
-			raw: map[string]string{
-				"alb":       "ack login banner",
-				"ap":        "auth profile",
-				"autorenew": "auto renew mkey lifetime",
-				"cp":        "certificate profile",
-				"devtelem":  "device telemetry",
-				"dlu":       "domain lookup url",
-				"ffrt":      "fqdn force refresh time",
-				"frt":       "fqdn refresh time",
-				"fqdnstale": "fqdn stale entry timeout",
-				"gl":        "geo location",
-				"hs":        "hsm settings",
-				"ialu":      "ip address lookup url",
-				"i6a":       "ipv6 address",
-				"i6dg":      "ipv6 default gateway",
-				"locale":    "my locale",
-				"les":       "log export schedule",
-				"ll":        "log link",
-				"mab":       "motd and banner",
-				"mtu":       "mtu",
-				"pi":        "permitted ip",
-				"route":     "route",
-				"service":   "service list",
-				"ss":        "snmp setting",
-				"sd":        "speed duplex",
-				"stsp":      "ssl tls service profile",
-				"ssh":       "ssh config",
-				"sc":        "syslog certificate",
-				"type":      "type",
-				"us":        "update schedule",
-			},
-		}},
-		{"v3 no raw", version.Number{10, 0, 0, ""}, Config{
-			IpAddress:            "10.2.1.2",
-			Netmask:              "255.255.0.0",
-			Gateway:              "10.2.1.1",
-			Timezone:             "UTC",
-			UpdateServer:         "updates.paloaltonetworks.com",
-			VerifyUpdateServer:   true,
-			LoginBanner:          "This is a secure system",
-			PanoramaPrimary:      "192.168.55.2",
-			PanoramaSecondary:    "192.168.55.3",
-			ProxyServer:          "proxy-server.com",
-			ProxyPort:            666,
-			ProxyUser:            "jack",
-			ProxyPassword:        "burton",
-			DnsPrimary:           "10.2.1.5",
-			NtpPrimaryAddress:    "10.2.5.7",
-			NtpPrimaryAuthType:   SymmetricKeyAuth,
-			NtpPrimaryKeyId:      5,
-			NtpPrimaryAlgorithm:  Md5,
-			NtpPrimaryAuthKey:    "password",
-			NtpSecondaryAddress:  "10.2.5.8",
-			NtpSecondaryAuthType: AutokeyAuth,
-		}},
-	}
-}
diff --git a/dev/ha/config.go b/dev/ha/config.go
deleted file mode 100644
index 6847d0df..00000000
--- a/dev/ha/config.go
+++ /dev/null
@@ -1,752 +0,0 @@
-package ha
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of a device
-// HA configuration.
-type Config struct {
-	Enable                 bool
-	GroupId                int
-	Description            string
-	Mode                   string
-	PeerHa1IpAddress       string
-	BackupPeerHa1IpAddress string
-	ConfigSyncEnable       bool
-
-	Ha1       *Ha1Interface
-	Ha1Backup *Ha1BackupInterface
-	Ha2       *Ha2Interface
-	Ha2Backup *Ha2Interface
-	Ha3       *Ha3Interface
-	Ha4       *Ha4Interface
-	Ha4Backup *Ha4Interface
-
-	// active passive
-	ApPassiveLinkState        string
-	ApMonitorFailHoldDownTime int
-
-	// active active
-	AaDeviceId string
-	// HA3 packet forwarding
-	AaTentativeHoldTime     string
-	AaSyncVirtualRouter     bool
-	AaSyncQos               bool
-	AaSessionOwnerSelection string // primary-device, first-packet
-	// session owner selection: first-packet
-	AaFpSessionSetup string // primary-device, first-packet, ip-modulo, ip-hash
-	// session setup: ip-hash
-	AaFpSessionSetupIpHashKey  string
-	AaFpSessionSetupIpHashSeed string
-
-	ElectionDevicePriority  string
-	ElectionPreemptive      bool
-	ElectionHeartBeatBackup bool
-
-	ElectionTimersMode                          string
-	ElectionTimersAdvPromotionHoldTime          string
-	ElectionTimersAdvHelloInterval              int
-	ElectionTimersAdvHeartBeatInterval          int
-	ElectionTimersAdvFlapMax                    string
-	ElectionTimersAdvPreemptionHoldTime         int
-	ElectionTimersAdvMonitorFailHoldUpTime      string
-	ElectionTimersAdvAdditionalMasterHoldUpTime string
-
-	Ha2StateSyncEnable             bool
-	Ha2StateSyncTransport          string
-	Ha2StateSyncKeepAliveEnable    bool
-	Ha2StateSyncKeepAliveAction    string
-	Ha2StateSyncKeepAliveThreshold int
-
-	LinkMonitorEnable           bool
-	LinkMonitorFailureCondition string
-
-	raw map[string]string
-}
-
-type Ha1Interface struct {
-	Port             string
-	IpAddress        string
-	Netmask          string
-	Gateway          string
-	EncryptionEnable bool
-	MonitorHoldTime  int
-}
-
-type Ha1BackupInterface struct {
-	Port      string
-	IpAddress string
-	Netmask   string
-	Gateway   string
-}
-
-type Ha2Interface struct {
-	Port      string
-	IpAddress string
-	Netmask   string
-	Gateway   string
-}
-
-type Ha3Interface struct {
-	Port string
-}
-
-type Ha4Interface struct {
-	Port      string
-	IpAddress string
-	Netmask   string
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.Enable = s.Enable
-	o.GroupId = s.GroupId
-	o.Description = s.Description
-	o.Mode = s.Mode
-	o.PeerHa1IpAddress = s.PeerHa1IpAddress
-	o.BackupPeerHa1IpAddress = s.BackupPeerHa1IpAddress
-	o.ConfigSyncEnable = s.ConfigSyncEnable
-
-	if s.Ha1 != nil {
-		o.Ha1 = &Ha1Interface{
-			Port:             s.Ha1.Port,
-			IpAddress:        s.Ha1.IpAddress,
-			Netmask:          s.Ha1.Netmask,
-			Gateway:          s.Ha1.Gateway,
-			EncryptionEnable: s.Ha1.EncryptionEnable,
-			MonitorHoldTime:  s.Ha1.MonitorHoldTime,
-		}
-	} else {
-		o.Ha1 = nil
-	}
-	if s.Ha1Backup != nil {
-		o.Ha1Backup = &Ha1BackupInterface{
-			Port:      s.Ha1Backup.Port,
-			IpAddress: s.Ha1Backup.IpAddress,
-			Netmask:   s.Ha1Backup.Netmask,
-			Gateway:   s.Ha1Backup.Gateway,
-		}
-	} else {
-		o.Ha1Backup = nil
-	}
-	if s.Ha2 != nil {
-		o.Ha2 = &Ha2Interface{
-			Port:      s.Ha2.Port,
-			IpAddress: s.Ha2.IpAddress,
-			Netmask:   s.Ha2.Netmask,
-			Gateway:   s.Ha2.Gateway,
-		}
-	} else {
-		o.Ha2 = nil
-	}
-	if s.Ha2Backup != nil {
-		o.Ha2Backup = &Ha2Interface{
-			Port:      s.Ha2Backup.Port,
-			IpAddress: s.Ha2Backup.IpAddress,
-			Netmask:   s.Ha2Backup.Netmask,
-			Gateway:   s.Ha2Backup.Gateway,
-		}
-	} else {
-		o.Ha2Backup = nil
-	}
-	if s.Ha3 != nil {
-		o.Ha3 = &Ha3Interface{
-			Port: s.Ha3.Port,
-		}
-	} else {
-		o.Ha3 = nil
-	}
-	if s.Ha4 != nil {
-		o.Ha4 = &Ha4Interface{
-			Port:      s.Ha4.Port,
-			IpAddress: s.Ha4.IpAddress,
-			Netmask:   s.Ha4.Netmask,
-		}
-	} else {
-		o.Ha4 = nil
-	}
-	if s.Ha4Backup != nil {
-		o.Ha4Backup = &Ha4Interface{
-			Port:      s.Ha4Backup.Port,
-			IpAddress: s.Ha4Backup.IpAddress,
-			Netmask:   s.Ha4Backup.Netmask,
-		}
-	} else {
-		o.Ha4Backup = nil
-	}
-
-	o.ApPassiveLinkState = s.ApPassiveLinkState
-	o.ApMonitorFailHoldDownTime = s.ApMonitorFailHoldDownTime
-
-	o.AaDeviceId = s.AaDeviceId
-	o.AaTentativeHoldTime = s.AaTentativeHoldTime
-	o.AaSyncVirtualRouter = s.AaSyncVirtualRouter
-	o.AaSyncQos = s.AaSyncQos
-	o.AaSessionOwnerSelection = s.AaSessionOwnerSelection
-	o.AaFpSessionSetup = s.AaFpSessionSetup
-	o.AaFpSessionSetupIpHashKey = s.AaFpSessionSetupIpHashKey
-	o.AaFpSessionSetupIpHashSeed = s.AaFpSessionSetupIpHashSeed
-
-	o.ElectionDevicePriority = s.ElectionDevicePriority
-	o.ElectionPreemptive = s.ElectionPreemptive
-	o.ElectionHeartBeatBackup = s.ElectionHeartBeatBackup
-
-	o.ElectionTimersMode = s.ElectionTimersMode
-	o.ElectionTimersAdvPromotionHoldTime = s.ElectionTimersAdvPromotionHoldTime
-	o.ElectionTimersAdvHelloInterval = s.ElectionTimersAdvHelloInterval
-	o.ElectionTimersAdvHeartBeatInterval = s.ElectionTimersAdvHeartBeatInterval
-	o.ElectionTimersAdvFlapMax = s.ElectionTimersAdvFlapMax
-	o.ElectionTimersAdvPreemptionHoldTime = s.ElectionTimersAdvPreemptionHoldTime
-	o.ElectionTimersAdvMonitorFailHoldUpTime = s.ElectionTimersAdvMonitorFailHoldUpTime
-	o.ElectionTimersAdvAdditionalMasterHoldUpTime = s.ElectionTimersAdvAdditionalMasterHoldUpTime
-
-	o.Ha2StateSyncEnable = s.Ha2StateSyncEnable
-	o.Ha2StateSyncTransport = s.Ha2StateSyncTransport
-	o.Ha2StateSyncKeepAliveEnable = s.Ha2StateSyncKeepAliveEnable
-	o.Ha2StateSyncKeepAliveAction = s.Ha2StateSyncKeepAliveAction
-	o.Ha2StateSyncKeepAliveThreshold = s.Ha2StateSyncKeepAliveThreshold
-
-	o.LinkMonitorEnable = s.LinkMonitorEnable
-	o.LinkMonitorFailureCondition = s.LinkMonitorFailureCondition
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"high-availability"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	return nil
-}
-
-func (o *entry_v1) normalize() Config {
-	ans := Config{
-		Enable:                 util.AsBool(o.Enable),
-		GroupId:                o.GroupId,
-		Description:            o.Description,
-		PeerHa1IpAddress:       o.PeerHa1IpAddress,
-		BackupPeerHa1IpAddress: o.BackupPeerHa1IpAddress,
-		ConfigSyncEnable:       util.AsBool(o.ConfigSyncEnable),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Mode != nil {
-		switch {
-		case o.Mode.ActivePassive != nil:
-			ans.Mode = ModeActivePassive
-			ans.ApPassiveLinkState = o.Mode.ActivePassive.PassiveLinkState
-			ans.ApMonitorFailHoldDownTime = o.Mode.ActivePassive.MonitorFailHoldDownTime
-		case o.Mode.ActiveActive != nil:
-			ans.Mode = ModeActiveActive
-			ans.AaDeviceId = o.Mode.ActiveActive.DeviceId
-			ans.AaTentativeHoldTime = o.Mode.ActiveActive.TentativeHoldTime
-			if o.Mode.ActiveActive.NetConfSync != nil {
-				x := o.Mode.ActiveActive.NetConfSync
-				ans.AaSyncVirtualRouter = util.AsBool(x.VirtualRouter)
-				ans.AaSyncQos = util.AsBool(x.Qos)
-			}
-			if o.Mode.ActiveActive.SessionOwnerSelection != nil {
-				x := o.Mode.ActiveActive.SessionOwnerSelection
-				if x.PrimaryDevice != nil {
-					ans.AaSessionOwnerSelection = AaSessionOwnerSelectionPrimaryDevice
-				} else if x.FirstPacket != nil {
-					ans.AaSessionOwnerSelection = AaSessionOwnerSelectionFirstPacket
-					switch {
-					case x.FirstPacket.PrimaryDevice != nil:
-						ans.AaFpSessionSetup = AaFpSessionSetupPrimaryDevice
-					case x.FirstPacket.FirstPacket != nil:
-						ans.AaFpSessionSetup = AaFpSessionSetupFirstPacket
-					case x.FirstPacket.IpModulo != nil:
-						ans.AaFpSessionSetup = AaFpSessionSetupIpModulo
-					case x.FirstPacket.IpHash != nil:
-						ans.AaFpSessionSetup = AaFpSessionSetupIpHash
-						ans.AaFpSessionSetupIpHashKey =
-							x.FirstPacket.IpHash.HashKey
-						ans.AaFpSessionSetupIpHashSeed =
-							x.FirstPacket.IpHash.HashSeed
-					}
-				}
-			}
-			if o.Mode.ActiveActive.VirtualAddress != nil {
-				raw["vaddr"] = util.CleanRawXml(o.Mode.ActiveActive.VirtualAddress.Text)
-			}
-		}
-	}
-
-	if o.Interfaces != nil {
-		x := o.Interfaces
-		if x.Ha1 != nil {
-			ans.Ha1 = &Ha1Interface{
-				Port:             x.Ha1.Port,
-				IpAddress:        x.Ha1.IpAddress,
-				Netmask:          x.Ha1.Netmask,
-				Gateway:          x.Ha1.Gateway,
-				EncryptionEnable: util.AsBool(x.Ha1.EncryptionEnable),
-				MonitorHoldTime:  x.Ha1.MonitorHoldTime,
-			}
-		}
-		if x.Ha1Backup != nil {
-			ans.Ha1Backup = &Ha1BackupInterface{
-				Port:      x.Ha1Backup.Port,
-				IpAddress: x.Ha1Backup.IpAddress,
-				Netmask:   x.Ha1Backup.Netmask,
-				Gateway:   x.Ha1Backup.Gateway,
-			}
-		}
-		if x.Ha2 != nil {
-			ans.Ha2 = &Ha2Interface{
-				Port:      x.Ha2.Port,
-				IpAddress: x.Ha2.IpAddress,
-				Netmask:   x.Ha2.Netmask,
-				Gateway:   x.Ha2.Gateway,
-			}
-		}
-		if x.Ha2Backup != nil {
-			ans.Ha2Backup = &Ha2Interface{
-				Port:      x.Ha2Backup.Port,
-				IpAddress: x.Ha2Backup.IpAddress,
-				Netmask:   x.Ha2Backup.Netmask,
-				Gateway:   x.Ha2Backup.Gateway,
-			}
-		}
-		if x.Ha3 != nil {
-			ans.Ha3 = &Ha3Interface{
-				Port: x.Ha3.Port,
-			}
-		}
-		if x.Ha4 != nil {
-			ans.Ha4 = &Ha4Interface{
-				Port:      x.Ha4.Port,
-				IpAddress: x.Ha4.IpAddress,
-				Netmask:   x.Ha4.Netmask,
-			}
-		}
-		if x.Ha4Backup != nil {
-			ans.Ha4Backup = &Ha4Interface{
-				Port:      x.Ha4Backup.Port,
-				IpAddress: x.Ha4Backup.IpAddress,
-				Netmask:   x.Ha4Backup.Netmask,
-			}
-		}
-	}
-
-	if o.ElectionOption != nil {
-		ans.ElectionDevicePriority = o.ElectionOption.DevicePriority
-		ans.ElectionPreemptive = util.AsBool(o.ElectionOption.Preemptive)
-		ans.ElectionHeartBeatBackup = util.AsBool(o.ElectionOption.HeartBeatBackup)
-
-		if o.ElectionOption.Timers != nil {
-			switch {
-			case o.ElectionOption.Timers.Recommended != nil:
-				ans.ElectionTimersMode = ElectionTimersModeRecommended
-			case o.ElectionOption.Timers.Aggressive != nil:
-				ans.ElectionTimersMode = ElectionTimersModeAggressive
-			case o.ElectionOption.Timers.Advanced != nil:
-				ans.ElectionTimersMode = ElectionTimersModeAdvanced
-				x := o.ElectionOption.Timers.Advanced
-				ans.ElectionTimersAdvPromotionHoldTime = x.PromotionHoldTime
-				ans.ElectionTimersAdvHelloInterval = x.HelloInterval
-				ans.ElectionTimersAdvHeartBeatInterval = x.HeartBeatInterval
-				ans.ElectionTimersAdvFlapMax = x.FlapMax
-				ans.ElectionTimersAdvPreemptionHoldTime = x.PreemptionHoldTime
-				ans.ElectionTimersAdvMonitorFailHoldUpTime = x.MonitorFailHoldUpTime
-				ans.ElectionTimersAdvAdditionalMasterHoldUpTime = x.AdditionalMasterHoldUpTime
-			}
-		}
-	}
-
-	if o.StateSync != nil {
-		ans.Ha2StateSyncEnable = util.AsBool(o.StateSync.Enable)
-		ans.Ha2StateSyncTransport = o.StateSync.Transport
-		if o.StateSync.Ha2KeepAlive != nil {
-			ans.Ha2StateSyncKeepAliveEnable = util.AsBool(o.StateSync.Ha2KeepAlive.Enable)
-			ans.Ha2StateSyncKeepAliveAction = o.StateSync.Ha2KeepAlive.Action
-			ans.Ha2StateSyncKeepAliveThreshold = o.StateSync.Ha2KeepAlive.Threshold
-		}
-	}
-
-	if o.LinkMonitor != nil {
-		ans.LinkMonitorEnable = util.AsBool(o.LinkMonitor.Enable)
-		ans.LinkMonitorFailureCondition = o.LinkMonitor.FailureCondition
-		if o.LinkMonitor.LinkGroup != nil {
-			raw["linkgroup"] = util.CleanRawXml(o.LinkMonitor.LinkGroup.Text)
-		}
-	}
-
-	if o.Cluster != nil {
-		raw["cluster"] = util.CleanRawXml(o.Cluster.Text)
-	}
-	if o.PathMonitor != nil {
-		raw["pathmonitor"] = util.CleanRawXml(o.PathMonitor.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                xml.Name        `xml:"high-availability"`
-	Enable                 string          `xml:"enabled"`
-	Interfaces             *interfaces     `xml:"interface"`
-	GroupId                int             `xml:"group>group-id,omitempty"`
-	Description            string          `xml:"group>description,omitempty"`
-	Mode                   *mode           `xml:"group>mode"`
-	PeerHa1IpAddress       string          `xml:"group>peer-ip,omitempty"`
-	BackupPeerHa1IpAddress string          `xml:"group>peer-ip-backup,omitempty"`
-	ConfigSyncEnable       string          `xml:"group>configuration-synchronization>enabled"`
-	ElectionOption         *electionOption `xml:"group>election-option"`
-	StateSync              *stateSync      `xml:"group>state-synchronization"`
-	LinkMonitor            *linkMonitor    `xml:"group>monitoring>link-monitoring"`
-
-	PathMonitor *util.RawXml `xml:"group>monitoring>path-monitoring"`
-	Cluster     *util.RawXml `xml:"cluster"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type localEntry_v1 entry_v1
-	ans := localEntry_v1{
-		StateSync: &stateSync{
-			Enable: util.YesNo(true),
-		},
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-type interfaces struct {
-	Ha1       *ha1Interface       `xml:"ha1"`
-	Ha1Backup *ha1BackupInterface `xml:"ha1-backup"`
-	Ha2       *ha2Interface       `xml:"ha2"`
-	Ha2Backup *ha2Interface       `xml:"ha2-backup"`
-	Ha3       *ha3Interface       `xml:"ha3"`
-	Ha4       *ha4Interface       `xml:"ha4"`
-	Ha4Backup *ha4Interface       `xml:"ha4-backup"`
-}
-
-type ha1Interface struct {
-	Port             string `xml:"port,omitempty"`
-	IpAddress        string `xml:"ip-address,omitempty"`
-	Netmask          string `xml:"netmask,omitempty"`
-	Gateway          string `xml:"gateway,omitempty"`
-	EncryptionEnable string `xml:"encryption>enabled"`
-	MonitorHoldTime  int    `xml:"monitor-hold-time,omitempty"`
-}
-
-type ha1BackupInterface struct {
-	Port      string `xml:"port,omitempty"`
-	IpAddress string `xml:"ip-address,omitempty"`
-	Netmask   string `xml:"netmask,omitempty"`
-	Gateway   string `xml:"gateway,omitempty"`
-}
-
-type ha2Interface struct {
-	Port      string `xml:"port,omitempty"`
-	IpAddress string `xml:"ip-address,omitempty"`
-	Netmask   string `xml:"netmask,omitempty"`
-	Gateway   string `xml:"gateway,omitempty"`
-}
-
-type ha3Interface struct {
-	Port string `xml:"port,omitempty"`
-}
-
-type ha4Interface struct {
-	Port      string `xml:"port,omitempty"`
-	IpAddress string `xml:"ip-address,omitempty"`
-	Netmask   string `xml:"netmask,omitempty"`
-}
-
-type electionOption struct {
-	DevicePriority  string `xml:"device-priority,omitempty"`
-	Preemptive      string `xml:"preemptive"`
-	HeartBeatBackup string `xml:"heartbeat-backup"`
-
-	Timers *optionTimers `xml:"timers"`
-}
-
-type optionTimers struct {
-	Recommended *string   `xml:"recommended"`
-	Aggressive  *string   `xml:"aggressive"`
-	Advanced    *advanced `xml:"advanced"`
-}
-
-type advanced struct {
-	PromotionHoldTime          string `xml:"promotion-hold-time,omitempty"`
-	HelloInterval              int    `xml:"hello-interval,omitempty"`
-	HeartBeatInterval          int    `xml:"heartbeat-interval,omitempty"`
-	FlapMax                    string `xml:"flap-max,omitempty"`
-	PreemptionHoldTime         int    `xml:"preemption-hold-time,omitempty"`
-	MonitorFailHoldUpTime      string `xml:"monitor-fail-hold-up-time,omitempty"`
-	AdditionalMasterHoldUpTime string `xml:"additional-master-hold-up-time,omitempty"`
-}
-
-type stateSync struct {
-	Enable       string        `xml:"enabled"`
-	Transport    string        `xml:"transport,omitempty"`
-	Ha2KeepAlive *ha2KeepAlive `xml:"ha2-keep-alive"`
-}
-
-type ha2KeepAlive struct {
-	Enable    string `xml:"enabled"`
-	Action    string `xml:"action,omitempty"`
-	Threshold int    `xml:"threshold,omitempty"`
-}
-
-type mode struct {
-	ActivePassive *activePassive `xml:"active-passive"`
-	ActiveActive  *activeActive  `xml:"active-active"`
-}
-
-type activePassive struct {
-	PassiveLinkState        string `xml:"passive-link-state,omitempty"`
-	MonitorFailHoldDownTime int    `xml:"monitor-fail-hold-down-time,omitempty"`
-}
-
-type activeActive struct {
-	DeviceId              string                 `xml:"device-id"`
-	TentativeHoldTime     string                 `xml:"tentative-hold-time,omitempty"`
-	NetConfSync           *netConfSync           `xml:"network-configuration>sync"`
-	SessionOwnerSelection *sessionOwnerSelection `xml:"session-owner-selection"`
-	VirtualAddress        *util.RawXml           `xml:"virtual-address"`
-}
-
-type netConfSync struct {
-	VirtualRouter string `xml:"virtual-router"`
-	Qos           string `xml:"qos"`
-}
-
-type sessionOwnerSelection struct {
-	PrimaryDevice *string             `xml:"primary-device"`
-	FirstPacket   *firstPacketSession `xml:"first-packet>session-setup"`
-}
-
-type firstPacketSession struct {
-	PrimaryDevice *string `xml:"primary-device"`
-	FirstPacket   *string `xml:"first-packet"`
-	IpModulo      *string `xml:"ip-modulo"`
-	IpHash        *ipHash `xml:"ip-hash"`
-}
-
-type ipHash struct {
-	HashKey  string `xml:"hash-key,omitempty"`
-	HashSeed string `xml:"hash-seed,omitempty"`
-}
-
-type linkMonitor struct {
-	Enable           string       `xml:"enabled"`
-	FailureCondition string       `xml:"failure-condition,omitempty"`
-	LinkGroup        *util.RawXml `xml:"link-group"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := entry_v1{
-		Enable:                 util.YesNo(e.Enable),
-		GroupId:                e.GroupId,
-		Description:            e.Description,
-		PeerHa1IpAddress:       e.PeerHa1IpAddress,
-		BackupPeerHa1IpAddress: e.BackupPeerHa1IpAddress,
-		ConfigSyncEnable:       util.YesNo(e.ConfigSyncEnable),
-	}
-
-	s := ""
-
-	if e.Mode != "" {
-		ans.Mode = &mode{}
-		switch e.Mode {
-		case ModeActivePassive:
-			ans.Mode.ActivePassive = &activePassive{
-				PassiveLinkState:        e.ApPassiveLinkState,
-				MonitorFailHoldDownTime: e.ApMonitorFailHoldDownTime,
-			}
-		case ModeActiveActive:
-			ans.Mode.ActiveActive = &activeActive{
-				DeviceId:          e.AaDeviceId,
-				TentativeHoldTime: e.AaTentativeHoldTime,
-			}
-			if e.AaSyncVirtualRouter || e.AaSyncQos {
-				ans.Mode.ActiveActive.NetConfSync = &netConfSync{
-					VirtualRouter: util.YesNo(e.AaSyncVirtualRouter),
-					Qos:           util.YesNo(e.AaSyncQos),
-				}
-			}
-			switch e.AaSessionOwnerSelection {
-			case AaSessionOwnerSelectionPrimaryDevice:
-				ans.Mode.ActiveActive.SessionOwnerSelection = &sessionOwnerSelection{
-					PrimaryDevice: &s,
-				}
-			case AaSessionOwnerSelectionFirstPacket:
-				x := &sessionOwnerSelection{
-					FirstPacket: &firstPacketSession{},
-				}
-				switch e.AaFpSessionSetup {
-				case AaFpSessionSetupPrimaryDevice:
-					x.FirstPacket.PrimaryDevice = &s
-				case AaFpSessionSetupFirstPacket:
-					x.FirstPacket.FirstPacket = &s
-				case AaFpSessionSetupIpModulo:
-					x.FirstPacket.IpModulo = &s
-				case AaFpSessionSetupIpHash:
-					x.FirstPacket.IpHash = &ipHash{
-						HashKey:  e.AaFpSessionSetupIpHashKey,
-						HashSeed: e.AaFpSessionSetupIpHashSeed,
-					}
-				}
-				ans.Mode.ActiveActive.SessionOwnerSelection = x
-			}
-			if text, present := e.raw["vaddr"]; present {
-				ans.Mode.ActiveActive.VirtualAddress = &util.RawXml{text}
-			}
-		}
-	}
-
-	ans.Interfaces = &interfaces{} // optional="no"
-	if e.Ha1 != nil {
-		ans.Interfaces.Ha1 = &ha1Interface{
-			Port:             e.Ha1.Port,
-			IpAddress:        e.Ha1.IpAddress,
-			Netmask:          e.Ha1.Netmask,
-			Gateway:          e.Ha1.Gateway,
-			EncryptionEnable: util.YesNo(e.Ha1.EncryptionEnable),
-			MonitorHoldTime:  e.Ha1.MonitorHoldTime,
-		}
-	}
-	if e.Ha1Backup != nil {
-		ans.Interfaces.Ha1Backup = &ha1BackupInterface{
-			Port:      e.Ha1Backup.Port,
-			IpAddress: e.Ha1Backup.IpAddress,
-			Netmask:   e.Ha1Backup.Netmask,
-			Gateway:   e.Ha1Backup.Gateway,
-		}
-	}
-	if e.Ha2 != nil {
-		ans.Interfaces.Ha2 = &ha2Interface{
-			Port:      e.Ha2.Port,
-			IpAddress: e.Ha2.IpAddress,
-			Netmask:   e.Ha2.Netmask,
-			Gateway:   e.Ha2.Gateway,
-		}
-	}
-	if e.Ha2Backup != nil {
-		ans.Interfaces.Ha2Backup = &ha2Interface{
-			Port:      e.Ha2Backup.Port,
-			IpAddress: e.Ha2Backup.IpAddress,
-			Netmask:   e.Ha2Backup.Netmask,
-			Gateway:   e.Ha2Backup.Gateway,
-		}
-	}
-	if e.Ha3 != nil {
-		ans.Interfaces.Ha3 = &ha3Interface{
-			Port: e.Ha3.Port,
-		}
-	}
-	if e.Ha4 != nil {
-		ans.Interfaces.Ha4 = &ha4Interface{
-			Port:      e.Ha4.Port,
-			IpAddress: e.Ha4.IpAddress,
-			Netmask:   e.Ha4.Netmask,
-		}
-	}
-	if e.Ha4Backup != nil {
-		ans.Interfaces.Ha4Backup = &ha4Interface{
-			Port:      e.Ha4Backup.Port,
-			IpAddress: e.Ha4Backup.IpAddress,
-			Netmask:   e.Ha4Backup.Netmask,
-		}
-	}
-
-	if e.ElectionDevicePriority != "" || e.ElectionPreemptive ||
-		e.ElectionHeartBeatBackup {
-		ans.ElectionOption = &electionOption{
-			DevicePriority:  e.ElectionDevicePriority,
-			Preemptive:      util.YesNo(e.ElectionPreemptive),
-			HeartBeatBackup: util.YesNo(e.ElectionHeartBeatBackup),
-		}
-	}
-
-	if e.ElectionTimersMode != "" {
-		if ans.ElectionOption == nil {
-			ans.ElectionOption = &electionOption{}
-		}
-		switch e.ElectionTimersMode {
-		case ElectionTimersModeRecommended:
-			ans.ElectionOption.Timers = &optionTimers{Recommended: &s}
-		case ElectionTimersModeAggressive:
-			ans.ElectionOption.Timers = &optionTimers{Aggressive: &s}
-		case ElectionTimersModeAdvanced:
-			x := advanced{
-				PromotionHoldTime:          e.ElectionTimersAdvPromotionHoldTime,
-				HelloInterval:              e.ElectionTimersAdvHelloInterval,
-				HeartBeatInterval:          e.ElectionTimersAdvHeartBeatInterval,
-				FlapMax:                    e.ElectionTimersAdvFlapMax,
-				PreemptionHoldTime:         e.ElectionTimersAdvPreemptionHoldTime,
-				MonitorFailHoldUpTime:      e.ElectionTimersAdvMonitorFailHoldUpTime,
-				AdditionalMasterHoldUpTime: e.ElectionTimersAdvAdditionalMasterHoldUpTime,
-			}
-			ans.ElectionOption.Timers = &optionTimers{Advanced: &x}
-		}
-	}
-
-	if !e.Ha2StateSyncEnable || e.Ha2StateSyncTransport != "" || e.Ha2StateSyncKeepAliveEnable ||
-		e.Ha2StateSyncKeepAliveAction != "" || e.Ha2StateSyncKeepAliveThreshold != 0 {
-		ans.StateSync = &stateSync{
-			Enable:    util.YesNo(e.Ha2StateSyncEnable),
-			Transport: e.Ha2StateSyncTransport,
-			Ha2KeepAlive: &ha2KeepAlive{
-				Enable:    util.YesNo(e.Ha2StateSyncKeepAliveEnable),
-				Action:    e.Ha2StateSyncKeepAliveAction,
-				Threshold: e.Ha2StateSyncKeepAliveThreshold,
-			},
-		}
-	}
-
-	if text, present := e.raw["linkgroup"]; present || !e.LinkMonitorEnable ||
-		e.LinkMonitorFailureCondition != "" {
-		ans.LinkMonitor = &linkMonitor{
-			Enable:           util.YesNo(e.LinkMonitorEnable),
-			FailureCondition: e.LinkMonitorFailureCondition,
-		}
-		if present {
-			ans.LinkMonitor.LinkGroup = &util.RawXml{text}
-		}
-	}
-
-	if text, present := e.raw["cluster"]; present {
-		ans.Cluster = &util.RawXml{text}
-	}
-	if text, present := e.raw["pathmonitor"]; present {
-		ans.PathMonitor = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/dev/ha/const.go b/dev/ha/const.go
deleted file mode 100644
index 895abcf5..00000000
--- a/dev/ha/const.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package ha
-
-const (
-	// Mode Values
-	ModeActivePassive = "active-passive"
-	ModeActiveActive  = "active-active"
-
-	// ApPassiveLinkState Values
-	ApPassiveLinkStateAuto     = "auto"
-	ApPassiveLinkStateShutdown = "shutdown"
-
-	// AaSessionOwnerSelection Values
-	AaSessionOwnerSelectionPrimaryDevice = "primary-device"
-	AaSessionOwnerSelectionFirstPacket   = "first-packet"
-
-	// AaFpSessionSetup Values
-	AaFpSessionSetupPrimaryDevice = "primary-device"
-	AaFpSessionSetupFirstPacket   = "first-packet"
-	AaFpSessionSetupIpModulo      = "ip-modulo"
-	AaFpSessionSetupIpHash        = "ip-hash"
-
-	// AaFpSessionSetupIpHashKey Values
-	AaFpSessionSetupIpHashKeySource     = "source"
-	AaFpSessionSetupIpHashKeySourceDest = "source-and-destination"
-
-	// ElectionTimersMode Values
-	ElectionTimersModeRecommended = "recommended"
-	ElectionTimersModeAggressive  = "aggressive"
-	ElectionTimersModeAdvanced    = "advanced"
-
-	// ElectionTimersAdvFlapMax Values
-	ElectionTimersAdvFlapMaxInfinite = "infinite"
-	ElectionTimersAdvFlapMaxDisable  = "disable"
-
-	// Ha2StateSyncTransport Values
-	Ha2StateSyncTransportEthernet = "ethernet"
-	Ha2StateSyncTransportIp       = "ip"
-	Ha2StateSyncTransportUdp      = "udp"
-
-	// Ha2StateSyncKeepAliveAction Values
-	Ha2StateSyncKeepAliveActionLogOnly       = "log-only"
-	Ha2StateSyncKeepAliveActionSplitDatapath = "split-datapath"
-
-	// LinkMonitorFailureCondition Values
-	LinkMonitorFailureConditionAny = "any"
-	LinkMonitorFailureConditionAll = "all"
-)
-
-const (
-	singular = "HA config"
-)
diff --git a/dev/ha/doc.go b/dev/ha/doc.go
deleted file mode 100644
index 2ea93610..00000000
--- a/dev/ha/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package ha is the client.Device.HaConfig namespace.
-
-Normalized object:  Config
-*/
-package ha
diff --git a/dev/ha/funcs.go b/dev/ha/funcs.go
deleted file mode 100644
index b4a46e14..00000000
--- a/dev/ha/funcs.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package ha
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-/*func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}*/
diff --git a/dev/ha/fw.go b/dev/ha/fw.go
deleted file mode 100644
index 37b40a20..00000000
--- a/dev/ha/fw.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package ha
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.HaConfig namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e Config) error {
-	return c.ns.Set(c.pather(), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Config) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete() error {
-	return c.ns.Delete(c.pather(), nil, nil)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath()
-	}
-}
-
-func (c *Firewall) xpath() ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"high-availability",
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/ha/fw_test.go b/dev/ha/fw_test.go
deleted file mode 100644
index 6a88e7a4..00000000
--- a/dev/ha/fw_test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package ha
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get()
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestHa2StateSyncEnableIsTrueWithNoStateSyncConfig(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<high-availability>
-    <enabled>yes</enabled>
-    <group>
-        <group-id>2</group-id>
-        <description>My description</description>
-        <peer-ip>127.0.0.1</peer-ip>
-        <configuration-synchronization>
-            <enabled>yes</enabled>
-        </configuration-synchronization>
-    </group>
-</high-availability>
-`)
-	ans, err := ns.Get()
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	}
-	if ans.GroupId != 2 {
-		t.Errorf("GroupId is %d, not 2", ans.GroupId)
-	}
-	if !ans.Ha2StateSyncEnable {
-		t.Errorf("Ha2StateSyncEnable is incorrectly set to %t", ans.Ha2StateSyncEnable)
-	}
-}
-
-func TestHa2StateSyncEnableIsTrueWithStateSyncConfig(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<high-availability>
-    <enabled>yes</enabled>
-    <group>
-        <group-id>2</group-id>
-        <description>My description</description>
-        <peer-ip>127.0.0.1</peer-ip>
-        <configuration-synchronization>
-            <enabled>yes</enabled>
-        </configuration-synchronization>
-        <state-synchronization>
-            <transport>mytransport</transport>
-        </state-synchronization>
-    </group>
-</high-availability>
-`)
-	ans, err := ns.Get()
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	}
-	if ans.GroupId != 2 {
-		t.Errorf("GroupId is %d, not 2", ans.GroupId)
-	}
-	if !ans.Ha2StateSyncEnable {
-		t.Errorf("Ha2StateSyncEnable is incorrectly set to %t", ans.Ha2StateSyncEnable)
-	}
-}
-
-func TestHa2StateSyncEnableCanBeFalse(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<high-availability>
-    <enabled>yes</enabled>
-    <group>
-        <group-id>2</group-id>
-        <description>My description</description>
-        <peer-ip>127.0.0.1</peer-ip>
-        <configuration-synchronization>
-            <enabled>yes</enabled>
-        </configuration-synchronization>
-        <state-synchronization>
-            <enabled>no</enabled>
-            <transport>mytransport</transport>
-        </state-synchronization>
-    </group>
-</high-availability>
-`)
-	ans, err := ns.Get()
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	}
-	if ans.GroupId != 2 {
-		t.Errorf("GroupId is %d, not 2", ans.GroupId)
-	}
-	if ans.Ha2StateSyncEnable {
-		t.Errorf("Ha2StateSyncEnable is incorrectly set to %t", ans.Ha2StateSyncEnable)
-	}
-}
diff --git a/dev/ha/monitor/link/const.go b/dev/ha/monitor/link/const.go
deleted file mode 100644
index 2a659ef8..00000000
--- a/dev/ha/monitor/link/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package link
-
-const (
-	// FailureCondition Values
-	FailureConditionAny = "any"
-	FailureConditionAll = "all"
-)
-
-const (
-	singular = "HA link monitor group"
-	plural   = singular + "s"
-)
diff --git a/dev/ha/monitor/link/doc.go b/dev/ha/monitor/link/doc.go
deleted file mode 100644
index 3e08bfe1..00000000
--- a/dev/ha/monitor/link/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package link is the client.Device.HaLinkMonitorGroup namespace.
-
-Normalized object:  Entry
-*/
-package link
diff --git a/dev/ha/monitor/link/entry.go b/dev/ha/monitor/link/entry.go
deleted file mode 100644
index 35ea9a64..00000000
--- a/dev/ha/monitor/link/entry.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package link
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an HA
-// link monitor group.
-type Entry struct {
-	Name             string
-	Enable           bool
-	FailureCondition string
-	Interfaces       []string // unordered
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.FailureCondition = s.FailureCondition
-	if s.Interfaces == nil {
-		o.Interfaces = nil
-	} else {
-		o.Interfaces = make([]string, len(s.Interfaces))
-		copy(o.Interfaces, s.Interfaces)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		Enable:           util.AsBool(o.Enable),
-		FailureCondition: o.FailureCondition,
-		Interfaces:       util.MemToStr(o.Interfaces),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName          xml.Name         `xml:"entry"`
-	Name             string           `xml:"name,attr"`
-	Enable           string           `xml:"enabled"`
-	FailureCondition string           `xml:"failure-condition,omitempty"`
-	Interfaces       *util.MemberType `xml:"interface,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:             e.Name,
-		Enable:           util.YesNo(e.Enable),
-		FailureCondition: e.FailureCondition,
-		Interfaces:       util.StrToMem(e.Interfaces),
-	}
-
-	return ans
-}
diff --git a/dev/ha/monitor/link/funcs.go b/dev/ha/monitor/link/funcs.go
deleted file mode 100644
index a7da9df1..00000000
--- a/dev/ha/monitor/link/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package link
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-/*func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}*/
diff --git a/dev/ha/monitor/link/fw.go b/dev/ha/monitor/link/fw.go
deleted file mode 100644
index b136649e..00000000
--- a/dev/ha/monitor/link/fw.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package link
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.HaLinkMonitorGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"high-availability",
-		"group",
-		"monitoring",
-		"link-monitoring",
-		"link-group",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/ha/monitor/link/fw_test.go b/dev/ha/monitor/link/fw_test.go
deleted file mode 100644
index 463588dd..00000000
--- a/dev/ha/monitor/link/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package link
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/ha/monitor/link/testdata_test.go b/dev/ha/monitor/link/testdata_test.go
deleted file mode 100644
index 5f134bc4..00000000
--- a/dev/ha/monitor/link/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package link
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1", version.Number{10, 0, 0, ""}, Entry{
-			Name:             "v1",
-			Enable:           true,
-			FailureCondition: FailureConditionAll,
-			Interfaces: []string{
-				"interface 1",
-				"interface 2",
-			},
-		}},
-	}
-}
diff --git a/dev/ha/monitor/path/const.go b/dev/ha/monitor/path/const.go
deleted file mode 100644
index 492fb19f..00000000
--- a/dev/ha/monitor/path/const.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package path
-
-const (
-	// FailureCondition Values
-	FailureConditionAny = "any"
-	FailureConditionAll = "all"
-
-	// gType Values
-	VirtualWire   = "virtual-wire"
-	Vlan          = "vlan"
-	VirtualRouter = "virtual-router"
-	LogicalRouter = "logical-router"
-)
-
-const (
-	singular = "HA path monitor group"
-	plural   = singular + "s"
-)
diff --git a/dev/ha/monitor/path/doc.go b/dev/ha/monitor/path/doc.go
deleted file mode 100644
index 6abe792b..00000000
--- a/dev/ha/monitor/path/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package path is the client.Device.HaPathMonitorGroup namespace.
-
-Normalized object:  Entry
-*/
-package path
diff --git a/dev/ha/monitor/path/entry.go b/dev/ha/monitor/path/entry.go
deleted file mode 100644
index 8e73b55e..00000000
--- a/dev/ha/monitor/path/entry.go
+++ /dev/null
@@ -1,157 +0,0 @@
-package path
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a HA
-// path monitor group.
-type Entry struct {
-	Name             string
-	Enable           bool
-	SrcIp            string // virtual-wire, vlan
-	FailureCondition string
-	PingInterval     int
-	PingCount        int
-	DstIpGroups      []DstIpGroup
-}
-
-type DstIpGroup struct {
-	Name             string
-	Enable           bool
-	FailureCondition string
-	DstIps           []string // unordered
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.SrcIp = s.SrcIp
-	o.FailureCondition = s.FailureCondition
-	o.PingInterval = s.PingInterval
-	o.PingCount = s.PingCount
-	if s.DstIpGroups == nil {
-		o.DstIpGroups = nil
-	} else {
-		o.DstIpGroups = make([]DstIpGroup, len(s.DstIpGroups))
-		for i := range s.DstIpGroups {
-			o.DstIpGroups[i] = s.DstIpGroups[i]
-			if s.DstIpGroups[i].DstIps != nil {
-				o.DstIpGroups[i].DstIps = make([]string,
-					len(s.DstIpGroups[i].DstIps))
-				copy(o.DstIpGroups[i].DstIps, s.DstIpGroups[i].DstIps)
-			}
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		Enable:           util.AsBool(o.Enable),
-		SrcIp:            o.SrcIp,
-		FailureCondition: o.FailureCondition,
-		PingInterval:     o.PingInterval,
-		PingCount:        o.PingCount,
-	}
-
-	if o.DstIpGroups != nil {
-		groups := make([]DstIpGroup, 0, len(o.DstIpGroups.Entries))
-		for _, group := range o.DstIpGroups.Entries {
-			groups = append(groups, DstIpGroup{
-				Name:             group.Name,
-				Enable:           util.AsBool(group.Enable),
-				FailureCondition: group.FailureCondition,
-				DstIps:           util.MemToStr(group.DstIps),
-			})
-		}
-		ans.DstIpGroups = groups
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName          xml.Name    `xml:"entry"`
-	Name             string      `xml:"name,attr"`
-	Enable           string      `xml:"enabled"`
-	SrcIp            string      `xml:"source-ip,omitempty"`
-	FailureCondition string      `xml:"failure-condition,omitempty"`
-	PingInterval     int         `xml:"ping-interval,omitempty"`
-	PingCount        int         `xml:"ping-count,omitempty"`
-	DstIpGroups      *dstIpGroup `xml:"destination-ip-group"`
-}
-
-type dstIpGroup struct {
-	Entries []dstIpGroupEntry `xml:"entry"`
-}
-
-type dstIpGroupEntry struct {
-	Name             string           `xml:"name,attr"`
-	Enable           string           `xml:"enabled"`
-	FailureCondition string           `xml:"failure-condition,omitempty"`
-	DstIps           *util.MemberType `xml:"destination-ip"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:             e.Name,
-		Enable:           util.YesNo(e.Enable),
-		SrcIp:            e.SrcIp,
-		FailureCondition: e.FailureCondition,
-		PingInterval:     e.PingInterval,
-		PingCount:        e.PingCount,
-	}
-
-	if len(e.DstIpGroups) > 0 {
-		ans.DstIpGroups = &dstIpGroup{}
-		groups := make([]dstIpGroupEntry, 0, len(e.DstIpGroups))
-		for _, group := range e.DstIpGroups {
-			groups = append(groups, dstIpGroupEntry{
-				Name:             group.Name,
-				Enable:           util.YesNo(group.Enable),
-				FailureCondition: group.FailureCondition,
-				DstIps:           util.StrToMem(group.DstIps),
-			})
-		}
-		ans.DstIpGroups.Entries = groups
-	}
-
-	return ans
-}
diff --git a/dev/ha/monitor/path/funcs.go b/dev/ha/monitor/path/funcs.go
deleted file mode 100644
index 7257bb08..00000000
--- a/dev/ha/monitor/path/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package path
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-/*func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}*/
diff --git a/dev/ha/monitor/path/fw.go b/dev/ha/monitor/path/fw.go
deleted file mode 100644
index b6e9d5cc..00000000
--- a/dev/ha/monitor/path/fw.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package path
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.HaPathMonitorGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(gType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(gType), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(gType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(gType), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(gType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(gType), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(gType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(gType), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(gType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(gType), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(gType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(gType), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(gType string, e ...Entry) error {
-	return c.ns.Set(c.pather(gType), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(gType string, e Entry) error {
-	return c.ns.Edit(c.pather(gType), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(gType string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(gType), names, nErr)
-}
-
-func (c *Firewall) pather(gType string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(gType, v)
-	}
-}
-
-func (c *Firewall) xpath(gType string, vals []string) ([]string, error) {
-	switch gType {
-	case "":
-		return nil, fmt.Errorf("gType must be specified")
-	case VirtualWire, Vlan, VirtualRouter, LogicalRouter:
-	default:
-		return nil, fmt.Errorf("unknown gType value: %s", gType)
-	}
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"high-availability",
-		"group",
-		"monitoring",
-		"path-monitoring",
-		"path-group",
-		gType,
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/ha/monitor/path/fw_test.go b/dev/ha/monitor/path/fw_test.go
deleted file mode 100644
index 689f425c..00000000
--- a/dev/ha/monitor/path/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package path
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.gType, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.gType, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/ha/monitor/path/testdata_test.go b/dev/ha/monitor/path/testdata_test.go
deleted file mode 100644
index c0ee558e..00000000
--- a/dev/ha/monitor/path/testdata_test.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package path
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	gType   string
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 VirtualRouter 0 groups", version.Number{10, 0, 0, ""}, VirtualRouter,
-			Entry{
-				Name:             "t1",
-				Enable:           true,
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-			}},
-		{"v1 VirtualRouter 1 group", version.Number{10, 0, 0, ""}, VirtualRouter,
-			Entry{
-				Name:             "t2",
-				Enable:           true,
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-				DstIpGroups: []DstIpGroup{
-					DstIpGroup{
-						Name:             "group1",
-						Enable:           false,
-						FailureCondition: FailureConditionAny,
-						DstIps: []string{
-							"ip 1",
-						},
-					},
-				},
-			}},
-		{"v1 VirtualRouter 2 groups", version.Number{10, 0, 0, ""}, VirtualRouter,
-			Entry{
-				Name:             "t3",
-				Enable:           true,
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-				DstIpGroups: []DstIpGroup{
-					DstIpGroup{
-						Name:             "group1",
-						Enable:           false,
-						FailureCondition: FailureConditionAny,
-						DstIps: []string{
-							"ip 1",
-						},
-					},
-					DstIpGroup{
-						Name:   "group2",
-						Enable: true,
-						DstIps: []string{
-							"ip 1",
-							"ip 2",
-						},
-					},
-				},
-			}},
-		{"v1 Vlan 2 groups", version.Number{10, 0, 0, ""}, Vlan,
-			Entry{
-				Name:             "t4",
-				Enable:           true,
-				SrcIp:            "src ip",
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-				DstIpGroups: []DstIpGroup{
-					DstIpGroup{
-						Name:             "group1",
-						Enable:           false,
-						FailureCondition: FailureConditionAny,
-						DstIps: []string{
-							"ip 1",
-						},
-					},
-					DstIpGroup{
-						Name:   "group2",
-						Enable: true,
-						DstIps: []string{
-							"ip 1",
-							"ip 2",
-						},
-					},
-				},
-			}},
-		{"v1 VirtualWire 2 groups", version.Number{10, 0, 0, ""}, VirtualWire,
-			Entry{
-				Name:             "t5",
-				Enable:           true,
-				SrcIp:            "src ip",
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-				DstIpGroups: []DstIpGroup{
-					DstIpGroup{
-						Name:             "group1",
-						Enable:           false,
-						FailureCondition: FailureConditionAny,
-						DstIps: []string{
-							"ip 1",
-						},
-					},
-					DstIpGroup{
-						Name:   "group2",
-						Enable: true,
-						DstIps: []string{
-							"ip 1",
-							"ip 2",
-						},
-					},
-				},
-			}},
-		{"v1 LogicalRouter 2 groups", version.Number{10, 0, 0, ""}, LogicalRouter,
-			Entry{
-				Name:             "t6",
-				Enable:           true,
-				FailureCondition: FailureConditionAll,
-				PingInterval:     50000,
-				PingCount:        3,
-				DstIpGroups: []DstIpGroup{
-					DstIpGroup{
-						Name:             "group1",
-						Enable:           false,
-						FailureCondition: FailureConditionAny,
-						DstIps: []string{
-							"ip 1",
-						},
-					},
-					DstIpGroup{
-						Name:   "group2",
-						Enable: true,
-						DstIps: []string{
-							"ip 1",
-							"ip 2",
-						},
-					},
-				},
-			}},
-	}
-}
diff --git a/dev/ha/testdata_test.go b/dev/ha/testdata_test.go
deleted file mode 100644
index 0d225762..00000000
--- a/dev/ha/testdata_test.go
+++ /dev/null
@@ -1,255 +0,0 @@
-package ha
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 ha active passive no raw", version.Number{10, 0, 0, ""}, Config{
-			Enable:                 true,
-			GroupId:                3,
-			Description:            "description",
-			Mode:                   ModeActivePassive,
-			PeerHa1IpAddress:       "peer ha1 ip",
-			BackupPeerHa1IpAddress: "backup peer ha1 ip",
-			ConfigSyncEnable:       true,
-
-			Ha1: &Ha1Interface{
-				Port:             "ha1 port",
-				IpAddress:        "ha1 ip",
-				Netmask:          "ha1 netmask",
-				Gateway:          "ha1 gateway",
-				EncryptionEnable: false,
-				MonitorHoldTime:  1000,
-			},
-			Ha1Backup: &Ha1BackupInterface{
-				Port:      "ha1 backup port",
-				IpAddress: "ha1 backup ip",
-				Netmask:   "ha1 backup netmask",
-				Gateway:   "ha1 backup gateway",
-			},
-			Ha2: &Ha2Interface{
-				Port:      "ha2 port",
-				IpAddress: "ha2 ip",
-				Netmask:   "ha2 netmask",
-				Gateway:   "ha2 gateway",
-			},
-			Ha2Backup: &Ha2Interface{
-				Port:      "ha2 backup port",
-				IpAddress: "ha2 backup ip",
-				Netmask:   "ha2 backup netmask",
-				Gateway:   "ha2 backup gateway",
-			},
-			Ha3: &Ha3Interface{
-				Port: "ha3 port",
-			},
-			Ha4: &Ha4Interface{
-				Port:      "ha4 port",
-				IpAddress: "ha4 ip",
-				Netmask:   "ha4 netmask",
-			},
-			Ha4Backup: &Ha4Interface{
-				Port:      "ha4 backup port",
-				IpAddress: "ha4 backup ip",
-				Netmask:   "ha4 backup netmask",
-			},
-
-			ApPassiveLinkState:        ApPassiveLinkStateAuto,
-			ApMonitorFailHoldDownTime: 60,
-
-			ElectionDevicePriority:  "100",
-			ElectionPreemptive:      true,
-			ElectionHeartBeatBackup: true,
-
-			ElectionTimersMode:                          ElectionTimersModeAdvanced,
-			ElectionTimersAdvPromotionHoldTime:          "1",
-			ElectionTimersAdvHelloInterval:              8000,
-			ElectionTimersAdvHeartBeatInterval:          1000,
-			ElectionTimersAdvFlapMax:                    "1",
-			ElectionTimersAdvPreemptionHoldTime:         1,
-			ElectionTimersAdvMonitorFailHoldUpTime:      "0",
-			ElectionTimersAdvAdditionalMasterHoldUpTime: "0",
-
-			Ha2StateSyncEnable:             true,
-			Ha2StateSyncTransport:          Ha2StateSyncTransportUdp,
-			Ha2StateSyncKeepAliveEnable:    true,
-			Ha2StateSyncKeepAliveAction:    Ha2StateSyncKeepAliveActionLogOnly,
-			Ha2StateSyncKeepAliveThreshold: 5000,
-
-			LinkMonitorEnable:           true,
-			LinkMonitorFailureCondition: LinkMonitorFailureConditionAny,
-		}},
-		{"v1 ha active passive with raw", version.Number{10, 0, 0, ""}, Config{
-			Enable:                 true,
-			GroupId:                3,
-			Description:            "description",
-			Mode:                   ModeActivePassive,
-			PeerHa1IpAddress:       "peer ha1 ip",
-			BackupPeerHa1IpAddress: "backup peer ha1 ip",
-			ConfigSyncEnable:       true,
-			Ha1: &Ha1Interface{
-				Port:             "ha1 port",
-				IpAddress:        "ha1 ip",
-				Netmask:          "ha1 netmask",
-				Gateway:          "ha1 gateway",
-				EncryptionEnable: false,
-				MonitorHoldTime:  1000,
-			},
-			Ha1Backup: &Ha1BackupInterface{
-				Port:      "ha1 backup port",
-				IpAddress: "ha1 backup ip",
-				Netmask:   "ha1 backup netmask",
-				Gateway:   "ha1 backup gateway",
-			},
-			Ha2: &Ha2Interface{
-				Port:      "ha2 port",
-				IpAddress: "ha2 ip",
-				Netmask:   "ha2 netmask",
-				Gateway:   "ha2 gateway",
-			},
-			Ha2Backup: &Ha2Interface{
-				Port:      "ha2 backup port",
-				IpAddress: "ha2 backup ip",
-				Netmask:   "ha2 backup netmask",
-				Gateway:   "ha2 backup gateway",
-			},
-			Ha3: &Ha3Interface{
-				Port: "ha3 port",
-			},
-			Ha4: &Ha4Interface{
-				Port:      "ha4 port",
-				IpAddress: "ha4 ip",
-				Netmask:   "ha4 netmask",
-			},
-			Ha4Backup: &Ha4Interface{
-				Port:      "ha4 backup port",
-				IpAddress: "ha4 backup ip",
-				Netmask:   "ha4 backup netmask",
-			},
-
-			ApPassiveLinkState:        ApPassiveLinkStateAuto,
-			ApMonitorFailHoldDownTime: 60,
-
-			ElectionDevicePriority:  "100",
-			ElectionPreemptive:      true,
-			ElectionHeartBeatBackup: true,
-
-			ElectionTimersMode:                          ElectionTimersModeAdvanced,
-			ElectionTimersAdvPromotionHoldTime:          "1",
-			ElectionTimersAdvHelloInterval:              8000,
-			ElectionTimersAdvHeartBeatInterval:          1000,
-			ElectionTimersAdvFlapMax:                    "1",
-			ElectionTimersAdvPreemptionHoldTime:         1,
-			ElectionTimersAdvMonitorFailHoldUpTime:      "0",
-			ElectionTimersAdvAdditionalMasterHoldUpTime: "0",
-
-			Ha2StateSyncEnable:             true,
-			Ha2StateSyncTransport:          Ha2StateSyncTransportUdp,
-			Ha2StateSyncKeepAliveEnable:    true,
-			Ha2StateSyncKeepAliveAction:    Ha2StateSyncKeepAliveActionLogOnly,
-			Ha2StateSyncKeepAliveThreshold: 5000,
-
-			LinkMonitorEnable:           true,
-			LinkMonitorFailureCondition: LinkMonitorFailureConditionAny,
-
-			raw: map[string]string{
-				"linkgroup":   "link group",
-				"cluster":     "cluster",
-				"pathmonitor": "path monitor",
-			},
-		}},
-		{"v1 ha active active with raw", version.Number{10, 0, 0, ""}, Config{
-			Enable:                 true,
-			GroupId:                3,
-			Description:            "description",
-			Mode:                   ModeActiveActive,
-			PeerHa1IpAddress:       "peer ha1 ip",
-			BackupPeerHa1IpAddress: "backup peer ha1 ip",
-			ConfigSyncEnable:       true,
-			Ha1: &Ha1Interface{
-				Port:             "ha1 port",
-				IpAddress:        "ha1 ip",
-				Netmask:          "ha1 netmask",
-				Gateway:          "ha1 gateway",
-				EncryptionEnable: false,
-				MonitorHoldTime:  1000,
-			},
-			Ha1Backup: &Ha1BackupInterface{
-				Port:      "ha1 backup port",
-				IpAddress: "ha1 backup ip",
-				Netmask:   "ha1 backup netmask",
-				Gateway:   "ha1 backup gateway",
-			},
-			Ha2: &Ha2Interface{
-				Port:      "ha2 port",
-				IpAddress: "ha2 ip",
-				Netmask:   "ha2 netmask",
-				Gateway:   "ha2 gateway",
-			},
-			Ha2Backup: &Ha2Interface{
-				Port:      "ha2 backup port",
-				IpAddress: "ha2 backup ip",
-				Netmask:   "ha2 backup netmask",
-				Gateway:   "ha2 backup gateway",
-			},
-			Ha3: &Ha3Interface{
-				Port: "ha3 port",
-			},
-			Ha4: &Ha4Interface{
-				Port:      "ha4 port",
-				IpAddress: "ha4 ip",
-				Netmask:   "ha4 netmask",
-			},
-			Ha4Backup: &Ha4Interface{
-				Port:      "ha4 backup port",
-				IpAddress: "ha4 backup ip",
-				Netmask:   "ha4 backup netmask",
-			},
-
-			AaDeviceId:                 "0",
-			AaTentativeHoldTime:        "600",
-			AaSyncVirtualRouter:        true,
-			AaSyncQos:                  false,
-			AaSessionOwnerSelection:    AaSessionOwnerSelectionFirstPacket,
-			AaFpSessionSetup:           AaFpSessionSetupIpHash,
-			AaFpSessionSetupIpHashKey:  AaFpSessionSetupIpHashKeySourceDest,
-			AaFpSessionSetupIpHashSeed: "100",
-
-			ElectionDevicePriority:  "100",
-			ElectionPreemptive:      true,
-			ElectionHeartBeatBackup: true,
-
-			ElectionTimersMode:                          ElectionTimersModeAdvanced,
-			ElectionTimersAdvPromotionHoldTime:          "1",
-			ElectionTimersAdvHelloInterval:              8000,
-			ElectionTimersAdvHeartBeatInterval:          1000,
-			ElectionTimersAdvFlapMax:                    "1",
-			ElectionTimersAdvPreemptionHoldTime:         1,
-			ElectionTimersAdvMonitorFailHoldUpTime:      "0",
-			ElectionTimersAdvAdditionalMasterHoldUpTime: "0",
-
-			Ha2StateSyncEnable:             true,
-			Ha2StateSyncTransport:          Ha2StateSyncTransportUdp,
-			Ha2StateSyncKeepAliveEnable:    true,
-			Ha2StateSyncKeepAliveAction:    Ha2StateSyncKeepAliveActionLogOnly,
-			Ha2StateSyncKeepAliveThreshold: 5000,
-
-			LinkMonitorEnable:           true,
-			LinkMonitorFailureCondition: LinkMonitorFailureConditionAny,
-
-			raw: map[string]string{
-				"vaddr":       "virtual address",
-				"linkgroup":   "link group",
-				"cluster":     "cluster",
-				"pathmonitor": "path monitor",
-			},
-		}},
-	}
-}
diff --git a/dev/localuserdb/group/const.go b/dev/localuserdb/group/const.go
deleted file mode 100644
index fa0be328..00000000
--- a/dev/localuserdb/group/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package group
-
-const (
-	singular = "local user database group"
-	plural   = "local user database groups"
-)
diff --git a/dev/localuserdb/group/doc.go b/dev/localuserdb/group/doc.go
deleted file mode 100644
index 7c836838..00000000
--- a/dev/localuserdb/group/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package group is the client.Device.LocalUserDbGroup namespace.
-
-Normalized object:  Entry
-*/
-package group
diff --git a/dev/localuserdb/group/entry.go b/dev/localuserdb/group/entry.go
deleted file mode 100644
index e6034499..00000000
--- a/dev/localuserdb/group/entry.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// local user database group object.
-type Entry struct {
-	Name  string
-	Users []string // unsorted
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Users = util.CopyStringSlice(s.Users)
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name         `xml:"entry"`
-	Name    string           `xml:"name,attr"`
-	Users   *util.MemberType `xml:"user"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:  e.Name,
-		Users: util.StrToMem(e.Users),
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:  e.Name,
-		Users: util.MemToStr(e.Users),
-	}
-
-	return ans
-}
diff --git a/dev/localuserdb/group/funcs.go b/dev/localuserdb/group/funcs.go
deleted file mode 100644
index ed7ed4e2..00000000
--- a/dev/localuserdb/group/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/localuserdb/group/fw.go b/dev/localuserdb/group/fw.go
deleted file mode 100644
index fd3db99d..00000000
--- a/dev/localuserdb/group/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.LocalUserDbGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"local-user-database",
-		"user-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/localuserdb/group/fw_test.go b/dev/localuserdb/group/fw_test.go
deleted file mode 100644
index 535be0b2..00000000
--- a/dev/localuserdb/group/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/localuserdb/group/pano.go b/dev/localuserdb/group/pano.go
deleted file mode 100644
index 397f16e0..00000000
--- a/dev/localuserdb/group/pano.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.LocalUserDbGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"local-user-database",
-		"user-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/localuserdb/group/pano_test.go b/dev/localuserdb/group/pano_test.go
deleted file mode 100644
index 1fffb29d..00000000
--- a/dev/localuserdb/group/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/localuserdb/group/testdata_test.go b/dev/localuserdb/group/testdata_test.go
deleted file mode 100644
index e330074a..00000000
--- a/dev/localuserdb/group/testdata_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 empty group", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-		}},
-		{"v1 group with users", version.Number{6, 1, 0, ""}, Entry{
-			Name:  "two",
-			Users: []string{"one", "two", "three"},
-		}},
-	}
-}
diff --git a/dev/localuserdb/user/const.go b/dev/localuserdb/user/const.go
deleted file mode 100644
index 9d7076f0..00000000
--- a/dev/localuserdb/user/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package user
-
-const (
-	singular = "local user database user"
-	plural   = "local user database users"
-)
diff --git a/dev/localuserdb/user/doc.go b/dev/localuserdb/user/doc.go
deleted file mode 100644
index 5d595bbd..00000000
--- a/dev/localuserdb/user/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package user is the client.Device.LocalUserDbUser namespace.
-
-Normalized object:  Entry
-*/
-package user
diff --git a/dev/localuserdb/user/entry.go b/dev/localuserdb/user/entry.go
deleted file mode 100644
index faab2df3..00000000
--- a/dev/localuserdb/user/entry.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package user
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// local user database user object.
-type Entry struct {
-	Name         string
-	PasswordHash string // encrypted
-	Disabled     bool
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.PasswordHash = s.PasswordHash
-	o.Disabled = s.Disabled
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	PasswordHash string   `xml:"phash"`
-	Disabled     string   `xml:"disabled"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:         e.Name,
-		PasswordHash: e.PasswordHash,
-		Disabled:     util.YesNo(e.Disabled),
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:         e.Name,
-		PasswordHash: e.PasswordHash,
-		Disabled:     util.AsBool(e.Disabled),
-	}
-
-	return ans
-}
diff --git a/dev/localuserdb/user/funcs.go b/dev/localuserdb/user/funcs.go
deleted file mode 100644
index 11ed3f03..00000000
--- a/dev/localuserdb/user/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package user
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/localuserdb/user/fw.go b/dev/localuserdb/user/fw.go
deleted file mode 100644
index c905aaf0..00000000
--- a/dev/localuserdb/user/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package user
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.LocalUserDbUser namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"local-user-database",
-		"user",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/localuserdb/user/fw_test.go b/dev/localuserdb/user/fw_test.go
deleted file mode 100644
index d85a81b4..00000000
--- a/dev/localuserdb/user/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package user
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/localuserdb/user/pano.go b/dev/localuserdb/user/pano.go
deleted file mode 100644
index 87a0d798..00000000
--- a/dev/localuserdb/user/pano.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package user
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.LocalUserDbUser namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"local-user-database",
-		"user",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/localuserdb/user/pano_test.go b/dev/localuserdb/user/pano_test.go
deleted file mode 100644
index 041a6714..00000000
--- a/dev/localuserdb/user/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package user
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/localuserdb/user/testdata_test.go b/dev/localuserdb/user/testdata_test.go
deleted file mode 100644
index a6dd5827..00000000
--- a/dev/localuserdb/user/testdata_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package user
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 test disabled", version.Number{6, 1, 0, ""}, Entry{
-			Name:         "one",
-			PasswordHash: "secret",
-			Disabled:     true,
-		}},
-		{"v1 test enabled", version.Number{6, 1, 0, ""}, Entry{
-			Name:         "two",
-			PasswordHash: "secret",
-			Disabled:     false,
-		}},
-	}
-}
diff --git a/dev/pano.go b/dev/pano.go
deleted file mode 100644
index e99c00c3..00000000
--- a/dev/pano.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package dev
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	cert "github.com/PaloAltoNetworks/pango/dev/certificate"
-	"github.com/PaloAltoNetworks/pango/dev/localuserdb/group"
-	"github.com/PaloAltoNetworks/pango/dev/localuserdb/user"
-	"github.com/PaloAltoNetworks/pango/dev/profile/authentication"
-	"github.com/PaloAltoNetworks/pango/dev/profile/certificate"
-	"github.com/PaloAltoNetworks/pango/dev/profile/email"
-	"github.com/PaloAltoNetworks/pango/dev/profile/http"
-	"github.com/PaloAltoNetworks/pango/dev/profile/kerberos"
-	"github.com/PaloAltoNetworks/pango/dev/profile/ldap"
-	"github.com/PaloAltoNetworks/pango/dev/profile/radius"
-	"github.com/PaloAltoNetworks/pango/dev/profile/saml"
-	"github.com/PaloAltoNetworks/pango/dev/profile/snmp"
-	"github.com/PaloAltoNetworks/pango/dev/profile/ssltls"
-	"github.com/PaloAltoNetworks/pango/dev/profile/syslog"
-	"github.com/PaloAltoNetworks/pango/dev/profile/tacplus"
-	"github.com/PaloAltoNetworks/pango/dev/ssldecrypt"
-	"github.com/PaloAltoNetworks/pango/dev/vminfosource"
-)
-
-// Panorama is the client.Device namespace.
-type Panorama struct {
-	AuthenticationProfile *authentication.Panorama
-	Certificate           *cert.Panorama
-	CertificateProfile    *certificate.Panorama
-	EmailServerProfile    *email.Panorama
-	HttpServerProfile     *http.Panorama
-	KerberosProfile       *kerberos.Panorama
-	LdapProfile           *ldap.Panorama
-	LocalUserDbGroup      *group.Panorama
-	LocalUserDbUser       *user.Panorama
-	RadiusProfile         *radius.Panorama
-	SamlProfile           *saml.Panorama
-	SslTlsServiceProfile  *ssltls.Panorama
-	SslDecrypt            *ssldecrypt.Panorama
-	SnmpServerProfile     *snmp.Panorama
-	SyslogServerProfile   *syslog.Panorama
-	TacacsPlusProfile     *tacplus.Panorama
-	VmInfoSource          *vminfosource.Panorama
-}
-
-// Initialize is invoked on client.Initialize().
-func PanoramaNamespace(x util.XapiClient) *Panorama {
-	return &Panorama{
-		AuthenticationProfile: authentication.PanoramaNamespace(x),
-		Certificate:           cert.PanoramaNamespace(x),
-		CertificateProfile:    certificate.PanoramaNamespace(x),
-		EmailServerProfile:    email.PanoramaNamespace(x),
-		HttpServerProfile:     http.PanoramaNamespace(x),
-		KerberosProfile:       kerberos.PanoramaNamespace(x),
-		LdapProfile:           ldap.PanoramaNamespace(x),
-		LocalUserDbGroup:      group.PanoramaNamespace(x),
-		LocalUserDbUser:       user.PanoramaNamespace(x),
-		RadiusProfile:         radius.PanoramaNamespace(x),
-		SamlProfile:           saml.PanoramaNamespace(x),
-		SslTlsServiceProfile:  ssltls.PanoramaNamespace(x),
-		SslDecrypt:            ssldecrypt.PanoramaNamespace(x),
-		SnmpServerProfile:     snmp.PanoramaNamespace(x),
-		SyslogServerProfile:   syslog.PanoramaNamespace(x),
-		TacacsPlusProfile:     tacplus.PanoramaNamespace(x),
-		VmInfoSource:          vminfosource.PanoramaNamespace(x),
-	}
-}
diff --git a/dev/profile/authentication/const.go b/dev/profile/authentication/const.go
deleted file mode 100644
index 517dde2e..00000000
--- a/dev/profile/authentication/const.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package authentication
-
-const (
-	UsernameModifierInput       = `%USERINPUT%`
-	UsernameModifierInputDomain = `%USERINPUT%@%USERDOMAIN%`
-	UsernameModifierDomainInput = `%USERDOMAIN%\%USERINPUT%`
-)
-
-const (
-	UsernameAttributeDefault = "username"
-)
-
-const (
-	singular = "authentication profile"
-	plural   = "authentication profiles"
-)
diff --git a/dev/profile/authentication/doc.go b/dev/profile/authentication/doc.go
deleted file mode 100644
index 464273fa..00000000
--- a/dev/profile/authentication/doc.go
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
-Package authentication is the client.Device.AuthenticationProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Normalized object:  Entry
-*/
-package authentication
diff --git a/dev/profile/authentication/entry.go b/dev/profile/authentication/entry.go
deleted file mode 100644
index 5a603ccb..00000000
--- a/dev/profile/authentication/entry.go
+++ /dev/null
@@ -1,715 +0,0 @@
-package authentication
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an
-// authentication profile.
-type Entry struct {
-	Name                      string
-	LockoutFailedAttempts     string
-	LockoutTime               int
-	AllowList                 []string
-	Type                      AuthenticationType
-	UsernameModifier          string                     // 7.0+
-	UserDomain                string                     // 7.0+
-	SingleSignOn              *SingleSignOn              // 7.0+
-	MultiFactorAuthentication *MultiFactorAuthentication // 8.0+
-}
-
-type AuthenticationType struct {
-	None          bool
-	LocalDatabase bool
-	Radius        *Radius
-	Ldap          *Ldap
-	Kerberos      *Kerberos
-	TacacsPlus    *TacacsPlus // 7.0+
-	Saml          *Saml       // 8.0+
-	//Cloud *Cloud // 10.1+
-}
-
-type Radius struct {
-	ServerProfile     string
-	RetrieveUserGroup bool // 7.0+
-}
-
-type Ldap struct {
-	ServerProfile         string
-	LoginAttribute        string
-	PasswordExpiryWarning string // min 0 in pan-os 8.0+
-}
-
-type Kerberos struct {
-	ServerProfile string
-	Realm         string // 7.0+
-}
-
-type TacacsPlus struct {
-	ServerProfile     string
-	RetrieveUserGroup bool // 8.0+
-}
-
-type Saml struct {
-	ServerProfile             string
-	EnableSingleLogout        bool
-	RequestSigningCertificate string
-	CertificateProfile        string
-	UsernameAttribute         string // default "username"
-	UserGroupAttribute        string
-	AdminRoleAttribute        string
-	AccessDomainAttribute     string
-}
-
-type SingleSignOn struct {
-	Realm            string
-	ServicePrincipal string
-	Keytab           string // encrypted
-}
-
-type MultiFactorAuthentication struct {
-	Enabled bool
-	Factors []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.LockoutFailedAttempts = s.LockoutFailedAttempts
-	o.LockoutTime = s.LockoutTime
-	o.AllowList = util.CopyStringSlice(s.AllowList)
-	o.UsernameModifier = s.UsernameModifier
-	o.UserDomain = s.UserDomain
-
-	// Single sign on.
-	if s.SingleSignOn == nil {
-		o.SingleSignOn = nil
-	} else {
-		o.SingleSignOn = &SingleSignOn{
-			Realm:            s.SingleSignOn.Realm,
-			ServicePrincipal: s.SingleSignOn.ServicePrincipal,
-			Keytab:           s.SingleSignOn.Keytab,
-		}
-	}
-
-	// Copy Entry.Type.
-	switch {
-	case s.Type.None:
-		o.Type = AuthenticationType{None: true}
-	case s.Type.LocalDatabase:
-		o.Type = AuthenticationType{LocalDatabase: true}
-	case s.Type.Radius != nil:
-		o.Type = AuthenticationType{Radius: &Radius{
-			ServerProfile:     s.Type.Radius.ServerProfile,
-			RetrieveUserGroup: s.Type.Radius.RetrieveUserGroup,
-		}}
-	case s.Type.Ldap != nil:
-		o.Type = AuthenticationType{Ldap: &Ldap{
-			ServerProfile:         s.Type.Ldap.ServerProfile,
-			LoginAttribute:        s.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: s.Type.Ldap.PasswordExpiryWarning,
-		}}
-	case s.Type.Kerberos != nil:
-		o.Type = AuthenticationType{Kerberos: &Kerberos{
-			ServerProfile: s.Type.Kerberos.ServerProfile,
-			Realm:         s.Type.Kerberos.Realm,
-		}}
-	case s.Type.TacacsPlus != nil:
-		o.Type = AuthenticationType{TacacsPlus: &TacacsPlus{
-			ServerProfile:     s.Type.TacacsPlus.ServerProfile,
-			RetrieveUserGroup: s.Type.TacacsPlus.RetrieveUserGroup,
-		}}
-	case s.Type.Saml != nil:
-		o.Type = AuthenticationType{Saml: &Saml{
-			ServerProfile:             s.Type.Saml.ServerProfile,
-			EnableSingleLogout:        s.Type.Saml.EnableSingleLogout,
-			RequestSigningCertificate: s.Type.Saml.RequestSigningCertificate,
-			CertificateProfile:        s.Type.Saml.CertificateProfile,
-			UsernameAttribute:         s.Type.Saml.UsernameAttribute,
-			UserGroupAttribute:        s.Type.Saml.UserGroupAttribute,
-			AdminRoleAttribute:        s.Type.Saml.AdminRoleAttribute,
-			AccessDomainAttribute:     s.Type.Saml.AccessDomainAttribute,
-		}}
-	}
-
-	// MFA.
-	if s.MultiFactorAuthentication == nil {
-		o.MultiFactorAuthentication = nil
-	} else {
-		o.MultiFactorAuthentication = &MultiFactorAuthentication{
-			Enabled: s.MultiFactorAuthentication.Enabled,
-			Factors: util.CopyStringSlice(s.MultiFactorAuthentication.Factors),
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:      o.Name,
-		AllowList: util.MemToStr(o.AllowList),
-	}
-
-	if o.Lockout != nil {
-		ans.LockoutFailedAttempts = o.Lockout.LockoutFailedAttempts
-		ans.LockoutTime = o.Lockout.LockoutTime
-	}
-
-	switch {
-	case o.Type.None != nil:
-		ans.Type.None = true
-	case o.Type.LocalDatabase != nil:
-		ans.Type.LocalDatabase = true
-	case o.Type.Radius != nil:
-		ans.Type.Radius = &Radius{
-			ServerProfile: o.Type.Radius.ServerProfile,
-		}
-	case o.Type.Ldap != nil:
-		ans.Type.Ldap = &Ldap{
-			ServerProfile:         o.Type.Ldap.ServerProfile,
-			LoginAttribute:        o.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: o.Type.Ldap.PasswordExpiryWarning,
-		}
-	case o.Type.Kerberos != nil:
-		ans.Type.Kerberos = &Kerberos{
-			ServerProfile: o.Type.Kerberos.ServerProfile,
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName   xml.Name         `xml:"entry"`
-	Name      string           `xml:"name,attr"`
-	Lockout   *lockout         `xml:"lockout"`
-	AllowList *util.MemberType `xml:"allow-list"`
-	Type      method_v1        `xml:"method"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	if ans.Type.Ldap != nil && ans.Type.Ldap.PasswordExpiryWarning == "" {
-		ans.Type.Ldap.PasswordExpiryWarning = "7"
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-type lockout struct {
-	LockoutFailedAttempts string `xml:"failed-attempts,omitempty"`
-	LockoutTime           int    `xml:"lockout-time"`
-}
-
-type method_v1 struct {
-	None          *string      `xml:"none"`
-	LocalDatabase *string      `xml:"local-database"`
-	Radius        *radius_v1   `xml:"radius"`
-	Ldap          *ldap        `xml:"ldap"`
-	Kerberos      *kerberos_v1 `xml:"kerberos"`
-}
-
-type radius_v1 struct {
-	ServerProfile string `xml:"server-profile"`
-}
-
-type ldap struct {
-	ServerProfile         string `xml:"server-profile"`
-	LoginAttribute        string `xml:"login-attribute,omitempty"`
-	PasswordExpiryWarning string `xml:"passwd-exp-days,omitempty"`
-}
-
-type kerberos_v1 struct {
-	ServerProfile string `xml:"server-profile"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:      e.Name,
-		AllowList: util.StrToMem(e.AllowList),
-	}
-
-	if e.LockoutFailedAttempts != "" || e.LockoutTime > 0 {
-		ans.Lockout = &lockout{
-			LockoutFailedAttempts: e.LockoutFailedAttempts,
-			LockoutTime:           e.LockoutTime,
-		}
-	}
-
-	s := ""
-
-	switch {
-	case e.Type.None:
-		ans.Type = method_v1{None: &s}
-	case e.Type.LocalDatabase:
-		ans.Type = method_v1{LocalDatabase: &s}
-	case e.Type.Radius != nil:
-		ans.Type = method_v1{Radius: &radius_v1{
-			ServerProfile: e.Type.Radius.ServerProfile,
-		}}
-	case e.Type.Ldap != nil:
-		ans.Type = method_v1{Ldap: &ldap{
-			ServerProfile:         e.Type.Ldap.ServerProfile,
-			LoginAttribute:        e.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: e.Type.Ldap.PasswordExpiryWarning,
-		}}
-	case e.Type.Kerberos != nil:
-		ans.Type = method_v1{Kerberos: &kerberos_v1{
-			ServerProfile: e.Type.Kerberos.ServerProfile,
-		}}
-	}
-
-	return ans
-}
-
-// PAN-OS 7.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		AllowList:        util.MemToStr(o.AllowList),
-		UsernameModifier: o.UsernameModifier,
-		UserDomain:       o.UserDomain,
-	}
-
-	if o.Lockout != nil {
-		ans.LockoutFailedAttempts = o.Lockout.LockoutFailedAttempts
-		ans.LockoutTime = o.Lockout.LockoutTime
-	}
-
-	if o.Sso != nil {
-		ans.SingleSignOn = &SingleSignOn{
-			Realm:            o.Sso.Realm,
-			ServicePrincipal: o.Sso.ServicePrincipal,
-			Keytab:           o.Sso.Keytab,
-		}
-	}
-
-	switch {
-	case o.Type.None != nil:
-		ans.Type.None = true
-	case o.Type.LocalDatabase != nil:
-		ans.Type.LocalDatabase = true
-	case o.Type.Radius != nil:
-		ans.Type.Radius = &Radius{
-			ServerProfile:     o.Type.Radius.ServerProfile,
-			RetrieveUserGroup: util.AsBool(o.Type.Radius.RetrieveUserGroup),
-		}
-	case o.Type.Ldap != nil:
-		ans.Type.Ldap = &Ldap{
-			ServerProfile:         o.Type.Ldap.ServerProfile,
-			LoginAttribute:        o.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: o.Type.Ldap.PasswordExpiryWarning,
-		}
-	case o.Type.Kerberos != nil:
-		ans.Type.Kerberos = &Kerberos{
-			ServerProfile: o.Type.Kerberos.ServerProfile,
-			Realm:         o.Type.Kerberos.Realm,
-		}
-	case o.Type.TacacsPlus != nil:
-		ans.Type.TacacsPlus = &TacacsPlus{
-			ServerProfile: o.Type.TacacsPlus.ServerProfile,
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName          xml.Name         `xml:"entry"`
-	Name             string           `xml:"name,attr"`
-	Lockout          *lockout         `xml:"lockout"`
-	AllowList        *util.MemberType `xml:"allow-list"`
-	Type             method_v2        `xml:"method"`
-	UsernameModifier string           `xml:"username-modifier,omitempty"`
-	UserDomain       string           `xml:"user-domain,omitempty"`
-	Sso              *sso             `xml:"single-sign-on"`
-}
-
-type sso struct {
-	Realm            string `xml:"realm,omitempty"`
-	ServicePrincipal string `xml:"service-principal,omitempty"`
-	Keytab           string `xml:"kerberos-keytab,omitempty"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		UsernameModifier: UsernameModifierInput,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	if ans.Type.Ldap != nil && ans.Type.Ldap.PasswordExpiryWarning == "" {
-		ans.Type.Ldap.PasswordExpiryWarning = "7"
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-type method_v2 struct {
-	None          *string        `xml:"none"`
-	LocalDatabase *string        `xml:"local-database"`
-	Radius        *radius_v2     `xml:"radius"`
-	Ldap          *ldap          `xml:"ldap"`
-	Kerberos      *kerberos_v2   `xml:"kerberos"`
-	TacacsPlus    *tacacsPlus_v1 `xml:"tacplus"`
-}
-
-type radius_v2 struct {
-	ServerProfile     string `xml:"server-profile"`
-	RetrieveUserGroup string `xml:"checkgroup"`
-}
-
-type kerberos_v2 struct {
-	ServerProfile string `xml:"server-profile"`
-	Realm         string `xml:"realm"`
-}
-
-type tacacsPlus_v1 struct {
-	ServerProfile string `xml:"server-profile"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:             e.Name,
-		AllowList:        util.StrToMem(e.AllowList),
-		UsernameModifier: e.UsernameModifier,
-		UserDomain:       e.UserDomain,
-	}
-
-	if e.SingleSignOn != nil {
-		ans.Sso = &sso{
-			Realm:            e.SingleSignOn.Realm,
-			ServicePrincipal: e.SingleSignOn.ServicePrincipal,
-			Keytab:           e.SingleSignOn.Keytab,
-		}
-	}
-
-	if e.LockoutFailedAttempts != "" || e.LockoutTime > 0 {
-		ans.Lockout = &lockout{
-			LockoutFailedAttempts: e.LockoutFailedAttempts,
-			LockoutTime:           e.LockoutTime,
-		}
-	}
-
-	s := ""
-
-	switch {
-	case e.Type.None:
-		ans.Type = method_v2{None: &s}
-	case e.Type.LocalDatabase:
-		ans.Type = method_v2{LocalDatabase: &s}
-	case e.Type.Radius != nil:
-		ans.Type = method_v2{Radius: &radius_v2{
-			ServerProfile:     e.Type.Radius.ServerProfile,
-			RetrieveUserGroup: util.YesNo(e.Type.Radius.RetrieveUserGroup),
-		}}
-	case e.Type.Ldap != nil:
-		ans.Type = method_v2{Ldap: &ldap{
-			ServerProfile:         e.Type.Ldap.ServerProfile,
-			LoginAttribute:        e.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: e.Type.Ldap.PasswordExpiryWarning,
-		}}
-	case e.Type.Kerberos != nil:
-		ans.Type = method_v2{Kerberos: &kerberos_v2{
-			ServerProfile: e.Type.Kerberos.ServerProfile,
-			Realm:         e.Type.Kerberos.Realm,
-		}}
-	case e.Type.TacacsPlus != nil:
-		ans.Type = method_v2{TacacsPlus: &tacacsPlus_v1{
-			ServerProfile: e.Type.TacacsPlus.ServerProfile,
-		}}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		AllowList:        util.MemToStr(o.AllowList),
-		UsernameModifier: o.UsernameModifier,
-		UserDomain:       o.UserDomain,
-	}
-
-	if o.Lockout != nil {
-		ans.LockoutFailedAttempts = o.Lockout.LockoutFailedAttempts
-		ans.LockoutTime = o.Lockout.LockoutTime
-	}
-
-	if o.Sso != nil {
-		ans.SingleSignOn = &SingleSignOn{
-			Realm:            o.Sso.Realm,
-			ServicePrincipal: o.Sso.ServicePrincipal,
-			Keytab:           o.Sso.Keytab,
-		}
-	}
-
-	switch {
-	case o.Type.None != nil:
-		ans.Type.None = true
-	case o.Type.LocalDatabase != nil:
-		ans.Type.LocalDatabase = true
-	case o.Type.Radius != nil:
-		ans.Type.Radius = &Radius{
-			ServerProfile:     o.Type.Radius.ServerProfile,
-			RetrieveUserGroup: util.AsBool(o.Type.Radius.RetrieveUserGroup),
-		}
-	case o.Type.Ldap != nil:
-		ans.Type.Ldap = &Ldap{
-			ServerProfile:         o.Type.Ldap.ServerProfile,
-			LoginAttribute:        o.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: o.Type.Ldap.PasswordExpiryWarning,
-		}
-	case o.Type.Kerberos != nil:
-		ans.Type.Kerberos = &Kerberos{
-			ServerProfile: o.Type.Kerberos.ServerProfile,
-			Realm:         o.Type.Kerberos.Realm,
-		}
-	case o.Type.TacacsPlus != nil:
-		ans.Type.TacacsPlus = &TacacsPlus{
-			ServerProfile:     o.Type.TacacsPlus.ServerProfile,
-			RetrieveUserGroup: util.AsBool(o.Type.TacacsPlus.RetrieveUserGroup),
-		}
-	case o.Type.Saml != nil:
-		ans.Type.Saml = &Saml{
-			ServerProfile:             o.Type.Saml.ServerProfile,
-			EnableSingleLogout:        util.AsBool(o.Type.Saml.EnableSingleLogout),
-			RequestSigningCertificate: o.Type.Saml.RequestSigningCertificate,
-			CertificateProfile:        o.Type.Saml.CertificateProfile,
-			UsernameAttribute:         o.Type.Saml.UsernameAttribute,
-			UserGroupAttribute:        o.Type.Saml.UserGroupAttribute,
-			AdminRoleAttribute:        o.Type.Saml.AdminRoleAttribute,
-			AccessDomainAttribute:     o.Type.Saml.AccessDomainAttribute,
-		}
-	}
-
-	if o.MultiFactorAuthentication != nil {
-		ans.MultiFactorAuthentication = &MultiFactorAuthentication{
-			Enabled: util.AsBool(o.MultiFactorAuthentication.Enabled),
-			Factors: util.MemToStr(o.MultiFactorAuthentication.Factors),
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                   xml.Name         `xml:"entry"`
-	Name                      string           `xml:"name,attr"`
-	Lockout                   *lockout         `xml:"lockout"`
-	AllowList                 *util.MemberType `xml:"allow-list"`
-	Type                      method_v3        `xml:"method"`
-	UsernameModifier          string           `xml:"username-modifier,omitempty"`
-	UserDomain                string           `xml:"user-domain,omitempty"`
-	Sso                       *sso             `xml:"single-sign-on"`
-	MultiFactorAuthentication *mfa             `xml:"multi-factor-auth"`
-}
-
-func (e *entry_v3) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v3
-	ans := local{
-		UsernameModifier: UsernameModifierInput,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	if ans.Type.Ldap != nil && ans.Type.Ldap.PasswordExpiryWarning == "" {
-		ans.Type.Ldap.PasswordExpiryWarning = "7"
-	}
-	if ans.Type.Saml != nil && ans.Type.Saml.UsernameAttribute == "" {
-		ans.Type.Saml.UsernameAttribute = UsernameAttributeDefault
-	}
-	*e = entry_v3(ans)
-	return nil
-}
-
-type method_v3 struct {
-	None          *string        `xml:"none"`
-	LocalDatabase *string        `xml:"local-database"`
-	Radius        *radius_v2     `xml:"radius"`
-	Ldap          *ldap          `xml:"ldap"`
-	Kerberos      *kerberos_v2   `xml:"kerberos"`
-	TacacsPlus    *tacacsPlus_v2 `xml:"tacplus"`
-	Saml          *saml          `xml:"saml-idp"`
-}
-
-type tacacsPlus_v2 struct {
-	ServerProfile     string `xml:"server-profile"`
-	RetrieveUserGroup string `xml:"checkgroup"`
-}
-
-type saml struct {
-	ServerProfile             string `xml:"server-profile"`
-	EnableSingleLogout        string `xml:"enable-single-logout"`
-	RequestSigningCertificate string `xml:"request-signing-certificate,omitempty"`
-	CertificateProfile        string `xml:"certificate-profile,omitempty"`
-	UsernameAttribute         string `xml:"attribute-name-username"`
-	UserGroupAttribute        string `xml:"attribute-name-usergroup,omitempty"`
-	AdminRoleAttribute        string `xml:"attribute-name-admin-role,omitempty"`
-	AccessDomainAttribute     string `xml:"attribute-name-access-domain,omitempty"`
-}
-
-type mfa struct {
-	Enabled string           `xml:"mfa-enable"`
-	Factors *util.MemberType `xml:"factors"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:             e.Name,
-		AllowList:        util.StrToMem(e.AllowList),
-		UsernameModifier: e.UsernameModifier,
-		UserDomain:       e.UserDomain,
-	}
-
-	if e.SingleSignOn != nil {
-		ans.Sso = &sso{
-			Realm:            e.SingleSignOn.Realm,
-			ServicePrincipal: e.SingleSignOn.ServicePrincipal,
-			Keytab:           e.SingleSignOn.Keytab,
-		}
-	}
-
-	if e.LockoutFailedAttempts != "" || e.LockoutTime > 0 {
-		ans.Lockout = &lockout{
-			LockoutFailedAttempts: e.LockoutFailedAttempts,
-			LockoutTime:           e.LockoutTime,
-		}
-	}
-
-	s := ""
-
-	switch {
-	case e.Type.None:
-		ans.Type = method_v3{None: &s}
-	case e.Type.LocalDatabase:
-		ans.Type = method_v3{LocalDatabase: &s}
-	case e.Type.Radius != nil:
-		ans.Type = method_v3{Radius: &radius_v2{
-			ServerProfile:     e.Type.Radius.ServerProfile,
-			RetrieveUserGroup: util.YesNo(e.Type.Radius.RetrieveUserGroup),
-		}}
-	case e.Type.Ldap != nil:
-		ans.Type = method_v3{Ldap: &ldap{
-			ServerProfile:         e.Type.Ldap.ServerProfile,
-			LoginAttribute:        e.Type.Ldap.LoginAttribute,
-			PasswordExpiryWarning: e.Type.Ldap.PasswordExpiryWarning,
-		}}
-	case e.Type.Kerberos != nil:
-		ans.Type = method_v3{Kerberos: &kerberos_v2{
-			ServerProfile: e.Type.Kerberos.ServerProfile,
-			Realm:         e.Type.Kerberos.Realm,
-		}}
-	case e.Type.TacacsPlus != nil:
-		ans.Type = method_v3{TacacsPlus: &tacacsPlus_v2{
-			ServerProfile:     e.Type.TacacsPlus.ServerProfile,
-			RetrieveUserGroup: util.YesNo(e.Type.TacacsPlus.RetrieveUserGroup),
-		}}
-	case e.Type.Saml != nil:
-		ans.Type = method_v3{Saml: &saml{
-			ServerProfile:             e.Type.Saml.ServerProfile,
-			EnableSingleLogout:        util.YesNo(e.Type.Saml.EnableSingleLogout),
-			RequestSigningCertificate: e.Type.Saml.RequestSigningCertificate,
-			CertificateProfile:        e.Type.Saml.CertificateProfile,
-			UsernameAttribute:         e.Type.Saml.UsernameAttribute,
-			UserGroupAttribute:        e.Type.Saml.UserGroupAttribute,
-			AdminRoleAttribute:        e.Type.Saml.AdminRoleAttribute,
-			AccessDomainAttribute:     e.Type.Saml.AccessDomainAttribute,
-		}}
-	}
-
-	if e.MultiFactorAuthentication != nil {
-		ans.MultiFactorAuthentication = &mfa{
-			Enabled: util.YesNo(e.MultiFactorAuthentication.Enabled),
-			Factors: util.StrToMem(e.MultiFactorAuthentication.Factors),
-		}
-	}
-
-	return ans
-}
diff --git a/dev/profile/authentication/funcs.go b/dev/profile/authentication/funcs.go
deleted file mode 100644
index 7fefbe13..00000000
--- a/dev/profile/authentication/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package authentication
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/authentication/fw.go b/dev/profile/authentication/fw.go
deleted file mode 100644
index 16084d40..00000000
--- a/dev/profile/authentication/fw.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package authentication
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.AuthenticationProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"authentication-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/authentication/fw_test.go b/dev/profile/authentication/fw_test.go
deleted file mode 100644
index b9cc9eea..00000000
--- a/dev/profile/authentication/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package authentication
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/authentication/pano.go b/dev/profile/authentication/pano.go
deleted file mode 100644
index 51117e43..00000000
--- a/dev/profile/authentication/pano.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package authentication
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.AuthenticationProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 12)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 4)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"authentication-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/authentication/pano_test.go b/dev/profile/authentication/pano_test.go
deleted file mode 100644
index cd5468ca..00000000
--- a/dev/profile/authentication/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package authentication
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/authentication/testdata_test.go b/dev/profile/authentication/testdata_test.go
deleted file mode 100644
index d69e2192..00000000
--- a/dev/profile/authentication/testdata_test.go
+++ /dev/null
@@ -1,304 +0,0 @@
-package authentication
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 none", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "none",
-			LockoutFailedAttempts: "7",
-			LockoutTime:           5,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				None: true,
-			},
-		}},
-		{"v1 local database", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "local_database",
-			LockoutFailedAttempts: "6",
-			LockoutTime:           0,
-			Type: AuthenticationType{
-				LocalDatabase: true,
-			},
-		}},
-		{"v1 radius", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "radius",
-			LockoutFailedAttempts: "6",
-			LockoutTime:           12,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Radius: &Radius{
-					ServerProfile: "serverProfile",
-				},
-			},
-		}},
-		{"v1 ldap", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "ldap",
-			LockoutFailedAttempts: "10",
-			LockoutTime:           7,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Ldap: &Ldap{
-					ServerProfile:         "myServerProfile",
-					LoginAttribute:        "loginAttrib",
-					PasswordExpiryWarning: "6",
-				},
-			},
-		}},
-		{"v1 kerberos", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "kerberos",
-			LockoutFailedAttempts: "20",
-			LockoutTime:           10,
-			Type: AuthenticationType{
-				Kerberos: &Kerberos{
-					ServerProfile: "serverProfile",
-				},
-			},
-		}},
-		{"v2 none", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "none",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "7",
-			LockoutTime:           5,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				None: true,
-			},
-		}},
-		{"v2 local database", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "local_database",
-			UsernameModifier:      UsernameModifierInputDomain,
-			UserDomain:            "myUserDomain",
-			LockoutFailedAttempts: "6",
-			LockoutTime:           0,
-			Type: AuthenticationType{
-				LocalDatabase: true,
-			},
-		}},
-		{"v2 radius no group", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "radiusNoGroup",
-			UsernameModifier:      UsernameModifierDomainInput,
-			LockoutFailedAttempts: "6",
-			LockoutTime:           12,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Radius: &Radius{
-					ServerProfile: "serverProfile",
-				},
-			},
-		}},
-		{"v2 radius with group", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "radiusWithGroup",
-			UsernameModifier:      UsernameModifierDomainInput,
-			LockoutFailedAttempts: "6",
-			LockoutTime:           12,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Radius: &Radius{
-					ServerProfile:     "serverProfile",
-					RetrieveUserGroup: true,
-				},
-			},
-		}},
-		{"v2 ldap", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "ldap",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "10",
-			LockoutTime:           7,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Ldap: &Ldap{
-					ServerProfile:         "myServerProfile",
-					LoginAttribute:        "loginAttrib",
-					PasswordExpiryWarning: "6",
-				},
-			},
-		}},
-		{"v2 kerberos", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "kerberos",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "20",
-			LockoutTime:           10,
-			Type: AuthenticationType{
-				Kerberos: &Kerberos{
-					ServerProfile: "serverProfile",
-					Realm:         "myRealm",
-				},
-			},
-		}},
-		{"v2 tacacs plus", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "tacacsPlus",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "2",
-			LockoutTime:           4,
-			Type: AuthenticationType{
-				TacacsPlus: &TacacsPlus{
-					ServerProfile: "myServerProfile",
-				},
-			},
-		}},
-		{"v3 none", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "none",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "7",
-			LockoutTime:           5,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				None: true,
-			},
-		}},
-		{"v3 none with mfa factors", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "none",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "7",
-			LockoutTime:           5,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				None: true,
-			},
-			MultiFactorAuthentication: &MultiFactorAuthentication{
-				Factors: []string{"mfab", "mfaa"},
-			},
-		}},
-		{"v3 none with mfa enabled", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "none",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "7",
-			LockoutTime:           5,
-			Type: AuthenticationType{
-				None: true,
-			},
-			MultiFactorAuthentication: &MultiFactorAuthentication{
-				Enabled: true,
-			},
-		}},
-		{"v3 local database", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "local_database",
-			UsernameModifier:      UsernameModifierInputDomain,
-			UserDomain:            "myUserDomain",
-			LockoutFailedAttempts: "6",
-			LockoutTime:           0,
-			Type: AuthenticationType{
-				LocalDatabase: true,
-			},
-		}},
-		{"v3 radius no group", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "radiusNoGroup",
-			UsernameModifier:      UsernameModifierDomainInput,
-			LockoutFailedAttempts: "6",
-			LockoutTime:           12,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Radius: &Radius{
-					ServerProfile: "serverProfile",
-				},
-			},
-		}},
-		{"v3 radius with group", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "radiusWithGroup",
-			UsernameModifier:      UsernameModifierDomainInput,
-			LockoutFailedAttempts: "6",
-			LockoutTime:           12,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Radius: &Radius{
-					ServerProfile:     "serverProfile",
-					RetrieveUserGroup: true,
-				},
-			},
-		}},
-		{"v3 ldap", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "ldap",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "10",
-			LockoutTime:           7,
-			AllowList:             []string{"allow1", "allow2"},
-			Type: AuthenticationType{
-				Ldap: &Ldap{
-					ServerProfile:         "myServerProfile",
-					LoginAttribute:        "loginAttrib",
-					PasswordExpiryWarning: "6",
-				},
-			},
-		}},
-		{"v3 kerberos", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "kerberos",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "20",
-			LockoutTime:           10,
-			Type: AuthenticationType{
-				Kerberos: &Kerberos{
-					ServerProfile: "serverProfile",
-					Realm:         "myRealm",
-				},
-			},
-		}},
-		{"v3 tacacs plus no group", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "tacacsPlus",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "2",
-			LockoutTime:           4,
-			Type: AuthenticationType{
-				TacacsPlus: &TacacsPlus{
-					ServerProfile: "myServerProfile",
-				},
-			},
-		}},
-		{"v3 tacacs plus with group", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "tacacsPlusWithGroup",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "2",
-			LockoutTime:           4,
-			Type: AuthenticationType{
-				TacacsPlus: &TacacsPlus{
-					ServerProfile:     "myServerProfile",
-					RetrieveUserGroup: true,
-				},
-			},
-		}},
-		{"v3 saml no single logout", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "saml no logout",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "2",
-			LockoutTime:           4,
-			Type: AuthenticationType{
-				Saml: &Saml{
-					ServerProfile:             "saml server profile",
-					EnableSingleLogout:        false,
-					RequestSigningCertificate: "reqSigner",
-					CertificateProfile:        "certProfile",
-					UsernameAttribute:         UsernameAttributeDefault,
-					UserGroupAttribute:        "ug attr",
-					AdminRoleAttribute:        "ar attr",
-					AccessDomainAttribute:     "ad attr",
-				},
-			},
-		}},
-		{"v3 saml with single logout", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "saml with logout",
-			UsernameModifier:      UsernameModifierInput,
-			LockoutFailedAttempts: "2",
-			LockoutTime:           4,
-			Type: AuthenticationType{
-				Saml: &Saml{
-					ServerProfile:             "saml server profile",
-					EnableSingleLogout:        true,
-					RequestSigningCertificate: "reqSigner",
-					CertificateProfile:        "certProfile",
-					UsernameAttribute:         UsernameAttributeDefault,
-					UserGroupAttribute:        "ug attr",
-					AdminRoleAttribute:        "ar attr",
-					AccessDomainAttribute:     "ad attr",
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/profile/certificate/const.go b/dev/profile/certificate/const.go
deleted file mode 100644
index 0666666e..00000000
--- a/dev/profile/certificate/const.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package certificate
-
-// Valid values for Entry.UsernameField.
-const (
-	UsernameFieldSubject    = "subject"
-	UsernameFieldSubjectAlt = "subject-alt"
-)
-
-// Valid values for Entry.UsernameFieldValue when
-// `UsernameField="subject"`.
-const (
-	UsernameFieldValueCommonName = "common-name"
-)
-
-// Valid values for Entry.UsernameFieldValue when
-// `UsernameField="subject-alt"`.
-const (
-	UsernameFieldValueEmail         = "email"
-	UsernameFieldValuePrincipalName = "principal-name"
-)
-
-const (
-	singular = "certificate profile"
-	plural   = "certificate profiles"
-)
diff --git a/dev/profile/certificate/doc.go b/dev/profile/certificate/doc.go
deleted file mode 100644
index 53476ce0..00000000
--- a/dev/profile/certificate/doc.go
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
-Package certificate is the client.Device.CertificateProfile namespace.
-
-For Panorama, there are three possibilities:
-- local to Panorama
-- in /config/shared
-- inside a template
-
-To manage certificates on Panorama, leave "tmpl" and "ts" params empty, then
-either leave `dg` as an empty string (for certs in /config/panorama) or specying
-`dg="shared"` (for certs in /config/shared).
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Normalized object:  Entry
-*/
-package certificate
diff --git a/dev/profile/certificate/entry.go b/dev/profile/certificate/entry.go
deleted file mode 100644
index d8563cab..00000000
--- a/dev/profile/certificate/entry.go
+++ /dev/null
@@ -1,643 +0,0 @@
-package certificate
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a certificate profile.
-//
-// Leave UsernameField as an empty string to specify a username field
-// of `None`.
-//
-// Note:  Entry.CertificateStatusTimeout=0 is a valid setting, so make
-// sure to have the desired value configured before doing Set() / Edit().
-//
-// Note:
-type Entry struct {
-	Name                            string
-	UsernameField                   string
-	UsernameFieldValue              string
-	Domain                          string
-	Certificates                    []Certificate
-	UseCrl                          bool
-	UseOcsp                         bool
-	CrlReceiveTimeout               int
-	OcspReceiveTimeout              int
-	CertificateStatusTimeout        int
-	BlockUnknownCertificate         bool
-	BlockCertificateTimeout         bool
-	BlockUnauthenticatedCertificate bool // 7.1+
-	BlockExpiredCertificate         bool // 8.1+
-	OcspExcludeNonce                bool // 9.0+
-}
-
-type Certificate struct {
-	Name                  string
-	DefaultOcspUrl        string
-	OcspVerifyCertificate string
-	TemplateName          string // 9.0+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.UsernameField = s.UsernameField
-	o.UsernameFieldValue = s.UsernameFieldValue
-	o.Domain = s.Domain
-	if s.Certificates == nil {
-		o.Certificates = nil
-	} else {
-		o.Certificates = make([]Certificate, 0, len(s.Certificates))
-		for _, x := range s.Certificates {
-			o.Certificates = append(o.Certificates, Certificate{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-				TemplateName:          x.TemplateName,
-			})
-		}
-	}
-	o.UseCrl = s.UseCrl
-	o.UseOcsp = s.UseOcsp
-	o.CrlReceiveTimeout = s.CrlReceiveTimeout
-	o.OcspReceiveTimeout = s.OcspReceiveTimeout
-	o.CertificateStatusTimeout = s.CertificateStatusTimeout
-	o.BlockUnknownCertificate = s.BlockUnknownCertificate
-	o.BlockCertificateTimeout = s.BlockCertificateTimeout
-	o.BlockUnauthenticatedCertificate = s.BlockUnauthenticatedCertificate
-	o.BlockExpiredCertificate = s.BlockExpiredCertificate
-	o.OcspExcludeNonce = s.OcspExcludeNonce
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                  xml.Name  `xml:"entry"`
-	Name                     string    `xml:"name,attr"`
-	UsernameField            *uf       `xml:"username-field"`
-	Domain                   string    `xml:"domain,omitempty"`
-	Certificates             *certs_v1 `xml:"CA"`
-	UseCrl                   string    `xml:"use-crl"`
-	UseOcsp                  string    `xml:"use-ocsp"`
-	CrlReceiveTimeout        int       `xml:"crl-receive-timeout,omitempty"`
-	OcspReceiveTimeout       int       `xml:"ocsp-receive-timeout,omitempty"`
-	CertificateStatusTimeout int       `xml:"cert-status-timeout"`
-	BlockUnknownCertificate  string    `xml:"block-unknown-cert"`
-	BlockCertificateTimeout  string    `xml:"block-timeout-cert"`
-}
-
-type uf struct {
-	Subject    string `xml:"subject,omitempty"`
-	SubjectAlt string `xml:"subject-alt,omitempty"`
-}
-
-type certs_v1 struct {
-	Entries []certEntry_v1 `xml:"entry"`
-}
-
-type certEntry_v1 struct {
-	Name                  string `xml:"name,attr"`
-	DefaultOcspUrl        string `xml:"default-ocsp-url,omitempty"`
-	OcspVerifyCertificate string `xml:"ocsp-verify-cert,omitempty"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		CrlReceiveTimeout:        5,
-		OcspReceiveTimeout:       5,
-		CertificateStatusTimeout: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                     o.Name,
-		Domain:                   o.Domain,
-		UseCrl:                   util.AsBool(o.UseCrl),
-		UseOcsp:                  util.AsBool(o.UseOcsp),
-		CrlReceiveTimeout:        o.CrlReceiveTimeout,
-		OcspReceiveTimeout:       o.OcspReceiveTimeout,
-		CertificateStatusTimeout: o.CertificateStatusTimeout,
-		BlockUnknownCertificate:  util.AsBool(o.BlockUnknownCertificate),
-		BlockCertificateTimeout:  util.AsBool(o.BlockCertificateTimeout),
-	}
-
-	if o.UsernameField != nil {
-		if o.UsernameField.Subject != "" {
-			ans.UsernameField = UsernameFieldSubject
-			ans.UsernameFieldValue = o.UsernameField.Subject
-		} else if o.UsernameField.SubjectAlt != "" {
-			ans.UsernameField = UsernameFieldSubjectAlt
-			ans.UsernameFieldValue = o.UsernameField.SubjectAlt
-		}
-	}
-
-	if o.Certificates != nil {
-		ans.Certificates = make([]Certificate, 0, len(o.Certificates.Entries))
-		for _, x := range o.Certificates.Entries {
-			ans.Certificates = append(ans.Certificates, Certificate{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-	}
-
-	return ans
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                     e.Name,
-		Domain:                   e.Domain,
-		UseCrl:                   util.YesNo(e.UseCrl),
-		UseOcsp:                  util.YesNo(e.UseOcsp),
-		CrlReceiveTimeout:        e.CrlReceiveTimeout,
-		OcspReceiveTimeout:       e.OcspReceiveTimeout,
-		CertificateStatusTimeout: e.CertificateStatusTimeout,
-		BlockUnknownCertificate:  util.YesNo(e.BlockUnknownCertificate),
-		BlockCertificateTimeout:  util.YesNo(e.BlockCertificateTimeout),
-	}
-
-	switch e.UsernameField {
-	case UsernameFieldSubject:
-		ans.UsernameField = &uf{
-			Subject: e.UsernameFieldValue,
-		}
-	case UsernameFieldSubjectAlt:
-		ans.UsernameField = &uf{
-			SubjectAlt: e.UsernameFieldValue,
-		}
-	}
-
-	if len(e.Certificates) > 0 {
-		list := make([]certEntry_v1, 0, len(e.Certificates))
-		for _, x := range e.Certificates {
-			list = append(list, certEntry_v1{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-		ans.Certificates = &certs_v1{Entries: list}
-	}
-
-	return ans
-}
-
-// PAN-OS 7.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                         xml.Name  `xml:"entry"`
-	Name                            string    `xml:"name,attr"`
-	UsernameField                   *uf       `xml:"username-field"`
-	Domain                          string    `xml:"domain,omitempty"`
-	Certificates                    *certs_v1 `xml:"CA"`
-	UseCrl                          string    `xml:"use-crl"`
-	UseOcsp                         string    `xml:"use-ocsp"`
-	CrlReceiveTimeout               int       `xml:"crl-receive-timeout,omitempty"`
-	OcspReceiveTimeout              int       `xml:"ocsp-receive-timeout,omitempty"`
-	CertificateStatusTimeout        int       `xml:"cert-status-timeout"`
-	BlockUnknownCertificate         string    `xml:"block-unknown-cert"`
-	BlockCertificateTimeout         string    `xml:"block-timeout-cert"`
-	BlockUnauthenticatedCertificate string    `xml:"block-unauthenticated-cert"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		CrlReceiveTimeout:        5,
-		OcspReceiveTimeout:       5,
-		CertificateStatusTimeout: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                            o.Name,
-		Domain:                          o.Domain,
-		UseCrl:                          util.AsBool(o.UseCrl),
-		UseOcsp:                         util.AsBool(o.UseOcsp),
-		CrlReceiveTimeout:               o.CrlReceiveTimeout,
-		OcspReceiveTimeout:              o.OcspReceiveTimeout,
-		CertificateStatusTimeout:        o.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.AsBool(o.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.AsBool(o.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.AsBool(o.BlockUnauthenticatedCertificate),
-	}
-
-	if o.UsernameField != nil {
-		if o.UsernameField.Subject != "" {
-			ans.UsernameField = UsernameFieldSubject
-			ans.UsernameFieldValue = o.UsernameField.Subject
-		} else if o.UsernameField.SubjectAlt != "" {
-			ans.UsernameField = UsernameFieldSubjectAlt
-			ans.UsernameFieldValue = o.UsernameField.SubjectAlt
-		}
-	}
-
-	if o.Certificates != nil {
-		ans.Certificates = make([]Certificate, 0, len(o.Certificates.Entries))
-		for _, x := range o.Certificates.Entries {
-			ans.Certificates = append(ans.Certificates, Certificate{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                            e.Name,
-		Domain:                          e.Domain,
-		UseCrl:                          util.YesNo(e.UseCrl),
-		UseOcsp:                         util.YesNo(e.UseOcsp),
-		CrlReceiveTimeout:               e.CrlReceiveTimeout,
-		OcspReceiveTimeout:              e.OcspReceiveTimeout,
-		CertificateStatusTimeout:        e.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.YesNo(e.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.YesNo(e.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.YesNo(e.BlockUnauthenticatedCertificate),
-	}
-
-	switch e.UsernameField {
-	case UsernameFieldSubject:
-		ans.UsernameField = &uf{
-			Subject: e.UsernameFieldValue,
-		}
-	case UsernameFieldSubjectAlt:
-		ans.UsernameField = &uf{
-			SubjectAlt: e.UsernameFieldValue,
-		}
-	}
-
-	if len(e.Certificates) > 0 {
-		list := make([]certEntry_v1, 0, len(e.Certificates))
-		for _, x := range e.Certificates {
-			list = append(list, certEntry_v1{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-		ans.Certificates = &certs_v1{Entries: list}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                         xml.Name  `xml:"entry"`
-	Name                            string    `xml:"name,attr"`
-	UsernameField                   *uf       `xml:"username-field"`
-	Domain                          string    `xml:"domain,omitempty"`
-	Certificates                    *certs_v1 `xml:"CA"`
-	UseCrl                          string    `xml:"use-crl"`
-	UseOcsp                         string    `xml:"use-ocsp"`
-	CrlReceiveTimeout               int       `xml:"crl-receive-timeout,omitempty"`
-	OcspReceiveTimeout              int       `xml:"ocsp-receive-timeout,omitempty"`
-	CertificateStatusTimeout        int       `xml:"cert-status-timeout"`
-	BlockUnknownCertificate         string    `xml:"block-unknown-cert"`
-	BlockCertificateTimeout         string    `xml:"block-timeout-cert"`
-	BlockUnauthenticatedCertificate string    `xml:"block-unauthenticated-cert"`
-	BlockExpiredCertificate         string    `xml:"block-expired-cert"`
-}
-
-func (e *entry_v3) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v3
-	ans := local{
-		CrlReceiveTimeout:        5,
-		OcspReceiveTimeout:       5,
-		CertificateStatusTimeout: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v3(ans)
-	return nil
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                            o.Name,
-		Domain:                          o.Domain,
-		UseCrl:                          util.AsBool(o.UseCrl),
-		UseOcsp:                         util.AsBool(o.UseOcsp),
-		CrlReceiveTimeout:               o.CrlReceiveTimeout,
-		OcspReceiveTimeout:              o.OcspReceiveTimeout,
-		CertificateStatusTimeout:        o.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.AsBool(o.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.AsBool(o.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.AsBool(o.BlockUnauthenticatedCertificate),
-		BlockExpiredCertificate:         util.AsBool(o.BlockExpiredCertificate),
-	}
-
-	if o.UsernameField != nil {
-		if o.UsernameField.Subject != "" {
-			ans.UsernameField = UsernameFieldSubject
-			ans.UsernameFieldValue = o.UsernameField.Subject
-		} else if o.UsernameField.SubjectAlt != "" {
-			ans.UsernameField = UsernameFieldSubjectAlt
-			ans.UsernameFieldValue = o.UsernameField.SubjectAlt
-		}
-	}
-
-	if o.Certificates != nil {
-		ans.Certificates = make([]Certificate, 0, len(o.Certificates.Entries))
-		for _, x := range o.Certificates.Entries {
-			ans.Certificates = append(ans.Certificates, Certificate{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-	}
-
-	return ans
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                            e.Name,
-		Domain:                          e.Domain,
-		UseCrl:                          util.YesNo(e.UseCrl),
-		UseOcsp:                         util.YesNo(e.UseOcsp),
-		CrlReceiveTimeout:               e.CrlReceiveTimeout,
-		OcspReceiveTimeout:              e.OcspReceiveTimeout,
-		CertificateStatusTimeout:        e.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.YesNo(e.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.YesNo(e.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.YesNo(e.BlockUnauthenticatedCertificate),
-		BlockExpiredCertificate:         util.YesNo(e.BlockExpiredCertificate),
-	}
-
-	switch e.UsernameField {
-	case UsernameFieldSubject:
-		ans.UsernameField = &uf{
-			Subject: e.UsernameFieldValue,
-		}
-	case UsernameFieldSubjectAlt:
-		ans.UsernameField = &uf{
-			SubjectAlt: e.UsernameFieldValue,
-		}
-	}
-
-	if len(e.Certificates) > 0 {
-		list := make([]certEntry_v1, 0, len(e.Certificates))
-		for _, x := range e.Certificates {
-			list = append(list, certEntry_v1{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-			})
-		}
-		ans.Certificates = &certs_v1{Entries: list}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                         xml.Name  `xml:"entry"`
-	Name                            string    `xml:"name,attr"`
-	UsernameField                   *uf       `xml:"username-field"`
-	Domain                          string    `xml:"domain,omitempty"`
-	Certificates                    *certs_v2 `xml:"CA"`
-	UseCrl                          string    `xml:"use-crl"`
-	UseOcsp                         string    `xml:"use-ocsp"`
-	CrlReceiveTimeout               int       `xml:"crl-receive-timeout,omitempty"`
-	OcspReceiveTimeout              int       `xml:"ocsp-receive-timeout,omitempty"`
-	CertificateStatusTimeout        int       `xml:"cert-status-timeout"`
-	BlockUnknownCertificate         string    `xml:"block-unknown-cert"`
-	BlockCertificateTimeout         string    `xml:"block-timeout-cert"`
-	BlockUnauthenticatedCertificate string    `xml:"block-unauthenticated-cert"`
-	BlockExpiredCertificate         string    `xml:"block-expired-cert"`
-	OcspExcludeNonce                string    `xml:"ocsp-exclude-nonce"`
-}
-
-type certs_v2 struct {
-	Entries []certEntry_v2 `xml:"entry"`
-}
-
-type certEntry_v2 struct {
-	Name                  string `xml:"name,attr"`
-	DefaultOcspUrl        string `xml:"default-ocsp-url,omitempty"`
-	OcspVerifyCertificate string `xml:"ocsp-verify-cert,omitempty"`
-	TemplateName          string `xml:"template-name,omitempty"`
-}
-
-func (e *entry_v4) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v4
-	ans := local{
-		CrlReceiveTimeout:        5,
-		OcspReceiveTimeout:       5,
-		CertificateStatusTimeout: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v4(ans)
-	return nil
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                            o.Name,
-		Domain:                          o.Domain,
-		UseCrl:                          util.AsBool(o.UseCrl),
-		UseOcsp:                         util.AsBool(o.UseOcsp),
-		CrlReceiveTimeout:               o.CrlReceiveTimeout,
-		OcspReceiveTimeout:              o.OcspReceiveTimeout,
-		CertificateStatusTimeout:        o.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.AsBool(o.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.AsBool(o.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.AsBool(o.BlockUnauthenticatedCertificate),
-		BlockExpiredCertificate:         util.AsBool(o.BlockExpiredCertificate),
-		OcspExcludeNonce:                util.AsBool(o.OcspExcludeNonce),
-	}
-
-	if o.UsernameField != nil {
-		if o.UsernameField.Subject != "" {
-			ans.UsernameField = UsernameFieldSubject
-			ans.UsernameFieldValue = o.UsernameField.Subject
-		} else if o.UsernameField.SubjectAlt != "" {
-			ans.UsernameField = UsernameFieldSubjectAlt
-			ans.UsernameFieldValue = o.UsernameField.SubjectAlt
-		}
-	}
-
-	if o.Certificates != nil {
-		ans.Certificates = make([]Certificate, 0, len(o.Certificates.Entries))
-		for _, x := range o.Certificates.Entries {
-			ans.Certificates = append(ans.Certificates, Certificate{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-				TemplateName:          x.TemplateName,
-			})
-		}
-	}
-
-	return ans
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                            e.Name,
-		Domain:                          e.Domain,
-		UseCrl:                          util.YesNo(e.UseCrl),
-		UseOcsp:                         util.YesNo(e.UseOcsp),
-		CrlReceiveTimeout:               e.CrlReceiveTimeout,
-		OcspReceiveTimeout:              e.OcspReceiveTimeout,
-		CertificateStatusTimeout:        e.CertificateStatusTimeout,
-		BlockUnknownCertificate:         util.YesNo(e.BlockUnknownCertificate),
-		BlockCertificateTimeout:         util.YesNo(e.BlockCertificateTimeout),
-		BlockUnauthenticatedCertificate: util.YesNo(e.BlockUnauthenticatedCertificate),
-		BlockExpiredCertificate:         util.YesNo(e.BlockExpiredCertificate),
-		OcspExcludeNonce:                util.YesNo(e.OcspExcludeNonce),
-	}
-
-	switch e.UsernameField {
-	case UsernameFieldSubject:
-		ans.UsernameField = &uf{
-			Subject: e.UsernameFieldValue,
-		}
-	case UsernameFieldSubjectAlt:
-		ans.UsernameField = &uf{
-			SubjectAlt: e.UsernameFieldValue,
-		}
-	}
-
-	if len(e.Certificates) > 0 {
-		list := make([]certEntry_v2, 0, len(e.Certificates))
-		for _, x := range e.Certificates {
-			list = append(list, certEntry_v2{
-				Name:                  x.Name,
-				DefaultOcspUrl:        x.DefaultOcspUrl,
-				OcspVerifyCertificate: x.OcspVerifyCertificate,
-				TemplateName:          x.TemplateName,
-			})
-		}
-		ans.Certificates = &certs_v2{Entries: list}
-	}
-
-	return ans
-}
diff --git a/dev/profile/certificate/funcs.go b/dev/profile/certificate/funcs.go
deleted file mode 100644
index acd210c4..00000000
--- a/dev/profile/certificate/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package certificate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/certificate/fw.go b/dev/profile/certificate/fw.go
deleted file mode 100644
index d479e4bd..00000000
--- a/dev/profile/certificate/fw.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package certificate
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.CertificateProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"certificate-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/certificate/fw_test.go b/dev/profile/certificate/fw_test.go
deleted file mode 100644
index 72456ae0..00000000
--- a/dev/profile/certificate/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package certificate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/certificate/pano.go b/dev/profile/certificate/pano.go
deleted file mode 100644
index 0c1699c0..00000000
--- a/dev/profile/certificate/pano.go
+++ /dev/null
@@ -1,129 +0,0 @@
-package certificate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.CertificateProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(shared bool, tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(shared, tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(shared bool, tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(shared, tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(shared bool, tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(shared, tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(shared bool, tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(shared, tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(shared bool, tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(shared, tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(shared bool, tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(shared, tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(shared bool, tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(shared, tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(shared bool, tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(shared, tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(shared bool, tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(shared, tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(shared bool, tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(shared, tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(shared bool, tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(shared, tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(shared bool, tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(shared, tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(shared bool, tmpl, ts, vsys string, vals []string) ([]string, error) {
-	// Sanity check input.
-	if tmpl == "" && ts == "" && vsys != "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	var ans []string
-	if tmpl != "" || ts != "" {
-		ans = make([]string, 0, 12)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 4)
-		if shared {
-			ans = append(ans,
-				"config",
-				"shared",
-			)
-		} else {
-			ans = append(ans,
-				"config",
-				"panorama",
-			)
-		}
-	}
-
-	ans = append(ans,
-		"certificate-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/certificate/pano_test.go b/dev/profile/certificate/pano_test.go
deleted file mode 100644
index 9c65214e..00000000
--- a/dev/profile/certificate/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package certificate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(true, "", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(true, "", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/certificate/testdata_test.go b/dev/profile/certificate/testdata_test.go
deleted file mode 100644
index 09988ee7..00000000
--- a/dev/profile/certificate/testdata_test.go
+++ /dev/null
@@ -1,335 +0,0 @@
-package certificate
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 none username with usecrl", version.Number{6, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			UseCrl:                   true,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v1 subject username with useocsp", version.Number{6, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubject,
-			UsernameFieldValue:       UsernameFieldValueCommonName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  true,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v1 email alt-subject with block unknown cert", version.Number{6, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValueEmail,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  true,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v1 principal name alt-subject with block cert timeout", version.Number{6, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValuePrincipalName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  true,
-		}},
-		{"v1 with certs", version.Number{6, 1, 0, ""}, Entry{
-			Name:   "myCert",
-			Domain: "example.com",
-			Certificates: []Certificate{
-				{
-					Name:                  "c1",
-					DefaultOcspUrl:        "myOcspUrl",
-					OcspVerifyCertificate: "foobar",
-				},
-			},
-			CrlReceiveTimeout:        6,
-			OcspReceiveTimeout:       4,
-			CertificateStatusTimeout: 2,
-		}},
-		{"v2 none username with usecrl", version.Number{7, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			UseCrl:                   true,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v2 subject username with useocsp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubject,
-			UsernameFieldValue:       UsernameFieldValueCommonName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  true,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v2 email alt-subject with block unknown cert", version.Number{7, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValueEmail,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  true,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v2 principal name alt-subject with block cert timeout", version.Number{7, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValuePrincipalName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  true,
-		}},
-		{"v2 with certs", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "myCert",
-			Domain: "example.com",
-			Certificates: []Certificate{
-				{
-					Name:                  "c1",
-					DefaultOcspUrl:        "myOcspUrl",
-					OcspVerifyCertificate: "foobar",
-				},
-			},
-			CrlReceiveTimeout:        6,
-			OcspReceiveTimeout:       4,
-			CertificateStatusTimeout: 2,
-		}},
-		{"v2 none username with block unauthenticated certificate", version.Number{7, 1, 0, ""}, Entry{
-			Name:                            "myCert",
-			Domain:                          "example.com",
-			CrlReceiveTimeout:               1,
-			OcspReceiveTimeout:              2,
-			CertificateStatusTimeout:        3,
-			BlockUnauthenticatedCertificate: true,
-		}},
-		{"v3 none username with usecrl", version.Number{8, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			UseCrl:                   true,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v3 subject username with useocsp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubject,
-			UsernameFieldValue:       UsernameFieldValueCommonName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  true,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v3 email alt-subject with block unknown cert", version.Number{8, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValueEmail,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  true,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v3 principal name alt-subject with block cert timeout", version.Number{8, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValuePrincipalName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  true,
-		}},
-		{"v3 with certs", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "myCert",
-			Domain: "example.com",
-			Certificates: []Certificate{
-				{
-					Name:                  "c1",
-					DefaultOcspUrl:        "myOcspUrl",
-					OcspVerifyCertificate: "foobar",
-				},
-			},
-			CrlReceiveTimeout:        6,
-			OcspReceiveTimeout:       4,
-			CertificateStatusTimeout: 2,
-		}},
-		{"v3 none username with block unauthenticated certificate", version.Number{8, 1, 0, ""}, Entry{
-			Name:                            "myCert",
-			Domain:                          "example.com",
-			CrlReceiveTimeout:               1,
-			OcspReceiveTimeout:              2,
-			CertificateStatusTimeout:        3,
-			BlockUnauthenticatedCertificate: true,
-		}},
-		{"v3 none username with block expired certificate", version.Number{8, 1, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockExpiredCertificate:  true,
-		}},
-		{"v4 none username with usecrl", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			UseCrl:                   true,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v4 subject username with useocsp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubject,
-			UsernameFieldValue:       UsernameFieldValueCommonName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  true,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v4 email alt-subject with block unknown cert", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValueEmail,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  true,
-			BlockCertificateTimeout:  false,
-		}},
-		{"v4 principal name alt-subject with block cert timeout", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			UsernameField:            UsernameFieldSubjectAlt,
-			UsernameFieldValue:       UsernameFieldValuePrincipalName,
-			Domain:                   "example.com",
-			UseCrl:                   false,
-			UseOcsp:                  false,
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockUnknownCertificate:  false,
-			BlockCertificateTimeout:  true,
-		}},
-		{"v4 with certs", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "myCert",
-			Domain: "example.com",
-			Certificates: []Certificate{
-				{
-					Name:                  "c1",
-					DefaultOcspUrl:        "myOcspUrl",
-					OcspVerifyCertificate: "foobar",
-				},
-			},
-			CrlReceiveTimeout:        6,
-			OcspReceiveTimeout:       4,
-			CertificateStatusTimeout: 2,
-		}},
-		{"v4 none username with block unauthenticated certificate", version.Number{9, 0, 0, ""}, Entry{
-			Name:                            "myCert",
-			Domain:                          "example.com",
-			CrlReceiveTimeout:               1,
-			OcspReceiveTimeout:              2,
-			CertificateStatusTimeout:        3,
-			BlockUnauthenticatedCertificate: true,
-		}},
-		{"v4 none username with block expired certificate", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			BlockExpiredCertificate:  true,
-		}},
-		{"v4 with template name cert", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "myCert",
-			Domain: "example.com",
-			Certificates: []Certificate{
-				{
-					Name:                  "c1",
-					DefaultOcspUrl:        "myOcspUrl",
-					OcspVerifyCertificate: "foobar",
-					TemplateName:          "templateName",
-				},
-			},
-			CrlReceiveTimeout:        6,
-			OcspReceiveTimeout:       4,
-			CertificateStatusTimeout: 2,
-		}},
-		{"v4 none username with ocsp exclude nonce", version.Number{9, 0, 0, ""}, Entry{
-			Name:                     "myCert",
-			Domain:                   "example.com",
-			CrlReceiveTimeout:        1,
-			OcspReceiveTimeout:       2,
-			CertificateStatusTimeout: 3,
-			OcspExcludeNonce:         true,
-		}},
-	}
-}
diff --git a/dev/profile/email/const.go b/dev/profile/email/const.go
deleted file mode 100644
index 9cbe268f..00000000
--- a/dev/profile/email/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package email
-
-const (
-	singular = "email server profile"
-	plural   = "email server profiles"
-)
diff --git a/dev/profile/email/doc.go b/dev/profile/email/doc.go
deleted file mode 100644
index 0f0a223e..00000000
--- a/dev/profile/email/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package email is the client.Device.EmailServerProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Note: PAN-OS 7.1+
-
-Normalized object:  Entry
-*/
-package email
diff --git a/dev/profile/email/entry.go b/dev/profile/email/entry.go
deleted file mode 100644
index a8fd92ec..00000000
--- a/dev/profile/email/entry.go
+++ /dev/null
@@ -1,639 +0,0 @@
-package email
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an email profile.
-//
-// PAN-OS 7.1+.
-type Entry struct {
-	Name              string
-	Config            string
-	System            string
-	Threat            string
-	Traffic           string
-	HipMatch          string
-	Url               string // 8.0+
-	Data              string // 8.0+
-	Wildfire          string // 8.0+
-	Tunnel            string // 8.0+
-	UserId            string // 8.0+
-	Gtp               string // 8.0+
-	Auth              string // 8.0+
-	Sctp              string // 8.1+
-	Iptag             string // 9.0+
-	EscapedCharacters string
-	EscapeCharacter   string
-	Servers           []Server
-}
-
-// Server is an email server.
-type Server struct {
-	Name         string
-	DisplayName  string
-	From         string
-	To           string
-	AlsoTo       string
-	EmailGateway string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Config = s.Config
-	o.System = s.System
-	o.Threat = s.Threat
-	o.Traffic = s.Traffic
-	o.HipMatch = s.HipMatch
-	o.Url = s.Url
-	o.Data = s.Data
-	o.Wildfire = s.Wildfire
-	o.Tunnel = s.Tunnel
-	o.UserId = s.UserId
-	o.Gtp = s.Gtp
-	o.Auth = s.Auth
-	o.Sctp = s.Sctp
-	o.Iptag = s.Iptag
-	o.EscapedCharacters = s.EscapedCharacters
-	o.EscapeCharacter = s.EscapeCharacter
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		ans.Servers = make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			ans.Servers = append(ans.Servers, Server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v1 `xml:"format"`
-}
-
-type servers struct {
-	Entries []server `xml:"entry"`
-}
-
-type server struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	DisplayName  string   `xml:"display-name,omitempty"`
-	From         string   `xml:"from"`
-	To           string   `xml:"to"`
-	AlsoTo       string   `xml:"and-also-to,omitempty"`
-	EmailGateway string   `xml:"gateway"`
-}
-
-type format_v1 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-type esc struct {
-	EscapedCharacters string `xml:"escaped-characters"`
-	EscapeCharacter   string `xml:"escape-character"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]server, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || hasEsc {
-		ans.Format = &format_v1{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		ans.Servers = make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			ans.Servers = append(ans.Servers, Server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v2 `xml:"format"`
-}
-
-type format_v2 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]server, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || hasEsc {
-		ans.Format = &format_v2{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		ans.Servers = make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			ans.Servers = append(ans.Servers, Server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-		ans.Sctp = o.Format.Sctp
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v3 `xml:"format"`
-}
-
-type format_v3 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Sctp     string `xml:"sctp,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]server, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || e.Sctp != "" || hasEsc {
-		ans.Format = &format_v3{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-			Sctp:     e.Sctp,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		ans.Servers = make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			ans.Servers = append(ans.Servers, Server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-		ans.Sctp = o.Format.Sctp
-		ans.Iptag = o.Format.Iptag
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v4 `xml:"format"`
-}
-
-type format_v4 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Sctp     string `xml:"sctp,omitempty"`
-	Iptag    string `xml:"iptag,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]server, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, server{
-				Name:         x.Name,
-				DisplayName:  x.DisplayName,
-				From:         x.From,
-				To:           x.To,
-				AlsoTo:       x.AlsoTo,
-				EmailGateway: x.EmailGateway,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || e.Sctp != "" || e.Iptag != "" || hasEsc {
-		ans.Format = &format_v4{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-			Sctp:     e.Sctp,
-			Iptag:    e.Iptag,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
diff --git a/dev/profile/email/funcs.go b/dev/profile/email/funcs.go
deleted file mode 100644
index 7f44d2ba..00000000
--- a/dev/profile/email/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package email
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/email/fw.go b/dev/profile/email/fw.go
deleted file mode 100644
index 73a336a2..00000000
--- a/dev/profile/email/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package email
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.EmailServerProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"email",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/email/fw_test.go b/dev/profile/email/fw_test.go
deleted file mode 100644
index 3e04e741..00000000
--- a/dev/profile/email/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package email
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/email/pano.go b/dev/profile/email/pano.go
deleted file mode 100644
index 1c6d78df..00000000
--- a/dev/profile/email/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package email
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.EmailServerProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"log-settings",
-		"email",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/email/pano_test.go b/dev/profile/email/pano_test.go
deleted file mode 100644
index daad3b4b..00000000
--- a/dev/profile/email/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package email
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/email/testdata_test.go b/dev/profile/email/testdata_test.go
deleted file mode 100644
index 4ac8c2ce..00000000
--- a/dev/profile/email/testdata_test.go
+++ /dev/null
@@ -1,264 +0,0 @@
-package email
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 config", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "foo",
-					DisplayName:  "bar",
-					From:         "src@example.com",
-					To:           "dst@example.com",
-					AlsoTo:       "also@example.com",
-					EmailGateway: "smtp.example.com",
-				},
-			},
-		}},
-		{"v1 system", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v1 threat", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v1 traffic", version.Number{7, 1, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v1 hip match", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v1 escaped characters", version.Number{7, 1, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v1 escape character", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v2 config", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "foo",
-					DisplayName:  "bar",
-					From:         "src@example.com",
-					To:           "dst@example.com",
-					AlsoTo:       "also@example.com",
-					EmailGateway: "smtp.example.com",
-				},
-			},
-		}},
-		{"v2 system", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v2 threat", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v2 traffic", version.Number{8, 0, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v2 hip match", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v2 escaped characters", version.Number{8, 0, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v2 escape character", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v2 url", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v2 data", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v2 wildfire", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v2 tunnel", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v2 userid", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v2 gtp", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v2 auth", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v3 config", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "foo",
-					DisplayName:  "bar",
-					From:         "src@example.com",
-					To:           "dst@example.com",
-					AlsoTo:       "also@example.com",
-					EmailGateway: "smtp.example.com",
-				},
-			},
-		}},
-		{"v3 system", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v3 threat", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v3 traffic", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v3 hip match", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v3 escaped characters", version.Number{8, 1, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v3 escape character", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v3 url", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v3 data", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v3 wildfire", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v3 tunnel", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v3 userid", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v3 gtp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v3 auth", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v3 sctp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Sctp: "custom format",
-		}},
-		{"v4 config", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "foo",
-					DisplayName:  "bar",
-					From:         "src@example.com",
-					To:           "dst@example.com",
-					AlsoTo:       "also@example.com",
-					EmailGateway: "smtp.example.com",
-				},
-			},
-		}},
-		{"v4 system", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v4 threat", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v4 traffic", version.Number{9, 0, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v4 hip match", version.Number{9, 0, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v4 escaped characters", version.Number{9, 0, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v4 escape character", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v4 url", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v4 data", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v4 wildfire", version.Number{9, 0, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v4 tunnel", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v4 userid", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v4 gtp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v4 auth", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v4 sctp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Sctp: "custom format",
-		}},
-		{"v4 iptag", version.Number{9, 0, 0, ""}, Entry{
-			Name:  "t1",
-			Iptag: "custom format",
-		}},
-	}
-}
diff --git a/dev/profile/http/const.go b/dev/profile/http/const.go
deleted file mode 100644
index 1060c013..00000000
--- a/dev/profile/http/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package http
-
-// Valid values for Server.Protocol.
-const (
-	ProtocolHttps = "HTTPS"
-	ProtocolHttp  = "HTTP"
-)
-
-const (
-	singular = "http server profile"
-	plural   = "http server profiles"
-)
diff --git a/dev/profile/http/doc.go b/dev/profile/http/doc.go
deleted file mode 100644
index 6c61df49..00000000
--- a/dev/profile/http/doc.go
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
-Package http is the client.Object.HttpServerProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl" and "ts" params empty and
-set "dg" to "shared" (which is also the default).
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Normalized object:  Entry
-*/
-package http
diff --git a/dev/profile/http/entry.go b/dev/profile/http/entry.go
deleted file mode 100644
index 6358705e..00000000
--- a/dev/profile/http/entry.go
+++ /dev/null
@@ -1,687 +0,0 @@
-package http
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an http profile.
-//
-// PAN-OS 7.1+.
-type Entry struct {
-	Name            string
-	TagRegistration bool
-	Servers         []Server
-	Config          *PayloadFormat
-	System          *PayloadFormat
-	Threat          *PayloadFormat
-	Traffic         *PayloadFormat
-	HipMatch        *PayloadFormat
-	Url             *PayloadFormat
-	Data            *PayloadFormat
-	Wildfire        *PayloadFormat
-	Tunnel          *PayloadFormat
-	UserId          *PayloadFormat
-	Gtp             *PayloadFormat
-	Auth            *PayloadFormat
-	Sctp            *PayloadFormat // 8.1+
-	Iptag           *PayloadFormat // 9.0+
-}
-
-// Server is an HTTP server spec.
-type Server struct {
-	Name               string
-	Address            string
-	Protocol           string
-	Port               int
-	HttpMethod         string
-	Username           string
-	Password           string // encrypted
-	TlsVersion         string // 9.0+
-	CertificateProfile string // 9.0+
-}
-
-// PayloadFormat is payload config for a given log type.
-type PayloadFormat struct {
-	Name       string
-	UriFormat  string
-	Payload    string
-	Headers    []Header
-	Parameters []Parameter
-}
-
-// Header is an HTTP header.
-type Header struct {
-	Name  string
-	Value string
-}
-
-// Parameter is an HTTP parameter.
-type Parameter struct {
-	Name  string
-	Value string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.TagRegistration = s.TagRegistration
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:               x.Name,
-				Address:            x.Address,
-				Protocol:           x.Protocol,
-				Port:               x.Port,
-				HttpMethod:         x.HttpMethod,
-				Username:           x.Username,
-				Password:           x.Password,
-				TlsVersion:         x.TlsVersion,
-				CertificateProfile: x.CertificateProfile,
-			})
-		}
-	}
-	o.Config = copyPayloadFormat(s.Config)
-	o.System = copyPayloadFormat(s.System)
-	o.Threat = copyPayloadFormat(s.Threat)
-	o.Traffic = copyPayloadFormat(s.Traffic)
-	o.HipMatch = copyPayloadFormat(s.HipMatch)
-	o.Url = copyPayloadFormat(s.Url)
-	o.Data = copyPayloadFormat(s.Data)
-	o.Wildfire = copyPayloadFormat(s.Wildfire)
-	o.Tunnel = copyPayloadFormat(s.Tunnel)
-	o.UserId = copyPayloadFormat(s.UserId)
-	o.Gtp = copyPayloadFormat(s.Gtp)
-	o.Auth = copyPayloadFormat(s.Auth)
-	o.Sctp = copyPayloadFormat(s.Sctp)
-	o.Iptag = copyPayloadFormat(s.Iptag)
-}
-
-func copyPayloadFormat(s *PayloadFormat) *PayloadFormat {
-	if s == nil {
-		return nil
-	}
-
-	ans := PayloadFormat{
-		Name:      s.Name,
-		UriFormat: s.UriFormat,
-		Payload:   s.Payload,
-	}
-
-	if len(s.Headers) > 0 {
-		ans.Headers = make([]Header, 0, len(s.Headers))
-		for _, x := range s.Headers {
-			ans.Headers = append(ans.Headers, Header{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-	}
-
-	if len(s.Parameters) > 0 {
-		ans.Parameters = make([]Parameter, 0, len(s.Parameters))
-		for _, x := range s.Parameters {
-			ans.Parameters = append(ans.Parameters, Parameter{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-	}
-
-	return &ans
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TagRegistration: util.AsBool(o.TagRegistration),
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:       x.Name,
-				Address:    x.Address,
-				Protocol:   x.Protocol,
-				Port:       x.Port,
-				HttpMethod: x.HttpMethod,
-				Username:   x.Username,
-				Password:   x.Password,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = normalizePayloadFormat(o.Format.Config)
-		ans.System = normalizePayloadFormat(o.Format.System)
-		ans.Threat = normalizePayloadFormat(o.Format.Threat)
-		ans.Traffic = normalizePayloadFormat(o.Format.Traffic)
-		ans.HipMatch = normalizePayloadFormat(o.Format.HipMatch)
-		ans.Url = normalizePayloadFormat(o.Format.Url)
-		ans.Data = normalizePayloadFormat(o.Format.Data)
-		ans.Wildfire = normalizePayloadFormat(o.Format.Wildfire)
-		ans.Tunnel = normalizePayloadFormat(o.Format.Tunnel)
-		ans.UserId = normalizePayloadFormat(o.Format.UserId)
-		ans.Gtp = normalizePayloadFormat(o.Format.Gtp)
-		ans.Auth = normalizePayloadFormat(o.Format.Auth)
-	}
-
-	return ans
-}
-
-func normalizePayloadFormat(val *formatSpec) *PayloadFormat {
-	if val == nil {
-		return nil
-	}
-
-	ans := PayloadFormat{
-		Name:      val.Name,
-		UriFormat: val.UriFormat,
-		Payload:   val.Payload,
-	}
-
-	if val.Header != nil {
-		list := make([]Header, 0, len(val.Header.Entries))
-		for _, x := range val.Header.Entries {
-			list = append(list, Header{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-		ans.Headers = list
-	}
-
-	if val.Parameter != nil {
-		list := make([]Parameter, 0, len(val.Parameter.Entries))
-		for _, x := range val.Parameter.Entries {
-			list = append(list, Parameter{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-		ans.Parameters = list
-	}
-
-	return &ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name    `xml:"entry"`
-	Name            string      `xml:"name,attr"`
-	TagRegistration string      `xml:"tag-registration"`
-	Server          *servers_v1 `xml:"server"`
-	Format          *format_v1  `xml:"format"`
-}
-
-type servers_v1 struct {
-	Entries []serverEntry_v1 `xml:"entry"`
-}
-
-type serverEntry_v1 struct {
-	Name       string `xml:"name,attr"`
-	Address    string `xml:"address"`
-	Protocol   string `xml:"protocol,omitempty"`
-	Port       int    `xml:"port,omitempty"`
-	HttpMethod string `xml:"http-method"`
-	Username   string `xml:"username,omitempty"`
-	Password   string `xml:"password,omitempty"`
-}
-
-type format_v1 struct {
-	Config   *formatSpec `xml:"config"`
-	System   *formatSpec `xml:"system"`
-	Threat   *formatSpec `xml:"threat"`
-	Traffic  *formatSpec `xml:"traffic"`
-	HipMatch *formatSpec `xml:"hip-match"`
-	Url      *formatSpec `xml:"url"`
-	Data     *formatSpec `xml:"data"`
-	Wildfire *formatSpec `xml:"wildfire"`
-	Tunnel   *formatSpec `xml:"tunnel"`
-	UserId   *formatSpec `xml:"userid"`
-	Gtp      *formatSpec `xml:"gtp"`
-	Auth     *formatSpec `xml:"auth"`
-}
-
-type formatSpec struct {
-	Name      string   `xml:"name,omitempty"`
-	UriFormat string   `xml:"url-format,omitempty"`
-	Payload   string   `xml:"payload,omitempty"`
-	Header    *headers `xml:"headers"`
-	Parameter *params  `xml:"params"`
-}
-
-type headers struct {
-	Entries []headerEntry `xml:"entry"`
-}
-
-type headerEntry struct {
-	Name  string `xml:"name,attr"`
-	Value string `xml:"value"`
-}
-
-type params struct {
-	Entries []paramEntry `xml:"entry"`
-}
-
-type paramEntry struct {
-	Name  string `xml:"name,attr"`
-	Value string `xml:"value"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:            e.Name,
-		TagRegistration: util.YesNo(e.TagRegistration),
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry_v1, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry_v1{
-				Name:       x.Name,
-				Address:    x.Address,
-				Protocol:   x.Protocol,
-				Port:       x.Port,
-				HttpMethod: x.HttpMethod,
-				Username:   x.Username,
-				Password:   x.Password,
-			})
-		}
-		ans.Server = &servers_v1{Entries: list}
-	}
-
-	if e.Config != nil || e.System != nil || e.Threat != nil || e.Traffic != nil || e.HipMatch != nil || e.Url != nil || e.Data != nil || e.Wildfire != nil || e.Tunnel != nil || e.UserId != nil || e.Gtp != nil || e.Auth != nil {
-		ans.Format = &format_v1{
-			Config:   specifyPayloadFormat(e.Config),
-			System:   specifyPayloadFormat(e.System),
-			Threat:   specifyPayloadFormat(e.Threat),
-			Traffic:  specifyPayloadFormat(e.Traffic),
-			HipMatch: specifyPayloadFormat(e.HipMatch),
-			Url:      specifyPayloadFormat(e.Url),
-			Data:     specifyPayloadFormat(e.Data),
-			Wildfire: specifyPayloadFormat(e.Wildfire),
-			Tunnel:   specifyPayloadFormat(e.Tunnel),
-			UserId:   specifyPayloadFormat(e.UserId),
-			Gtp:      specifyPayloadFormat(e.Gtp),
-			Auth:     specifyPayloadFormat(e.Auth),
-		}
-	}
-
-	return ans
-}
-
-func specifyPayloadFormat(val *PayloadFormat) *formatSpec {
-	if val == nil {
-		return nil
-	}
-
-	ans := formatSpec{
-		Name:      val.Name,
-		UriFormat: val.UriFormat,
-		Payload:   val.Payload,
-	}
-
-	if len(val.Headers) > 0 {
-		list := make([]headerEntry, 0, len(val.Headers))
-		for _, x := range val.Headers {
-			list = append(list, headerEntry{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-		ans.Header = &headers{Entries: list}
-	}
-
-	if len(val.Parameters) > 0 {
-		list := make([]paramEntry, 0, len(val.Parameters))
-		for _, x := range val.Parameters {
-			list = append(list, paramEntry{
-				Name:  x.Name,
-				Value: x.Value,
-			})
-		}
-		ans.Parameter = &params{Entries: list}
-	}
-
-	return &ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TagRegistration: util.AsBool(o.TagRegistration),
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:       x.Name,
-				Address:    x.Address,
-				Protocol:   x.Protocol,
-				Port:       x.Port,
-				HttpMethod: x.HttpMethod,
-				Username:   x.Username,
-				Password:   x.Password,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = normalizePayloadFormat(o.Format.Config)
-		ans.System = normalizePayloadFormat(o.Format.System)
-		ans.Threat = normalizePayloadFormat(o.Format.Threat)
-		ans.Traffic = normalizePayloadFormat(o.Format.Traffic)
-		ans.HipMatch = normalizePayloadFormat(o.Format.HipMatch)
-		ans.Url = normalizePayloadFormat(o.Format.Url)
-		ans.Data = normalizePayloadFormat(o.Format.Data)
-		ans.Wildfire = normalizePayloadFormat(o.Format.Wildfire)
-		ans.Tunnel = normalizePayloadFormat(o.Format.Tunnel)
-		ans.UserId = normalizePayloadFormat(o.Format.UserId)
-		ans.Gtp = normalizePayloadFormat(o.Format.Gtp)
-		ans.Auth = normalizePayloadFormat(o.Format.Auth)
-		ans.Sctp = normalizePayloadFormat(o.Format.Sctp)
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName         xml.Name    `xml:"entry"`
-	Name            string      `xml:"name,attr"`
-	TagRegistration string      `xml:"tag-registration"`
-	Format          *format_v2  `xml:"format"`
-	Server          *servers_v1 `xml:"server"`
-}
-
-type format_v2 struct {
-	Config   *formatSpec `xml:"config"`
-	System   *formatSpec `xml:"system"`
-	Threat   *formatSpec `xml:"threat"`
-	Traffic  *formatSpec `xml:"traffic"`
-	HipMatch *formatSpec `xml:"hip-match"`
-	Url      *formatSpec `xml:"url"`
-	Data     *formatSpec `xml:"data"`
-	Wildfire *formatSpec `xml:"wildfire"`
-	Tunnel   *formatSpec `xml:"tunnel"`
-	UserId   *formatSpec `xml:"userid"`
-	Gtp      *formatSpec `xml:"gtp"`
-	Auth     *formatSpec `xml:"auth"`
-	Sctp     *formatSpec `xml:"sctp"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:            e.Name,
-		TagRegistration: util.YesNo(e.TagRegistration),
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry_v1, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry_v1{
-				Name:       x.Name,
-				Address:    x.Address,
-				Protocol:   x.Protocol,
-				Port:       x.Port,
-				HttpMethod: x.HttpMethod,
-				Username:   x.Username,
-				Password:   x.Password,
-			})
-		}
-		ans.Server = &servers_v1{Entries: list}
-	}
-
-	if e.Config != nil || e.System != nil || e.Threat != nil || e.Traffic != nil || e.HipMatch != nil || e.Url != nil || e.Data != nil || e.Wildfire != nil || e.Tunnel != nil || e.UserId != nil || e.Gtp != nil || e.Auth != nil || e.Sctp != nil {
-		ans.Format = &format_v2{
-			Config:   specifyPayloadFormat(e.Config),
-			System:   specifyPayloadFormat(e.System),
-			Threat:   specifyPayloadFormat(e.Threat),
-			Traffic:  specifyPayloadFormat(e.Traffic),
-			HipMatch: specifyPayloadFormat(e.HipMatch),
-			Url:      specifyPayloadFormat(e.Url),
-			Data:     specifyPayloadFormat(e.Data),
-			Wildfire: specifyPayloadFormat(e.Wildfire),
-			Tunnel:   specifyPayloadFormat(e.Tunnel),
-			UserId:   specifyPayloadFormat(e.UserId),
-			Gtp:      specifyPayloadFormat(e.Gtp),
-			Auth:     specifyPayloadFormat(e.Auth),
-			Sctp:     specifyPayloadFormat(e.Sctp),
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TagRegistration: util.AsBool(o.TagRegistration),
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:               x.Name,
-				Address:            x.Address,
-				Protocol:           x.Protocol,
-				Port:               x.Port,
-				HttpMethod:         x.HttpMethod,
-				Username:           x.Username,
-				Password:           x.Password,
-				TlsVersion:         x.TlsVersion,
-				CertificateProfile: x.CertificateProfile,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = normalizePayloadFormat(o.Format.Config)
-		ans.System = normalizePayloadFormat(o.Format.System)
-		ans.Threat = normalizePayloadFormat(o.Format.Threat)
-		ans.Traffic = normalizePayloadFormat(o.Format.Traffic)
-		ans.HipMatch = normalizePayloadFormat(o.Format.HipMatch)
-		ans.Url = normalizePayloadFormat(o.Format.Url)
-		ans.Data = normalizePayloadFormat(o.Format.Data)
-		ans.Wildfire = normalizePayloadFormat(o.Format.Wildfire)
-		ans.Tunnel = normalizePayloadFormat(o.Format.Tunnel)
-		ans.UserId = normalizePayloadFormat(o.Format.UserId)
-		ans.Gtp = normalizePayloadFormat(o.Format.Gtp)
-		ans.Auth = normalizePayloadFormat(o.Format.Auth)
-		ans.Sctp = normalizePayloadFormat(o.Format.Sctp)
-		ans.Iptag = normalizePayloadFormat(o.Format.Iptag)
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName         xml.Name    `xml:"entry"`
-	Name            string      `xml:"name,attr"`
-	TagRegistration string      `xml:"tag-registration"`
-	Format          *format_v3  `xml:"format"`
-	Server          *servers_v2 `xml:"server"`
-}
-
-type servers_v2 struct {
-	Entries []serverEntry_v2 `xml:"entry"`
-}
-
-type serverEntry_v2 struct {
-	XMLName            xml.Name `xml:"entry"`
-	Name               string   `xml:"name,attr"`
-	Address            string   `xml:"address"`
-	Protocol           string   `xml:"protocol,omitempty"`
-	Port               int      `xml:"port,omitempty"`
-	HttpMethod         string   `xml:"http-method"`
-	Username           string   `xml:"username,omitempty"`
-	Password           string   `xml:"password,omitempty"`
-	TlsVersion         string   `xml:"tls-version,omitempty"`
-	CertificateProfile string   `xml:"certificate-profile,omitempty"`
-}
-
-func (e *serverEntry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry_v2
-	ans := local{
-		TlsVersion:         "1.2",
-		CertificateProfile: "None",
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry_v2(ans)
-	return nil
-}
-
-type format_v3 struct {
-	Config   *formatSpec `xml:"config"`
-	System   *formatSpec `xml:"system"`
-	Threat   *formatSpec `xml:"threat"`
-	Traffic  *formatSpec `xml:"traffic"`
-	HipMatch *formatSpec `xml:"hip-match"`
-	Url      *formatSpec `xml:"url"`
-	Data     *formatSpec `xml:"data"`
-	Wildfire *formatSpec `xml:"wildfire"`
-	Tunnel   *formatSpec `xml:"tunnel"`
-	UserId   *formatSpec `xml:"userid"`
-	Gtp      *formatSpec `xml:"gtp"`
-	Auth     *formatSpec `xml:"auth"`
-	Sctp     *formatSpec `xml:"sctp"`
-	Iptag    *formatSpec `xml:"iptag"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:            e.Name,
-		TagRegistration: util.YesNo(e.TagRegistration),
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry_v2, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry_v2{
-				Name:               x.Name,
-				Address:            x.Address,
-				Protocol:           x.Protocol,
-				Port:               x.Port,
-				HttpMethod:         x.HttpMethod,
-				Username:           x.Username,
-				Password:           x.Password,
-				TlsVersion:         x.TlsVersion,
-				CertificateProfile: x.CertificateProfile,
-			})
-		}
-		ans.Server = &servers_v2{Entries: list}
-	}
-
-	if e.Config != nil || e.System != nil || e.Threat != nil || e.Traffic != nil || e.HipMatch != nil || e.Url != nil || e.Data != nil || e.Wildfire != nil || e.Tunnel != nil || e.UserId != nil || e.Gtp != nil || e.Auth != nil || e.Sctp != nil || e.Iptag != nil {
-		ans.Format = &format_v3{
-			Config:   specifyPayloadFormat(e.Config),
-			System:   specifyPayloadFormat(e.System),
-			Threat:   specifyPayloadFormat(e.Threat),
-			Traffic:  specifyPayloadFormat(e.Traffic),
-			HipMatch: specifyPayloadFormat(e.HipMatch),
-			Url:      specifyPayloadFormat(e.Url),
-			Data:     specifyPayloadFormat(e.Data),
-			Wildfire: specifyPayloadFormat(e.Wildfire),
-			Tunnel:   specifyPayloadFormat(e.Tunnel),
-			UserId:   specifyPayloadFormat(e.UserId),
-			Gtp:      specifyPayloadFormat(e.Gtp),
-			Auth:     specifyPayloadFormat(e.Auth),
-			Sctp:     specifyPayloadFormat(e.Sctp),
-			Iptag:    specifyPayloadFormat(e.Iptag),
-		}
-	}
-
-	return ans
-}
diff --git a/dev/profile/http/funcs.go b/dev/profile/http/funcs.go
deleted file mode 100644
index e390b8e5..00000000
--- a/dev/profile/http/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package http
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/http/fw.go b/dev/profile/http/fw.go
deleted file mode 100644
index 90e40b66..00000000
--- a/dev/profile/http/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package http
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.EmailServerProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"http",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/http/fw_test.go b/dev/profile/http/fw_test.go
deleted file mode 100644
index f9b3a60c..00000000
--- a/dev/profile/http/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package http
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/http/pano.go b/dev/profile/http/pano.go
deleted file mode 100644
index b60e9529..00000000
--- a/dev/profile/http/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package http
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.EmailServerProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"log-settings",
-		"http",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/http/pano_test.go b/dev/profile/http/pano_test.go
deleted file mode 100644
index b0b97c36..00000000
--- a/dev/profile/http/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package http
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/http/testdata_test.go b/dev/profile/http/testdata_test.go
deleted file mode 100644
index 7e9995b3..00000000
--- a/dev/profile/http/testdata_test.go
+++ /dev/null
@@ -1,1324 +0,0 @@
-package http
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 tag reg", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "foo",
-			TagRegistration: true,
-		}},
-		{"v1 with servers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Servers: []Server{
-				{
-					Name:       "t1",
-					Address:    "http.example.com",
-					Protocol:   ProtocolHttps,
-					Port:       443,
-					HttpMethod: "POST",
-					Username:   "someuser",
-					Password:   "somepasswd",
-				},
-			},
-		}},
-		{"v1 config", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 config with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 config with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 system", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 system with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 system with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 threat", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 threat with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 threat with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 traffic", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 traffic with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 traffic with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 hip match", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 hip match with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 hip match with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 url", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 url with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 url with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 data", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 data with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 data with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 wildfire", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 wildfire with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 wildfire with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 tunnel", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 tunnel with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 tunnel with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 user id", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 user id with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 user id with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 gtp", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 gtp with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 gtp with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v1 auth", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v1 auth with headers", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v1 auth with params", version.Number{7, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-
-		// v2
-		{"v2 tag reg", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "foo",
-			TagRegistration: true,
-		}},
-		{"v2 with servers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Servers: []Server{
-				{
-					Name:       "t1",
-					Address:    "http.example.com",
-					Protocol:   ProtocolHttps,
-					Port:       443,
-					HttpMethod: "POST",
-					Username:   "someuser",
-					Password:   "somepasswd",
-				},
-			},
-		}},
-		{"v2 config", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 config with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 config with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 system", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 system with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 system with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 threat", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 threat with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 threat with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 traffic", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 traffic with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 traffic with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 hip match", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 hip match with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 hip match with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 url", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 url with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 url with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 data", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 data with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 data with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 wildfire", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 wildfire with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 wildfire with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 tunnel", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 tunnel with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 tunnel with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 user id", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 user id with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 user id with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 gtp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 gtp with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 gtp with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 auth", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 auth with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 auth with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v2 sctp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v2 sctp with headers", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v2 sctp with params", version.Number{8, 1, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-
-		// v3
-		{"v3 tag reg", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "foo",
-			TagRegistration: true,
-		}},
-		{"v3 with servers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Servers: []Server{
-				{
-					Name:               "t1",
-					Address:            "http.example.com",
-					Protocol:           ProtocolHttps,
-					Port:               443,
-					HttpMethod:         "POST",
-					Username:           "someuser",
-					Password:           "somepasswd",
-					TlsVersion:         "1.2",
-					CertificateProfile: "cert-profile",
-				},
-			},
-		}},
-		{"v3 config", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 config with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 config with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Config: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 system", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 system with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 system with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			System: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 threat", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 threat with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 threat with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Threat: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 traffic", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 traffic with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 traffic with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Traffic: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 hip match", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 hip match with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 hip match with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			HipMatch: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 url", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 url with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 url with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Url: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 data", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 data with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 data with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Data: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 wildfire", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 wildfire with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 wildfire with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Wildfire: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 tunnel", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 tunnel with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 tunnel with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Tunnel: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 user id", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 user id with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 user id with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			UserId: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 gtp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 gtp with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 gtp with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Gtp: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 auth", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 auth with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 auth with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Auth: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 sctp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 sctp with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 sctp with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Sctp: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-		{"v3 iptag", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Iptag: &PayloadFormat{
-				Name:      "the name",
-				UriFormat: "uri format",
-				Payload:   "payload",
-			},
-		}},
-		{"v3 iptag with headers", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Iptag: &PayloadFormat{
-				Name: "the name",
-				Headers: []Header{
-					{
-						Name:  "Content-Type",
-						Value: "application/json",
-					},
-				},
-			},
-		}},
-		{"v3 iptag with params", version.Number{9, 0, 0, ""}, Entry{
-			Name: "foo",
-			Iptag: &PayloadFormat{
-				Name: "the name",
-				Parameters: []Parameter{
-					{
-						Name:  "SplunkId",
-						Value: "secret",
-					},
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/profile/kerberos/const.go b/dev/profile/kerberos/const.go
deleted file mode 100644
index 66fbd98e..00000000
--- a/dev/profile/kerberos/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package kerberos
-
-const (
-	singular = "kerberos profile"
-	plural   = "kerberos profiles"
-)
diff --git a/dev/profile/kerberos/doc.go b/dev/profile/kerberos/doc.go
deleted file mode 100644
index 55323678..00000000
--- a/dev/profile/kerberos/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package kerberos is the client.Device.KerberosProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-PAN-OS 7.0+
-
-Normalized object:  Entry
-*/
-package kerberos
diff --git a/dev/profile/kerberos/entry.go b/dev/profile/kerberos/entry.go
deleted file mode 100644
index 79f4d554..00000000
--- a/dev/profile/kerberos/entry.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package kerberos
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// Kerberos profile.
-//
-// PAN-OS 7.0+
-type Entry struct {
-	Name         string
-	AdminUseOnly bool
-	Servers      []Server
-}
-
-type Server struct {
-	Name   string
-	Server string
-	Port   int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AdminUseOnly = s.AdminUseOnly
-
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	AdminUseOnly string   `xml:"admin-use-only"`
-	Servers      *servers `xml:"server"`
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		AdminUseOnly: util.AsBool(o.AdminUseOnly),
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-type servers struct {
-	Entries []serverEntry `xml:"entry"`
-}
-
-type serverEntry struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Server  string   `xml:"host"`
-	Port    int      `xml:"port,omitempty"`
-}
-
-func (e *serverEntry) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry
-	ans := local{
-		Port: 88,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:         e.Name,
-		AdminUseOnly: util.YesNo(e.AdminUseOnly),
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
diff --git a/dev/profile/kerberos/funcs.go b/dev/profile/kerberos/funcs.go
deleted file mode 100644
index cae00805..00000000
--- a/dev/profile/kerberos/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package kerberos
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/kerberos/fw.go b/dev/profile/kerberos/fw.go
deleted file mode 100644
index 74c7a3c0..00000000
--- a/dev/profile/kerberos/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package kerberos
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.KerberosProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"server-profile",
-		"kerberos",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/kerberos/fw_test.go b/dev/profile/kerberos/fw_test.go
deleted file mode 100644
index e44b1d55..00000000
--- a/dev/profile/kerberos/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package kerberos
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/kerberos/pano.go b/dev/profile/kerberos/pano.go
deleted file mode 100644
index 26ed0a39..00000000
--- a/dev/profile/kerberos/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package kerberos
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.KerberosProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"server-profile",
-		"kerberos",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/kerberos/pano_test.go b/dev/profile/kerberos/pano_test.go
deleted file mode 100644
index 8788b7de..00000000
--- a/dev/profile/kerberos/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package kerberos
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/kerberos/testdata_test.go b/dev/profile/kerberos/testdata_test.go
deleted file mode 100644
index d0cd796e..00000000
--- a/dev/profile/kerberos/testdata_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package kerberos
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:         "basicNoServers",
-			AdminUseOnly: true,
-		}},
-		{"v1 with one server", version.Number{7, 0, 0, ""}, Entry{
-			Name:         "withServer",
-			AdminUseOnly: false,
-			Servers: []Server{
-				{
-					Name:   "first",
-					Server: "first.example.com",
-					Port:   88,
-				},
-			},
-		}},
-		{"v1 with multiple server", version.Number{7, 0, 0, ""}, Entry{
-			Name:         "withServers",
-			AdminUseOnly: true,
-			Servers: []Server{
-				{
-					Name:   "first",
-					Server: "first.example.com",
-					Port:   88,
-				},
-				{
-					Name:   "second",
-					Server: "second.example.com",
-					Port:   1234,
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/profile/ldap/const.go b/dev/profile/ldap/const.go
deleted file mode 100644
index 0bc005c0..00000000
--- a/dev/profile/ldap/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package ldap
-
-const (
-	LdapTypeActiveDirectory = "active-directory"
-	LdapTypeEdirectory      = "e-directory"
-	LdapTypeSun             = "sun"
-	LdapTypeOther           = "other"
-)
-
-const (
-	singular = "ldap profile"
-	plural   = "ldap profiles"
-)
diff --git a/dev/profile/ldap/doc.go b/dev/profile/ldap/doc.go
deleted file mode 100644
index 3f09a7b2..00000000
--- a/dev/profile/ldap/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package ldap is the client.Device.LdapProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-PAN-OS 7.0+
-
-Normalized object:  Entry
-*/
-package ldap
diff --git a/dev/profile/ldap/entry.go b/dev/profile/ldap/entry.go
deleted file mode 100644
index 6e977366..00000000
--- a/dev/profile/ldap/entry.go
+++ /dev/null
@@ -1,218 +0,0 @@
-package ldap
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// radius profile.
-//
-// PAN-OS 7.0+
-type Entry struct {
-	Name                    string
-	AdminUseOnly            bool
-	LdapType                string
-	Ssl                     bool
-	VerifyServerCertificate bool
-	Disabled                bool
-	BaseDn                  string
-	BindDn                  string
-	Password                string
-	BindTimeout             int
-	SearchTimeout           int
-	RetryInterval           int
-	Servers                 []Server
-}
-
-type Server struct {
-	Name   string
-	Server string
-	Port   int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AdminUseOnly = s.AdminUseOnly
-	o.LdapType = s.LdapType
-	o.Ssl = s.Ssl
-	o.VerifyServerCertificate = s.VerifyServerCertificate
-	o.Disabled = s.Disabled
-	o.BaseDn = s.BaseDn
-	o.BindDn = s.BindDn
-	o.Password = s.Password
-	o.BindTimeout = s.BindTimeout
-	o.SearchTimeout = s.SearchTimeout
-	o.RetryInterval = s.RetryInterval
-
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                 xml.Name `xml:"entry"`
-	Name                    string   `xml:"name,attr"`
-	AdminUseOnly            string   `xml:"admin-use-only"`
-	LdapType                string   `xml:"ldap-type,omitempty"`
-	Ssl                     string   `xml:"ssl,omitempty"`
-	VerifyServerCertificate string   `xml:"verify-server-certificate"`
-	Disabled                string   `xml:"disabled"`
-	BaseDn                  string   `xml:"base,omitempty"`
-	BindDn                  string   `xml:"bind-dn,omitempty"`
-	Password                string   `xml:"bind-password,omitempty"`
-	BindTimeout             int      `xml:"bind-timelimit,omitempty"`
-	SearchTimeout           int      `xml:"timelimit,omitempty"`
-	RetryInterval           int      `xml:"retry-interval,omitempty"`
-	Servers                 *servers `xml:"server"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		LdapType:      LdapTypeOther,
-		Ssl:           util.YesNo(true),
-		BindTimeout:   30,
-		SearchTimeout: 30,
-		RetryInterval: 60,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		AdminUseOnly:            util.AsBool(o.AdminUseOnly),
-		LdapType:                o.LdapType,
-		Ssl:                     util.AsBool(o.Ssl),
-		VerifyServerCertificate: util.AsBool(o.VerifyServerCertificate),
-		Disabled:                util.AsBool(o.Disabled),
-		BaseDn:                  o.BaseDn,
-		BindDn:                  o.BindDn,
-		Password:                o.Password,
-		BindTimeout:             o.BindTimeout,
-		SearchTimeout:           o.SearchTimeout,
-		RetryInterval:           o.RetryInterval,
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-type servers struct {
-	Entries []serverEntry `xml:"entry"`
-}
-
-type serverEntry struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Server  string   `xml:"address"`
-	Port    int      `xml:"port,omitempty"`
-}
-
-func (e *serverEntry) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry
-	ans := local{
-		Port: 389,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                    e.Name,
-		AdminUseOnly:            util.YesNo(e.AdminUseOnly),
-		LdapType:                e.LdapType,
-		VerifyServerCertificate: util.YesNo(e.VerifyServerCertificate),
-		Disabled:                util.YesNo(e.Disabled),
-		BaseDn:                  e.BaseDn,
-		BindDn:                  e.BindDn,
-		Password:                e.Password,
-		BindTimeout:             e.BindTimeout,
-		SearchTimeout:           e.SearchTimeout,
-		RetryInterval:           e.RetryInterval,
-	}
-
-	if !e.Ssl {
-		ans.Ssl = util.YesNo(false)
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
diff --git a/dev/profile/ldap/funcs.go b/dev/profile/ldap/funcs.go
deleted file mode 100644
index f90bd3ef..00000000
--- a/dev/profile/ldap/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package ldap
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v1{}, specify_v1
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v1{}, specify_v1
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/ldap/fw.go b/dev/profile/ldap/fw.go
deleted file mode 100644
index 5ded7b8d..00000000
--- a/dev/profile/ldap/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package ldap
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.LdapProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"server-profile",
-		"ldap",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/ldap/fw_test.go b/dev/profile/ldap/fw_test.go
deleted file mode 100644
index 0716065f..00000000
--- a/dev/profile/ldap/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ldap
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/ldap/pano.go b/dev/profile/ldap/pano.go
deleted file mode 100644
index 2e501f82..00000000
--- a/dev/profile/ldap/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package ldap
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.LdapProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"server-profile",
-		"ldap",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/ldap/pano_test.go b/dev/profile/ldap/pano_test.go
deleted file mode 100644
index 907063bb..00000000
--- a/dev/profile/ldap/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ldap
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/ldap/testdata_test.go b/dev/profile/ldap/testdata_test.go
deleted file mode 100644
index f25042f8..00000000
--- a/dev/profile/ldap/testdata_test.go
+++ /dev/null
@@ -1,56 +0,0 @@
-package ldap
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:                    "v1 no servers",
-			AdminUseOnly:            true,
-			LdapType:                LdapTypeOther,
-			Ssl:                     false,
-			VerifyServerCertificate: true,
-			Disabled:                false,
-			BaseDn:                  "baseDn",
-			BindDn:                  "bindDn",
-			Password:                "secret",
-			BindTimeout:             1,
-			SearchTimeout:           2,
-			RetryInterval:           3,
-		}},
-		{"v1 with servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:                    "v1 with servers",
-			AdminUseOnly:            false,
-			LdapType:                LdapTypeEdirectory,
-			Ssl:                     true,
-			VerifyServerCertificate: false,
-			Disabled:                true,
-			BaseDn:                  "baseDn",
-			BindDn:                  "bindDn",
-			Password:                "secret",
-			BindTimeout:             10,
-			SearchTimeout:           20,
-			RetryInterval:           30,
-			Servers: []Server{
-				{
-					Name:   "first",
-					Server: "first.example.com",
-					Port:   123,
-				},
-				{
-					Name:   "second",
-					Server: "second.example.com",
-					Port:   389,
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/profile/radius/const.go b/dev/profile/radius/const.go
deleted file mode 100644
index be7daf6e..00000000
--- a/dev/profile/radius/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package radius
-
-const (
-	singular = "radius profile"
-	plural   = "radius profiles"
-)
diff --git a/dev/profile/radius/doc.go b/dev/profile/radius/doc.go
deleted file mode 100644
index b36f38ef..00000000
--- a/dev/profile/radius/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package radius is the client.Device.RadiusProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-PAN-OS 7.0+
-
-Normalized object:  Entry
-*/
-package radius
diff --git a/dev/profile/radius/entry.go b/dev/profile/radius/entry.go
deleted file mode 100644
index d8ae5278..00000000
--- a/dev/profile/radius/entry.go
+++ /dev/null
@@ -1,505 +0,0 @@
-package radius
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// radius profile.
-//
-// PAN-OS 7.0+
-type Entry struct {
-	Name         string
-	AdminUseOnly bool
-	Timeout      int
-	Retries      int
-	Servers      []Server
-	Protocol     Protocol // 8.0
-}
-
-type Server struct {
-	Name   string
-	Server string
-	Secret string // encrypted
-	Port   int
-}
-
-type Protocol struct {
-	Chap           bool
-	Pap            bool
-	Auto           bool            // 8.0, removed in 8.1
-	PeapMschapv2   *PeapMschapv2   // 8.1
-	PeapWithGtc    *PeapWithGtc    // 8.1
-	EapTtlsWithPap *EapTtlsWithPap // 8.1
-}
-
-type PeapMschapv2 struct {
-	MakeOuterIdentityAnonymous bool
-	AllowExpiredPasswordChange bool
-	CertificateProfile         string
-}
-
-type PeapWithGtc struct {
-	MakeOuterIdentityAnonymous bool
-	CertificateProfile         string
-}
-
-type EapTtlsWithPap struct {
-	MakeOuterIdentityAnonymous bool
-	CertificateProfile         string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AdminUseOnly = s.AdminUseOnly
-	o.Timeout = s.Timeout
-	o.Retries = s.Retries
-
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-	}
-
-	switch {
-	case s.Protocol.Chap:
-		o.Protocol = Protocol{Chap: true}
-	case s.Protocol.Pap:
-		o.Protocol = Protocol{Pap: true}
-	case s.Protocol.Auto:
-		o.Protocol = Protocol{Auto: true}
-	case s.Protocol.PeapMschapv2 != nil:
-		o.Protocol = Protocol{PeapMschapv2: &PeapMschapv2{
-			MakeOuterIdentityAnonymous: s.Protocol.PeapMschapv2.MakeOuterIdentityAnonymous,
-			AllowExpiredPasswordChange: s.Protocol.PeapMschapv2.AllowExpiredPasswordChange,
-			CertificateProfile:         s.Protocol.PeapMschapv2.CertificateProfile,
-		}}
-	case s.Protocol.PeapWithGtc != nil:
-		o.Protocol = Protocol{PeapWithGtc: &PeapWithGtc{
-			MakeOuterIdentityAnonymous: s.Protocol.PeapWithGtc.MakeOuterIdentityAnonymous,
-			CertificateProfile:         s.Protocol.PeapWithGtc.CertificateProfile,
-		}}
-	case s.Protocol.EapTtlsWithPap != nil:
-		o.Protocol = Protocol{EapTtlsWithPap: &EapTtlsWithPap{
-			MakeOuterIdentityAnonymous: s.Protocol.EapTtlsWithPap.MakeOuterIdentityAnonymous,
-			CertificateProfile:         s.Protocol.EapTtlsWithPap.CertificateProfile,
-		}}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	AdminUseOnly string   `xml:"admin-use-only"`
-	Timeout      int      `xml:"timeout,omitempty"`
-	Retries      int      `xml:"retries,omitempty"`
-	Servers      *servers `xml:"server"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		Timeout: 3,
-		Retries: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		AdminUseOnly: util.AsBool(o.AdminUseOnly),
-		Timeout:      o.Timeout,
-		Retries:      o.Retries,
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-type servers struct {
-	Entries []serverEntry `xml:"entry"`
-}
-
-type serverEntry struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Server  string   `xml:"ip-address"`
-	Secret  string   `xml:"secret"`
-	Port    int      `xml:"port,omitempty"`
-}
-
-func (e *serverEntry) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry
-	ans := local{
-		Port: 1812,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:         e.Name,
-		AdminUseOnly: util.YesNo(e.AdminUseOnly),
-		Timeout:      e.Timeout,
-		Retries:      e.Retries,
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	AdminUseOnly string   `xml:"admin-use-only"`
-	Timeout      int      `xml:"timeout,omitempty"`
-	Retries      int      `xml:"retries,omitempty"`
-	Servers      *servers `xml:"server"`
-	Protocol     string   `xml:"protocol"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		Timeout: 3,
-		Retries: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		AdminUseOnly: util.AsBool(o.AdminUseOnly),
-		Timeout:      o.Timeout,
-		Retries:      o.Retries,
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	switch o.Protocol {
-	case "CHAP":
-		ans.Protocol = Protocol{Chap: true}
-	case "PAP":
-		ans.Protocol = Protocol{Pap: true}
-	case "Auto":
-		ans.Protocol = Protocol{Auto: true}
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:         e.Name,
-		AdminUseOnly: util.YesNo(e.AdminUseOnly),
-		Timeout:      e.Timeout,
-		Retries:      e.Retries,
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	switch {
-	case e.Protocol.Chap:
-		ans.Protocol = "CHAP"
-	case e.Protocol.Pap:
-		ans.Protocol = "PAP"
-	case e.Protocol.Auto:
-		ans.Protocol = "Auto"
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	AdminUseOnly string   `xml:"admin-use-only"`
-	Timeout      int      `xml:"timeout,omitempty"`
-	Retries      int      `xml:"retries,omitempty"`
-	Servers      *servers `xml:"server"`
-	Protocol     protocol `xml:"protocol"`
-}
-
-type protocol struct {
-	Chap           *string         `xml:"CHAP"`
-	Pap            *string         `xml:"PAP"`
-	PeapMschapv2   *peapMschapv2   `xml:"PEAP-MSCHAPv2"`
-	PeapWithGtc    *peapWithGtc    `xml:"PEAP-with-GTC"`
-	EapTtlsWithPap *eapTtlsWithPap `xml:"EAP-TTLS-with-PAP"`
-}
-
-type peapMschapv2 struct {
-	MakeOuterIdentityAnonymous string `xml:"anon-outer-id"`
-	AllowExpiredPasswordChange string `xml:"allow-pwd-change"`
-	CertificateProfile         string `xml:"radius-cert-profile"`
-}
-
-type peapWithGtc struct {
-	MakeOuterIdentityAnonymous string `xml:"anon-outer-id"`
-	CertificateProfile         string `xml:"radius-cert-profile"`
-}
-
-type eapTtlsWithPap struct {
-	MakeOuterIdentityAnonymous string `xml:"anon-outer-id"`
-	CertificateProfile         string `xml:"radius-cert-profile"`
-}
-
-func (e *entry_v3) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v3
-	ans := local{
-		Timeout: 3,
-		Retries: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v3(ans)
-	return nil
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		AdminUseOnly: util.AsBool(o.AdminUseOnly),
-		Timeout:      o.Timeout,
-		Retries:      o.Retries,
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	switch {
-	case o.Protocol.Chap != nil:
-		ans.Protocol = Protocol{Chap: true}
-	case o.Protocol.Pap != nil:
-		ans.Protocol = Protocol{Pap: true}
-	case o.Protocol.PeapMschapv2 != nil:
-		ans.Protocol = Protocol{PeapMschapv2: &PeapMschapv2{
-			MakeOuterIdentityAnonymous: util.AsBool(o.Protocol.PeapMschapv2.MakeOuterIdentityAnonymous),
-			AllowExpiredPasswordChange: util.AsBool(o.Protocol.PeapMschapv2.AllowExpiredPasswordChange),
-			CertificateProfile:         o.Protocol.PeapMschapv2.CertificateProfile,
-		}}
-	case o.Protocol.PeapWithGtc != nil:
-		ans.Protocol = Protocol{PeapWithGtc: &PeapWithGtc{
-			MakeOuterIdentityAnonymous: util.AsBool(o.Protocol.PeapWithGtc.MakeOuterIdentityAnonymous),
-			CertificateProfile:         o.Protocol.PeapWithGtc.CertificateProfile,
-		}}
-	case o.Protocol.EapTtlsWithPap != nil:
-		ans.Protocol = Protocol{EapTtlsWithPap: &EapTtlsWithPap{
-			MakeOuterIdentityAnonymous: util.AsBool(o.Protocol.EapTtlsWithPap.MakeOuterIdentityAnonymous),
-			CertificateProfile:         o.Protocol.EapTtlsWithPap.CertificateProfile,
-		}}
-	}
-
-	return ans
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:         e.Name,
-		AdminUseOnly: util.YesNo(e.AdminUseOnly),
-		Timeout:      e.Timeout,
-		Retries:      e.Retries,
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	s := ""
-	switch {
-	case e.Protocol.Chap:
-		ans.Protocol.Chap = &s
-	case e.Protocol.Pap:
-		ans.Protocol.Pap = &s
-	case e.Protocol.PeapMschapv2 != nil:
-		ans.Protocol.PeapMschapv2 = &peapMschapv2{
-			MakeOuterIdentityAnonymous: util.YesNo(e.Protocol.PeapMschapv2.MakeOuterIdentityAnonymous),
-			AllowExpiredPasswordChange: util.YesNo(e.Protocol.PeapMschapv2.AllowExpiredPasswordChange),
-			CertificateProfile:         e.Protocol.PeapMschapv2.CertificateProfile,
-		}
-	case e.Protocol.PeapWithGtc != nil:
-		ans.Protocol.PeapWithGtc = &peapWithGtc{
-			MakeOuterIdentityAnonymous: util.YesNo(e.Protocol.PeapWithGtc.MakeOuterIdentityAnonymous),
-			CertificateProfile:         e.Protocol.PeapWithGtc.CertificateProfile,
-		}
-	case e.Protocol.EapTtlsWithPap != nil:
-		ans.Protocol.EapTtlsWithPap = &eapTtlsWithPap{
-			MakeOuterIdentityAnonymous: util.YesNo(e.Protocol.EapTtlsWithPap.MakeOuterIdentityAnonymous),
-			CertificateProfile:         e.Protocol.EapTtlsWithPap.CertificateProfile,
-		}
-	}
-
-	return ans
-}
diff --git a/dev/profile/radius/funcs.go b/dev/profile/radius/funcs.go
deleted file mode 100644
index 6dfe2820..00000000
--- a/dev/profile/radius/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package radius
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/radius/fw.go b/dev/profile/radius/fw.go
deleted file mode 100644
index 6656aa97..00000000
--- a/dev/profile/radius/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package radius
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.RadiusProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"server-profile",
-		"radius",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/radius/fw_test.go b/dev/profile/radius/fw_test.go
deleted file mode 100644
index 572bae1f..00000000
--- a/dev/profile/radius/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package radius
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/radius/pano.go b/dev/profile/radius/pano.go
deleted file mode 100644
index 8ccfacbc..00000000
--- a/dev/profile/radius/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package radius
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.RadiusProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"server-profile",
-		"radius",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/radius/pano_test.go b/dev/profile/radius/pano_test.go
deleted file mode 100644
index fae37f5f..00000000
--- a/dev/profile/radius/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package radius
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/radius/testdata_test.go b/dev/profile/radius/testdata_test.go
deleted file mode 100644
index 2f57c0fe..00000000
--- a/dev/profile/radius/testdata_test.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package radius
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:    "basicNoServers",
-			Timeout: 5,
-			Retries: 4,
-		}},
-		{"v1 with servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:         "basicWithServers",
-			AdminUseOnly: true,
-			Timeout:      5,
-			Retries:      4,
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-			},
-		}},
-		{"v2 chap protocol", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "chapProtocol",
-			Timeout:  5,
-			Retries:  4,
-			Protocol: Protocol{Chap: true},
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-				{
-					Name:   "srvr2",
-					Server: "second.example.com",
-					Secret: "wish",
-					Port:   1234,
-				},
-			},
-		}},
-		{"v2 pap protocol", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "papProtocol",
-			Timeout:  5,
-			Retries:  4,
-			Protocol: Protocol{Pap: true},
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-			},
-		}},
-		{"v2 auto protocol", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "autoProtocol",
-			Timeout:  2,
-			Retries:  3,
-			Protocol: Protocol{Auto: true},
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-			},
-		}},
-		{"v3 chap protocol", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "chapProtocol",
-			Timeout:  5,
-			Retries:  4,
-			Protocol: Protocol{Chap: true},
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-				{
-					Name:   "srvr2",
-					Server: "second.example.com",
-					Secret: "wish",
-					Port:   1234,
-				},
-			},
-		}},
-		{"v3 pap protocol", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "papProtocol",
-			Timeout:  5,
-			Retries:  4,
-			Protocol: Protocol{Pap: true},
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   1812,
-				},
-			},
-		}},
-		{"v3 peapmschapv2 with ident anon", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "peapmschapv2",
-			Timeout: 5,
-			Retries: 4,
-			Protocol: Protocol{PeapMschapv2: &PeapMschapv2{
-				MakeOuterIdentityAnonymous: true,
-				AllowExpiredPasswordChange: false,
-				CertificateProfile:         "myCert",
-			}},
-		}},
-		{"v3 peapmschapv2 with passwd change", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "peapmschapv2",
-			Timeout: 5,
-			Retries: 4,
-			Protocol: Protocol{PeapMschapv2: &PeapMschapv2{
-				MakeOuterIdentityAnonymous: false,
-				AllowExpiredPasswordChange: true,
-				CertificateProfile:         "myCert",
-			}},
-		}},
-		{"v3 peapwithgtc", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "peapgtc",
-			Timeout: 5,
-			Retries: 4,
-			Protocol: Protocol{PeapWithGtc: &PeapWithGtc{
-				MakeOuterIdentityAnonymous: true,
-				CertificateProfile:         "myCert",
-			}},
-		}},
-		{"v3 eapttlswithpap", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "eapttlswithpap",
-			Timeout: 5,
-			Retries: 4,
-			Protocol: Protocol{EapTtlsWithPap: &EapTtlsWithPap{
-				MakeOuterIdentityAnonymous: true,
-				CertificateProfile:         "myCert",
-			}},
-		}},
-	}
-}
diff --git a/dev/profile/saml/const.go b/dev/profile/saml/const.go
deleted file mode 100644
index 244805a6..00000000
--- a/dev/profile/saml/const.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package saml
-
-const (
-	BindingPost     = "post"
-	BindingRedirect = "redirect"
-)
-
-const (
-	singular = "saml identity provider profile"
-	plural   = "saml identity provider profiles"
-)
diff --git a/dev/profile/saml/doc.go b/dev/profile/saml/doc.go
deleted file mode 100644
index ba6b5804..00000000
--- a/dev/profile/saml/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package saml is the client.Device.SamlProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-PAN-OS 8.0+
-
-Normalized object:  Entry
-*/
-package saml
diff --git a/dev/profile/saml/entry.go b/dev/profile/saml/entry.go
deleted file mode 100644
index bfd83a4b..00000000
--- a/dev/profile/saml/entry.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package saml
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// SAML identity provider profile.
-//
-// PAN-OS 8.0+
-type Entry struct {
-	Name                                string
-	AdminUseOnly                        bool
-	IdentityProviderId                  string
-	IdentityProviderCertificate         string // Required in PAN-OS 10.0+
-	SsoUrl                              string
-	SsoBinding                          string
-	SloUrl                              string
-	SloBinding                          string
-	ValidateIdentityProviderCertificate bool
-	SignSamlMessage                     bool
-	MaxClockSkew                        int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AdminUseOnly = s.AdminUseOnly
-	o.IdentityProviderId = s.IdentityProviderId
-	o.IdentityProviderCertificate = s.IdentityProviderCertificate
-	o.SsoUrl = s.SsoUrl
-	o.SsoBinding = s.SsoBinding
-	o.SloUrl = s.SloUrl
-	o.SloBinding = s.SloBinding
-	o.ValidateIdentityProviderCertificate = s.ValidateIdentityProviderCertificate
-	o.SignSamlMessage = s.SignSamlMessage
-	o.MaxClockSkew = s.MaxClockSkew
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                             xml.Name `xml:"entry"`
-	Name                                string   `xml:"name,attr"`
-	AdminUseOnly                        string   `xml:"admin-use-only"`
-	IdentityProviderId                  string   `xml:"entity-id"`
-	IdentityProviderCertificate         string   `xml:"certificate"`
-	SsoUrl                              string   `xml:"sso-url"`
-	SsoBinding                          string   `xml:"sso-bindings"`
-	SloUrl                              string   `xml:"slo-url,omitempty"`
-	SloBinding                          string   `xml:"slo-bindings,omitempty"`
-	ValidateIdentityProviderCertificate string   `xml:"validate-idp-certificate"`
-	SignSamlMessage                     string   `xml:"want-auth-requests-signed"`
-	MaxClockSkew                        int      `xml:"max-clock-skew,omitempty"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		SloBinding:                          BindingPost,
-		ValidateIdentityProviderCertificate: util.YesNo(true),
-		SignSamlMessage:                     util.YesNo(true),
-		MaxClockSkew:                        60,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                                o.Name,
-		AdminUseOnly:                        util.AsBool(o.AdminUseOnly),
-		IdentityProviderId:                  o.IdentityProviderId,
-		IdentityProviderCertificate:         o.IdentityProviderCertificate,
-		SsoUrl:                              o.SsoUrl,
-		SsoBinding:                          o.SsoBinding,
-		SloUrl:                              o.SloUrl,
-		SloBinding:                          o.SloBinding,
-		ValidateIdentityProviderCertificate: util.AsBool(o.ValidateIdentityProviderCertificate),
-		SignSamlMessage:                     util.AsBool(o.SignSamlMessage),
-		MaxClockSkew:                        o.MaxClockSkew,
-	}
-
-	return ans
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                                e.Name,
-		AdminUseOnly:                        util.YesNo(e.AdminUseOnly),
-		IdentityProviderId:                  e.IdentityProviderId,
-		IdentityProviderCertificate:         e.IdentityProviderCertificate,
-		SsoUrl:                              e.SsoUrl,
-		SsoBinding:                          e.SsoBinding,
-		SloUrl:                              e.SloUrl,
-		SloBinding:                          e.SloBinding,
-		ValidateIdentityProviderCertificate: util.YesNo(e.ValidateIdentityProviderCertificate),
-		SignSamlMessage:                     util.YesNo(e.SignSamlMessage),
-		MaxClockSkew:                        e.MaxClockSkew,
-	}
-
-	return ans
-}
diff --git a/dev/profile/saml/funcs.go b/dev/profile/saml/funcs.go
deleted file mode 100644
index 2a5abf10..00000000
--- a/dev/profile/saml/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package saml
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v1{}, specify_v1
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/saml/fw.go b/dev/profile/saml/fw.go
deleted file mode 100644
index 2b2fdc22..00000000
--- a/dev/profile/saml/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package saml
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.SamlProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"server-profile",
-		"saml-idp",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/saml/fw_test.go b/dev/profile/saml/fw_test.go
deleted file mode 100644
index c45fa7ed..00000000
--- a/dev/profile/saml/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package saml
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/saml/pano.go b/dev/profile/saml/pano.go
deleted file mode 100644
index b927db8d..00000000
--- a/dev/profile/saml/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package saml
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.SamlProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"server-profile",
-		"saml-idp",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/saml/pano_test.go b/dev/profile/saml/pano_test.go
deleted file mode 100644
index 023b56dc..00000000
--- a/dev/profile/saml/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package saml
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/saml/testdata_test.go b/dev/profile/saml/testdata_test.go
deleted file mode 100644
index f407080f..00000000
--- a/dev/profile/saml/testdata_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package saml
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 admin use only", version.Number{8, 0, 0, ""}, Entry{
-			Name:                                "v1 admin use only",
-			AdminUseOnly:                        true,
-			IdentityProviderId:                  "idpId",
-			IdentityProviderCertificate:         "idpCert",
-			SsoUrl:                              "ssoUrl",
-			SsoBinding:                          BindingPost,
-			SloUrl:                              "sloUrl",
-			SloBinding:                          BindingRedirect,
-			ValidateIdentityProviderCertificate: false,
-			SignSamlMessage:                     false,
-			MaxClockSkew:                        60,
-		}},
-		{"v1 validate identity provider certificate", version.Number{8, 0, 0, ""}, Entry{
-			Name:                                "v1 validate identity provider certificate",
-			AdminUseOnly:                        false,
-			IdentityProviderId:                  "idpId",
-			IdentityProviderCertificate:         "idpCert",
-			SsoUrl:                              "ssoUrl",
-			SsoBinding:                          BindingRedirect,
-			SloUrl:                              "sloUrl",
-			SloBinding:                          BindingPost,
-			ValidateIdentityProviderCertificate: true,
-			SignSamlMessage:                     false,
-			MaxClockSkew:                        50,
-		}},
-		{"v1 sign saml message", version.Number{8, 0, 0, ""}, Entry{
-			Name:                                "v1 sign saml message",
-			AdminUseOnly:                        false,
-			IdentityProviderId:                  "idpId",
-			IdentityProviderCertificate:         "idpCert",
-			SsoUrl:                              "ssoUrl",
-			SsoBinding:                          BindingPost,
-			SloUrl:                              "sloUrl",
-			SloBinding:                          BindingPost,
-			ValidateIdentityProviderCertificate: false,
-			SignSamlMessage:                     true,
-			MaxClockSkew:                        40,
-		}},
-	}
-}
diff --git a/dev/profile/snmp/const.go b/dev/profile/snmp/const.go
deleted file mode 100644
index 2308e90b..00000000
--- a/dev/profile/snmp/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package snmp
-
-// Valid values for SnmpVersion.
-const (
-	SnmpVersionV2c = "v2c"
-	SnmpVersionV3  = "v3"
-)
-
-const (
-	singular = "snmptrap profile"
-	plural   = "snmptrap profiles"
-)
diff --git a/dev/profile/snmp/doc.go b/dev/profile/snmp/doc.go
deleted file mode 100644
index bd05441a..00000000
--- a/dev/profile/snmp/doc.go
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
-Package snmp is the client.Object.SnmpServerProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl" and "ts" params empty and
-set "dg" to "shared" (which is also the default).
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Normalized object:  Entry
-*/
-package snmp
diff --git a/dev/profile/snmp/entry.go b/dev/profile/snmp/entry.go
deleted file mode 100644
index fab60f10..00000000
--- a/dev/profile/snmp/entry.go
+++ /dev/null
@@ -1,201 +0,0 @@
-package snmp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a snmptrap profile.
-//
-// PAN-OS 7.1+.
-type Entry struct {
-	Name       string
-	V2cServers []V2cServer
-	V3Servers  []V3Server
-}
-
-// V2cServer is a snmpv2 server.
-type V2cServer struct {
-	Name      string
-	Manager   string
-	Community string
-}
-
-// V3Server is a snmpv3 server.
-type V3Server struct {
-	Name         string
-	Manager      string
-	User         string
-	EngineId     string
-	AuthPassword string // encrypted
-	PrivPassword string // encrypted
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	if s.V2cServers == nil {
-		o.V2cServers = nil
-	} else {
-		o.V2cServers = make([]V2cServer, 0, len(s.V2cServers))
-		for _, x := range s.V2cServers {
-			o.V2cServers = append(o.V2cServers, V2cServer{
-				Name:      x.Name,
-				Manager:   x.Manager,
-				Community: x.Community,
-			})
-		}
-	}
-	if s.V3Servers == nil {
-		o.V3Servers = nil
-	} else {
-		o.V3Servers = make([]V3Server, 0, len(s.V3Servers))
-		for _, x := range s.V3Servers {
-			o.V3Servers = append(o.V3Servers, V3Server{
-				Name:         x.Name,
-				Manager:      x.Manager,
-				User:         x.User,
-				EngineId:     x.EngineId,
-				AuthPassword: x.AuthPassword,
-				PrivPassword: x.PrivPassword,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.V2c != nil {
-		list := make([]V2cServer, 0, len(o.V2c.Entries))
-		for _, x := range o.V2c.Entries {
-			list = append(list, V2cServer{
-				Name:      x.Name,
-				Manager:   x.Manager,
-				Community: x.Community,
-			})
-		}
-		ans.V2cServers = list
-	}
-
-	if o.V3 != nil {
-		list := make([]V3Server, 0, len(o.V3.Entries))
-		for _, x := range o.V3.Entries {
-			list = append(list, V3Server{
-				Name:         x.Name,
-				Manager:      x.Manager,
-				User:         x.User,
-				EngineId:     x.EngineId,
-				AuthPassword: x.AuthPassword,
-				PrivPassword: x.PrivPassword,
-			})
-		}
-		ans.V3Servers = list
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	V2c     *v2cs    `xml:"version>v2c"`
-	V3      *v3s     `xml:"version>v3"`
-}
-
-type v2cs struct {
-	Entries []v2cEntry `xml:"server>entry"`
-}
-
-type v2cEntry struct {
-	XMLName   xml.Name `xml:"entry"`
-	Name      string   `xml:"name,attr"`
-	Manager   string   `xml:"manager"`
-	Community string   `xml:"community"`
-}
-
-type v3s struct {
-	Entries []v3Entry `xml:"server>entry"`
-}
-
-type v3Entry struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	Manager      string   `xml:"manager"`
-	User         string   `xml:"user"`
-	EngineId     string   `xml:"engineid,omitempty"`
-	AuthPassword string   `xml:"authpwd"`
-	PrivPassword string   `xml:"privpwd"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if len(e.V2cServers) > 0 {
-		list := make([]v2cEntry, 0, len(e.V2cServers))
-		for _, x := range e.V2cServers {
-			list = append(list, v2cEntry{
-				Name:      x.Name,
-				Manager:   x.Manager,
-				Community: x.Community,
-			})
-		}
-		ans.V2c = &v2cs{Entries: list}
-	}
-
-	if len(e.V3Servers) > 0 {
-		list := make([]v3Entry, 0, len(e.V3Servers))
-		for _, x := range e.V3Servers {
-			list = append(list, v3Entry{
-				Name:         x.Name,
-				Manager:      x.Manager,
-				User:         x.User,
-				EngineId:     x.EngineId,
-				AuthPassword: x.AuthPassword,
-				PrivPassword: x.PrivPassword,
-			})
-		}
-		ans.V3 = &v3s{Entries: list}
-	}
-
-	return ans
-}
diff --git a/dev/profile/snmp/funcs.go b/dev/profile/snmp/funcs.go
deleted file mode 100644
index 9284a15d..00000000
--- a/dev/profile/snmp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package snmp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/snmp/fw.go b/dev/profile/snmp/fw.go
deleted file mode 100644
index be1a48dd..00000000
--- a/dev/profile/snmp/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package snmp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.SnmpServerProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"snmptrap",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/snmp/fw_test.go b/dev/profile/snmp/fw_test.go
deleted file mode 100644
index 9bf44eb8..00000000
--- a/dev/profile/snmp/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package snmp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/snmp/pano.go b/dev/profile/snmp/pano.go
deleted file mode 100644
index 19dbf93f..00000000
--- a/dev/profile/snmp/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package snmp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.SnmpServerProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"log-settings",
-		"snmptrap",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/snmp/pano_test.go b/dev/profile/snmp/pano_test.go
deleted file mode 100644
index 1b577eae..00000000
--- a/dev/profile/snmp/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package snmp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/snmp/testdata_test.go b/dev/profile/snmp/testdata_test.go
deleted file mode 100644
index e17cc5a5..00000000
--- a/dev/profile/snmp/testdata_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package snmp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v2c check", version.Number{7, 0, 0, ""}, Entry{
-			Name: "v2c",
-			V2cServers: []V2cServer{
-				{
-					Name:      "t1",
-					Manager:   "snmp.example.com",
-					Community: "public",
-				},
-			},
-		}},
-		{"v3 check", version.Number{7, 0, 0, ""}, Entry{
-			Name: "v3",
-			V3Servers: []V3Server{
-				{
-					Name:         "t1",
-					Manager:      "snmp.example.com",
-					User:         "jdoe",
-					EngineId:     "0A",
-					AuthPassword: "auth",
-					PrivPassword: "priv",
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/profile/ssltls/const.go b/dev/profile/ssltls/const.go
deleted file mode 100644
index 10d28882..00000000
--- a/dev/profile/ssltls/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package ssltls
-
-const (
-	Tls1_0 = "tls1-0"
-	Tls1_1 = "tls1-1"
-	Tls1_2 = "tls1-2"
-	TlsMax = "max"
-)
-
-const (
-	singular = "ssl tls service profile"
-	plural   = "ssl tls service profiles"
-)
diff --git a/dev/profile/ssltls/doc.go b/dev/profile/ssltls/doc.go
deleted file mode 100644
index 620955fe..00000000
--- a/dev/profile/ssltls/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package ssltls is the client.Device.SslTlsServiceProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Note: PAN-OS 7.0+
-
-Normalized object:  Entry
-*/
-package ssltls
diff --git a/dev/profile/ssltls/entry.go b/dev/profile/ssltls/entry.go
deleted file mode 100644
index 7676270d..00000000
--- a/dev/profile/ssltls/entry.go
+++ /dev/null
@@ -1,282 +0,0 @@
-package ssltls
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// SSL/TLS service profile.
-//
-// The schema for the various booleans is default=yes/optional=yes/type=bool,
-// and there are some prune-on's thrown in for good measure.  As such, the XML
-// created for SET/EDIT will only contain the booleans which have been set to false,
-//
-// PAN-OS 7.0+.
-type Entry struct {
-	Name                      string
-	Certificate               string
-	MinVersion                string
-	MaxVersion                string
-	AllowAlgorithmRsa         bool // PAN-OS 8.1+
-	AllowAlgorithmDhe         bool // PAN-OS 8.1+
-	AllowAlgorithmEcdhe       bool // PAN-OS 8.1+
-	AllowAlgorithm3des        bool // PAN-OS 8.1+
-	AllowAlgorithmRc4         bool // PAN-OS 8.1+
-	AllowAlgorithmAes128Cbc   bool // PAN-OS 8.1+
-	AllowAlgorithmAes256Cbc   bool // PAN-OS 8.1+
-	AllowAlgorithmAes128Gcm   bool // PAN-OS 8.1+
-	AllowAlgorithmAes256Gcm   bool // PAN-OS 8.1+
-	AllowAuthenticationSha1   bool // PAN-OS 8.1+
-	AllowAuthenticationSha256 bool // PAN-OS 8.1+
-	AllowAuthenticationSha384 bool // PAN-OS 8.1+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Certificate = s.Certificate
-	o.MinVersion = s.MinVersion
-	o.MaxVersion = s.MaxVersion
-	o.AllowAlgorithmRsa = s.AllowAlgorithmRsa
-	o.AllowAlgorithmDhe = s.AllowAlgorithmDhe
-	o.AllowAlgorithmEcdhe = s.AllowAlgorithmEcdhe
-	o.AllowAlgorithm3des = s.AllowAlgorithm3des
-	o.AllowAlgorithmRc4 = s.AllowAlgorithmRc4
-	o.AllowAlgorithmAes128Cbc = s.AllowAlgorithmAes128Cbc
-	o.AllowAlgorithmAes256Cbc = s.AllowAlgorithmAes256Cbc
-	o.AllowAlgorithmAes128Gcm = s.AllowAlgorithmAes128Gcm
-	o.AllowAlgorithmAes256Gcm = s.AllowAlgorithmAes256Gcm
-	o.AllowAuthenticationSha1 = s.AllowAuthenticationSha1
-	o.AllowAuthenticationSha256 = s.AllowAuthenticationSha256
-	o.AllowAuthenticationSha384 = s.AllowAuthenticationSha384
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Certificate: o.Certificate,
-		MinVersion:  o.MinVersion,
-		MaxVersion:  o.MaxVersion,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Certificate string   `xml:"certificate"`
-	MinVersion  string   `xml:"protocol-settings>min-version,omitempty"`
-	MaxVersion  string   `xml:"protocol-settings>max-version,omitempty"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		MinVersion: Tls1_0,
-		MaxVersion: TlsMax,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Certificate: e.Certificate,
-		MinVersion:  e.MinVersion,
-		MaxVersion:  e.MaxVersion,
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                      o.Name,
-		Certificate:               o.Certificate,
-		MinVersion:                o.MinVersion,
-		MaxVersion:                o.MaxVersion,
-		AllowAlgorithmRsa:         util.AsBool(o.AllowAlgorithmRsa),
-		AllowAlgorithmDhe:         util.AsBool(o.AllowAlgorithmDhe),
-		AllowAlgorithmEcdhe:       util.AsBool(o.AllowAlgorithmEcdhe),
-		AllowAlgorithm3des:        util.AsBool(o.AllowAlgorithm3des),
-		AllowAlgorithmRc4:         util.AsBool(o.AllowAlgorithmRc4),
-		AllowAlgorithmAes128Cbc:   util.AsBool(o.AllowAlgorithmAes128Cbc),
-		AllowAlgorithmAes256Cbc:   util.AsBool(o.AllowAlgorithmAes256Cbc),
-		AllowAlgorithmAes128Gcm:   util.AsBool(o.AllowAlgorithmAes128Gcm),
-		AllowAlgorithmAes256Gcm:   util.AsBool(o.AllowAlgorithmAes256Gcm),
-		AllowAuthenticationSha1:   util.AsBool(o.AllowAuthenticationSha1),
-		AllowAuthenticationSha256: util.AsBool(o.AllowAuthenticationSha256),
-		AllowAuthenticationSha384: util.AsBool(o.AllowAuthenticationSha384),
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                   xml.Name `xml:"entry"`
-	Name                      string   `xml:"name,attr"`
-	Certificate               string   `xml:"certificate"`
-	MinVersion                string   `xml:"protocol-settings>min-version,omitempty"`
-	MaxVersion                string   `xml:"protocol-settings>max-version,omitempty"`
-	AllowAlgorithmRsa         string   `xml:"protocol-settings>keyxchg-algo-rsa,omitempty"`
-	AllowAlgorithmDhe         string   `xml:"protocol-settings>keyxchg-algo-dhe,omitempty"`
-	AllowAlgorithmEcdhe       string   `xml:"protocol-settings>keyxchg-algo-ecdhe,omitempty"`
-	AllowAlgorithm3des        string   `xml:"protocol-settings>enc-algo-3des,omitempty"`
-	AllowAlgorithmRc4         string   `xml:"protocol-settings>enc-algo-rc4,omitempty"`
-	AllowAlgorithmAes128Cbc   string   `xml:"protocol-settings>enc-algo-aes-128-cbc,omitempty"`
-	AllowAlgorithmAes256Cbc   string   `xml:"protocol-settings>enc-algo-aes-256-cbc,omitempty"`
-	AllowAlgorithmAes128Gcm   string   `xml:"protocol-settings>enc-algo-aes-128-gcm,omitempty"`
-	AllowAlgorithmAes256Gcm   string   `xml:"protocol-settings>enc-algo-aes-256-gcm,omitempty"`
-	AllowAuthenticationSha1   string   `xml:"protocol-settings>auth-algo-sha1,omitempty"`
-	AllowAuthenticationSha256 string   `xml:"protocol-settings>auth-algo-sha256,omitempty"`
-	AllowAuthenticationSha384 string   `xml:"protocol-settings>auth-algo-sha384,omitempty"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		MinVersion:                Tls1_0,
-		MaxVersion:                TlsMax,
-		AllowAlgorithmRsa:         util.YesNo(true),
-		AllowAlgorithmDhe:         util.YesNo(true),
-		AllowAlgorithmEcdhe:       util.YesNo(true),
-		AllowAlgorithm3des:        util.YesNo(true),
-		AllowAlgorithmRc4:         util.YesNo(true),
-		AllowAlgorithmAes128Cbc:   util.YesNo(true),
-		AllowAlgorithmAes256Cbc:   util.YesNo(true),
-		AllowAlgorithmAes128Gcm:   util.YesNo(true),
-		AllowAlgorithmAes256Gcm:   util.YesNo(true),
-		AllowAuthenticationSha1:   util.YesNo(true),
-		AllowAuthenticationSha256: util.YesNo(true),
-		AllowAuthenticationSha384: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Certificate: e.Certificate,
-		MinVersion:  e.MinVersion,
-		MaxVersion:  e.MaxVersion,
-	}
-
-	if !e.AllowAlgorithmRsa {
-		ans.AllowAlgorithmRsa = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmDhe {
-		ans.AllowAlgorithmDhe = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmEcdhe {
-		ans.AllowAlgorithmEcdhe = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithm3des {
-		ans.AllowAlgorithm3des = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmRc4 {
-		ans.AllowAlgorithmRc4 = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmAes128Cbc {
-		ans.AllowAlgorithmAes128Cbc = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmAes256Cbc {
-		ans.AllowAlgorithmAes256Cbc = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmAes128Gcm {
-		ans.AllowAlgorithmAes128Gcm = util.YesNo(false)
-	}
-
-	if !e.AllowAlgorithmAes256Gcm {
-		ans.AllowAlgorithmAes256Gcm = util.YesNo(false)
-	}
-
-	if !e.AllowAuthenticationSha1 {
-		ans.AllowAuthenticationSha1 = util.YesNo(false)
-	}
-
-	if !e.AllowAuthenticationSha256 {
-		ans.AllowAuthenticationSha256 = util.YesNo(false)
-	}
-
-	if !e.AllowAuthenticationSha384 {
-		ans.AllowAuthenticationSha384 = util.YesNo(false)
-	}
-
-	return ans
-}
diff --git a/dev/profile/ssltls/funcs.go b/dev/profile/ssltls/funcs.go
deleted file mode 100644
index 26b35887..00000000
--- a/dev/profile/ssltls/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package ssltls
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/ssltls/fw.go b/dev/profile/ssltls/fw.go
deleted file mode 100644
index 8473afa4..00000000
--- a/dev/profile/ssltls/fw.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package ssltls
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.SslTlsServiceProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"ssl-tls-service-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/ssltls/fw_test.go b/dev/profile/ssltls/fw_test.go
deleted file mode 100644
index 188eadd2..00000000
--- a/dev/profile/ssltls/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ssltls
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/ssltls/pano.go b/dev/profile/ssltls/pano.go
deleted file mode 100644
index 5d47fc2d..00000000
--- a/dev/profile/ssltls/pano.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package ssltls
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.SslTlsServiceProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 12)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 4)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"ssl-tls-service-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/ssltls/pano_test.go b/dev/profile/ssltls/pano_test.go
deleted file mode 100644
index 7ce71c27..00000000
--- a/dev/profile/ssltls/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ssltls
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/ssltls/testdata_test.go b/dev/profile/ssltls/testdata_test.go
deleted file mode 100644
index c909f8bb..00000000
--- a/dev/profile/ssltls/testdata_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ssltls
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 basic", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "basic",
-			Certificate: "my cert",
-			MinVersion:  Tls1_0,
-			MaxVersion:  TlsMax,
-		}},
-		{"v2 yes", version.Number{8, 1, 0, ""}, Entry{
-			Name:              "basic",
-			Certificate:       "my cert",
-			MinVersion:        Tls1_0,
-			MaxVersion:        TlsMax,
-			AllowAlgorithmRsa: true,
-		}},
-		{"v2 no", version.Number{8, 1, 0, ""}, Entry{
-			Name:              "basic",
-			Certificate:       "my cert",
-			MinVersion:        Tls1_0,
-			MaxVersion:        TlsMax,
-			AllowAlgorithmRsa: false,
-		}},
-	}
-}
diff --git a/dev/profile/syslog/const.go b/dev/profile/syslog/const.go
deleted file mode 100644
index f134b1e3..00000000
--- a/dev/profile/syslog/const.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package syslog
-
-// Valid values for Server.Transport.
-const (
-	TransportUdp = "UDP"
-	TransportTcp = "TCP"
-	TransportSsl = "SSL"
-)
-
-// Valid values for Server.SyslogFormat.
-const (
-	SyslogFormatBsd  = "BSD"
-	SyslogFormatIetf = "IETF"
-)
-
-// Valid values for Server.Facility.
-const (
-	FacilityUser   = "LOG_USER"
-	FacilityLocal0 = "LOG_LOCAL0"
-	FacilityLocal1 = "LOG_LOCAL1"
-	FacilityLocal2 = "LOG_LOCAL2"
-	FacilityLocal3 = "LOG_LOCAL3"
-	FacilityLocal4 = "LOG_LOCAL4"
-	FacilityLocal5 = "LOG_LOCAL5"
-	FacilityLocal6 = "LOG_LOCAL6"
-	FacilityLocal7 = "LOG_LOCAL7"
-)
-
-const (
-	singular = "syslog server profile"
-	plural   = "syslog server profiles"
-)
diff --git a/dev/profile/syslog/doc.go b/dev/profile/syslog/doc.go
deleted file mode 100644
index 981600b5..00000000
--- a/dev/profile/syslog/doc.go
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
-Package syslog is the client.Object.SyslogServerProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl" and "ts" params empty and
-set "dg" to "shared" (which is also the default).
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-Normalized object:  Entry
-*/
-package syslog
diff --git a/dev/profile/syslog/entry.go b/dev/profile/syslog/entry.go
deleted file mode 100644
index 29d19486..00000000
--- a/dev/profile/syslog/entry.go
+++ /dev/null
@@ -1,657 +0,0 @@
-package syslog
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an syslog profile.
-//
-// PAN-OS 7.1+.
-type Entry struct {
-	Name              string
-	Config            string
-	System            string
-	Threat            string
-	Traffic           string
-	HipMatch          string
-	Url               string // 8.0+
-	Data              string // 8.0+
-	Wildfire          string // 8.0+
-	Tunnel            string // 8.0+
-	UserId            string // 8.0+
-	Gtp               string // 8.0+
-	Auth              string // 8.0+
-	Sctp              string // 8.1+
-	Iptag             string // 9.0+
-	EscapedCharacters string
-	EscapeCharacter   string
-	Servers           []Server
-}
-
-// Server is a syslog server.
-type Server struct {
-	Name         string
-	Server       string
-	Transport    string
-	Port         int
-	SyslogFormat string
-	Facility     string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Config = s.Config
-	o.System = s.System
-	o.Threat = s.Threat
-	o.Traffic = s.Traffic
-	o.HipMatch = s.HipMatch
-	o.Url = s.Url
-	o.Data = s.Data
-	o.Wildfire = s.Wildfire
-	o.Tunnel = s.Tunnel
-	o.UserId = s.UserId
-	o.Gtp = s.Gtp
-	o.Auth = s.Auth
-	o.Sctp = s.Sctp
-	o.Iptag = s.Iptag
-	o.EscapedCharacters = s.EscapedCharacters
-	o.EscapeCharacter = s.EscapeCharacter
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		list := make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			list = append(list, Server{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		o.Servers = list
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v1 `xml:"format"`
-}
-
-type servers struct {
-	Entries []serverEntry `xml:"entry"`
-}
-
-type serverEntry struct {
-	XMLName      xml.Name `xml:"entry"`
-	Name         string   `xml:"name,attr"`
-	Server       string   `xml:"server"`
-	Transport    string   `xml:"transport,omitempty"`
-	Port         int      `xml:"port,omitempty"`
-	SyslogFormat string   `xml:"format,omitempty"`
-	Facility     string   `xml:"facility,omitempty"`
-}
-
-func (e *serverEntry) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry
-	ans := local{
-		Transport:    TransportUdp,
-		SyslogFormat: SyslogFormatBsd,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry(ans)
-	return nil
-}
-
-type format_v1 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-type esc struct {
-	EscapedCharacters string `xml:"escaped-characters"`
-	EscapeCharacter   string `xml:"escape-character"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || hasEsc {
-		ans.Format = &format_v1{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v2 `xml:"format"`
-}
-
-type format_v2 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || hasEsc {
-		ans.Format = &format_v2{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-		ans.Sctp = o.Format.Sctp
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v3 `xml:"format"`
-}
-
-type format_v3 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Sctp     string `xml:"sctp,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || e.Sctp != "" || hasEsc {
-		ans.Format = &format_v3{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-			Sctp:     e.Sctp,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Server != nil {
-		list := make([]Server, 0, len(o.Server.Entries))
-		for _, x := range o.Server.Entries {
-			list = append(list, Server{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Servers = list
-	}
-
-	if o.Format != nil {
-		ans.Config = o.Format.Config
-		ans.System = o.Format.System
-		ans.Threat = o.Format.Threat
-		ans.Traffic = o.Format.Traffic
-		ans.HipMatch = o.Format.HipMatch
-		ans.Url = o.Format.Url
-		ans.Data = o.Format.Data
-		ans.Wildfire = o.Format.Wildfire
-		ans.Tunnel = o.Format.Tunnel
-		ans.UserId = o.Format.UserId
-		ans.Gtp = o.Format.Gtp
-		ans.Auth = o.Format.Auth
-		ans.Sctp = o.Format.Sctp
-		ans.Iptag = o.Format.Iptag
-
-		if o.Format.Esc != nil {
-			ans.EscapedCharacters = o.Format.Esc.EscapedCharacters
-			ans.EscapeCharacter = o.Format.Esc.EscapeCharacter
-		}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName xml.Name   `xml:"entry"`
-	Name    string     `xml:"name,attr"`
-	Server  *servers   `xml:"server"`
-	Format  *format_v4 `xml:"format"`
-}
-
-type format_v4 struct {
-	Config   string `xml:"config,omitempty"`
-	System   string `xml:"system,omitempty"`
-	Threat   string `xml:"thread,omitempty"`
-	Traffic  string `xml:"traffic,omitempty"`
-	HipMatch string `xml:"hip-match,omitempty"`
-	Url      string `xml:"url,omitempty"`
-	Data     string `xml:"data,omitempty"`
-	Wildfire string `xml:"wildfire,omitempty"`
-	Tunnel   string `xml:"tunnel,omitempty"`
-	UserId   string `xml:"userid,omitempty"`
-	Gtp      string `xml:"gtp,omitempty"`
-	Auth     string `xml:"auth,omitempty"`
-	Sctp     string `xml:"sctp,omitempty"`
-	Iptag    string `xml:"iptag,omitempty"`
-	Esc      *esc   `xml:"escaping"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name: e.Name,
-	}
-
-	if len(e.Servers) > 0 {
-		list := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			list = append(list, serverEntry{
-				Name:         x.Name,
-				Server:       x.Server,
-				Transport:    x.Transport,
-				Port:         x.Port,
-				SyslogFormat: x.SyslogFormat,
-				Facility:     x.Facility,
-			})
-		}
-		ans.Server = &servers{Entries: list}
-	}
-
-	hasEsc := e.EscapedCharacters != "" || e.EscapeCharacter != ""
-	if e.Config != "" || e.System != "" || e.Threat != "" || e.Traffic != "" || e.HipMatch != "" || e.Url != "" || e.Data != "" || e.Wildfire != "" || e.Tunnel != "" || e.UserId != "" || e.Gtp != "" || e.Auth != "" || e.Sctp != "" || e.Iptag != "" || hasEsc {
-		ans.Format = &format_v4{
-			Config:   e.Config,
-			System:   e.System,
-			Threat:   e.Threat,
-			Traffic:  e.Traffic,
-			HipMatch: e.HipMatch,
-			Url:      e.Url,
-			Data:     e.Data,
-			Wildfire: e.Wildfire,
-			Tunnel:   e.Tunnel,
-			UserId:   e.UserId,
-			Gtp:      e.Gtp,
-			Auth:     e.Auth,
-			Sctp:     e.Sctp,
-			Iptag:    e.Iptag,
-		}
-
-		if hasEsc {
-			ans.Format.Esc = &esc{
-				EscapedCharacters: e.EscapedCharacters,
-				EscapeCharacter:   e.EscapeCharacter,
-			}
-		}
-	}
-
-	return ans
-}
diff --git a/dev/profile/syslog/funcs.go b/dev/profile/syslog/funcs.go
deleted file mode 100644
index c0368963..00000000
--- a/dev/profile/syslog/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package syslog
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/syslog/fw.go b/dev/profile/syslog/fw.go
deleted file mode 100644
index dc2b0144..00000000
--- a/dev/profile/syslog/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package syslog
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.SyslogServerProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"syslog",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/syslog/fw_test.go b/dev/profile/syslog/fw_test.go
deleted file mode 100644
index c7921abd..00000000
--- a/dev/profile/syslog/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package syslog
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/syslog/pano.go b/dev/profile/syslog/pano.go
deleted file mode 100644
index b376da78..00000000
--- a/dev/profile/syslog/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package syslog
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.SyslogServerProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"log-settings",
-		"syslog",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/syslog/pano_test.go b/dev/profile/syslog/pano_test.go
deleted file mode 100644
index 29876526..00000000
--- a/dev/profile/syslog/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package syslog
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/syslog/testdata_test.go b/dev/profile/syslog/testdata_test.go
deleted file mode 100644
index 73636e0a..00000000
--- a/dev/profile/syslog/testdata_test.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package syslog
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 config", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-		}},
-		{"v1 config with servers", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "t1",
-					Server:       "syslog.server.int",
-					Transport:    TransportSsl,
-					Port:         42,
-					SyslogFormat: SyslogFormatIetf,
-					Facility:     FacilityLocal4,
-				},
-			},
-		}},
-		{"v1 system", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v1 threat", version.Number{7, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v1 traffic", version.Number{7, 1, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v1 hip match", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v1 escaped characters", version.Number{7, 1, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v1 escape character", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v2 config", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-		}},
-		{"v2 config with servers", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "t1",
-					Server:       "syslog.server.int",
-					Transport:    TransportSsl,
-					Port:         42,
-					SyslogFormat: SyslogFormatIetf,
-					Facility:     FacilityLocal4,
-				},
-			},
-		}},
-		{"v2 system", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v2 threat", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v2 traffic", version.Number{8, 0, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v2 hip match", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v2 escaped characters", version.Number{8, 0, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v2 escape character", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v2 url", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v2 data", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v2 wildfire", version.Number{8, 0, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v2 tunnel", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v2 userid", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v2 gtp", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v2 auth", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v3 config", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-		}},
-		{"v3 config with servers", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "t1",
-					Server:       "syslog.server.int",
-					Transport:    TransportSsl,
-					Port:         42,
-					SyslogFormat: SyslogFormatIetf,
-					Facility:     FacilityLocal4,
-				},
-			},
-		}},
-		{"v3 system", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v3 threat", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v3 traffic", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v3 hip match", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v3 escaped characters", version.Number{8, 1, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v3 escape character", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v3 url", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v3 data", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v3 wildfire", version.Number{8, 1, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v3 tunnel", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v3 userid", version.Number{8, 1, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v3 gtp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v3 auth", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v3 sctp", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t1",
-			Sctp: "custom format",
-		}},
-		{"v4 config", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-		}},
-		{"v4 config with servers", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Config: "custom format",
-			Servers: []Server{
-				{
-					Name:         "t1",
-					Server:       "syslog.server.int",
-					Transport:    TransportSsl,
-					Port:         42,
-					SyslogFormat: SyslogFormatIetf,
-					Facility:     FacilityLocal4,
-				},
-			},
-		}},
-		{"v4 system", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			System: "custom format",
-		}},
-		{"v4 threat", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Threat: "custom format",
-		}},
-		{"v4 traffic", version.Number{9, 0, 0, ""}, Entry{
-			Name:    "t1",
-			Traffic: "custom format",
-		}},
-		{"v4 hip match", version.Number{9, 0, 0, ""}, Entry{
-			Name:     "t1",
-			HipMatch: "custom format",
-		}},
-		{"v4 escaped characters", version.Number{9, 0, 0, ""}, Entry{
-			Name:              "t1",
-			EscapedCharacters: "abc",
-		}},
-		{"v4 escape character", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "t1",
-			EscapeCharacter: "x",
-		}},
-		{"v4 url", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Url:  "custom format",
-		}},
-		{"v4 data", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Data: "custom format",
-		}},
-		{"v4 wildfire", version.Number{9, 0, 0, ""}, Entry{
-			Name:     "t1",
-			Wildfire: "custom format",
-		}},
-		{"v4 tunnel", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			Tunnel: "custom format",
-		}},
-		{"v4 userid", version.Number{9, 0, 0, ""}, Entry{
-			Name:   "t1",
-			UserId: "custom format",
-		}},
-		{"v4 gtp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Gtp:  "custom format",
-		}},
-		{"v4 auth", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Auth: "custom format",
-		}},
-		{"v4 sctp", version.Number{9, 0, 0, ""}, Entry{
-			Name: "t1",
-			Sctp: "custom format",
-		}},
-		{"v4 iptag", version.Number{9, 0, 0, ""}, Entry{
-			Name:  "t1",
-			Iptag: "custom format",
-		}},
-	}
-}
diff --git a/dev/profile/tacplus/const.go b/dev/profile/tacplus/const.go
deleted file mode 100644
index bcafa951..00000000
--- a/dev/profile/tacplus/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package tacplus
-
-const (
-	singular = "tacacs plus profile"
-	plural   = "tacacs plus profiles"
-)
diff --git a/dev/profile/tacplus/doc.go b/dev/profile/tacplus/doc.go
deleted file mode 100644
index 181f1faa..00000000
--- a/dev/profile/tacplus/doc.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/*
-Package tacplus is the client.Device.TacacsPlusProfile namespace.
-
-For Panorama, there are two possibilities:  managing this object on Panorama
-itself or inside of a Template.
-
-To manage objects save on Panorama, leave "tmpl", "ts", and "vsys" params empty.
-
-To manage objects in a template, specify the template name and the vsys (if
-unspecified, defaults to "shared").
-
-PAN-OS 7.0+
-
-Normalized object:  Entry
-*/
-package tacplus
diff --git a/dev/profile/tacplus/entry.go b/dev/profile/tacplus/entry.go
deleted file mode 100644
index c10baa85..00000000
--- a/dev/profile/tacplus/entry.go
+++ /dev/null
@@ -1,405 +0,0 @@
-package tacplus
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// TACACS+ profile.
-//
-// PAN-OS 7.0+
-type Entry struct {
-	Name                string
-	AdminUseOnly        bool
-	Timeout             int
-	UseSingleConnection bool
-	Servers             []Server
-	Protocol            Protocol // 8.0+
-}
-
-type Server struct {
-	Name   string
-	Server string
-	Secret string // encrypted
-	Port   int
-}
-
-type Protocol struct {
-	Chap bool
-	Pap  bool
-	Auto bool // This option was removed in 8.1
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AdminUseOnly = s.AdminUseOnly
-	o.Timeout = s.Timeout
-	o.Protocol = Protocol{
-		Chap: s.Protocol.Chap,
-		Pap:  s.Protocol.Pap,
-		Auto: s.Protocol.Auto,
-	}
-
-	if s.Servers == nil {
-		o.Servers = nil
-	} else {
-		o.Servers = make([]Server, 0, len(s.Servers))
-		for _, x := range s.Servers {
-			o.Servers = append(o.Servers, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName             xml.Name `xml:"entry"`
-	Name                string   `xml:"name,attr"`
-	AdminUseOnly        string   `xml:"admin-use-only"`
-	Timeout             int      `xml:"timeout,omitempty"`
-	UseSingleConnection string   `xml:"use-single-connection"`
-	Servers             *servers `xml:"server"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		Timeout: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                o.Name,
-		AdminUseOnly:        util.AsBool(o.AdminUseOnly),
-		Timeout:             o.Timeout,
-		UseSingleConnection: util.AsBool(o.UseSingleConnection),
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-type servers struct {
-	Entries []serverEntry `xml:"entry"`
-}
-
-type serverEntry struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Server  string   `xml:"address"`
-	Secret  string   `xml:"secret"`
-	Port    int      `xml:"port,omitempty"`
-}
-
-func (e *serverEntry) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local serverEntry
-	ans := local{
-		Port: 49,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = serverEntry(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                e.Name,
-		AdminUseOnly:        util.YesNo(e.AdminUseOnly),
-		Timeout:             e.Timeout,
-		UseSingleConnection: util.YesNo(e.UseSingleConnection),
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName             xml.Name `xml:"entry"`
-	Name                string   `xml:"name,attr"`
-	AdminUseOnly        string   `xml:"admin-use-only"`
-	Timeout             int      `xml:"timeout,omitempty"`
-	UseSingleConnection string   `xml:"use-single-connection"`
-	Protocol            string   `xml:"protocol"`
-	Servers             *servers `xml:"server"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		Timeout: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                o.Name,
-		AdminUseOnly:        util.AsBool(o.AdminUseOnly),
-		Timeout:             o.Timeout,
-		UseSingleConnection: util.AsBool(o.UseSingleConnection),
-	}
-
-	switch o.Protocol {
-	case "CHAP":
-		ans.Protocol.Chap = true
-	case "PAP":
-		ans.Protocol.Pap = true
-	case "Auto":
-		ans.Protocol.Auto = true
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                e.Name,
-		AdminUseOnly:        util.YesNo(e.AdminUseOnly),
-		Timeout:             e.Timeout,
-		UseSingleConnection: util.YesNo(e.UseSingleConnection),
-	}
-
-	switch {
-	case e.Protocol.Chap:
-		ans.Protocol = "CHAP"
-	case e.Protocol.Pap:
-		ans.Protocol = "PAP"
-	case e.Protocol.Auto:
-		ans.Protocol = "Auto"
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName             xml.Name `xml:"entry"`
-	Name                string   `xml:"name,attr"`
-	AdminUseOnly        string   `xml:"admin-use-only"`
-	Timeout             int      `xml:"timeout,omitempty"`
-	UseSingleConnection string   `xml:"use-single-connection"`
-	Protocol            string   `xml:"protocol"`
-	Servers             *servers `xml:"server"`
-}
-
-func (e *entry_v3) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v3
-	ans := local{
-		Timeout: 3,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v3(ans)
-	return nil
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                o.Name,
-		AdminUseOnly:        util.AsBool(o.AdminUseOnly),
-		Timeout:             o.Timeout,
-		UseSingleConnection: util.AsBool(o.UseSingleConnection),
-	}
-
-	switch o.Protocol {
-	case "CHAP":
-		ans.Protocol.Chap = true
-	case "PAP":
-		ans.Protocol.Pap = true
-	}
-
-	if o.Servers != nil && len(o.Servers.Entries) > 0 {
-		listing := make([]Server, 0, len(o.Servers.Entries))
-		for _, x := range o.Servers.Entries {
-			listing = append(listing, Server{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = listing
-	}
-
-	return ans
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                e.Name,
-		AdminUseOnly:        util.YesNo(e.AdminUseOnly),
-		Timeout:             e.Timeout,
-		UseSingleConnection: util.YesNo(e.UseSingleConnection),
-	}
-
-	switch {
-	case e.Protocol.Chap:
-		ans.Protocol = "CHAP"
-	case e.Protocol.Pap:
-		ans.Protocol = "PAP"
-	}
-
-	if len(e.Servers) > 0 {
-		listing := make([]serverEntry, 0, len(e.Servers))
-		for _, x := range e.Servers {
-			listing = append(listing, serverEntry{
-				Name:   x.Name,
-				Server: x.Server,
-				Secret: x.Secret,
-				Port:   x.Port,
-			})
-		}
-		ans.Servers = &servers{Entries: listing}
-	}
-
-	return ans
-}
diff --git a/dev/profile/tacplus/funcs.go b/dev/profile/tacplus/funcs.go
deleted file mode 100644
index 85b1e98f..00000000
--- a/dev/profile/tacplus/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package tacplus
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/profile/tacplus/fw.go b/dev/profile/tacplus/fw.go
deleted file mode 100644
index 3f0685f3..00000000
--- a/dev/profile/tacplus/fw.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package tacplus
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.TacacsPlusProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"server-profile",
-		"tacplus",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/tacplus/fw_test.go b/dev/profile/tacplus/fw_test.go
deleted file mode 100644
index 511aa519..00000000
--- a/dev/profile/tacplus/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package tacplus
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/tacplus/pano.go b/dev/profile/tacplus/pano.go
deleted file mode 100644
index 84d3d614..00000000
--- a/dev/profile/tacplus/pano.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package tacplus
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.TacacsPlusProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	var ans []string
-
-	if tmpl != "" || ts != "" {
-		if vsys == "" {
-			vsys = "shared"
-		}
-
-		ans = make([]string, 0, 13)
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	} else {
-		ans = make([]string, 0, 5)
-		ans = append(ans, "config", "panorama")
-	}
-
-	ans = append(ans,
-		"server-profile",
-		"tacplus",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/profile/tacplus/pano_test.go b/dev/profile/tacplus/pano_test.go
deleted file mode 100644
index 6423a7a7..00000000
--- a/dev/profile/tacplus/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package tacplus
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", "", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", "", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/profile/tacplus/testdata_test.go b/dev/profile/tacplus/testdata_test.go
deleted file mode 100644
index 4e5ed9f2..00000000
--- a/dev/profile/tacplus/testdata_test.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package tacplus
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "basicNoServers",
-			Timeout:             2,
-			AdminUseOnly:        false,
-			UseSingleConnection: true,
-		}},
-		{"v1 with servers", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "basicWithServers",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: false,
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   49,
-				},
-			},
-		}},
-		{"v2 no servers", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "basicNoServers",
-			Timeout:             2,
-			AdminUseOnly:        false,
-			UseSingleConnection: true,
-		}},
-		{"v2 with servers", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "basicWithServers",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: false,
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   49,
-				},
-			},
-		}},
-		{"v2 chap", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "v2Chap",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: true,
-			Protocol: Protocol{
-				Chap: true,
-			},
-		}},
-		{"v2 pap", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "v2Pap",
-			Timeout:             3,
-			AdminUseOnly:        false,
-			UseSingleConnection: false,
-			Protocol: Protocol{
-				Pap: true,
-			},
-		}},
-		{"v2 auto", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "v2Auto",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: false,
-			Protocol: Protocol{
-				Auto: true,
-			},
-		}},
-		{"v3 no servers", version.Number{8, 1, 0, ""}, Entry{
-			Name:                "basicNoServers",
-			Timeout:             2,
-			AdminUseOnly:        false,
-			UseSingleConnection: true,
-		}},
-		{"v3 with servers", version.Number{8, 1, 0, ""}, Entry{
-			Name:                "basicWithServers",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: false,
-			Servers: []Server{
-				{
-					Name:   "srvr1",
-					Server: "example.com",
-					Secret: "drowssap",
-					Port:   49,
-				},
-			},
-		}},
-		{"v3 chap", version.Number{8, 1, 0, ""}, Entry{
-			Name:                "v3Chap",
-			Timeout:             3,
-			AdminUseOnly:        true,
-			UseSingleConnection: true,
-			Protocol: Protocol{
-				Chap: true,
-			},
-		}},
-		{"v3 pap", version.Number{8, 1, 0, ""}, Entry{
-			Name:                "v3Pap",
-			Timeout:             3,
-			AdminUseOnly:        false,
-			UseSingleConnection: false,
-			Protocol: Protocol{
-				Pap: true,
-			},
-		}},
-	}
-}
diff --git a/dev/ssldecrypt/config.go b/dev/ssldecrypt/config.go
deleted file mode 100644
index eea07093..00000000
--- a/dev/ssldecrypt/config.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package ssldecrypt
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of
-// SSL decrypt settings associated with certificates.
-//
-// Note: PAN-OS 8.0+
-type Config struct {
-	ForwardTrustCertificateRsa            string
-	ForwardTrustCertificateEcdsa          string
-	ForwardUntrustCertificateRsa          string
-	ForwardUntrustCertificateEcdsa        string
-	RootCaExcludes                        []string
-	TrustedRootCas                        []string
-	DisabledPredefinedExcludeCertificates []string
-	SslDecryptExcludeCertificates         []SslDecryptExcludeCertificate
-}
-
-type SslDecryptExcludeCertificate struct {
-	Name        string
-	Description string
-	Exclude     bool
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.ForwardTrustCertificateRsa = s.ForwardTrustCertificateRsa
-	o.ForwardTrustCertificateEcdsa = s.ForwardTrustCertificateEcdsa
-	o.ForwardUntrustCertificateRsa = s.ForwardUntrustCertificateRsa
-	o.ForwardUntrustCertificateEcdsa = s.ForwardUntrustCertificateEcdsa
-	o.RootCaExcludes = util.CopyStringSlice(s.RootCaExcludes)
-	o.TrustedRootCas = util.CopyStringSlice(s.TrustedRootCas)
-	o.DisabledPredefinedExcludeCertificates = util.CopyStringSlice(s.DisabledPredefinedExcludeCertificates)
-	if s.SslDecryptExcludeCertificates == nil {
-		o.SslDecryptExcludeCertificates = nil
-	} else {
-		o.SslDecryptExcludeCertificates = make([]SslDecryptExcludeCertificate, 0, len(s.SslDecryptExcludeCertificates))
-		for _, x := range s.SslDecryptExcludeCertificates {
-			o.SslDecryptExcludeCertificates = append(o.SslDecryptExcludeCertificates, SslDecryptExcludeCertificate{
-				Name:        x.Name,
-				Description: x.Description,
-				Exclude:     x.Exclude,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []config_v1 `xml:"ssl-decrypt"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *config_v1) normalize() Config {
-	ans := Config{
-		RootCaExcludes:                        util.MemToStr(o.RootCaExcludes),
-		TrustedRootCas:                        util.MemToStr(o.TrustedRootCas),
-		DisabledPredefinedExcludeCertificates: util.MemToStr(o.DisabledPredefinedExcludeCertificates),
-	}
-
-	if o.ForwardTrustCerts != nil {
-		ans.ForwardTrustCertificateRsa = o.ForwardTrustCerts.Rsa
-		ans.ForwardTrustCertificateEcdsa = o.ForwardTrustCerts.Ecdsa
-	}
-
-	if o.ForwardUntrustCerts != nil {
-		ans.ForwardUntrustCertificateRsa = o.ForwardUntrustCerts.Rsa
-		ans.ForwardUntrustCertificateEcdsa = o.ForwardUntrustCerts.Ecdsa
-	}
-
-	if o.SslDecryptExcludeCertificates != nil {
-		list := make([]SslDecryptExcludeCertificate, 0, len(o.SslDecryptExcludeCertificates.Entries))
-		for _, x := range o.SslDecryptExcludeCertificates.Entries {
-			list = append(list, SslDecryptExcludeCertificate{
-				Name:        x.Name,
-				Description: x.Description,
-				Exclude:     util.AsBool(x.Exclude),
-			})
-		}
-		ans.SslDecryptExcludeCertificates = list
-	}
-
-	return ans
-}
-
-type config_v1 struct {
-	XMLName                               xml.Name         `xml:"ssl-decrypt"`
-	ForwardTrustCerts                     *trustUntrust    `xml:"forward-trust-certificate"`
-	ForwardUntrustCerts                   *trustUntrust    `xml:"forward-untrust-certificate"`
-	RootCaExcludes                        *util.MemberType `xml:"root-ca-exclude-list"`
-	TrustedRootCas                        *util.MemberType `xml:"trusted-root-CA"`
-	DisabledPredefinedExcludeCertificates *util.MemberType `xml:"disabled-ssl-exclude-cert-from-predefined"`
-	SslDecryptExcludeCertificates         *sdec            `xml:"ssl-exclude-cert"`
-}
-
-type trustUntrust struct {
-	Rsa   string `xml:"rsa,omitempty"`
-	Ecdsa string `xml:"ecdsa,omitempty"`
-}
-
-type sdec struct {
-	Entries []sdecEntry `xml:"entry"`
-}
-
-type sdecEntry struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Description string   `xml:"description,omitempty"`
-	Exclude     string   `xml:"exclude"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := config_v1{
-		RootCaExcludes:                        util.StrToMem(e.RootCaExcludes),
-		TrustedRootCas:                        util.StrToMem(e.TrustedRootCas),
-		DisabledPredefinedExcludeCertificates: util.StrToMem(e.DisabledPredefinedExcludeCertificates),
-	}
-
-	if e.ForwardTrustCertificateRsa != "" || e.ForwardTrustCertificateEcdsa != "" {
-		ans.ForwardTrustCerts = &trustUntrust{
-			Rsa:   e.ForwardTrustCertificateRsa,
-			Ecdsa: e.ForwardTrustCertificateEcdsa,
-		}
-	}
-
-	if e.ForwardUntrustCertificateRsa != "" || e.ForwardUntrustCertificateEcdsa != "" {
-		ans.ForwardUntrustCerts = &trustUntrust{
-			Rsa:   e.ForwardUntrustCertificateRsa,
-			Ecdsa: e.ForwardUntrustCertificateEcdsa,
-		}
-	}
-
-	if len(e.SslDecryptExcludeCertificates) > 0 {
-		list := make([]sdecEntry, 0, len(e.SslDecryptExcludeCertificates))
-		for _, x := range e.SslDecryptExcludeCertificates {
-			list = append(list, sdecEntry{
-				Name:        x.Name,
-				Description: x.Description,
-				Exclude:     util.YesNo(x.Exclude),
-			})
-		}
-
-		ans.SslDecryptExcludeCertificates = &sdec{Entries: list}
-	}
-
-	return ans
-}
diff --git a/dev/ssldecrypt/const.go b/dev/ssldecrypt/const.go
deleted file mode 100644
index 12d65ba8..00000000
--- a/dev/ssldecrypt/const.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package ssldecrypt
-
-const (
-	singular = "ssl decrypt config"
-)
diff --git a/dev/ssldecrypt/doc.go b/dev/ssldecrypt/doc.go
deleted file mode 100644
index 75e3f10d..00000000
--- a/dev/ssldecrypt/doc.go
+++ /dev/null
@@ -1,10 +0,0 @@
-/*
-Package ssldecrypt is the client.Device.SslDecrypt namespace.
-
-Note that there doesn't seem to be SSL decrypt in template stacks.
-
-Note: PAN-OS 8.0+
-
-Normalized object:  Config
-*/
-package ssldecrypt
diff --git a/dev/ssldecrypt/funcs.go b/dev/ssldecrypt/funcs.go
deleted file mode 100644
index cd57807c..00000000
--- a/dev/ssldecrypt/funcs.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package ssldecrypt
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/ssldecrypt/fw.go b/dev/ssldecrypt/fw.go
deleted file mode 100644
index d1694373..00000000
--- a/dev/ssldecrypt/fw.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package ssldecrypt
-
-import (
-	_ "fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.SslDecrypt namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// SetTrustedRootCa adds a certificate as a trusted root CA.
-func (c *Firewall) SetTrustedRootCa(vsys, name string) error {
-	path, err := c.xpath(vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "trusted-root-CA")
-
-	c.ns.Client.LogAction("(set) %s trusted root ca: %s", singular, name)
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: name}, nil, nil)
-	return err
-}
-
-// DeleteTrustedRootCa removes a certificate as a trusted root CA.
-func (c *Firewall) DeleteTrustedRootCa(vsys, name string) error {
-	c.ns.Client.LogAction("(delete) %s trusted root ca: %s", singular, name)
-
-	path, err := c.xpath(vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "trusted-root-CA", util.AsMemberXpath([]string{name}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// SetSslDecryptExcludeCertificate adds a SSL decrypt exclude certificate.
-func (c *Firewall) SetSslDecryptExcludeCertificate(vsys string, e SslDecryptExcludeCertificate) error {
-	c.ns.Client.LogAction("(set) %s ssl decrypt exclude certificate: %s", singular, e.Name)
-
-	path, err := c.xpath(vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "ssl-exclude-cert")
-
-	ei := sdecEntry{
-		Name:        e.Name,
-		Description: e.Description,
-		Exclude:     util.YesNo(e.Exclude),
-	}
-
-	_, err = c.ns.Client.Set(path, ei, nil, nil)
-	return err
-}
-
-// DeleteSslDecryptExcludeCertificate removes a SSL decrypt exclude certificate.
-func (c *Firewall) DeleteSslDecryptExcludeCertificate(vsys, name string) error {
-	c.ns.Client.LogAction("(delete) %s ssl decrypt exclude certificate: %s", singular, name)
-
-	path, err := c.xpath(vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "ssl-exclude-cert", util.AsEntryXpath([]string{name}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e Config) error {
-	return c.ns.Set(c.pather(vsys), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Config) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete(vsys string) error {
-	return c.ns.Delete(c.pather(vsys), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), "", ans)
-	return first(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys)
-	}
-}
-
-func (c *Firewall) xpath(vsys string) ([]string, error) {
-	ans := make([]string, 0, 6)
-
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans, "ssl-decrypt")
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/ssldecrypt/fw_test.go b/dev/ssldecrypt/fw_test.go
deleted file mode 100644
index 7903ccb5..00000000
--- a/dev/ssldecrypt/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ssldecrypt
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("mockVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("mockVr")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/ssldecrypt/pano.go b/dev/ssldecrypt/pano.go
deleted file mode 100644
index b092a373..00000000
--- a/dev/ssldecrypt/pano.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package ssldecrypt
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.SslDecrypt namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// SetTrustedRootCa adds a certificate as a trusted root CA.
-func (c *Panorama) SetTrustedRootCa(tmpl, ts, vsys, name string) error {
-	path, err := c.xpath(tmpl, ts, vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "trusted-root-CA")
-
-	c.ns.Client.LogAction("(set) %s trusted root ca: %s", singular, name)
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: name}, nil, nil)
-	return err
-}
-
-// DeleteTrustedRootCa removes a certificate as a trusted root CA.
-func (c *Panorama) DeleteTrustedRootCa(tmpl, ts, vsys, name string) error {
-	c.ns.Client.LogAction("(delete) %s trusted root ca: %s", singular, name)
-
-	path, err := c.xpath(tmpl, ts, vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "trusted-root-CA", util.AsMemberXpath([]string{name}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// SetSslDecryptExcludeCertificate adds a SSL decrypt exclude certificate.
-func (c *Panorama) SetSslDecryptExcludeCertificate(tmpl, ts, vsys string, e SslDecryptExcludeCertificate) error {
-	c.ns.Client.LogAction("(set) %s ssl decrypt exclude certificate: %s", singular, e.Name)
-
-	path, err := c.xpath(tmpl, ts, vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "ssl-exclude-cert")
-
-	ei := sdecEntry{
-		Name:        e.Name,
-		Description: e.Description,
-		Exclude:     util.YesNo(e.Exclude),
-	}
-
-	_, err = c.ns.Client.Set(path, ei, nil, nil)
-	return err
-}
-
-// DeleteSslDecryptExcludeCertificate removes a SSL decrypt exclude certificate.
-func (c *Panorama) DeleteSslDecryptExcludeCertificate(tmpl, ts, vsys, name string) error {
-	c.ns.Client.LogAction("(delete) %s ssl decrypt exclude certificate: %s", singular, name)
-
-	path, err := c.xpath(tmpl, ts, vsys)
-	if err != nil {
-		return err
-	}
-	path = append(path, "ssl-exclude-cert", util.AsEntryXpath([]string{name}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e Config) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Config) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Panorama) Delete(tmpl, ts, vsys string) error {
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), "", ans)
-	return first(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string) ([]string, error) {
-	ans := make([]string, 0, 11)
-
-	if tmpl == "" && ts == "" {
-		if vsys != "" {
-			return nil, fmt.Errorf("vsys should be empty for local %s config", singular)
-		}
-
-		ans = append(ans, "config", "shared")
-	} else {
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-		ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	}
-
-	ans = append(ans, "ssl-decrypt")
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/ssldecrypt/pano_test.go b/dev/ssldecrypt/pano_test.go
deleted file mode 100644
index c13ff930..00000000
--- a/dev/ssldecrypt/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ssldecrypt
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", "shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", "shared")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/ssldecrypt/testdata_test.go b/dev/ssldecrypt/testdata_test.go
deleted file mode 100644
index 2fa05285..00000000
--- a/dev/ssldecrypt/testdata_test.go
+++ /dev/null
@@ -1,39 +0,0 @@
-package ssldecrypt
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 basic", version.Number{8, 0, 0, ""}, Config{
-			ForwardTrustCertificateRsa:            "rsa1",
-			ForwardUntrustCertificateEcdsa:        "ecdsa1",
-			RootCaExcludes:                        []string{"ex2", "ex1"},
-			TrustedRootCas:                        []string{"root5", "root1"},
-			DisabledPredefinedExcludeCertificates: []string{"dpec"},
-		}},
-		{"v1 with excludes", version.Number{8, 0, 0, ""}, Config{
-			ForwardTrustCertificateEcdsa: "ecdsa1",
-			ForwardUntrustCertificateRsa: "rsa1",
-			SslDecryptExcludeCertificates: []SslDecryptExcludeCertificate{
-				{
-					"n1",
-					"my description",
-					true,
-				},
-				{
-					"n2",
-					"desc2",
-					false,
-				},
-			},
-		}},
-	}
-}
diff --git a/dev/telemetry/config.go b/dev/telemetry/config.go
deleted file mode 100644
index 02fdf53f..00000000
--- a/dev/telemetry/config.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package telemetry
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of telemetry
-// sharing configuration.
-type Config struct {
-	ApplicationReports             bool
-	ThreatPreventionReports        bool
-	UrlReports                     bool
-	FileTypeIdentificationReports  bool
-	ThreatPreventionData           bool
-	ThreatPreventionPacketCaptures bool
-	ProductUsageStats              bool
-	PassiveDnsMonitoring           bool
-}
-
-// Copy copies the information from source Settings `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.ApplicationReports = s.ApplicationReports
-	o.ThreatPreventionReports = s.ThreatPreventionReports
-	o.UrlReports = s.UrlReports
-	o.FileTypeIdentificationReports = s.FileTypeIdentificationReports
-	o.ThreatPreventionData = s.ThreatPreventionData
-	o.ThreatPreventionPacketCaptures = s.ThreatPreventionPacketCaptures
-	o.ProductUsageStats = s.ProductUsageStats
-	o.PassiveDnsMonitoring = s.PassiveDnsMonitoring
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []config_v1 `xml:"statistics-service"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *config_v1) normalize() Config {
-	ans := Config{
-		ApplicationReports:             util.AsBool(o.ApplicationReports),
-		ThreatPreventionReports:        util.AsBool(o.ThreatPreventionReports),
-		UrlReports:                     util.AsBool(o.UrlReports),
-		FileTypeIdentificationReports:  util.AsBool(o.FileTypeIdentificationReports),
-		ThreatPreventionData:           util.AsBool(o.ThreatPreventionData),
-		ThreatPreventionPacketCaptures: util.AsBool(o.ThreatPreventionPacketCaptures),
-		ProductUsageStats:              util.AsBool(o.ProductUsageStats),
-		PassiveDnsMonitoring:           util.AsBool(o.PassiveDnsMonitoring),
-	}
-
-	return ans
-}
-
-type config_v1 struct {
-	XMLName                        xml.Name `xml:"statistics-service"`
-	ApplicationReports             string   `xml:"application-reports"`
-	ThreatPreventionReports        string   `xml:"threat-prevention-reports"`
-	UrlReports                     string   `xml:"url-reports"`
-	FileTypeIdentificationReports  string   `xml:"file-identification-reports"`
-	ThreatPreventionData           string   `xml:"threat-prevention-information"`
-	ThreatPreventionPacketCaptures string   `xml:"threat-prevention-pcap"`
-	ProductUsageStats              string   `xml:"health-performance-reports"`
-	PassiveDnsMonitoring           string   `xml:"passive-dns-monitoring"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := config_v1{
-		ApplicationReports:             util.YesNo(e.ApplicationReports),
-		ThreatPreventionReports:        util.YesNo(e.ThreatPreventionReports),
-		UrlReports:                     util.YesNo(e.UrlReports),
-		FileTypeIdentificationReports:  util.YesNo(e.FileTypeIdentificationReports),
-		ThreatPreventionData:           util.YesNo(e.ThreatPreventionData),
-		ThreatPreventionPacketCaptures: util.YesNo(e.ThreatPreventionPacketCaptures),
-		ProductUsageStats:              util.YesNo(e.ProductUsageStats),
-		PassiveDnsMonitoring:           util.YesNo(e.PassiveDnsMonitoring),
-	}
-
-	return ans
-}
diff --git a/dev/telemetry/const.go b/dev/telemetry/const.go
deleted file mode 100644
index 558500fa..00000000
--- a/dev/telemetry/const.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package telemetry
-
-const (
-	singular = "telemetry settings"
-)
diff --git a/dev/telemetry/doc.go b/dev/telemetry/doc.go
deleted file mode 100644
index 2074b44a..00000000
--- a/dev/telemetry/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package telemetry is the firewall.Device.Telemetry namespace.
-
-Normalized object: Config
-*/
-package telemetry
diff --git a/dev/telemetry/funcs.go b/dev/telemetry/funcs.go
deleted file mode 100644
index 7fff248d..00000000
--- a/dev/telemetry/funcs.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package telemetry
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/telemetry/fw.go b/dev/telemetry/fw.go
deleted file mode 100644
index 86f89fd9..00000000
--- a/dev/telemetry/fw.go
+++ /dev/null
@@ -1,69 +0,0 @@
-package telemetry
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.Telemetry namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show() (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e Config) error {
-	return c.ns.Set(c.pather(), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Config) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete() error {
-	return c.ns.Delete(c.pather(), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig() (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), "", ans)
-	return first(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath()
-	}
-}
-
-func (c *Firewall) xpath() ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"system",
-		"update-schedule",
-		"statistics-service",
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/telemetry/fw_test.go b/dev/telemetry/fw_test.go
deleted file mode 100644
index 089d8573..00000000
--- a/dev/telemetry/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package telemetry
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get()
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/telemetry/orig_fw.no b/dev/telemetry/orig_fw.no
deleted file mode 100644
index d951bfcf..00000000
--- a/dev/telemetry/orig_fw.no
+++ /dev/null
@@ -1,90 +0,0 @@
-package telemetry
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwTelemetry is a namespace struct, included as part of pango.Firewall.
-type FwTelemetry struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwTelemetry) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// Show performs SHOW to retrieve telemetry sharing settings.
-func (c *FwTelemetry) Show() (Settings, error) {
-	c.con.LogQuery("(show) telemetry settings")
-	return c.details(c.con.Show)
-}
-
-// Get performs GET to retrieve telemetry sharing settings.
-func (c *FwTelemetry) Get() (Settings, error) {
-	c.con.LogQuery("(get) telemetry settings")
-	return c.details(c.con.Get)
-}
-
-// Set performs SET to update telemetry sharing settings.
-func (c *FwTelemetry) Set(e Settings) error {
-	var err error
-	_, fn := c.versioning()
-	c.con.LogAction("(set) telemetry settings")
-
-	path := c.xpath()
-	path = path[:len(path)-1]
-
-	_, err = c.con.Set(path, fn(e), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to update telemetry sharing settings.
-func (c *FwTelemetry) Edit(e Settings) error {
-	var err error
-	_, fn := c.versioning()
-	c.con.LogAction("(edit) telemetry settings")
-
-	path := c.xpath()
-
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes all telemetry sharing from the firewall.
-func (c *FwTelemetry) Delete() error {
-	c.con.LogAction("(delete) telemetry settings")
-	path := c.xpath()
-
-	_, err := c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for the FwTelemetry struct **/
-
-func (c *FwTelemetry) versioning() (normalizer, func(Settings) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwTelemetry) details(fn util.Retriever) (Settings, error) {
-	path := c.xpath()
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Settings{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwTelemetry) xpath() []string {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"system",
-		"update-schedule",
-		"statistics-service",
-	}
-}
diff --git a/dev/telemetry/testdata_test.go b/dev/telemetry/testdata_test.go
deleted file mode 100644
index b7efd1a7..00000000
--- a/dev/telemetry/testdata_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package telemetry
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"all no", version.Number{8, 0, 0, ""}, Config{}},
-		{"all yes", version.Number{8, 0, 0, ""}, Config{
-			ApplicationReports:             true,
-			ThreatPreventionReports:        true,
-			UrlReports:                     true,
-			FileTypeIdentificationReports:  true,
-			ThreatPreventionData:           true,
-			ThreatPreventionPacketCaptures: true,
-			ProductUsageStats:              true,
-			PassiveDnsMonitoring:           true,
-		}},
-		{"mix", version.Number{8, 0, 0, ""}, Config{
-			ApplicationReports:   true,
-			UrlReports:           true,
-			ThreatPreventionData: true,
-			ProductUsageStats:    true,
-		}},
-	}
-}
diff --git a/dev/vminfosource/const.go b/dev/vminfosource/const.go
deleted file mode 100644
index 9165ccc7..00000000
--- a/dev/vminfosource/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package vminfosource
-
-// Valid values for Entry.GoogleCloud.AuthType.
-const (
-	AuthTypeServiceInGce   = "service-in-gce"
-	AuthTypeServiceAccount = "service-account"
-)
-
-const (
-	singular = "vm information source"
-	plural   = "vm information sources"
-)
diff --git a/dev/vminfosource/doc.go b/dev/vminfosource/doc.go
deleted file mode 100644
index e7f6d50d..00000000
--- a/dev/vminfosource/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package vminfosource is the client.Device.VmInfoSource namespace.
-
-Normalized object:  Entry
-*/
-package vminfosource
diff --git a/dev/vminfosource/entry.go b/dev/vminfosource/entry.go
deleted file mode 100644
index a1128875..00000000
--- a/dev/vminfosource/entry.go
+++ /dev/null
@@ -1,544 +0,0 @@
-package vminfosource
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// VM information source.
-type Entry struct {
-	Name          string
-	AwsVpc        *AwsVpc
-	Esxi          *Esxi
-	Vcenter       *Vcenter
-	GoogleCompute *GoogleCompute // PAN-OS 8.1
-}
-
-type AwsVpc struct {
-	Description     string
-	Disabled        bool
-	Source          string
-	AccessKeyId     string
-	SecretAccessKey string // encrypted
-	UpdateInterval  int
-	EnableTimeout   bool
-	Timeout         int
-	VpcId           string
-}
-
-type Esxi struct {
-	Description    string
-	Port           int
-	Disabled       bool
-	EnableTimeout  bool
-	Timeout        int
-	Source         string
-	Username       string
-	Password       string // encrypted
-	UpdateInterval int
-}
-
-type Vcenter struct {
-	Description    string
-	Port           int
-	Disabled       bool
-	EnableTimeout  bool
-	Timeout        int
-	Source         string
-	Username       string
-	Password       string // encrypted
-	UpdateInterval int
-}
-
-type GoogleCompute struct {
-	Description              string
-	Disabled                 bool
-	AuthType                 string
-	ServiceAccountCredential string // encrypted
-	ProjectId                string
-	ZoneName                 string
-	UpdateInterval           int
-	EnableTimeout            bool
-	Timeout                  int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	if s.AwsVpc == nil {
-		o.AwsVpc = nil
-	} else {
-		s.AwsVpc = &AwsVpc{
-			Description:     s.AwsVpc.Description,
-			Disabled:        s.AwsVpc.Disabled,
-			Source:          s.AwsVpc.Source,
-			AccessKeyId:     s.AwsVpc.AccessKeyId,
-			SecretAccessKey: s.AwsVpc.SecretAccessKey,
-			UpdateInterval:  s.AwsVpc.UpdateInterval,
-			EnableTimeout:   s.AwsVpc.EnableTimeout,
-			Timeout:         s.AwsVpc.Timeout,
-			VpcId:           s.AwsVpc.VpcId,
-		}
-	}
-	if s.Esxi == nil {
-		o.Esxi = nil
-	} else {
-		s.Esxi = &Esxi{
-			Description:    s.Esxi.Description,
-			Port:           s.Esxi.Port,
-			Disabled:       s.Esxi.Disabled,
-			EnableTimeout:  s.Esxi.EnableTimeout,
-			Timeout:        s.Esxi.Timeout,
-			Source:         s.Esxi.Source,
-			Username:       s.Esxi.Username,
-			Password:       s.Esxi.Password,
-			UpdateInterval: s.Esxi.UpdateInterval,
-		}
-	}
-	if s.Vcenter == nil {
-		o.Vcenter = nil
-	} else {
-		s.Vcenter = &Vcenter{
-			Description:    s.Vcenter.Description,
-			Port:           s.Vcenter.Port,
-			Disabled:       s.Vcenter.Disabled,
-			EnableTimeout:  s.Vcenter.EnableTimeout,
-			Timeout:        s.Vcenter.Timeout,
-			Source:         s.Vcenter.Source,
-			Username:       s.Vcenter.Username,
-			Password:       s.Vcenter.Password,
-			UpdateInterval: s.Vcenter.UpdateInterval,
-		}
-	}
-	if s.GoogleCompute == nil {
-		o.GoogleCompute = nil
-	} else {
-		o.GoogleCompute = &GoogleCompute{
-			Description:              s.GoogleCompute.Description,
-			Disabled:                 s.GoogleCompute.Disabled,
-			AuthType:                 s.GoogleCompute.AuthType,
-			ServiceAccountCredential: s.GoogleCompute.ServiceAccountCredential,
-			ProjectId:                s.GoogleCompute.ProjectId,
-			ZoneName:                 s.GoogleCompute.ZoneName,
-			UpdateInterval:           s.GoogleCompute.UpdateInterval,
-			EnableTimeout:            s.GoogleCompute.EnableTimeout,
-			Timeout:                  s.GoogleCompute.Timeout,
-		}
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	AwsVpc  *vpc     `xml:"AWS-VPC"`
-	Esxi    *esxi    `xml:"VMware-ESXi"`
-	Vcenter *vcenter `xml:"VMware-vCenter"`
-}
-
-type vpc struct {
-	Description     string `xml:"description,omitempty"`
-	Disabled        string `xml:"disabled"`
-	Source          string `xml:"source"`
-	AccessKeyId     string `xml:"access-key-id"`
-	SecretAccessKey string `xml:"secret-access-key"`
-	UpdateInterval  int    `xml:"update-interval,omitempty"`
-	EnableTimeout   string `xml:"vm-info-timeout-enable"`
-	Timeout         int    `xml:"vm-info-timeout,omitempty"`
-	VpcId           string `xml:"vpc-id"`
-}
-
-func (e *vpc) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local vpc
-	ans := local{
-		UpdateInterval: 60,
-		Timeout:        2,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = vpc(ans)
-	return nil
-}
-
-type esxi struct {
-	Description    string `xml:"description,omitempty"`
-	Port           int    `xml:"port,omitempty"`
-	Disabled       string `xml:"disabled"`
-	EnableTimeout  string `xml:"vm-info-timeout-enable"`
-	Timeout        int    `xml:"vm-info-timeout,omitempty"`
-	Source         string `xml:"source"`
-	Username       string `xml:"username"`
-	Password       string `xml:"password"`
-	UpdateInterval int    `xml:"update-interval,omitempty"`
-}
-
-func (e *esxi) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local esxi
-	ans := local{
-		Port:           443,
-		Timeout:        2,
-		UpdateInterval: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = esxi(ans)
-	return nil
-}
-
-type vcenter struct {
-	Description    string `xml:"description,omitempty"`
-	Port           int    `xml:"port,omitempty"`
-	Disabled       string `xml:"disabled"`
-	EnableTimeout  string `xml:"vm-info-timeout-enable"`
-	Timeout        int    `xml:"vm-info-timeout,omitempty"`
-	Source         string `xml:"source"`
-	Username       string `xml:"username"`
-	Password       string `xml:"password"`
-	UpdateInterval int    `xml:"update-interval,omitempty"`
-}
-
-func (e *vcenter) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local vcenter
-	ans := local{
-		Port:           443,
-		Timeout:        2,
-		UpdateInterval: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = vcenter(ans)
-	return nil
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if e.AwsVpc != nil {
-		ans.AwsVpc = &vpc{
-			Description:     e.AwsVpc.Description,
-			Disabled:        util.YesNo(e.AwsVpc.Disabled),
-			Source:          e.AwsVpc.Source,
-			AccessKeyId:     e.AwsVpc.AccessKeyId,
-			SecretAccessKey: e.AwsVpc.SecretAccessKey,
-			UpdateInterval:  e.AwsVpc.UpdateInterval,
-			EnableTimeout:   util.YesNo(e.AwsVpc.EnableTimeout),
-			Timeout:         e.AwsVpc.Timeout,
-			VpcId:           e.AwsVpc.VpcId,
-		}
-	}
-
-	if e.Esxi != nil {
-		ans.Esxi = &esxi{
-			Description:    e.Esxi.Description,
-			Port:           e.Esxi.Port,
-			Disabled:       util.YesNo(e.Esxi.Disabled),
-			EnableTimeout:  util.YesNo(e.Esxi.EnableTimeout),
-			Timeout:        e.Esxi.Timeout,
-			Source:         e.Esxi.Source,
-			Username:       e.Esxi.Username,
-			Password:       e.Esxi.Password,
-			UpdateInterval: e.Esxi.UpdateInterval,
-		}
-	}
-
-	if e.Vcenter != nil {
-		ans.Vcenter = &vcenter{
-			Description:    e.Vcenter.Description,
-			Port:           e.Vcenter.Port,
-			Disabled:       util.YesNo(e.Vcenter.Disabled),
-			EnableTimeout:  util.YesNo(e.Vcenter.EnableTimeout),
-			Timeout:        e.Vcenter.Timeout,
-			Source:         e.Vcenter.Source,
-			Username:       e.Vcenter.Username,
-			Password:       e.Vcenter.Password,
-			UpdateInterval: e.Vcenter.UpdateInterval,
-		}
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: e.Name,
-	}
-
-	if e.AwsVpc != nil {
-		ans.AwsVpc = &AwsVpc{
-			Description:     e.AwsVpc.Description,
-			Disabled:        util.AsBool(e.AwsVpc.Disabled),
-			Source:          e.AwsVpc.Source,
-			AccessKeyId:     e.AwsVpc.AccessKeyId,
-			SecretAccessKey: e.AwsVpc.SecretAccessKey,
-			UpdateInterval:  e.AwsVpc.UpdateInterval,
-			EnableTimeout:   util.AsBool(e.AwsVpc.EnableTimeout),
-			Timeout:         e.AwsVpc.Timeout,
-			VpcId:           e.AwsVpc.VpcId,
-		}
-	}
-
-	if e.Esxi != nil {
-		ans.Esxi = &Esxi{
-			Description:    e.Esxi.Description,
-			Port:           e.Esxi.Port,
-			Disabled:       util.AsBool(e.Esxi.Disabled),
-			EnableTimeout:  util.AsBool(e.Esxi.EnableTimeout),
-			Timeout:        e.Esxi.Timeout,
-			Source:         e.Esxi.Source,
-			Username:       e.Esxi.Username,
-			Password:       e.Esxi.Password,
-			UpdateInterval: e.Esxi.UpdateInterval,
-		}
-	}
-
-	if e.Vcenter != nil {
-		ans.Vcenter = &Vcenter{
-			Description:    e.Vcenter.Description,
-			Port:           e.Vcenter.Port,
-			Disabled:       util.AsBool(e.Vcenter.Disabled),
-			EnableTimeout:  util.AsBool(e.Vcenter.EnableTimeout),
-			Timeout:        e.Vcenter.Timeout,
-			Source:         e.Vcenter.Source,
-			Username:       e.Vcenter.Username,
-			Password:       e.Vcenter.Password,
-			UpdateInterval: e.Vcenter.UpdateInterval,
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName       xml.Name       `xml:"entry"`
-	Name          string         `xml:"name,attr"`
-	AwsVpc        *vpc           `xml:"AWS-VPC"`
-	Esxi          *esxi          `xml:"VMware-ESXi"`
-	Vcenter       *vcenter       `xml:"VMware-vCenter"`
-	GoogleCompute *googleCompute `xml:"Google-Compute-Engine"`
-}
-
-type googleCompute struct {
-	Description    string `xml:"description,omitempty"`
-	Disabled       string `xml:"disabled"`
-	Auth           gcAuth `xml:"service-auth-type"`
-	ProjectId      string `xml:"project-id"`
-	ZoneName       string `xml:"zone-name"`
-	UpdateInterval int    `xml:"update-interval,omitempty"`
-	EnableTimeout  string `xml:"vm-info-timeout-enable"`
-	Timeout        int    `xml:"vm-info-timeout,omitempty"`
-}
-
-type gcAuth struct {
-	ServiceInGce   *string               `xml:"service-in-gce"`
-	ServiceAccount *gcAuthServiceAccount `xml:"service-account"`
-}
-
-type gcAuthServiceAccount struct {
-	ServiceAccountCredential string `xml:"service-account-cred"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	if e.AwsVpc != nil {
-		ans.AwsVpc = &vpc{
-			Description:     e.AwsVpc.Description,
-			Disabled:        util.YesNo(e.AwsVpc.Disabled),
-			Source:          e.AwsVpc.Source,
-			AccessKeyId:     e.AwsVpc.AccessKeyId,
-			SecretAccessKey: e.AwsVpc.SecretAccessKey,
-			UpdateInterval:  e.AwsVpc.UpdateInterval,
-			EnableTimeout:   util.YesNo(e.AwsVpc.EnableTimeout),
-			Timeout:         e.AwsVpc.Timeout,
-			VpcId:           e.AwsVpc.VpcId,
-		}
-	}
-
-	if e.Esxi != nil {
-		ans.Esxi = &esxi{
-			Description:    e.Esxi.Description,
-			Port:           e.Esxi.Port,
-			Disabled:       util.YesNo(e.Esxi.Disabled),
-			EnableTimeout:  util.YesNo(e.Esxi.EnableTimeout),
-			Timeout:        e.Esxi.Timeout,
-			Source:         e.Esxi.Source,
-			Username:       e.Esxi.Username,
-			Password:       e.Esxi.Password,
-			UpdateInterval: e.Esxi.UpdateInterval,
-		}
-	}
-
-	if e.Vcenter != nil {
-		ans.Vcenter = &vcenter{
-			Description:    e.Vcenter.Description,
-			Port:           e.Vcenter.Port,
-			Disabled:       util.YesNo(e.Vcenter.Disabled),
-			EnableTimeout:  util.YesNo(e.Vcenter.EnableTimeout),
-			Timeout:        e.Vcenter.Timeout,
-			Source:         e.Vcenter.Source,
-			Username:       e.Vcenter.Username,
-			Password:       e.Vcenter.Password,
-			UpdateInterval: e.Vcenter.UpdateInterval,
-		}
-	}
-
-	if e.GoogleCompute != nil {
-		ans.GoogleCompute = &googleCompute{
-			Description:    e.GoogleCompute.Description,
-			Disabled:       util.YesNo(e.GoogleCompute.Disabled),
-			ProjectId:      e.GoogleCompute.ProjectId,
-			ZoneName:       e.GoogleCompute.ZoneName,
-			UpdateInterval: e.GoogleCompute.UpdateInterval,
-			EnableTimeout:  util.YesNo(e.GoogleCompute.EnableTimeout),
-			Timeout:        e.GoogleCompute.Timeout,
-		}
-
-		switch e.GoogleCompute.AuthType {
-		case AuthTypeServiceInGce:
-			s := ""
-			ans.GoogleCompute.Auth.ServiceInGce = &s
-		case AuthTypeServiceAccount:
-			ans.GoogleCompute.Auth.ServiceAccount = &gcAuthServiceAccount{
-				ServiceAccountCredential: e.GoogleCompute.ServiceAccountCredential,
-			}
-		}
-	}
-
-	return ans
-}
-
-func (e *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name: e.Name,
-	}
-
-	if e.AwsVpc != nil {
-		ans.AwsVpc = &AwsVpc{
-			Description:     e.AwsVpc.Description,
-			Disabled:        util.AsBool(e.AwsVpc.Disabled),
-			Source:          e.AwsVpc.Source,
-			AccessKeyId:     e.AwsVpc.AccessKeyId,
-			SecretAccessKey: e.AwsVpc.SecretAccessKey,
-			UpdateInterval:  e.AwsVpc.UpdateInterval,
-			EnableTimeout:   util.AsBool(e.AwsVpc.EnableTimeout),
-			Timeout:         e.AwsVpc.Timeout,
-			VpcId:           e.AwsVpc.VpcId,
-		}
-	}
-
-	if e.Esxi != nil {
-		ans.Esxi = &Esxi{
-			Description:    e.Esxi.Description,
-			Port:           e.Esxi.Port,
-			Disabled:       util.AsBool(e.Esxi.Disabled),
-			EnableTimeout:  util.AsBool(e.Esxi.EnableTimeout),
-			Timeout:        e.Esxi.Timeout,
-			Source:         e.Esxi.Source,
-			Username:       e.Esxi.Username,
-			Password:       e.Esxi.Password,
-			UpdateInterval: e.Esxi.UpdateInterval,
-		}
-	}
-
-	if e.Vcenter != nil {
-		ans.Vcenter = &Vcenter{
-			Description:    e.Vcenter.Description,
-			Port:           e.Vcenter.Port,
-			Disabled:       util.AsBool(e.Vcenter.Disabled),
-			EnableTimeout:  util.AsBool(e.Vcenter.EnableTimeout),
-			Timeout:        e.Vcenter.Timeout,
-			Source:         e.Vcenter.Source,
-			Username:       e.Vcenter.Username,
-			Password:       e.Vcenter.Password,
-			UpdateInterval: e.Vcenter.UpdateInterval,
-		}
-	}
-
-	if e.GoogleCompute != nil {
-		ans.GoogleCompute = &GoogleCompute{
-			Description:    e.GoogleCompute.Description,
-			Disabled:       util.AsBool(e.GoogleCompute.Disabled),
-			ProjectId:      e.GoogleCompute.ProjectId,
-			ZoneName:       e.GoogleCompute.ZoneName,
-			UpdateInterval: e.GoogleCompute.UpdateInterval,
-			EnableTimeout:  util.AsBool(e.GoogleCompute.EnableTimeout),
-			Timeout:        e.GoogleCompute.Timeout,
-		}
-
-		switch {
-		case e.GoogleCompute.Auth.ServiceInGce != nil:
-			ans.GoogleCompute.AuthType = AuthTypeServiceInGce
-		case e.GoogleCompute.Auth.ServiceAccount != nil:
-			ans.GoogleCompute.AuthType = AuthTypeServiceAccount
-			ans.GoogleCompute.ServiceAccountCredential = e.GoogleCompute.Auth.ServiceAccount.ServiceAccountCredential
-		}
-	}
-
-	return ans
-}
diff --git a/dev/vminfosource/funcs.go b/dev/vminfosource/funcs.go
deleted file mode 100644
index 8c2dfe02..00000000
--- a/dev/vminfosource/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package vminfosource
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/dev/vminfosource/fw.go b/dev/vminfosource/fw.go
deleted file mode 100644
index f30e3ad8..00000000
--- a/dev/vminfosource/fw.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package vminfosource
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Device.VmInfoSource namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"vm-info-source",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/vminfosource/fw_test.go b/dev/vminfosource/fw_test.go
deleted file mode 100644
index 252701d8..00000000
--- a/dev/vminfosource/fw_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package vminfosource
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestAwsVpcDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="jack">
-    <AWS-VPC>
-        <description>hi</description>
-    </AWS-VPC>
-</entry>
-`)
-	ans, err := ns.Get("vsys1", "jack")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if ans.AwsVpc == nil {
-		t.Errorf("AwsVpc is nil")
-	} else if ans.AwsVpc.Description != "hi" {
-		t.Errorf("AwsVpc description is %q, not \"hi\"", ans.AwsVpc.Description)
-	} else if ans.AwsVpc.UpdateInterval != 60 {
-		t.Errorf("AwsVpc update interval is %d", ans.AwsVpc.UpdateInterval)
-	} else if ans.AwsVpc.Timeout != 2 {
-		t.Errorf("AwsVpc timeout is %d", ans.AwsVpc.Timeout)
-	}
-}
-
-func TestEsxiDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="jack">
-    <VMware-ESXi>
-        <description>hi</description>
-    </VMware-ESXi>
-</entry>
-`)
-	ans, err := ns.Get("vsys1", "jack")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if ans.Esxi == nil {
-		t.Errorf("Esxi is nil")
-	} else if ans.Esxi.Description != "hi" {
-		t.Errorf("Esxi description is %q, not \"hi\"", ans.Esxi.Description)
-	} else if ans.Esxi.Port != 443 {
-		t.Errorf("Esxi port is %d", ans.Esxi.Port)
-	} else if ans.Esxi.UpdateInterval != 5 {
-		t.Errorf("Esxi update interval is %d", ans.Esxi.UpdateInterval)
-	} else if ans.Esxi.Timeout != 2 {
-		t.Errorf("Esxi timeout is %d", ans.Esxi.Timeout)
-	}
-}
-
-func TestVcenterDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="jack">
-    <VMware-vCenter>
-        <description>hi</description>
-    </VMware-vCenter>
-</entry>
-`)
-	ans, err := ns.Get("vsys1", "jack")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if ans.Vcenter == nil {
-		t.Errorf("Vcenter is nil")
-	} else if ans.Vcenter.Description != "hi" {
-		t.Errorf("Vcenter description is %q, not \"hi\"", ans.Vcenter.Description)
-	} else if ans.Vcenter.Port != 443 {
-		t.Errorf("Vcenter port is %d", ans.Vcenter.Port)
-	} else if ans.Vcenter.UpdateInterval != 5 {
-		t.Errorf("Vcenter update interval is %d", ans.Vcenter.UpdateInterval)
-	} else if ans.Vcenter.Timeout != 2 {
-		t.Errorf("Vcenter timeout is %d", ans.Vcenter.Timeout)
-	}
-}
diff --git a/dev/vminfosource/pano.go b/dev/vminfosource/pano.go
deleted file mode 100644
index a1e2969f..00000000
--- a/dev/vminfosource/pano.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package vminfosource
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Device.VmInfoSource namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"vm-info-source",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/dev/vminfosource/pano_test.go b/dev/vminfosource/pano_test.go
deleted file mode 100644
index 4f9e41a1..00000000
--- a/dev/vminfosource/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package vminfosource
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/dev/vminfosource/testdata_test.go b/dev/vminfosource/testdata_test.go
deleted file mode 100644
index 7cfda9f1..00000000
--- a/dev/vminfosource/testdata_test.go
+++ /dev/null
@@ -1,211 +0,0 @@
-package vminfosource
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 vpc disabled", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			AwsVpc: &AwsVpc{
-				Description:     "description",
-				Disabled:        true,
-				Source:          "source",
-				AccessKeyId:     "accesskeyid",
-				SecretAccessKey: "secret",
-				UpdateInterval:  5,
-				EnableTimeout:   false,
-				Timeout:         6,
-				VpcId:           "vpcid",
-			},
-		}},
-		{"v1 vpc enable timeout", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			AwsVpc: &AwsVpc{
-				Description:     "description",
-				Disabled:        false,
-				Source:          "source",
-				AccessKeyId:     "accesskeyid",
-				SecretAccessKey: "secret",
-				UpdateInterval:  5,
-				EnableTimeout:   true,
-				Timeout:         6,
-				VpcId:           "vpcid",
-			},
-		}},
-		{"v1 esxi disabled", version.Number{6, 1, 0, ""}, Entry{
-			Name: "name",
-			Esxi: &Esxi{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       true,
-				EnableTimeout:  false,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v1 esxi enable timeout", version.Number{6, 1, 0, ""}, Entry{
-			Name: "name",
-			Esxi: &Esxi{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       false,
-				EnableTimeout:  true,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v1 vcenter disabled", version.Number{6, 1, 0, ""}, Entry{
-			Name: "name",
-			Vcenter: &Vcenter{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       true,
-				EnableTimeout:  false,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v1 vcenter enable timeout", version.Number{6, 1, 0, ""}, Entry{
-			Name: "name",
-			Vcenter: &Vcenter{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       false,
-				EnableTimeout:  true,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v2 vpc disabled", version.Number{8, 1, 0, ""}, Entry{
-			Name: "one",
-			AwsVpc: &AwsVpc{
-				Description:     "description",
-				Disabled:        true,
-				Source:          "source",
-				AccessKeyId:     "accesskeyid",
-				SecretAccessKey: "secret",
-				UpdateInterval:  5,
-				EnableTimeout:   false,
-				Timeout:         6,
-				VpcId:           "vpcid",
-			},
-		}},
-		{"v2 vpc enable timeout", version.Number{8, 1, 0, ""}, Entry{
-			Name: "one",
-			AwsVpc: &AwsVpc{
-				Description:     "description",
-				Disabled:        false,
-				Source:          "source",
-				AccessKeyId:     "accesskeyid",
-				SecretAccessKey: "secret",
-				UpdateInterval:  5,
-				EnableTimeout:   true,
-				Timeout:         6,
-				VpcId:           "vpcid",
-			},
-		}},
-		{"v2 esxi disabled", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			Esxi: &Esxi{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       true,
-				EnableTimeout:  false,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v2 esxi enable timeout", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			Esxi: &Esxi{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       false,
-				EnableTimeout:  true,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v2 vcenter disabled", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			Vcenter: &Vcenter{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       true,
-				EnableTimeout:  false,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v2 vcenter enable timeout", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			Vcenter: &Vcenter{
-				Description:    "desc",
-				Port:           8443,
-				Disabled:       false,
-				EnableTimeout:  true,
-				Timeout:        5,
-				Source:         "src",
-				Username:       "user",
-				Password:       "passwd",
-				UpdateInterval: 6,
-			},
-		}},
-		{"v2 google compute disabled service in gce", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			GoogleCompute: &GoogleCompute{
-				Description:    "desc",
-				Disabled:       true,
-				AuthType:       AuthTypeServiceInGce,
-				ProjectId:      "proj",
-				ZoneName:       "zone",
-				UpdateInterval: 6,
-				EnableTimeout:  false,
-				Timeout:        5,
-			},
-		}},
-		{"v2 google compute enable timeout service account", version.Number{8, 1, 0, ""}, Entry{
-			Name: "name",
-			GoogleCompute: &GoogleCompute{
-				Description:              "desc",
-				Disabled:                 false,
-				AuthType:                 AuthTypeServiceAccount,
-				ServiceAccountCredential: "creds json",
-				ProjectId:                "proj",
-				ZoneName:                 "zone",
-				UpdateInterval:           6,
-				EnableTimeout:            true,
-				Timeout:                  5,
-			},
-		}},
-	}
-}
diff --git a/doc.go b/doc.go
deleted file mode 100644
index a24f6889..00000000
--- a/doc.go
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
-Package pango is a golang cross version mechanism for interacting with Palo Alto
-Networks devices (including physical and virtualized Next-generation Firewalls
-and Panorama).  Versioning support is in place for PAN-OS 6.1 and up.
-
-To start, create a client connection with the desired parameters and then
-initialize the connection:
-
-    package main
-
-    import (
-        "log"
-        "github.com/PaloAltoNetworks/pango"
-    )
-
-    func main() {
-        var err error
-        c := pango.Firewall{Client: pango.Client{
-            Hostname: "127.0.0.1",
-            Username: "admin",
-            Password: "admin",
-            Logging: pango.LogAction | pango.LogOp,
-        }}
-        if err = c.Initialize(); err != nil {
-            log.Printf("Failed to initialize client: %s", err)
-            return
-        }
-        log.Printf("Initialize ok")
-    }
-
-Initializing the connection creates the API key (if it was not already
-specified), then performs "show system info" to get the PAN-OS version.  Once
-the firewall client is created, you can query and configure the Palo
-Alto Networks device from the functions inside the various namespaces of the
-client connection.  Namespaces correspond to the various configuration areas
-available in the GUI.  For example:
-
-    err = c.Network.EthernetInterface.Set(...)
-    myPolicies, err := c.Policies.Security.GetList(...)
-
-Generally speaking, there are the following functions inside each namespace:
-
-    * Get / GetList / GetAll
-    * Show / ShowList / ShowAll
-    * Set
-    * Edit
-    * Delete
-
-These functions correspond with PAN-OS Get, Show, Set, Edit, and
-Delete API calls.  Get(), Set(), and Edit() take and return normalized,
-version independent objects.  These version safe objects are typically named
-Entry, which corresponds to how the object is placed in the PAN-OS XPATH.
-
-Some Entry objects have a special function, Defaults().  Invoking this
-function will initialize the object with some default values.  Each Entry
-that implements Defaults() calls out in its documentation what parameters
-are affected by this, and what the defaults are.
-
-For any version safe object, attempting to configure a parameter that your
-PAN-OS doesn't support will be safely ignored in the resultant XML sent to the
-firewall / Panorama.
-
-
-Loading PAN-OS Config
-
-A PAN-OS configuration can be loaded from a PAN-OS device using `RetrievePanosConfig()`
-to pull it from a live device or `LoadPanosConfig()` if already in local memory.  Once
-it's been loaded, use `FromPanosConfig()` for singletons and `AllFromPanosConfig()`
-for slices of normalized objects from the loaded config.
-
-You can also use this file load and config retrieval to do offline inspection of the
-config, just make sure to set `pango.Client.Version` to the appropriate PAN-OS
-version so the version normalization can take place.
-
-
-Using Edit Functions
-
-The PAN-OS XML API Edit command can be used to both create as well as update
-existing config, however it can also truncate config for the given XPATH.  Due
-to this, if you want to use Edit(), you need to make sure that you perform
-either a Get() or a Show() first, make your modification, then invoke
-Edit() using that object.  If you don't do this, you will truncate any sub
-config.
-
-To learn more about PAN-OS XML API, please refer to the Palo Alto Netowrks
-API documentation.
-
-
-XPATHs
-
-Functions such as `panos.Client.Set`, `panos.Client.Edit`, and `panos.Client.Delete`
-take a parameter named `path`.  This path can be either a fully formed XPATH as a
-string or a list of strings such as `[]string{"config", "shared", "address"}`.  The
-grand majority of namespaces give their paths as a list of strings, as the XPATH
-oftentimes needs to be tweaked depending on SET vs EDIT, single objects vs
-multiple objects, etc, so handling path updates is easier this way.
-*/
-package pango
diff --git a/example_addressgroup_test.go b/example_addressgroup_test.go
deleted file mode 100644
index d48247eb..00000000
--- a/example_addressgroup_test.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package pango_test
-
-import (
-	"log"
-
-	"github.com/PaloAltoNetworks/pango"
-	"github.com/PaloAltoNetworks/pango/commit"
-	"github.com/PaloAltoNetworks/pango/objs/addr"
-	"github.com/PaloAltoNetworks/pango/objs/addrgrp"
-	"github.com/PaloAltoNetworks/pango/poli/security"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Example_createAddressGroup is a Panorama example on how to create/delete a
-// security policy with the associated address group and addresses
-func Example_createAddressGroup() {
-	var deviceGroup = "MyDeviceGroup"
-	var tags = []string{"sometag"}
-	var err error
-
-	pan := &pango.Panorama{Client: pango.Client{
-		Hostname: "192.168.1.1",
-		Username: "admin",
-		Password: "admin",
-		Logging:  pango.LogAction | pango.LogOp,
-	}}
-	if err = pan.Initialize(); err != nil {
-		log.Panic(err)
-		return
-	}
-
-	// Create the addresses, address group and security policy
-	addr1 := addr.Entry{
-		Name:        "SampleAddress1",
-		Value:       "10.192.226.101/32",
-		Type:        addr.IpNetmask,
-		Description: "First address of a sample address group",
-		Tags:        tags,
-	}
-	if err = pan.Objects.Address.Set(deviceGroup, addr1); err != nil {
-		log.Panic(err)
-	}
-
-	addr2 := addr.Entry{
-		Name:        "SampleAddress2",
-		Value:       "10.192.226.102/32",
-		Type:        addr.IpNetmask,
-		Description: "Second address of a sample address group",
-		Tags:        tags,
-	}
-	if err = pan.Objects.Address.Set(deviceGroup, addr2); err != nil {
-		log.Panic(err)
-	}
-
-	ag := addrgrp.Entry{
-		Name:            "SampleAddressGroup",
-		Description:     "This in an example on how to use address groups",
-		StaticAddresses: []string{addr1.Name, addr2.Name},
-		Tags:            tags,
-	}
-	if err = pan.Objects.AddressGroup.Set(deviceGroup, ag); err != nil {
-		log.Panic(err)
-	}
-
-	securityPolicy := security.Entry{
-		Name:                 "SamplePolicy",
-		Description:          "This is where the request number goes",
-		Tags:                 tags,
-		SourceZones:          []string{"CORPEXT"},
-		SourceAddresses:      []string{"any"},
-		DestinationZones:     []string{"CORPDMZ"},
-		DestinationAddresses: []string{ag.Name},
-		Applications:         []string{"ssl"},
-		Services:             []string{"application-default"},
-		LogSetting:           "Standard-Logging",
-		Group:                "Corp_Default",
-	}
-	securityPolicy.Defaults()
-
-	if err = pan.Policies.Security.VerifiableSet(deviceGroup, util.PreRulebase, securityPolicy); err != nil {
-		log.Panic(err)
-	}
-
-	panCommit := commit.PanoramaCommit{
-		Description:  "Created example address group",
-		Admins:       nil,
-		DeviceGroups: []string{deviceGroup},
-	}
-
-	resp, bytes, err := pan.Commit(panCommit, "", nil)
-	if err != nil {
-		log.Panic(err)
-	}
-	log.Printf("Job ID: %v\n", resp)
-	log.Printf("Response XML: %v\n", string(bytes))
-
-	// Delete the addresses, address group and security policy
-	// Note that the Delete function can take their respective enty structs, or just a string with the name as shown below
-	if err = pan.Policies.Security.Delete(deviceGroup, util.PreRulebase, securityPolicy.Name); err != nil {
-		log.Panic(err)
-	}
-	if err = pan.Objects.AddressGroup.Delete(deviceGroup, ag.Name); err != nil {
-		log.Panic(err)
-	}
-	if err = pan.Objects.Address.Delete(deviceGroup, addr1.Name); err != nil {
-		log.Panic(err)
-	}
-	if err = pan.Objects.Address.Delete(deviceGroup, addr2.Name); err != nil {
-		log.Panic(err)
-	}
-
-	panCommit = commit.PanoramaCommit{
-		Description:  "Deleted sample address group",
-		Admins:       nil,
-		DeviceGroups: []string{deviceGroup},
-	}
-
-	resp, bytes, err = pan.Commit(panCommit, "", nil)
-	if err != nil {
-		log.Panic(err)
-	}
-	log.Printf("Job ID: %v\n", resp)
-	log.Printf("Response XML: %v\n", string(bytes))
-
-}
diff --git a/example_firewall_commit_test.go b/example_firewall_commit_test.go
deleted file mode 100644
index c9e2d027..00000000
--- a/example_firewall_commit_test.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package pango_test
-
-import (
-	"flag"
-	"log"
-	"strings"
-	"time"
-
-	"github.com/PaloAltoNetworks/pango"
-	"github.com/PaloAltoNetworks/pango/commit"
-)
-
-func Example_firewallCommit() {
-	var (
-		err                                                      error
-		configFile, hostname, username, password, apiKey, admins string
-		edan, eso, epao, force                                   bool
-		jobId                                                    uint
-		sleep                                                    int64
-		timeout                                                  int
-	)
-
-	log.SetFlags(log.Ldate | log.Ltime | log.Lmicroseconds)
-
-	flag.StringVar(&configFile, "config", "", "JSON config file with panos connection info")
-	flag.StringVar(&hostname, "host", "", "PAN-OS hostname")
-	flag.StringVar(&username, "user", "", "PAN-OS username")
-	flag.StringVar(&password, "pass", "", "PAN-OS password")
-	flag.StringVar(&apiKey, "key", "", "PAN-OS API key")
-	flag.StringVar(&admins, "admins", "", "CSV of specific admins for partial config commit")
-	flag.BoolVar(&edan, "exclude-device-and-network", false, "Exclude device and network")
-	flag.BoolVar(&eso, "exclude-shared-objects", false, "Exclude shared objects")
-	flag.BoolVar(&epao, "exclude-policy-and-objects", false, "Exclude policy and objects")
-	flag.BoolVar(&force, "force", false, "Force a commit even if one isn't needed")
-	flag.Int64Var(&sleep, "sleep", 0, "Seconds to sleep between checks for commit completion")
-	flag.IntVar(&timeout, "timeout", 10, "The timeout for all PAN-OS API calls")
-	flag.Parse()
-
-	// Connect to the firewall.
-	fw := &pango.Firewall{Client: pango.Client{
-		Hostname: hostname,
-		Username: username,
-		Password: password,
-		ApiKey:   apiKey,
-		Logging:  pango.LogOp | pango.LogAction,
-		Timeout:  timeout,
-	}}
-	if err = fw.InitializeUsing(configFile, true); err != nil {
-		log.Fatalf("Failed: %s", err)
-	}
-
-	// Build the commit to be performed.
-	cmd := commit.FirewallCommit{
-		Description:             flag.Arg(0),
-		ExcludeDeviceAndNetwork: edan,
-		ExcludeSharedObjects:    eso,
-		ExcludePolicyAndObjects: epao,
-		Force:                   force,
-	}
-	admins = strings.TrimSpace(admins)
-	if admins != "" {
-		cmd.Admins = strings.Split(admins, ",")
-	}
-
-	sd := time.Duration(sleep) * time.Second
-
-	// Perform the commit
-	jobId, _, err = fw.Commit(cmd, "", nil)
-	if err != nil {
-		log.Fatalf("Error in commit: %s", err)
-	} else if jobId == 0 {
-		log.Printf("No commit needed")
-	} else if err = fw.WaitForJob(jobId, sd, nil, nil); err != nil {
-		log.Printf("Error in commit: %s", err)
-	} else {
-		log.Printf("Committed config successfully")
-	}
-}
diff --git a/example_info_test.go b/example_info_test.go
deleted file mode 100644
index 9083b9d3..00000000
--- a/example_info_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package pango_test
-
-import (
-	"encoding/json"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango"
-)
-
-// About is a struct to hold information about the given PAN-OS device.
-type About struct {
-	Hostname string `json:"hostname"`
-	Type     string `json:"type"`
-	Model    string `json:"model"`
-	Version  string `json:"version"`
-	Serial   string `json:"serial"`
-}
-
-// ExamplePanosInfo outputs various info about a PAN-OS device as
-// JSON.
-func Example_outputApiKey() {
-	var out About
-
-	conInfo := pango.Client{
-		Hostname: "192.168.1.1",
-		Username: "admin",
-		Password: "admin",
-		Logging:  pango.LogQuiet,
-	}
-
-	con, err := pango.Connect(conInfo)
-	if err != nil {
-		return
-	}
-
-	switch x := con.(type) {
-	case *pango.Firewall:
-		out = About{
-			Hostname: x.Hostname,
-			Type:     "NGFW",
-			Model:    x.SystemInfo["model"],
-			Version:  x.Version.String(),
-			Serial:   x.SystemInfo["serial"],
-		}
-	case *pango.Panorama:
-		out = About{
-			Hostname: x.Hostname,
-			Type:     "Panorama",
-			Model:    x.SystemInfo["model"],
-			Version:  x.Version.String(),
-			Serial:   x.SystemInfo["serial"],
-		}
-	}
-
-	b, err := json.Marshal(out)
-	if err != nil {
-		return
-	}
-
-	fmt.Printf("%s\n", b)
-}
diff --git a/example_interface_test.go b/example_interface_test.go
deleted file mode 100644
index 2897ad60..00000000
--- a/example_interface_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package pango_test
-
-import (
-	"log"
-
-	"github.com/PaloAltoNetworks/pango"
-	"github.com/PaloAltoNetworks/pango/netw/interface/eth"
-)
-
-// ExampleCreateInterface demonstrates how to use pango to create an interface
-// if the interface is not already configured.
-func Example_createInterface() {
-	var err error
-
-	// Connect to the firewall.
-	fw := pango.Firewall{Client: pango.Client{
-		Hostname: "192.168.1.1",
-		Username: "admin",
-		Password: "admin",
-	}}
-
-	// Connect to the firewall and verify authentication params.
-	if err = fw.Initialize(); err != nil {
-		log.Fatalf("Failed to connect to %s: %s", fw.Hostname, err)
-	}
-
-	// Define the ethernet interface we want to configure.
-	e := eth.Entry{
-		Name:      "ethernet1/7",
-		Mode:      "layer3",
-		Comment:   "Made by pango",
-		StaticIps: []string{"10.1.1.1/24", "10.2.1.1/24"},
-	}
-
-	// If the interface is already present, leave it alone.
-	ethList, err := fw.Network.EthernetInterface.GetList()
-	if err != nil {
-		log.Fatalf("Failed to get interface listing: %s", err)
-	}
-	for i := range ethList {
-		if ethList[i] == e.Name {
-			log.Printf("Interface %q already exists, quitting.", e.Name)
-			return
-		}
-	}
-
-	// Since the interface is not present, configure it.
-	if err = fw.Network.EthernetInterface.Set("vsys1", e); err != nil {
-		log.Fatalf("Failed to create %q: %s", e.Name, err)
-	}
-	log.Printf("Created %q ok", e.Name)
-}
diff --git a/fw.go b/fw.go
deleted file mode 100644
index d33567e4..00000000
--- a/fw.go
+++ /dev/null
@@ -1,174 +0,0 @@
-package pango
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-
-	// Various namespace imports.
-	"github.com/PaloAltoNetworks/pango/dev"
-	"github.com/PaloAltoNetworks/pango/licen"
-	"github.com/PaloAltoNetworks/pango/netw"
-	"github.com/PaloAltoNetworks/pango/objs"
-	"github.com/PaloAltoNetworks/pango/panosplugin"
-	"github.com/PaloAltoNetworks/pango/poli"
-	"github.com/PaloAltoNetworks/pango/predefined"
-	"github.com/PaloAltoNetworks/pango/userid"
-	"github.com/PaloAltoNetworks/pango/vsys"
-)
-
-// Firewall is a firewall specific client, providing version safe functions
-// for the PAN-OS Xpath API methods.  After creating the object, invoke
-// Initialize() to prepare it for use.
-//
-// It has the following namespaces:
-//      * Predefined
-//      * Network
-//      * Device
-//      * Policies
-//      * Objects
-//      * Licensing
-//      * UserId
-type Firewall struct {
-	Client
-
-	// Namespaces
-	Predefined  *predefined.Firewall
-	Network     *netw.Firewall
-	Device      *dev.Firewall
-	Policies    *poli.Firewall
-	Objects     *objs.FwObjs
-	Licensing   *licen.Licen
-	UserId      *userid.UserId
-	Vsys        *vsys.Firewall
-	PanosPlugin *panosplugin.Firewall
-}
-
-// Initialize does some initial setup of the Firewall connection, retrieves
-// the API key if it was not already present, then performs "show system
-// info" to get the PAN-OS version.  The full results are saved into the
-// client's SystemInfo map.
-//
-// If not specified, the following is assumed:
-//  * Protocol: https
-//  * Port: (unspecified)
-//  * Timeout: 10
-//  * Logging: LogAction | LogUid
-func (c *Firewall) Initialize() error {
-	if len(c.rb) == 0 {
-		var e error
-
-		if e = c.initCon(); e != nil {
-			return e
-		} else if e = c.initApiKey(); e != nil {
-			return e
-		} else if e = c.initSystemInfo(); e != nil {
-			return e
-		}
-		if c.Version.Gte(version.Number{9, 0, 0, ""}) {
-			c.initPlugins()
-		}
-	} else {
-		c.Hostname = "localhost"
-		c.ApiKey = "password"
-	}
-	c.initNamespaces()
-
-	return nil
-}
-
-// InitializeUsing does Initialize(), but takes in a filename that contains
-// fallback authentication credentials if they aren't specified.
-//
-// The order of preference for auth / connection settings is:
-//
-// * explicitly set
-// * environment variable (set chkenv to true to enable this)
-// * json file
-func (c *Firewall) InitializeUsing(filename string, chkenv bool) error {
-	c.CheckEnvironment = chkenv
-	c.credsFile = filename
-
-	return c.Initialize()
-}
-
-// GetDhcpInfo returns the DHCP client information about the given interface.
-func (c *Firewall) GetDhcpInfo(i string) (map[string]string, error) {
-	c.LogOp("(op) show dhcp client state %q", i)
-
-	type ireq struct {
-		XMLName xml.Name `xml:"show"`
-		Val     string   `xml:"dhcp>client>state"`
-	}
-
-	type ireq_ans struct {
-		Interface  string `xml:"result>entry>interface"`
-		State      string `xml:"result>entry>state"`
-		Ip         string `xml:"result>entry>ip"`
-		Gateway    string `xml:"result>entry>gw"`
-		Server     string `xml:"result>entry>server"`
-		ServerId   string `xml:"result>entry>server-id"`
-		Dns1       string `xml:"result>entry>dns1"`
-		Dns2       string `xml:"result>entry>dns2"`
-		Wins1      string `xml:"result>entry>wins1"`
-		Wins2      string `xml:"result>entry>wins2"`
-		Nis1       string `xml:"result>entry>nis1"`
-		Nis2       string `xml:"result>entry>nis2"`
-		Ntp1       string `xml:"result>entry>ntp1"`
-		Ntp2       string `xml:"result>entry>ntp2"`
-		Pop3Server string `xml:"result>entry>pop3"`
-		SmtpServer string `xml:"result>entry>smtp"`
-		DnsSuffix  string `xml:"result>entry>dns-suffix"`
-	}
-
-	req := ireq{Val: i}
-	ans := ireq_ans{}
-
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		return nil, err
-	}
-
-	return map[string]string{
-		"interface":      ans.Interface,
-		"state":          ans.State,
-		"ip":             ans.Ip,
-		"gateway":        ans.Gateway,
-		"server":         ans.Server,
-		"server_id":      ans.ServerId,
-		"primary_dns":    ans.Dns1,
-		"secondary_dns":  ans.Dns2,
-		"primary_wins":   ans.Wins1,
-		"secondary_wins": ans.Wins2,
-		"primary_nis":    ans.Nis1,
-		"secondary_nis":  ans.Nis2,
-		"primary_ntp":    ans.Ntp1,
-		"secondary_ntp":  ans.Ntp2,
-		"pop3_server":    ans.Pop3Server,
-		"smtp_server":    ans.SmtpServer,
-		"dns_suffix":     ans.DnsSuffix,
-	}, nil
-}
-
-/** Private functions **/
-
-func (c *Firewall) initNamespaces() {
-	c.Predefined = predefined.FirewallNamespace(c)
-
-	c.Network = netw.FirewallNamespace(c)
-
-	c.Device = dev.FirewallNamespace(c)
-
-	c.Policies = poli.FirewallNamespace(c)
-
-	c.Objects = &objs.FwObjs{}
-	c.Objects.Initialize(c)
-
-	c.Licensing = &licen.Licen{}
-	c.Licensing.Initialize(c)
-
-	c.UserId = &userid.UserId{}
-	c.UserId.Initialize(c)
-
-	c.Vsys = vsys.FirewallNamespace(c)
-	c.PanosPlugin = panosplugin.FirewallNamespace(c)
-}
diff --git a/licen/licen.go b/licen/licen.go
deleted file mode 100644
index 590d23a1..00000000
--- a/licen/licen.go
+++ /dev/null
@@ -1,158 +0,0 @@
-// Package licen is the client.Licensing namespace.
-package licen
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Licen is the client.Licensing namespace.
-type Licen struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked on client.Initialize().
-func (c *Licen) Initialize(i util.XapiClient) {
-	c.con = i
-}
-
-// Current returns the licenses currently installed.
-func (c *Licen) Current() ([]util.License, error) {
-	type lic_req struct {
-		XMLName xml.Name `xml:"request"`
-		Cmd     string   `xml:"license>info"`
-	}
-
-	c.con.LogOp("(op) request license info")
-	return c.returnLicenseList(lic_req{})
-}
-
-// Fetch fetches licenses from the license server.
-func (c *Licen) Fetch() ([]util.License, error) {
-	type fetch struct {
-		XMLName xml.Name `xml:"request"`
-		Cmd     string   `xml:"license>fetch"`
-	}
-
-	c.con.LogOp("(op) request license fetch")
-	return c.returnLicenseList(fetch{})
-}
-
-// Activate updates a license using the given auth code.
-func (c *Licen) Activate(auth string) error {
-	type auth_req struct {
-		XMLName xml.Name `xml:"request"`
-		Code    string   `xml:"license>fetch>auth-code"`
-	}
-
-	c.con.LogOp("(op) request license fetch auth-code \"********\"")
-	body, err := c.con.Op(auth_req{Code: auth}, "", nil, nil)
-	if err != nil {
-		if string(body) == "VM Device License installed. Restarting pan services." {
-			return nil
-		}
-	}
-
-	return err
-}
-
-// Deactivate removes all licenses from a firewall.
-//
-// In order for this function to work, the following must be true:
-//
-//   * PAN-OS 7.1 or later
-//   * PAN-OS has connectivity to the Palo Alto Networks support server
-//   * Check server identity is enabled
-//   * The licensing API key has been installed
-func (c *Licen) Deactivate() error {
-	type del_req struct {
-		XMLName xml.Name `xml:"request"`
-		Mode    string   `xml:"license>deactivate>VM-Capacity>mode"`
-	}
-
-	c.con.LogOp("(op) request license deactivate VM-Capacity mode auto")
-	_, err := c.con.Op(del_req{Mode: "auto"}, "", nil, nil)
-	return err
-}
-
-// GetApiKey returns the licensing API key.
-func (c *Licen) GetApiKey() (string, error) {
-	type get_req struct {
-		XMLName xml.Name `xml:"request"`
-		Cmd     string   `xml:"license>api-key>show"`
-	}
-
-	type get_resp struct {
-		XMLName xml.Name `xml:"response"`
-		Data    string   `xml:"result"`
-	}
-
-	ans := get_resp{}
-	c.con.LogOp("(op) request license api-key show")
-	if _, err := c.con.Op(get_req{}, "", nil, &ans); err != nil {
-		if err.Error() == "API Key is not set" {
-			return "", nil
-		}
-		return "", err
-	}
-
-	prefix := "API key: "
-	if strings.HasPrefix(ans.Data, prefix) {
-		return ans.Data[len(prefix):], nil
-	} else {
-		return ans.Data, nil
-	}
-}
-
-// SetApiKey sets the licensing API key.
-func (c *Licen) SetApiKey(k string) error {
-	type set_req struct {
-		XMLName xml.Name `xml:"request"`
-		Key     string   `xml:"license>api-key>set>key"`
-	}
-
-	c.con.LogOp("(op) request license api-key set key \"********\"")
-	_, err := c.con.Op(set_req{Key: k}, "", nil, nil)
-	if err != nil && err.Error() == "API key is same as old" {
-		return nil
-	}
-
-	return err
-}
-
-// DeleteApiKey deletes the licensing API key.
-func (c *Licen) DeleteApiKey() error {
-	type del_req struct {
-		XMLName xml.Name `xml:"request"`
-		Cmd     string   `xml:"license>api-key>delete"`
-	}
-
-	c.con.LogOp("(op) request license api-key delete")
-	_, err := c.con.Op(del_req{}, "", nil, nil)
-
-	if err != nil && err.Error() == "No API Key to be deleted" {
-		return nil
-	}
-
-	return err
-}
-
-/** Structs / functions for this namespace. **/
-
-func (c *Licen) returnLicenseList(req interface{}) ([]util.License, error) {
-	type lic_resp struct {
-		XMLName xml.Name       `xml:"response"`
-		Data    []util.License `xml:"result>licenses>entry"`
-	}
-
-	ans := lic_resp{}
-
-	if _, err := c.con.Op(req, "", nil, &ans); err != nil {
-		return nil, fmt.Errorf("Failed to get licenses: %s", err)
-	}
-
-	return ans.Data, nil
-}
diff --git a/licen/licen_test.go b/licen/licen_test.go
deleted file mode 100644
index 1e302240..00000000
--- a/licen/licen_test.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package licen
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestCurrent(t *testing.T) {
-	mc := &testdata.MockClient{Resp: []testdata.Response{
-		testdata.Response{[]byte(testdata.LicenseXml), nil},
-	}}
-	l := &Licen{}
-	l.Initialize(mc)
-
-	ans, err := l.Current()
-	if err != nil {
-		t.Fail()
-	}
-	if len(ans) != 2 {
-		t.Fail()
-	}
-}
-
-func TestAuthCode(t *testing.T) {
-	testCases := []struct {
-		desc       string
-		shouldFail bool
-		resp       testdata.Response
-	}{
-		{"fail xml response", true, testdata.Response{
-			[]byte("<response status=\"error\"><msg><line>Failed to install licenses. Invalid Auth Code: foo</line></msg></response>"),
-			fmt.Errorf("Failed to install licenses. Invalid Auth Code: foo"),
-		}},
-		{"success non xml response", false, testdata.Response{
-			[]byte("VM Device License installed. Restarting pan services."),
-			fmt.Errorf("EOF"),
-		}},
-		{"other non xml response", true, testdata.Response{
-			[]byte("foobar"),
-			fmt.Errorf("EOF"),
-		}},
-	}
-
-	ns := &Licen{}
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc := &testdata.MockClient{Resp: []testdata.Response{tc.resp}}
-			ns.Initialize(mc)
-
-			err := ns.Activate("foo")
-			if tc.shouldFail && err == nil {
-				t.Errorf("Expected failure, but got nil error back")
-			} else if !tc.shouldFail && err != nil {
-				t.Errorf("Expected success, but got error: %s", err)
-			}
-		})
-	}
-}
-
-func BenchmarkCurrent(b *testing.B) {
-	mc := &testdata.MockClient{Resp: []testdata.Response{
-		testdata.Response{[]byte(testdata.LicenseXml), nil},
-	}}
-	l := &Licen{}
-	l.Initialize(mc)
-	b.ResetTimer()
-
-	for i := 0; i < b.N; i++ {
-		_, _ = l.Current()
-	}
-}
diff --git a/multiconf.go b/multiconf.go
deleted file mode 100644
index 1fbda8ec..00000000
--- a/multiconf.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package pango
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// MultiConfigure is a container object for making a type=multi-config call.
-type MultiConfigure struct {
-	XMLName xml.Name `xml:"multi-configure-request"`
-	Reqs    []MultiConfigureRequest
-}
-
-// IncrementalIds assigns incremental ID numbers to all requests.
-//
-// Any request that already has an ID is skipped, and the number is discarded.
-func (m *MultiConfigure) IncrementalIds() {
-	for i := range m.Reqs {
-		if m.Reqs[i].Id == "" {
-			m.Reqs[i].Id = fmt.Sprintf("%d", i+1)
-		}
-	}
-}
-
-// MultiConfigureRequest is an individual request in a MultiConfigure instance.
-//
-// These are built up automatically when invoking Client.Set / Client.Edit after
-// Client.PrepareMultiConfigure is invoked.
-type MultiConfigureRequest struct {
-	XMLName xml.Name
-	Id      string `xml:"id,attr,omitempty"`
-	Xpath   string `xml:"xpath,attr"`
-	Data    interface{}
-}
-
-// MultiConfigureResponse is a struct to handle the response from multi-config
-// commands.
-type MultiConfigureResponse struct {
-	XMLName xml.Name                     `xml:"response"`
-	Status  string                       `xml:"status,attr"`
-	Code    int                          `xml:"code,attr"`
-	Results []MultiConfigResponseElement `xml:"response"`
-}
-
-// Ok returns if there was an error or not.
-func (m *MultiConfigureResponse) Ok() bool {
-	return m.Status == "success"
-}
-
-// Error returns the error if there was one.
-func (m *MultiConfigureResponse) Error() string {
-	if len(m.Results) == 0 {
-		return ""
-	}
-
-	r := m.Results[len(m.Results)-1]
-	if r.Ok() {
-		return ""
-	}
-
-	return r.Message()
-}
-
-// MultiConfigResponseElement is a single response from a multi-config request.
-type MultiConfigResponseElement struct {
-	XMLName xml.Name `xml:"response"`
-	Status  string   `xml:"status,attr"`
-	Code    int      `xml:"code,attr"`
-	Id      string   `xml:"id,attr,omitempty"`
-	Msg     McreMsg  `xml:"msg"`
-}
-
-type McreMsg struct {
-	Line    []util.CdataText `xml:"line"`
-	Message string           `xml:",chardata"`
-}
-
-func (m *MultiConfigResponseElement) Ok() bool {
-	return m.Status == "success"
-}
-
-func (m *MultiConfigResponseElement) Message() string {
-	if len(m.Msg.Line) > 0 {
-		var b strings.Builder
-		for i := range m.Msg.Line {
-			if i != 0 {
-				b.WriteString(" | ")
-			}
-			b.WriteString(strings.TrimSpace(m.Msg.Line[i].Text))
-		}
-		return b.String()
-	}
-
-	return m.Msg.Message
-}
diff --git a/multiconf_test.go b/multiconf_test.go
deleted file mode 100644
index f37a420e..00000000
--- a/multiconf_test.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package pango
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/objs/addr"
-)
-
-const invalidMultiConfigResp = `
-<response status="error" code="13">
-    <response status="success" code="20" id="1109"><msg>command succeeded</msg></response>
-    <response status="success" code="7"><msg>Object doesn't exist</msg></response>
-    <response status="error" code="12" id="1110"><msg><line><![CDATA[ test-new unexpected here]]></line></msg></response>
-</response>
-`
-
-const okMultiConfigResp = `
-<response status="success" code="20">
-    <response status="success" code="20" id="1109"><msg>command succeeded</msg></response>
-    <response status="success" code="7"><msg>Object doesn't exist</msg></response>
-    <response status="success" code="20" id="1110"><msg>command succeeded</msg></response>
-    <response status="success" code="20"><msg>command succeeded</msg></response>
-    <response status="success" code="20"><msg>command succeeded</msg></response>
-    <response status="success" code="20"><msg>command succeeded</msg></response>
-</response>
-`
-
-func TestPrepareMultiConfigure(t *testing.T) {
-	var err error
-	fw := &Firewall{Client: Client{
-		rb: [][]byte{
-			[]byte(okMultiConfigResp),
-		},
-	}}
-	if err = fw.Initialize(); err != nil {
-		t.Errorf("Initialize failed: %s", err)
-		return
-	}
-
-	fw.PrepareMultiConfigure(2)
-	if len(fw.MultiConfigure.Reqs) != 0 {
-		t.Errorf("len(%d) not 0", len(fw.MultiConfigure.Reqs))
-	} else if cap(fw.MultiConfigure.Reqs) != 2 {
-		t.Errorf("cap(%d) not 2", cap(fw.MultiConfigure.Reqs))
-	}
-}
-
-func TestEmptyErrorMultiConfigureResponse(t *testing.T) {
-	m := MultiConfigureResponse{}
-	ans := m.Error()
-	if ans != "" {
-		t.Errorf("Empty multi configure response is %q not empty string", ans)
-	}
-}
-
-func TestOkMultiConfig(t *testing.T) {
-	var err error
-	fw := &Firewall{Client: Client{
-		rb: [][]byte{
-			[]byte(okMultiConfigResp),
-		},
-		MultiConfigure: &MultiConfigure{
-			Reqs: make([]MultiConfigureRequest, 0, 1),
-		},
-	}}
-	if err = fw.Initialize(); err != nil {
-		t.Errorf("Initialize failed: %s", err)
-		return
-	}
-
-	o := addr.Entry{
-		Name:        "foo",
-		Value:       "1.2.3.4",
-		Type:        "ip-netmask",
-		Description: "Don't mention it",
-	}
-
-	if err = fw.Objects.Address.Set("vsys2", o); err != nil {
-		t.Errorf("Failed to set address object: %s", err)
-	} else if len(fw.MultiConfigure.Reqs) != 1 {
-		t.Errorf("Didn't save request into multi-configure: %#v", fw.MultiConfigure)
-	} else {
-		resp, err := fw.SendMultiConfigure(false)
-		if err != nil {
-			t.Errorf("Failed send multiconfigure: %s", err)
-		} else if !resp.Ok() {
-			t.Errorf("Response is failed: %s", resp.Error())
-		} else if len(fw.rp) == 0 {
-			t.Errorf("No url values sent..?")
-		} else {
-			vals := fw.rp[0]
-			if vals.Get("action") != "multi-config" {
-				t.Errorf("Action is %q, not 'multi-config'", vals.Get("action"))
-			} else if vals.Get("type") != "config" {
-				t.Errorf("Type is %q, not 'config'", vals.Get("type"))
-			} else if vals.Get("element") == "" {
-				t.Errorf("Element is unset it seems")
-			} else {
-				body := vals.Get("element")
-				if !strings.Contains(body, "<set ") {
-					t.Errorf("Body seems wrong:\n%s", body)
-				} else if !strings.Contains(body, fmt.Sprintf("<entry name=%q>", o.Name)) {
-					t.Errorf("Body seems wrong:\n%s", body)
-				}
-			}
-		}
-	}
-}
-
-func TestUnmarshalOkMultiConfigureResponse(t *testing.T) {
-	r := MultiConfigureResponse{}
-	if err := xml.Unmarshal([]byte(okMultiConfigResp), &r); err != nil {
-		t.Errorf("Failed unmarshal: %s", err)
-	}
-
-	if !r.Ok() {
-		t.Errorf("response is %t, not ok", r.Ok())
-	} else if len(r.Results) != 6 {
-		t.Errorf("results are len %d, not 6", len(r.Results))
-	} else if r.Results[0].Id != "1109" {
-		t.Errorf("r0 id is %s, not 1109", r.Results[0].Id)
-	} else if r.Results[1].Code != 7 {
-		t.Errorf("r1 code is %d, not 7", r.Results[1].Code)
-	} else if r.Results[1].Id != "" {
-		t.Errorf("r1 id is %s, not ''", r.Results[1].Id)
-	} else if !r.Results[1].Ok() {
-		t.Errorf("r1 is %t, not ok", r.Results[1].Ok())
-	} else if r.Error() != "" {
-		t.Errorf("response error(%q), is not empty string", r.Error())
-	}
-}
-
-func TestUnmarshalInvalidMultiConfigureResponse(t *testing.T) {
-	r := MultiConfigureResponse{}
-	if err := xml.Unmarshal([]byte(invalidMultiConfigResp), &r); err != nil {
-		t.Errorf("Failed unmarshal: %s", err)
-	}
-
-	if r.Ok() {
-		t.Errorf("Response is ok, should be failed")
-	} else if r.Code != 13 {
-		t.Errorf("Expected code(13), got code(%d)", r.Code)
-	} else if len(r.Results) != 3 {
-		t.Errorf("Have %d results, expected 3", len(r.Results))
-	} else if r.Results[0].Code != 20 {
-		t.Errorf("R0 has code %d, not 20", r.Results[0].Code)
-	} else if r.Results[0].Status != "success" {
-		t.Errorf("R0 has status %q, not success", r.Results[0].Status)
-	} else if r.Results[0].Message() != "command succeeded" {
-		t.Errorf("R0 has message %q, not 'command succeeded'", r.Results[0].Message())
-	} else if r.Results[1].Code != 7 {
-		t.Errorf("R1 has code %d, not 7", r.Results[1].Code)
-	} else if r.Results[1].Status != "success" {
-		t.Errorf("R1 has status %q, not success", r.Results[1].Status)
-	} else if r.Results[1].Message() != "Object doesn't exist" {
-		t.Errorf("R1 has message %q, not 'Object doesn't exist'", r.Results[1].Message())
-	} else if r.Results[2].Code != 12 {
-		t.Errorf("R2 has code %d, not 12", r.Results[2].Code)
-	} else if r.Results[2].Status != "error" {
-		t.Errorf("R2 has status %q, not 'error'", r.Results[2].Status)
-	} else if r.Results[2].Message() != "test-new unexpected here" {
-		t.Errorf("R2 has message %q, not 'test-new unexpected here'", r.Results[2].Message())
-	} else if r.Error() != "test-new unexpected here" {
-		t.Errorf("response has message %q, not 'test-new unexpected here'", r.Results[2].Message())
-	}
-}
diff --git a/namespace/common.go b/namespace/common.go
deleted file mode 100644
index ed80b85c..00000000
--- a/namespace/common.go
+++ /dev/null
@@ -1,189 +0,0 @@
-package namespace
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/errors"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Common contains the shared methods every namespace has.
-type Common struct {
-	Singular   string
-	Plural     string
-	Client     util.XapiClient
-	Predefined bool
-}
-
-/*
-Object returns a single object's config.
-
-cmd should be util.Get or util.Show.
-pather creates the xpath to use.
-name is used for logging only, but is the name of the object to return.
-ans is an interface to unmarshal the response into.
-*/
-func (n *Common) Object(cmd string, pather Pather, name string, ans interface{}) error {
-	path, pErr := pather([]string{name})
-	if err := n.retrieve(cmd, path, true, name, false, false, ans, pErr); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-/*
-Objects returns multiple object's config.
-
-cmd should be util.Get or util.Show.
-path is the xpath.
-ans is an interface to unmarshal the response into.
-*/
-func (n *Common) Objects(cmd string, pather Pather, ans interface{}) error {
-	path, pErr := pather(nil)
-	if err := n.retrieve(cmd, path, false, "", true, false, ans, pErr); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-/*
-Listing returns a list of names.
-
-cmd should be util.Get or util.Show.
-path is the xpath.
-ans is an interface to unmarshal the response into.
-*/
-func (n *Common) Listing(cmd string, pather Pather, ans Namer) ([]string, error) {
-	path, pErr := pather(nil)
-	if err := n.retrieve(cmd, path, false, "", true, true, ans, pErr); err != nil {
-		return nil, err
-	}
-
-	return ans.Names(), nil
-}
-
-// retrieve does either a GET or SHOW to retrieve config.
-func (n *Common) retrieve(cmd string, path []string, singular bool, singleDesc string, plural, namesOnly bool, ans interface{}, pErr error) error {
-	var err error
-	var data []byte
-	var tag string
-
-	// Sanity checks.
-	if cmd != util.Get && cmd != util.Show {
-		return fmt.Errorf("invalid cmd: %s", cmd)
-	}
-	if ans == nil {
-		return fmt.Errorf("ans must be specified")
-	}
-
-	if pErr != nil {
-		return pErr
-	}
-
-	// Do logging and determine the actual path to query.
-	var predef string
-	if n.Predefined {
-		predef = "predefined "
-	}
-	if singular {
-		if singleDesc != "" {
-			n.Client.LogQuery("(%s) %s%s: %s", cmd, predef, n.Singular, singleDesc)
-		} else {
-			n.Client.LogQuery("(%s) %s%s", cmd, predef, n.Singular)
-		}
-	} else if plural {
-		tag = path[len(path)-2]
-		if cmd == util.Show {
-			path = path[:len(path)-1]
-		}
-		if namesOnly {
-			if cmd == util.Get {
-				path = append(path, "@name")
-			}
-			n.Client.LogQuery("(%s) %s%s names", cmd, predef, n.Singular)
-		} else {
-			if cmd == util.Get {
-				path = path[:len(path)-1]
-			}
-			n.Client.LogQuery("(%s) list of %s%s", cmd, predef, n.Plural)
-		}
-	}
-
-	// Perform the query.
-	switch cmd {
-	case util.Get:
-		data, err = n.Client.Get(path, nil, nil)
-	case util.Show:
-		data, err = n.Client.Show(path, nil, nil)
-	}
-	if err != nil {
-		if plural && (err.Error() == "No such node" || err.Error() == "Object not found") {
-			return nil
-		}
-		return err
-	}
-
-	// Unmarshal the response into the given struct.
-	data = util.StripPanosPackaging(data, tag)
-	return UnpackageXmlInto(data, ans)
-}
-
-/*
-AllFromPanosConfig returns multiple objects' config from the configuration
-retrieved from PAN-OS and stored in the client's config tree.
-
-path is the xpath function.
-ans is an interface to unmarshal the found config into.
-*/
-func (n *Common) AllFromPanosConfig(pather Pather, ans interface{}) error {
-	path, pErr := pather(nil)
-	return n.loadConfig(path, ans, pErr)
-}
-
-/*
-FromPanosConfig returns a single object's config from the configuration
-retrieved from PAN-OS and stored in the client's config tree.
-
-path is the xpath function.
-name is the name of the object to retrieve.
-ans is an interface to unmarshal the found config into.
-*/
-func (n *Common) FromPanosConfig(pather Pather, name string, ans Namer) error {
-	path, pErr := pather([]string{name})
-	if err := n.loadConfig(path, ans, pErr); err != nil {
-		return err
-	}
-
-	names := ans.Names()
-	if len(names) == 0 {
-		return errors.ObjectNotFound()
-	}
-
-	return nil
-}
-
-func (n *Common) loadConfig(path []string, ans interface{}, pErr error) error {
-	if pErr != nil {
-		return pErr
-	}
-
-	config := n.Client.ConfigTree()
-	if config == nil {
-		return fmt.Errorf("no config tree loaded")
-	}
-
-	elm := util.FindXmlNodeInTree(path, config)
-	if elm == nil {
-		return nil
-	}
-
-	data, err := xml.Marshal(elm)
-	if err != nil {
-		return err
-	}
-
-	return UnpackageXmlInto(data, ans)
-}
diff --git a/namespace/doc.go b/namespace/doc.go
deleted file mode 100644
index 2539a74b..00000000
--- a/namespace/doc.go
+++ /dev/null
@@ -1,7 +0,0 @@
-/*
-Package namespace contains common workflows between most namespaces.
-
-There are two main structs:  Standard and Importable.  A modern namespace
-should use one of these structs.
-*/
-package namespace
diff --git a/namespace/funcs.go b/namespace/funcs.go
deleted file mode 100644
index 854c2272..00000000
--- a/namespace/funcs.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package namespace
-
-import (
-	"bytes"
-	"encoding/xml"
-)
-
-// UnpackageXmlInto wraps XML content into a throw-away wrapper for further
-// unmarshaling.  This is basically for retrieving sub-object config from
-// a parent's raw XML field mapping.
-func UnpackageXmlInto(b []byte, res interface{}) error {
-	var buf bytes.Buffer
-	buf.Grow(len(b) + 7)
-	buf.Write([]byte("<a>"))
-	buf.Write(b)
-	buf.Write([]byte("</a>"))
-
-	data := buf.Bytes()
-	return xml.Unmarshal(data, res)
-}
diff --git a/namespace/importable.go b/namespace/importable.go
deleted file mode 100644
index 0396ec18..00000000
--- a/namespace/importable.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package namespace
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-/*
-Importable is a namespace struct for config that is imported into a vsys.
-
-The current list of importable config is as follows:
-    * interfaces
-    * virtual routers
-    * virtual wires
-    * vlans
-
-The ImportPath param should be set to any of the valid Import constants in the util
-package.
-*/
-type Importable struct {
-	Common
-	ImportPath string
-}
-
-/*
-Set performs a SET to configure one or more objects.
-
-As this is an importable config, first all objects are unimported, then
-everything is configured, and finally the config is imported into the
-specified vsys.
-*/
-func (n *Importable) Set(tmpl, ts, vsys string, pather Pather, specs []ImportSpecifier) error {
-	var err error
-
-	// Sanity check: Import path should be configured.
-	if n.ImportPath == "" {
-		return fmt.Errorf("Namespace did not configure 'ImportPath'")
-	}
-
-	v := n.Client.Versioning()
-	data := make([]interface{}, 0, len(specs))
-	names := make([]string, 0, len(specs))
-	imports := make([]string, 0, len(specs))
-
-	tally := make(map[string]int)
-	for _, s := range specs {
-		name, iName, val := s.Specify(v)
-		tally[name] = tally[name] + 1
-		if tally[name] > 1 {
-			return fmt.Errorf("%s is defined multiple times: %q", n.Singular, name)
-		}
-		data = append(data, val)
-		names = append(names, name)
-		if iName != "" {
-			imports = append(imports, name)
-		}
-	}
-
-	path, pErr := pather(names)
-	if pErr != nil {
-		return pErr
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(set) %s: %v", n.Plural, names)
-	} else {
-		n.Client.LogAction("(set) %s", n.Singular)
-	}
-
-	if len(data) == 0 {
-		return nil
-	}
-
-	elm := util.BulkElement{
-		XMLName: xml.Name{Local: path[len(path)-2]},
-		Data:    data,
-	}
-
-	if len(data) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Unimport first.
-	if err = n.Client.VsysUnimport(n.ImportPath, tmpl, ts, names); err != nil {
-		return err
-	}
-
-	// Now configure the objects.
-	if _, err = n.Client.Set(path, elm.Config(), nil, nil); err != nil {
-		return err
-	}
-
-	// Finally import all valid importables.
-	return n.Client.VsysImport(n.ImportPath, tmpl, ts, vsys, imports)
-}
-
-/*
-Edit performs an EDIT to configure one object.
-
-As this is an importable config, first the object is unimported, then the object
-is configured, and finally the object is imported, if applicable.
-*/
-func (n *Importable) Edit(tmpl, ts, vsys string, pather Pather, spec ImportSpecifier) error {
-	var err error
-
-	// Sanity check: Import path should be configured.
-	if n.ImportPath == "" {
-		return fmt.Errorf("Namespace did not configure 'ImportPath'")
-	}
-
-	name, iName, data := spec.Specify(n.Client.Versioning())
-
-	n.Client.LogAction("(edit) %s: %s", n.Singular, name)
-
-	path, pErr := pather([]string{name})
-	if pErr != nil {
-		return pErr
-	}
-
-	// Unimport first.
-	if err = n.Client.VsysUnimport(n.ImportPath, tmpl, ts, []string{name}); err != nil {
-		return err
-	}
-
-	// Now configure the object.
-	if _, err = n.Client.Edit(path, data, nil, nil); err != nil {
-		return err
-	}
-
-	// Finally import if applicable.
-	if iName != "" {
-		if err = n.Client.VsysImport(n.ImportPath, tmpl, ts, vsys, []string{name}); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-/*
-Delete performs a DELETE to remove one or more objects.
-
-As this is an importable config, first all objects are unimported, then all
-objects are deleted from the config.
-*/
-func (n *Importable) Delete(tmpl, ts string, pather Pather, names []string, nErr error) error {
-	var err error
-
-	// Sanity check: Import path should be configured.
-	if n.ImportPath == "" {
-		return fmt.Errorf("Namespace did not configure 'ImportPath'")
-	}
-
-	if nErr != nil {
-		return nErr
-	}
-
-	n.Client.LogAction("(delete) %s: %v", n.Plural, names)
-
-	if len(names) == 0 {
-		return nil
-	}
-
-	path, pErr := pather(names)
-	if pErr != nil {
-		return pErr
-	}
-
-	// Unimport first.
-	if err = n.Client.VsysUnimport(n.ImportPath, tmpl, ts, names); err != nil {
-		return err
-	}
-
-	// Delete the config.
-	_, err = n.Client.Delete(path, nil, nil)
-	return err
-}
diff --git a/namespace/interfaces.go b/namespace/interfaces.go
deleted file mode 100644
index 0870aae0..00000000
--- a/namespace/interfaces.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package namespace
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Namer returns the names of objects returned from PAN-OS.
-type Namer interface {
-	Names() []string
-}
-
-// MovePather returns an xpath given the name.
-type MovePather func(string) []string
-
-// MoveLister returns a list of current rules.
-type MoveLister func() ([]string, error)
-
-// Pather returns an xpath for the given list of names.
-type Pather func([]string) ([]string, error)
-
-// Specifier is an object that has a Specify function given the current version number.
-//
-// There are two items returned:
-//
-// 1) the unique name of this config element
-// 2) a struct specific to this version PAN-OS representing the desired config
-type Specifier interface {
-	Specify(version.Number) (string, interface{})
-}
-
-// ImportSpecifier is an object that has a Specify function given the current version number.
-//
-// There are three items returned:
-//
-// 1) the unique name of this config element
-// 2) the unique name to be used when importing; an empty string means "do not import"
-// 3) a struct specific to this version PAN-OS representing the desired config
-type ImportSpecifier interface {
-	Specify(version.Number) (string, string, interface{})
-}
-
-/*
-PluginSpecifier is an object that has a Specify function given a list of plugins.
-
-There are three items returned:
-
-1) the unique name of this config element
-2) a struct specific to this version PAN-OS representing the desired config
-3) an error if there is a mismatch between the plugins installed and what is supported
-*/
-type PluginSpecifier interface {
-	Specify([]plugin.Info) (string, interface{}, error)
-}
diff --git a/namespace/plugin.go b/namespace/plugin.go
deleted file mode 100644
index c35e8e03..00000000
--- a/namespace/plugin.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package namespace
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-/*
-Plugin is a namespace struct for config that exists in PAN-OS as a plugin.
-*/
-type Plugin struct {
-	Common
-}
-
-// Set performs a SET to configure one or more objects.
-func (n *Plugin) Set(pather Pather, specs []PluginSpecifier) error {
-	data := make([]interface{}, 0, len(specs))
-	names := make([]string, 0, len(specs))
-
-	tally := make(map[string]int)
-	for _, s := range specs {
-		name, val, err := s.Specify(n.Client.Plugins())
-		if err != nil {
-			return err
-		}
-		tally[name] = tally[name] + 1
-		if tally[name] > 1 {
-			return fmt.Errorf("%s is defined multiple times: %q", n.Singular, name)
-		}
-		data = append(data, val)
-		names = append(names, name)
-	}
-
-	path, pErr := pather(names)
-	if pErr != nil {
-		return pErr
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(set) %s: %v", n.Plural, names)
-	} else {
-		n.Client.LogAction("(set) %s", n.Singular)
-	}
-
-	if len(data) == 0 {
-		return nil
-	}
-
-	elm := util.BulkElement{
-		XMLName: xml.Name{Local: path[len(path)-2]},
-		Data:    data,
-	}
-
-	if len(data) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	_, err := n.Client.Set(path, elm.Config(), nil, nil)
-	return err
-}
-
-// Edit performs an EDIT to modify a single object.
-func (n *Plugin) Edit(pather Pather, spec PluginSpecifier) error {
-	name, data, err := spec.Specify(n.Client.Plugins())
-	if err != nil {
-		return err
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(edit) %s: %s", n.Singular, name)
-	} else {
-		n.Client.LogAction("(edit) %s", n.Singular)
-	}
-
-	path, pErr := pather([]string{name})
-	if pErr != nil {
-		return pErr
-	}
-
-	_, err = n.Client.Edit(path, data, nil, nil)
-	return err
-}
-
-// Delete performs a DELETE to remove config.
-func (n *Plugin) Delete(pather Pather, names []string, nErr error) error {
-	if nErr != nil {
-		return nErr
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(delete) %s: %v", n.Plural, names)
-		if len(names) == 0 {
-			return nil
-		}
-	} else {
-		n.Client.LogAction("(delete) %s", n.Singular)
-	}
-
-	path, pErr := pather(names)
-	if pErr != nil {
-		return pErr
-	}
-
-	_, err := n.Client.Delete(path, nil, nil)
-	return err
-}
diff --git a/namespace/policy.go b/namespace/policy.go
deleted file mode 100644
index 0e4e519c..00000000
--- a/namespace/policy.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package namespace
-
-import (
-	"fmt"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-/*
-Policy is a namespace struct for config that is not imported into a vsys.
-
-This struct contains additional operational state functions relevant for
-policy rules.
-*/
-type Policy struct {
-	Standard
-}
-
-// HitCount gets the rule hit count for the given rules.
-//
-// If the rules param is nil, then the hit count for all rules is returned.
-func (n *Policy) HitCount(base, vsys string, rules []string) ([]util.HitCount, error) {
-	if !n.Client.Versioning().Gte(version.Number{8, 1, 0, ""}) {
-		return nil, fmt.Errorf("rule hit count requires PAN-OS 8.1+")
-	}
-
-	req := util.NewHitCountRequest(base, vsys, rules)
-	var resp util.HitCountResponse
-	if _, err := n.Client.Op(req, "", nil, &resp); err != nil {
-		return nil, err
-	}
-
-	return resp.Results, nil
-}
-
-// SetAuditComment sets an audit comment for the given rule.
-func (n *Policy) SetAuditComment(pather Pather, rule, comment string) error {
-	if rule == "" {
-		return fmt.Errorf("rule must be specified")
-	}
-	path, err := pather([]string{rule})
-	if err != nil {
-		return err
-	}
-
-	n.Client.LogOp("(op) set audit comment for %q: %s", rule, comment)
-
-	req := audit.SetComment{
-		Xpath:   util.AsXpath(path),
-		Comment: comment,
-	}
-
-	_, err = n.Client.Op(req, "", nil, nil)
-	return err
-}
-
-// CurrentAuditComment gets the uncommitted audit comment for the given rule.
-func (n *Policy) CurrentAuditComment(pather Pather, rule string) (string, error) {
-	if rule == "" {
-		return "", fmt.Errorf("rule must be specified")
-	}
-	path, err := pather([]string{rule})
-	if err != nil {
-		return "", err
-	}
-
-	n.Client.LogOp("(op) getting current audit comment for %q", rule)
-
-	req := audit.GetComment{
-		Xpath: util.AsXpath(path),
-	}
-	var resp audit.UncommittedComment
-
-	_, err = n.Client.Op(req, "", nil, &resp)
-	if err != nil {
-		return "", err
-	}
-
-	return resp.Comment, nil
-}
-
-// AuditCommentHistory retrieves a chunk of historical audit comment logs.
-func (n *Policy) AuditCommentHistory(pather Pather, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	if rule == "" {
-		return nil, fmt.Errorf("rule must be specified")
-	}
-	path, err := pather([]string{rule})
-	if err != nil {
-		return nil, err
-	} else if len(path) != 6 && len(path) != 9 {
-		return nil, fmt.Errorf("Invalid path length %d != (6, 9)", len(path))
-	}
-
-	var vsysDg string
-	switch len(path) {
-	case 6:
-		vsysDg = "shared"
-	case 9:
-		tokens := strings.Split(path[4], "'")
-		if len(tokens) != 3 {
-			return nil, fmt.Errorf("vsys/dg retrieval not possible: %s", path[4])
-		}
-		vsysDg = tokens[1]
-	}
-	base := path[len(path)-4]
-	rType := path[len(path)-3]
-	query := strings.Join([]string{
-		"(subtype eq audit-comment)",
-		fmt.Sprintf("(path contains '\\'%s\\'')", rule),   // Name.
-		fmt.Sprintf("(path contains '%s')", rType),        // Rule type.
-		fmt.Sprintf("(path contains %s)", base),           // Rulebase.
-		fmt.Sprintf("(path contains '\\'%s\\'')", vsysDg), // Vsys or device group.
-	}, " and ")
-
-	n.Client.LogLog("(log) retrieving %s audit comment history: %s", rType, rule)
-
-	extras := url.Values{}
-	extras.Set("uniq", "yes")
-
-	var job util.JobResponse
-	if _, err := n.Client.Log("config", "", query, direction, nlogs, skip, extras, &job); err != nil {
-		return nil, err
-	}
-
-	var ans audit.CommentHistory
-	if _, err = n.Client.WaitForLogs(job.Id, 500*time.Millisecond, 0, &ans); err != nil {
-		return nil, err
-	}
-
-	if len(ans.Comments) != 0 {
-		if clock, err := n.Client.Clock(); err == nil {
-			for i := range ans.Comments {
-				ans.Comments[i].SetTime(clock)
-			}
-		}
-	}
-
-	return ans.Comments, nil
-}
diff --git a/namespace/standard.go b/namespace/standard.go
deleted file mode 100644
index 8cddba83..00000000
--- a/namespace/standard.go
+++ /dev/null
@@ -1,315 +0,0 @@
-package namespace
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/errors"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-/*
-Standard is a namespace struct for config that is not imported into a vsys.
-*/
-type Standard struct {
-	Common
-}
-
-// Set performs a SET to configure one or more objects.
-func (n *Standard) Set(pather Pather, specs []Specifier) error {
-	v := n.Client.Versioning()
-	data := make([]interface{}, 0, len(specs))
-	names := make([]string, 0, len(specs))
-
-	tally := make(map[string]int)
-	for _, s := range specs {
-		name, val := s.Specify(v)
-		tally[name] = tally[name] + 1
-		if tally[name] > 1 {
-			return fmt.Errorf("%s is defined multiple times: %q", n.Singular, name)
-		}
-		data = append(data, val)
-		names = append(names, name)
-	}
-
-	path, pErr := pather(names)
-	if pErr != nil {
-		return pErr
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(set) %s: %v", n.Plural, names)
-	} else {
-		n.Client.LogAction("(set) %s", n.Singular)
-	}
-
-	if len(data) == 0 {
-		return nil
-	}
-
-	elm := util.BulkElement{
-		XMLName: xml.Name{Local: path[len(path)-2]},
-		Data:    data,
-	}
-
-	if len(data) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	_, err := n.Client.Set(path, elm.Config(), nil, nil)
-	return err
-}
-
-// Edit performs an EDIT to modify a single object.
-func (n *Standard) Edit(pather Pather, spec Specifier) error {
-	name, data := spec.Specify(n.Client.Versioning())
-
-	if n.Plural != "" {
-		n.Client.LogAction("(edit) %s: %s", n.Singular, name)
-	} else {
-		n.Client.LogAction("(edit) %s", n.Singular)
-	}
-
-	path, pErr := pather([]string{name})
-	if pErr != nil {
-		return pErr
-	}
-
-	_, err := n.Client.Edit(path, data, nil, nil)
-	return err
-}
-
-/*
-// MultiConfigureRequest converts the object to a multi-config request.
-func (n *Standard) MultiConfigureRequest(action string, pather Pather, spec Specifier) (*pango.MultiConfigureRequest, error) {
-    if action != "set" && action != "edit" && action != "delete" {
-        return nil, fmt.Errorf("unsupported action: %s", action)
-    }
-
-    name, data := spec.Specify(n.Client.Versioning())
-    path, err := pather([]string{name})
-    if err != nil {
-        return nil, err
-    } else if name == "" {
-        return nil, fmt.Errorf("no name/uid present for multi-config buildup")
-    }
-
-    if action == "set" {
-        path = path[:len(path)-1]
-    }
-
-    var dataInterface interface{}
-    if action != "delete" {
-        dataInterface = data
-    }
-
-    return &pango.MultiConfigureRequest{
-        XMLName: xml.Name{Local: action},
-        Xpath: path,
-        Data: dataInterface,
-    }, nil
-}
-*/
-
-// Delete performs a DELETE to remove config.
-func (n *Standard) Delete(pather Pather, names []string, nErr error) error {
-	if nErr != nil {
-		return nErr
-	}
-
-	if n.Plural != "" {
-		n.Client.LogAction("(delete) %s: %v", n.Plural, names)
-		if len(names) == 0 {
-			return nil
-		}
-	} else {
-		n.Client.LogAction("(delete) %s", n.Singular)
-	}
-
-	var err error
-
-	if n.Client.Versioning().Gte(version.Number{10, 1, 5, ""}) {
-		// We are forced to delete everything one at a time, at least until
-		// pango is reorganized for multi-config support for the panos provider.
-		for i := range names {
-			path, pErr := pather([]string{names[i]})
-			if pErr != nil {
-				return pErr
-			}
-			_, err = n.Client.Delete(path, nil, nil)
-			if err != nil {
-				e2, ok := err.(errors.Panos)
-				if !ok || !e2.ObjectNotFound() {
-					break
-				}
-			}
-		}
-	} else {
-		if nameChunk(0, names) == len(names) {
-			// If we don't have to chunk, don't chunk the deletes.
-			path, pErr := pather(names)
-			if pErr != nil {
-				return pErr
-			}
-
-			_, err = n.Client.Delete(path, nil, nil)
-		} else {
-			// After some testing, PAN-OS seems to be able to handle a DELETE API call
-			// with up to 25k characters in around 3.3sec while not under stress, but
-			// this can baloon up to 15sec with PAN-OS under load.  Seems like a timeout
-			// of 30sec is more reliably correct, so will have to document this in the
-			// provider.
-			var start int
-			breaks := nameChunks(names)
-			for i, end := range breaks {
-				n.Client.LogAction("(delete) %d of %d - %d item(s)", i+1, len(breaks), end-start)
-				path, pErr := pather(names[start:end])
-				if pErr != nil {
-					return pErr
-				}
-
-				_, err = n.Client.Delete(path, nil, nil)
-				if err != nil {
-					e2, ok := err.(errors.Panos)
-					if !ok || !e2.ObjectNotFound() {
-						break
-					}
-				}
-
-				start = end
-			}
-		}
-	}
-
-	return err
-}
-
-func nameChunks(names []string) []int {
-	var start, end int
-	ans := make([]int, 0, len(names)/500+1)
-
-	for {
-		end = nameChunk(start, names)
-		ans = append(ans, end)
-		start = end
-		if start == len(names) {
-			break
-		}
-	}
-
-	return ans
-}
-
-func nameChunk(start int, names []string) int {
-	var path_length, end int
-
-	for end = start; end < len(names) && path_length < 25000; end++ {
-		path_length += len(names[end]) + 8 + 4
-	}
-
-	return end
-}
-
-// MoveGroup places a logical group of objects in the desired location (rulebase
-// objects).
-//
-// The `movement` param should be one of the Move constants in the util package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first rule in the group isn't moved
-// anywhere, but all other rules will still be moved to be grouped with the
-// first one.
-func (n *Standard) MoveGroup(pather Pather, lister MoveLister, movement int, rule string, grp []string) error {
-	var err error
-
-	fIdx, oIdx := -1, -1
-
-	n.Client.LogAction("(move) %s group", n.Singular)
-	if len(grp) == 0 {
-		return fmt.Errorf("Requires at least one %s", n.Singular)
-	} else if rule == grp[0] {
-		return fmt.Errorf("Can't position %q in relation to itself", rule)
-	} else if !util.ValidMovement(movement) {
-		return fmt.Errorf("Invalid movement specified: %d", movement)
-	} else if util.RelativeMovement(movement) && rule == "" {
-		return fmt.Errorf("Specify 'rule' in order to perform relative group positioning")
-	}
-
-	path, pErr := pather([]string{grp[0]})
-	if pErr != nil {
-		return pErr
-	}
-
-	if movement != util.MoveSkip {
-		// Get the list of current security policies.
-		curList, err := lister()
-		if err != nil {
-			return err
-		} else if len(curList) == 0 {
-			return fmt.Errorf("No policies found")
-		}
-
-		switch movement {
-		case util.MoveTop:
-			_, em := n.Client.Move(path, "top", "", nil, nil)
-			if em != nil {
-				if em.Error() != "already at the top" {
-					err = em
-				}
-			}
-		case util.MoveBottom:
-			_, em := n.Client.Move(path, "bottom", "", nil, nil)
-			if em != nil {
-				if em.Error() != "already at the bottom" {
-					err = em
-				}
-			}
-		default:
-			// Find the indexes of the first security policy and the ref policy.
-			for i, v := range curList {
-				if v == grp[0] {
-					fIdx = i
-				} else if v == rule {
-					oIdx = i
-				}
-				if fIdx != -1 && oIdx != -1 {
-					break
-				}
-			}
-
-			// Sanity check:  both rules should be present.
-			if fIdx == -1 {
-				return fmt.Errorf("First %s in group %q does not exist", n.Singular, grp[0])
-			} else if oIdx == -1 {
-				return fmt.Errorf("Reference %s %q does not exist", n.Singular, rule)
-			}
-
-			// Perform the move of the first security policy, if needed.
-			if (movement == util.MoveBefore && fIdx > oIdx) || (movement == util.MoveDirectlyBefore && fIdx+1 != oIdx) {
-				_, err = n.Client.Move(path, "before", rule, nil, nil)
-			} else if (movement == util.MoveAfter && fIdx < oIdx) || (movement == util.MoveDirectlyAfter && fIdx != oIdx+1) {
-				_, err = n.Client.Move(path, "after", rule, nil, nil)
-			}
-		}
-
-		// If we moved something, make sure it worked.
-		if err != nil {
-			return err
-		}
-	}
-
-	// Now move all other rules under the first.
-	li := len(path) - 1
-	for i := 1; i < len(grp); i++ {
-		path[li] = util.AsEntryXpath([]string{grp[i]})
-		_, err = n.Client.Move(path, "after", grp[i-1], nil, nil)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/netw/dhcp/const.go b/netw/dhcp/const.go
deleted file mode 100644
index 3f271c2e..00000000
--- a/netw/dhcp/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package dhcp
-
-const (
-	singular = "dhcp server and relay"
-	plural   = "dhcp servers and relays"
-)
diff --git a/netw/dhcp/doc.go b/netw/dhcp/doc.go
deleted file mode 100644
index dab40b17..00000000
--- a/netw/dhcp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package dhcp is the client.Network.Dhcp namespace.
-
-Normalized object:  Entry
-*/
-package dhcp
diff --git a/netw/dhcp/entry.go b/netw/dhcp/entry.go
deleted file mode 100644
index a3cb97fb..00000000
--- a/netw/dhcp/entry.go
+++ /dev/null
@@ -1,191 +0,0 @@
-package dhcp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a DHCP
-// relay and server.
-type Entry struct {
-	Name  string
-	Relay *Relay
-	//Server *Server
-
-	raw map[string]string
-}
-
-type Relay struct {
-	Ipv4Enabled bool
-	Ipv4Servers []string // unordered
-	Ipv6Enabled bool
-	Ipv6Servers []Ipv6Server
-}
-
-type Ipv6Server struct {
-	Server    string
-	Interface string
-}
-
-//type Server struct{}
-
-func (o *Entry) Copy(s Entry) {
-	if s.Relay != nil {
-		o.Relay = &Relay{
-			Ipv4Enabled: s.Relay.Ipv4Enabled,
-			Ipv6Enabled: s.Relay.Ipv6Enabled,
-		}
-		if s.Relay.Ipv4Servers == nil {
-			o.Relay.Ipv4Servers = nil
-		} else {
-			o.Relay.Ipv4Servers = make([]string, len(s.Relay.Ipv4Servers))
-			copy(o.Relay.Ipv4Servers, s.Relay.Ipv4Servers)
-		}
-		if s.Relay.Ipv6Servers == nil {
-			o.Relay.Ipv6Servers = nil
-		} else {
-			o.Relay.Ipv6Servers = make([]Ipv6Server, len(s.Relay.Ipv6Servers))
-			copy(o.Relay.Ipv6Servers, s.Relay.Ipv6Servers)
-		}
-	} else {
-		o.Relay = nil
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{Name: o.Name}
-
-	if o.Relay != nil {
-		ans.Relay = &Relay{}
-		if o.Relay.RelayIpv4 != nil {
-			ans.Relay.Ipv4Enabled = util.AsBool(o.Relay.RelayIpv4.Ipv4Enabled)
-			ans.Relay.Ipv4Servers = util.MemToStr(o.Relay.RelayIpv4.Ipv4Servers)
-		}
-		if o.Relay.RelayIpv6 != nil {
-			ans.Relay.Ipv6Enabled = util.AsBool(o.Relay.RelayIpv6.Ipv6Enabled)
-			if o.Relay.RelayIpv6.Ipv6Servers != nil {
-				entries := o.Relay.RelayIpv6.Ipv6Servers.Entries
-				x := make([]Ipv6Server, len(entries))
-				for i := range entries {
-					x[i].Server = entries[i].Name
-					x[i].Interface = entries[i].Interface
-				}
-				ans.Relay.Ipv6Servers = x
-			}
-		}
-	}
-
-	raw := make(map[string]string)
-	if o.Server != nil {
-		raw["server"] = util.CleanRawXml(o.Server.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name     `xml:"entry"`
-	Name    string       `xml:"name,attr"`
-	Relay   *relay       `xml:"relay"`
-	Server  *util.RawXml `xml:"server"`
-}
-
-type relay struct {
-	RelayIpv4 *relayIpv4 `xml:"ip"`
-	RelayIpv6 *relayIpv6 `xml:"ipv6"`
-}
-
-type relayIpv4 struct {
-	Ipv4Enabled string           `xml:"enabled"`
-	Ipv4Servers *util.MemberType `xml:"server"`
-}
-type relayIpv6 struct {
-	Ipv6Enabled string             `xml:"enabled"`
-	Ipv6Servers *ipv6ServerEntries `xml:"server"`
-}
-
-type ipv6ServerEntries struct {
-	Entries []ipv6ServerEntry `xml:"entry"`
-}
-
-type ipv6ServerEntry struct {
-	XMLName   xml.Name `xml:"entry"`
-	Name      string   `xml:"name,attr"`
-	Interface string   `xml:"interface,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{Name: e.Name}
-
-	if e.Relay != nil {
-		if len(e.Relay.Ipv4Servers) > 0 || len(e.Relay.Ipv6Servers) > 0 {
-			ans.Relay = &relay{}
-			if len(e.Relay.Ipv4Servers) > 0 {
-				ans.Relay.RelayIpv4 = &relayIpv4{
-					Ipv4Enabled: util.YesNo(e.Relay.Ipv4Enabled),
-					Ipv4Servers: util.StrToMem(e.Relay.Ipv4Servers),
-				}
-			}
-			if len(e.Relay.Ipv6Servers) > 0 {
-				ans.Relay.RelayIpv6 = &relayIpv6{
-					Ipv6Enabled: util.YesNo(e.Relay.Ipv6Enabled),
-					Ipv6Servers: &ipv6ServerEntries{},
-				}
-				x := make([]ipv6ServerEntry, len(e.Relay.Ipv6Servers))
-				for i := range e.Relay.Ipv6Servers {
-					x[i] = ipv6ServerEntry{
-						Name:      e.Relay.Ipv6Servers[i].Server,
-						Interface: e.Relay.Ipv6Servers[i].Interface,
-					}
-				}
-				ans.Relay.RelayIpv6.Ipv6Servers.Entries = x
-			}
-		}
-	}
-
-	if text, present := e.raw["server"]; present {
-		ans.Server = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/dhcp/funcs.go b/netw/dhcp/funcs.go
deleted file mode 100644
index 979877d1..00000000
--- a/netw/dhcp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package dhcp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-/*func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}*/
diff --git a/netw/dhcp/fw.go b/netw/dhcp/fw.go
deleted file mode 100644
index 8e0c8c12..00000000
--- a/netw/dhcp/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package dhcp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Dhcp namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"dhcp",
-		"interface",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/dhcp/fw_test.go b/netw/dhcp/fw_test.go
deleted file mode 100644
index 7b4d6a70..00000000
--- a/netw/dhcp/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package dhcp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/dhcp/testdata_test.go b/netw/dhcp/testdata_test.go
deleted file mode 100644
index 52c8a5a6..00000000
--- a/netw/dhcp/testdata_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package dhcp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 relay ipv4", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t1",
-			Relay: &Relay{
-				Ipv4Enabled: true,
-				Ipv4Servers: []string{
-					"server 1",
-					"server 2",
-				},
-			},
-		}},
-		{"v1 relay ipv6", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t2",
-			Relay: &Relay{
-				Ipv6Enabled: true,
-				Ipv6Servers: []Ipv6Server{
-					Ipv6Server{
-						Server:    "server 1",
-						Interface: "interface 1",
-					},
-					Ipv6Server{
-						Server: "server 2",
-					},
-				},
-			},
-		}},
-		{"v1 relay ipv4+ipv6", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t3",
-			Relay: &Relay{
-				Ipv4Enabled: true,
-				Ipv4Servers: []string{
-					"server 1",
-					"server 2",
-				},
-				Ipv6Enabled: true,
-				Ipv6Servers: []Ipv6Server{
-					Ipv6Server{
-						Server:    "server 1",
-						Interface: "interface 1",
-					},
-					Ipv6Server{
-						Server: "server 2",
-					},
-				},
-			},
-		}},
-		{"v1 relay ipv4+ipv6 with raw", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t4",
-			Relay: &Relay{
-				Ipv4Enabled: true,
-				Ipv4Servers: []string{
-					"server 1",
-					"server 2",
-				},
-				Ipv6Enabled: true,
-				Ipv6Servers: []Ipv6Server{
-					Ipv6Server{
-						Server:    "server 1",
-						Interface: "interface 1",
-					},
-					Ipv6Server{
-						Server: "server 2",
-					},
-				},
-			},
-			raw: map[string]string{
-				"server": "dhcp server",
-			},
-		}},
-	}
-}
diff --git a/netw/doc.go b/netw/doc.go
deleted file mode 100644
index 68b48113..00000000
--- a/netw/doc.go
+++ /dev/null
@@ -1,7 +0,0 @@
-/*
-Package netw is the client.Network namespace.
-
-For the firewall, this is just the Network tab.  For Panorama, this
-represents the Templated Network tab.
-*/
-package netw
diff --git a/netw/fw.go b/netw/fw.go
deleted file mode 100644
index 18cd6160..00000000
--- a/netw/fw.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package netw
-
-import (
-	"github.com/PaloAltoNetworks/pango/netw/dhcp"
-	"github.com/PaloAltoNetworks/pango/netw/ikegw"
-	aggeth "github.com/PaloAltoNetworks/pango/netw/interface/aggregate"
-	"github.com/PaloAltoNetworks/pango/netw/interface/arp"
-	"github.com/PaloAltoNetworks/pango/netw/interface/eth"
-	ipv6a "github.com/PaloAltoNetworks/pango/netw/interface/ipv6/address"
-	ipv6n "github.com/PaloAltoNetworks/pango/netw/interface/ipv6/neighbor"
-	"github.com/PaloAltoNetworks/pango/netw/interface/loopback"
-	"github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer2"
-	"github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer3"
-	"github.com/PaloAltoNetworks/pango/netw/interface/tunnel"
-	vli "github.com/PaloAltoNetworks/pango/netw/interface/vlan"
-	"github.com/PaloAltoNetworks/pango/netw/ipsectunnel"
-	tpiv4 "github.com/PaloAltoNetworks/pango/netw/ipsectunnel/proxyid/ipv4"
-	"github.com/PaloAltoNetworks/pango/netw/profile/bfd"
-	"github.com/PaloAltoNetworks/pango/netw/profile/gp"
-	"github.com/PaloAltoNetworks/pango/netw/profile/ike"
-	"github.com/PaloAltoNetworks/pango/netw/profile/ipsec"
-	"github.com/PaloAltoNetworks/pango/netw/profile/mngtprof"
-	"github.com/PaloAltoNetworks/pango/netw/profile/monitor"
-	redist4 "github.com/PaloAltoNetworks/pango/netw/routing/profile/redist/ipv4"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate"
-	agaf "github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate/filter/advertise"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate/filter/suppress"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv/filter/advertise"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv/filter/nonexist"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/exp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/imp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/peer"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/peer/group"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/profile/auth"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/profile/dampening"
-	bgpredist "github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/redist"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf"
-	ospfarea "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area"
-	ospfint "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area/iface"
-	ospfvlink "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area/vlink"
-	ospfexp "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/exp"
-	ospfauth "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/profile/auth"
-	"github.com/PaloAltoNetworks/pango/netw/routing/route/static/ipv4"
-	ipv6sr "github.com/PaloAltoNetworks/pango/netw/routing/route/static/ipv6"
-	"github.com/PaloAltoNetworks/pango/netw/routing/router"
-	"github.com/PaloAltoNetworks/pango/netw/tunnel/gre"
-	"github.com/PaloAltoNetworks/pango/netw/vlan"
-	"github.com/PaloAltoNetworks/pango/netw/zone"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network namespace.
-type Firewall struct {
-	AggregateInterface              *aggeth.Firewall
-	Arp                             *arp.Firewall
-	BfdProfile                      *bfd.Firewall
-	BgpAggregate                    *aggregate.Firewall
-	BgpAggAdvertiseFilter           *agaf.Firewall
-	BgpAggSuppressFilter            *suppress.Firewall
-	BgpAuthProfile                  *auth.Firewall
-	BgpConAdvAdvertiseFilter        *advertise.Firewall
-	BgpConAdvNonExistFilter         *nonexist.Firewall
-	BgpConditionalAdv               *conadv.Firewall
-	BgpConfig                       *bgp.Firewall
-	BgpDampeningProfile             *dampening.Firewall
-	BgpExport                       *exp.Firewall
-	BgpImport                       *imp.Firewall
-	BgpPeer                         *peer.Firewall
-	BgpPeerGroup                    *group.Firewall
-	BgpRedistRule                   *bgpredist.Firewall
-	Dhcp                            *dhcp.Firewall
-	EthernetInterface               *eth.Firewall
-	GlobalProtectIpsecCryptoProfile *gp.Firewall
-	GreTunnel                       *gre.Firewall
-	IkeCryptoProfile                *ike.Firewall
-	IkeGateway                      *ikegw.Firewall
-	IpsecCryptoProfile              *ipsec.Firewall
-	IpsecTunnel                     *ipsectunnel.Firewall
-	IpsecTunnelProxyId              *tpiv4.Firewall
-	Ipv6Address                     *ipv6a.Firewall
-	Ipv6NeighborDiscovery           *ipv6n.Firewall
-	Ipv6StaticRoute                 *ipv6sr.Firewall
-	Layer2Subinterface              *layer2.Firewall
-	Layer3Subinterface              *layer3.Firewall
-	LoopbackInterface               *loopback.Firewall
-	ManagementProfile               *mngtprof.Firewall
-	MonitorProfile                  *monitor.Firewall
-	OspfArea                        *ospfarea.Firewall
-	OspfAreaInterface               *ospfint.Firewall
-	OspfAreaVirtualLink             *ospfvlink.Firewall
-	OspfAuthProfile                 *ospfauth.Firewall
-	OspfConfig                      *ospf.Firewall
-	OspfExport                      *ospfexp.Firewall
-	RedistributionProfile           *redist4.Firewall
-	StaticRoute                     *ipv4.Firewall
-	TunnelInterface                 *tunnel.Firewall
-	VirtualRouter                   *router.Firewall
-	Vlan                            *vlan.Firewall
-	VlanInterface                   *vli.Firewall
-	Zone                            *zone.Firewall
-}
-
-func FirewallNamespace(x util.XapiClient) *Firewall {
-	return &Firewall{
-		AggregateInterface:              aggeth.FirewallNamespace(x),
-		Arp:                             arp.FirewallNamespace(x),
-		BfdProfile:                      bfd.FirewallNamespace(x),
-		BgpAggregate:                    aggregate.FirewallNamespace(x),
-		BgpAggAdvertiseFilter:           agaf.FirewallNamespace(x),
-		BgpAggSuppressFilter:            suppress.FirewallNamespace(x),
-		BgpAuthProfile:                  auth.FirewallNamespace(x),
-		BgpConAdvAdvertiseFilter:        advertise.FirewallNamespace(x),
-		BgpConAdvNonExistFilter:         nonexist.FirewallNamespace(x),
-		BgpConditionalAdv:               conadv.FirewallNamespace(x),
-		BgpConfig:                       bgp.FirewallNamespace(x),
-		BgpDampeningProfile:             dampening.FirewallNamespace(x),
-		BgpExport:                       exp.FirewallNamespace(x),
-		BgpImport:                       imp.FirewallNamespace(x),
-		BgpPeer:                         peer.FirewallNamespace(x),
-		BgpPeerGroup:                    group.FirewallNamespace(x),
-		BgpRedistRule:                   bgpredist.FirewallNamespace(x),
-		Dhcp:                            dhcp.FirewallNamespace(x),
-		EthernetInterface:               eth.FirewallNamespace(x),
-		GlobalProtectIpsecCryptoProfile: gp.FirewallNamespace(x),
-		GreTunnel:                       gre.FirewallNamespace(x),
-		IkeCryptoProfile:                ike.FirewallNamespace(x),
-		IkeGateway:                      ikegw.FirewallNamespace(x),
-		IpsecCryptoProfile:              ipsec.FirewallNamespace(x),
-		IpsecTunnel:                     ipsectunnel.FirewallNamespace(x),
-		IpsecTunnelProxyId:              tpiv4.FirewallNamespace(x),
-		Ipv6Address:                     ipv6a.FirewallNamespace(x),
-		Ipv6NeighborDiscovery:           ipv6n.FirewallNamespace(x),
-		Ipv6StaticRoute:                 ipv6sr.FirewallNamespace(x),
-		Layer2Subinterface:              layer2.FirewallNamespace(x),
-		Layer3Subinterface:              layer3.FirewallNamespace(x),
-		LoopbackInterface:               loopback.FirewallNamespace(x),
-		ManagementProfile:               mngtprof.FirewallNamespace(x),
-		MonitorProfile:                  monitor.FirewallNamespace(x),
-		OspfArea:                        ospfarea.FirewallNamespace(x),
-		OspfAreaInterface:               ospfint.FirewallNamespace(x),
-		OspfAreaVirtualLink:             ospfvlink.FirewallNamespace(x),
-		OspfAuthProfile:                 ospfauth.FirewallNamespace(x),
-		OspfConfig:                      ospf.FirewallNamespace(x),
-		OspfExport:                      ospfexp.FirewallNamespace(x),
-		RedistributionProfile:           redist4.FirewallNamespace(x),
-		StaticRoute:                     ipv4.FirewallNamespace(x),
-		TunnelInterface:                 tunnel.FirewallNamespace(x),
-		VirtualRouter:                   router.FirewallNamespace(x),
-		Vlan:                            vlan.FirewallNamespace(x),
-		VlanInterface:                   vli.FirewallNamespace(x),
-		Zone:                            zone.FirewallNamespace(x),
-	}
-}
diff --git a/netw/ikegw/const.go b/netw/ikegw/const.go
deleted file mode 100644
index b0996452..00000000
--- a/netw/ikegw/const.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package ikegw
-
-const (
-	Ikev1          = "ikev1"
-	Ikev2          = "ikev2"
-	Ikev2Preferred = "ikev2-preferred"
-)
-
-const (
-	IdTypeIpAddress = "ipaddr"
-	IdTypeFqdn      = "fqdn"
-	IdTypeUfqdn     = "ufqdn"
-	IdTypeKeyId     = "keyid"
-	IdTypeDn        = "dn"
-)
-
-const (
-	PeerTypeIp      = "ip"
-	PeerTypeDynamic = "dynamic"
-	PeerTypeFqdn    = "fqdn"
-)
-
-const (
-	LocalTypeIp         = "ip"
-	LocalTypeFloatingIp = "floating-ip"
-)
-
-const (
-	AuthPreSharedKey = "pre-shared-key"
-	AuthCertificate  = "certificate"
-)
-
-const (
-	PeerIdCheckExact    = "exact"
-	PeerIdCheckWildcard = "wildcard"
-)
-
-const (
-	singular = "ike gateways"
-	plural   = "ike gateways"
-)
diff --git a/netw/ikegw/doc.go b/netw/ikegw/doc.go
deleted file mode 100644
index eaebb481..00000000
--- a/netw/ikegw/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package ikegw is the client.Network.IkeGateway namespace.
-//
-// Normalized object:  Entry
-package ikegw
diff --git a/netw/ikegw/entry.go b/netw/ikegw/entry.go
deleted file mode 100644
index 375a4316..00000000
--- a/netw/ikegw/entry.go
+++ /dev/null
@@ -1,1158 +0,0 @@
-package ikegw
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an IKE gateway.
-type Entry struct {
-	Name                          string
-	Version                       string
-	EnableIpv6                    bool
-	Disabled                      bool
-	PeerIpType                    string
-	PeerIpValue                   string
-	Interface                     string
-	LocalIpAddressType            string
-	LocalIpAddressValue           string
-	AuthType                      string
-	PreSharedKey                  string
-	LocalIdType                   string
-	LocalIdValue                  string
-	PeerIdType                    string
-	PeerIdValue                   string
-	PeerIdCheck                   string
-	LocalCert                     string
-	CertEnableHashAndUrl          bool
-	CertBaseUrl                   string
-	CertUseManagementAsSource     bool
-	CertPermitPayloadMismatch     bool
-	CertProfile                   string
-	CertEnableStrictValidation    bool
-	EnablePassiveMode             bool
-	EnableNatTraversal            bool
-	NatTraversalKeepAlive         int
-	NatTraversalEnableUdpChecksum bool
-	EnableFragmentation           bool
-	Ikev1ExchangeMode             string
-	Ikev1CryptoProfile            string
-	EnableDeadPeerDetection       bool
-	DeadPeerDetectionInterval     int
-	DeadPeerDetectionRetry        int
-	Ikev2CryptoProfile            string
-	Ikev2CookieValidation         bool
-	EnableLivenessCheck           bool
-	LivenessCheckInterval         int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Version = s.Version
-	o.EnableIpv6 = s.EnableIpv6
-	o.Disabled = s.Disabled
-	o.PeerIpType = s.PeerIpType
-	o.PeerIpValue = s.PeerIpValue
-	o.Interface = s.Interface
-	o.LocalIpAddressType = s.LocalIpAddressType
-	o.LocalIpAddressValue = s.LocalIpAddressValue
-	o.AuthType = s.AuthType
-	o.PreSharedKey = s.PreSharedKey
-	o.LocalIdType = s.LocalIdType
-	o.LocalIdValue = s.LocalIdValue
-	o.PeerIdType = s.PeerIdType
-	o.PeerIdValue = s.PeerIdValue
-	o.PeerIdCheck = s.PeerIdCheck
-	o.LocalCert = s.LocalCert
-	o.CertEnableHashAndUrl = s.CertEnableHashAndUrl
-	o.CertBaseUrl = s.CertBaseUrl
-	o.CertUseManagementAsSource = s.CertUseManagementAsSource
-	o.CertPermitPayloadMismatch = s.CertPermitPayloadMismatch
-	o.CertProfile = s.CertProfile
-	o.CertEnableStrictValidation = s.CertEnableStrictValidation
-	o.EnablePassiveMode = s.EnablePassiveMode
-	o.EnableNatTraversal = s.EnableNatTraversal
-	o.NatTraversalKeepAlive = s.NatTraversalKeepAlive
-	o.NatTraversalEnableUdpChecksum = s.NatTraversalEnableUdpChecksum
-	o.EnableFragmentation = s.EnableFragmentation
-	o.Ikev1ExchangeMode = s.Ikev1ExchangeMode
-	o.Ikev1CryptoProfile = s.Ikev1CryptoProfile
-	o.EnableDeadPeerDetection = s.EnableDeadPeerDetection
-	o.DeadPeerDetectionInterval = s.DeadPeerDetectionInterval
-	o.DeadPeerDetectionRetry = s.DeadPeerDetectionRetry
-	o.Ikev2CryptoProfile = s.Ikev2CryptoProfile
-	o.Ikev2CookieValidation = s.Ikev2CookieValidation
-	o.EnableLivenessCheck = s.EnableLivenessCheck
-	o.LivenessCheckInterval = s.LivenessCheckInterval
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:      o.Name,
-		Version:   Ikev1,
-		Interface: o.LocalIp.Interface,
-	}
-
-	if o.PeerIp.Dynamic != nil {
-		ans.PeerIpType = PeerTypeDynamic
-	} else {
-		ans.PeerIpType = PeerTypeIp
-		ans.PeerIpValue = o.PeerIp.Static
-	}
-
-	if o.PeerId != nil {
-		ans.PeerIdType = o.PeerId.PeerIdType
-		ans.PeerIdValue = o.PeerId.PeerIdValue
-		ans.PeerIdCheck = o.PeerId.PeerIdCheck
-	}
-
-	if o.LocalIp.StaticIp != "" {
-		ans.LocalIpAddressType = LocalTypeIp
-		ans.LocalIpAddressValue = o.LocalIp.StaticIp
-	}
-
-	if o.LocalId != nil {
-		ans.LocalIdType = o.LocalId.LocalIdType
-		ans.LocalIdValue = o.LocalId.LocalIdValue
-	}
-
-	if o.PskAuth != nil {
-		ans.AuthType = AuthPreSharedKey
-		ans.PreSharedKey = o.PskAuth.Key
-	} else if o.CAuth != nil {
-		ans.AuthType = AuthCertificate
-		ans.LocalCert = o.CAuth.LocalCert
-		ans.CertProfile = o.CAuth.CertProfile
-		ans.CertEnableStrictValidation = util.AsBool(o.CAuth.CertEnableStrictValidation)
-		ans.CertPermitPayloadMismatch = util.AsBool(o.CAuth.CertPermitPayloadMismatch)
-	}
-
-	if o.Proto != nil {
-		if o.Proto.Ikev1 != nil {
-			ans.Ikev1ExchangeMode = o.Proto.Ikev1.Ikev1ExchangeMode
-			ans.Ikev1CryptoProfile = o.Proto.Ikev1.Ikev1CryptoProfile
-
-			if o.Proto.Ikev1.Dpd != nil {
-				ans.EnableDeadPeerDetection = util.AsBool(o.Proto.Ikev1.Dpd.EnableDeadPeerDetection)
-				ans.DeadPeerDetectionInterval = o.Proto.Ikev1.Dpd.DeadPeerDetectionInterval
-				ans.DeadPeerDetectionRetry = o.Proto.Ikev1.Dpd.DeadPeerDetectionRetry
-			}
-		}
-	}
-
-	if o.ProtoCommon != nil {
-		ans.EnablePassiveMode = util.AsBool(o.ProtoCommon.EnablePassiveMode)
-		if o.ProtoCommon.Nat != nil {
-			ans.EnableNatTraversal = util.AsBool(o.ProtoCommon.Nat.EnableNatTraversal)
-			ans.NatTraversalKeepAlive = o.ProtoCommon.Nat.NatTraversalKeepAlive
-			ans.NatTraversalEnableUdpChecksum = util.AsBool(o.ProtoCommon.Nat.NatTraversalEnableUdpChecksum)
-		}
-		if o.ProtoCommon.Frag != nil {
-			ans.EnableFragmentation = util.AsBool(o.ProtoCommon.Frag.EnableFragmentation)
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		Interface:  o.LocalIp.Interface,
-		Disabled:   util.AsBool(o.Disabled),
-		EnableIpv6: util.AsBool(o.EnableIpv6),
-	}
-
-	if o.PeerIp.Dynamic != nil {
-		ans.PeerIpType = PeerTypeDynamic
-	} else {
-		ans.PeerIpType = PeerTypeIp
-		ans.PeerIpValue = o.PeerIp.Static
-	}
-
-	if o.PeerId != nil {
-		ans.PeerIdType = o.PeerId.PeerIdType
-		ans.PeerIdValue = o.PeerId.PeerIdValue
-		ans.PeerIdCheck = o.PeerId.PeerIdCheck
-	}
-
-	if o.LocalIp.StaticIp != "" {
-		ans.LocalIpAddressType = LocalTypeIp
-		ans.LocalIpAddressValue = o.LocalIp.StaticIp
-	}
-
-	if o.LocalId != nil {
-		ans.LocalIdType = o.LocalId.LocalIdType
-		ans.LocalIdValue = o.LocalId.LocalIdValue
-	}
-
-	if o.PskAuth != nil {
-		ans.AuthType = AuthPreSharedKey
-		ans.PreSharedKey = o.PskAuth.Key
-	} else if o.CAuth != nil {
-		ans.AuthType = AuthCertificate
-		ans.LocalCert = o.CAuth.CLocal.LocalCert
-		ans.CertProfile = o.CAuth.CertProfile
-		ans.CertEnableStrictValidation = util.AsBool(o.CAuth.CertEnableStrictValidation)
-		ans.CertPermitPayloadMismatch = util.AsBool(o.CAuth.CertPermitPayloadMismatch)
-
-		if o.CAuth.CLocal.Hau != nil {
-			ans.CertEnableHashAndUrl = util.AsBool(o.CAuth.CLocal.Hau.CertEnableHashAndUrl)
-			ans.CertBaseUrl = o.CAuth.CLocal.Hau.CertBaseUrl
-		}
-	}
-
-	if o.Proto != nil {
-		ans.Version = o.Proto.Version
-
-		if o.Proto.Ikev1 != nil {
-			ans.Ikev1ExchangeMode = o.Proto.Ikev1.Ikev1ExchangeMode
-			ans.Ikev1CryptoProfile = o.Proto.Ikev1.Ikev1CryptoProfile
-
-			if o.Proto.Ikev1.Dpd != nil {
-				ans.EnableDeadPeerDetection = util.AsBool(o.Proto.Ikev1.Dpd.EnableDeadPeerDetection)
-				ans.DeadPeerDetectionInterval = o.Proto.Ikev1.Dpd.DeadPeerDetectionInterval
-				ans.DeadPeerDetectionRetry = o.Proto.Ikev1.Dpd.DeadPeerDetectionRetry
-			}
-		}
-
-		if o.Proto.Ikev2 != nil {
-			ans.Ikev2CryptoProfile = o.Proto.Ikev2.Ikev2CryptoProfile
-			ans.Ikev2CookieValidation = util.AsBool(o.Proto.Ikev2.Ikev2CookieValidation)
-
-			if o.Proto.Ikev2.Dpd != nil {
-				ans.EnableLivenessCheck = util.AsBool(o.Proto.Ikev2.Dpd.EnableLivenessCheck)
-				ans.LivenessCheckInterval = o.Proto.Ikev2.Dpd.LivenessCheckInterval
-			}
-		}
-	}
-
-	if o.ProtoCommon != nil {
-		ans.EnablePassiveMode = util.AsBool(o.ProtoCommon.EnablePassiveMode)
-		if o.ProtoCommon.Nat != nil {
-			ans.EnableNatTraversal = util.AsBool(o.ProtoCommon.Nat.EnableNatTraversal)
-			ans.NatTraversalKeepAlive = o.ProtoCommon.Nat.NatTraversalKeepAlive
-			ans.NatTraversalEnableUdpChecksum = util.AsBool(o.ProtoCommon.Nat.NatTraversalEnableUdpChecksum)
-		}
-		if o.ProtoCommon.Frag != nil {
-			ans.EnableFragmentation = util.AsBool(o.ProtoCommon.Frag.EnableFragmentation)
-		}
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		Interface:  o.LocalIp.Interface,
-		Disabled:   util.AsBool(o.Disabled),
-		EnableIpv6: util.AsBool(o.EnableIpv6),
-	}
-
-	if o.PeerIp.Dynamic != nil {
-		ans.PeerIpType = PeerTypeDynamic
-	} else {
-		ans.PeerIpType = PeerTypeIp
-		ans.PeerIpValue = o.PeerIp.Static
-	}
-
-	if o.PeerId != nil {
-		ans.PeerIdType = o.PeerId.PeerIdType
-		ans.PeerIdValue = o.PeerId.PeerIdValue
-		ans.PeerIdCheck = o.PeerId.PeerIdCheck
-	}
-
-	if o.LocalIp.StaticIp != "" {
-		ans.LocalIpAddressType = LocalTypeIp
-		ans.LocalIpAddressValue = o.LocalIp.StaticIp
-	}
-
-	if o.LocalIp.FloatingIp != "" {
-		ans.LocalIpAddressType = LocalTypeFloatingIp
-		ans.LocalIpAddressValue = o.LocalIp.FloatingIp
-	}
-
-	if o.LocalId != nil {
-		ans.LocalIdType = o.LocalId.LocalIdType
-		ans.LocalIdValue = o.LocalId.LocalIdValue
-	}
-
-	if o.PskAuth != nil {
-		ans.AuthType = AuthPreSharedKey
-		ans.PreSharedKey = o.PskAuth.Key
-	} else if o.CAuth != nil {
-		ans.AuthType = AuthCertificate
-		ans.LocalCert = o.CAuth.CLocal.LocalCert
-		ans.CertProfile = o.CAuth.CertProfile
-		ans.CertEnableStrictValidation = util.AsBool(o.CAuth.CertEnableStrictValidation)
-		ans.CertPermitPayloadMismatch = util.AsBool(o.CAuth.CertPermitPayloadMismatch)
-
-		if o.CAuth.CLocal.Hau != nil {
-			ans.CertEnableHashAndUrl = util.AsBool(o.CAuth.CLocal.Hau.CertEnableHashAndUrl)
-			ans.CertBaseUrl = o.CAuth.CLocal.Hau.CertBaseUrl
-		}
-	}
-
-	if o.Proto != nil {
-		ans.Version = o.Proto.Version
-
-		if o.Proto.Ikev1 != nil {
-			ans.Ikev1ExchangeMode = o.Proto.Ikev1.Ikev1ExchangeMode
-			ans.Ikev1CryptoProfile = o.Proto.Ikev1.Ikev1CryptoProfile
-
-			if o.Proto.Ikev1.Dpd != nil {
-				ans.EnableDeadPeerDetection = util.AsBool(o.Proto.Ikev1.Dpd.EnableDeadPeerDetection)
-				ans.DeadPeerDetectionInterval = o.Proto.Ikev1.Dpd.DeadPeerDetectionInterval
-				ans.DeadPeerDetectionRetry = o.Proto.Ikev1.Dpd.DeadPeerDetectionRetry
-			}
-		}
-
-		if o.Proto.Ikev2 != nil {
-			ans.Ikev2CryptoProfile = o.Proto.Ikev2.Ikev2CryptoProfile
-			ans.Ikev2CookieValidation = util.AsBool(o.Proto.Ikev2.Ikev2CookieValidation)
-
-			if o.Proto.Ikev2.Dpd != nil {
-				ans.EnableLivenessCheck = util.AsBool(o.Proto.Ikev2.Dpd.EnableLivenessCheck)
-				ans.LivenessCheckInterval = o.Proto.Ikev2.Dpd.LivenessCheckInterval
-			}
-		}
-	}
-
-	if o.ProtoCommon != nil {
-		ans.EnablePassiveMode = util.AsBool(o.ProtoCommon.EnablePassiveMode)
-		if o.ProtoCommon.Nat != nil {
-			ans.EnableNatTraversal = util.AsBool(o.ProtoCommon.Nat.EnableNatTraversal)
-			ans.NatTraversalKeepAlive = o.ProtoCommon.Nat.NatTraversalKeepAlive
-			ans.NatTraversalEnableUdpChecksum = util.AsBool(o.ProtoCommon.Nat.NatTraversalEnableUdpChecksum)
-		}
-		if o.ProtoCommon.Frag != nil {
-			ans.EnableFragmentation = util.AsBool(o.ProtoCommon.Frag.EnableFragmentation)
-		}
-	}
-
-	return ans
-}
-
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		Interface:  o.LocalIp.Interface,
-		Disabled:   util.AsBool(o.Disabled),
-		EnableIpv6: util.AsBool(o.EnableIpv6),
-	}
-
-	if o.PeerIp.Dynamic != nil {
-		ans.PeerIpType = PeerTypeDynamic
-	} else if o.PeerIp.Fqdn != "" {
-		ans.PeerIpType = PeerTypeFqdn
-		ans.PeerIpValue = o.PeerIp.Fqdn
-	} else {
-		ans.PeerIpType = PeerTypeIp
-		ans.PeerIpValue = o.PeerIp.Static
-	}
-
-	if o.PeerId != nil {
-		ans.PeerIdType = o.PeerId.PeerIdType
-		ans.PeerIdValue = o.PeerId.PeerIdValue
-		ans.PeerIdCheck = o.PeerId.PeerIdCheck
-	}
-
-	if o.LocalIp.StaticIp != "" {
-		ans.LocalIpAddressType = LocalTypeIp
-		ans.LocalIpAddressValue = o.LocalIp.StaticIp
-	}
-
-	if o.LocalIp.FloatingIp != "" {
-		ans.LocalIpAddressType = LocalTypeFloatingIp
-		ans.LocalIpAddressValue = o.LocalIp.FloatingIp
-	}
-
-	if o.LocalId != nil {
-		ans.LocalIdType = o.LocalId.LocalIdType
-		ans.LocalIdValue = o.LocalId.LocalIdValue
-	}
-
-	if o.PskAuth != nil {
-		ans.AuthType = AuthPreSharedKey
-		ans.PreSharedKey = o.PskAuth.Key
-	} else if o.CAuth != nil {
-		ans.AuthType = AuthCertificate
-		ans.LocalCert = o.CAuth.CLocal.LocalCert
-		ans.CertProfile = o.CAuth.CertProfile
-		ans.CertEnableStrictValidation = util.AsBool(o.CAuth.CertEnableStrictValidation)
-		ans.CertPermitPayloadMismatch = util.AsBool(o.CAuth.CertPermitPayloadMismatch)
-
-		if o.CAuth.CLocal.Hau != nil {
-			ans.CertEnableHashAndUrl = util.AsBool(o.CAuth.CLocal.Hau.CertEnableHashAndUrl)
-			ans.CertBaseUrl = o.CAuth.CLocal.Hau.CertBaseUrl
-		}
-	}
-
-	if o.Proto != nil {
-		ans.Version = o.Proto.Version
-
-		if o.Proto.Ikev1 != nil {
-			ans.Ikev1ExchangeMode = o.Proto.Ikev1.Ikev1ExchangeMode
-			ans.Ikev1CryptoProfile = o.Proto.Ikev1.Ikev1CryptoProfile
-
-			if o.Proto.Ikev1.Dpd != nil {
-				ans.EnableDeadPeerDetection = util.AsBool(o.Proto.Ikev1.Dpd.EnableDeadPeerDetection)
-				ans.DeadPeerDetectionInterval = o.Proto.Ikev1.Dpd.DeadPeerDetectionInterval
-				ans.DeadPeerDetectionRetry = o.Proto.Ikev1.Dpd.DeadPeerDetectionRetry
-			}
-		}
-
-		if o.Proto.Ikev2 != nil {
-			ans.Ikev2CryptoProfile = o.Proto.Ikev2.Ikev2CryptoProfile
-			ans.Ikev2CookieValidation = util.AsBool(o.Proto.Ikev2.Ikev2CookieValidation)
-
-			if o.Proto.Ikev2.Dpd != nil {
-				ans.EnableLivenessCheck = util.AsBool(o.Proto.Ikev2.Dpd.EnableLivenessCheck)
-				ans.LivenessCheckInterval = o.Proto.Ikev2.Dpd.LivenessCheckInterval
-			}
-		}
-	}
-
-	if o.ProtoCommon != nil {
-		ans.EnablePassiveMode = util.AsBool(o.ProtoCommon.EnablePassiveMode)
-		if o.ProtoCommon.Nat != nil {
-			ans.EnableNatTraversal = util.AsBool(o.ProtoCommon.Nat.EnableNatTraversal)
-			ans.NatTraversalKeepAlive = o.ProtoCommon.Nat.NatTraversalKeepAlive
-			ans.NatTraversalEnableUdpChecksum = util.AsBool(o.ProtoCommon.Nat.NatTraversalEnableUdpChecksum)
-		}
-		if o.ProtoCommon.Frag != nil {
-			ans.EnableFragmentation = util.AsBool(o.ProtoCommon.Frag.EnableFragmentation)
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name     `xml:"entry"`
-	Name        string       `xml:"name,attr"`
-	PeerIp      peerIp_v1    `xml:"peer-address"`
-	PeerId      *peerId      `xml:"peer-id"`
-	LocalIp     localIp_v1   `xml:"local-address"`
-	LocalId     *localId     `xml:"local-id"`
-	PskAuth     *pskAuth     `xml:"authentication>pre-shared-key"`
-	CAuth       *cAuth_v1    `xml:"authentication>certificate"`
-	Proto       *proto_v1    `xml:"protocol"`
-	ProtoCommon *protoCommon `xml:"protocol-common"`
-}
-
-type peerIp_v1 struct {
-	Static  string  `xml:"ip,omitempty"`
-	Dynamic *string `xml:"dynamic"`
-}
-
-type peerId struct {
-	PeerIdType  string `xml:"type"`
-	PeerIdValue string `xml:"id,omitempty"`
-	PeerIdCheck string `xml:"matching,omitempty"`
-}
-
-type localIp_v1 struct {
-	Interface string `xml:"interface,omitempty"`
-	StaticIp  string `xml:"ip,omitempty"`
-}
-
-type localIp_v2 struct {
-	Interface  string `xml:"interface,omitempty"`
-	StaticIp   string `xml:"ip,omitempty"`
-	FloatingIp string `xml:"floating-ip,omitempty"`
-}
-
-type localId struct {
-	LocalIdType  string `xml:"type"`
-	LocalIdValue string `xml:"id"`
-}
-
-type pskAuth struct {
-	Key string `xml:"key"`
-}
-
-type cAuth_v1 struct {
-	LocalCert                  string `xml:"local-certificate"`
-	CertProfile                string `xml:"certificate-profile"`
-	CertEnableStrictValidation string `xml:"strict-validation-revocation"`
-	CertPermitPayloadMismatch  string `xml:"allow-id-payload-mismatch"`
-}
-
-type proto_v1 struct {
-	Ikev1 *ikev1_v1 `xml:"ikev1"`
-}
-
-type ikev1_v1 struct {
-	Ikev1ExchangeMode  string    `xml:"exchange-mode,omitempty"`
-	Ikev1CryptoProfile string    `xml:"ike-crypto-profile,omitempty"`
-	Dpd                *ikev1Dpd `xml:"dpd"`
-}
-
-type ikev1Dpd struct {
-	EnableDeadPeerDetection   string `xml:"enable"`
-	DeadPeerDetectionInterval int    `xml:"interval,omitempty"`
-	DeadPeerDetectionRetry    int    `xml:"retry,omitempty"`
-}
-
-type protoCommon struct {
-	EnablePassiveMode string     `xml:"passive-mode"`
-	Nat               *protoNat  `xml:"nat-traversal"`
-	Frag              *protoFrag `xml:"fragmentation"`
-}
-
-type protoNat struct {
-	EnableNatTraversal            string `xml:"enable"`
-	NatTraversalKeepAlive         int    `xml:"keep-alive-interval"`
-	NatTraversalEnableUdpChecksum string `xml:"udp-checksum-enable"`
-}
-
-type protoFrag struct {
-	EnableFragmentation string `xml:"enable"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-		LocalIp: localIp_v1{
-			Interface: e.Interface,
-			StaticIp:  e.LocalIpAddressValue,
-		},
-	}
-
-	switch e.PeerIpType {
-	case PeerTypeIp:
-		ans.PeerIp.Static = e.PeerIpValue
-	case PeerTypeDynamic:
-		s := ""
-		ans.PeerIp.Dynamic = &s
-	}
-
-	if e.PeerIdType != "" || e.PeerIdValue != "" || e.PeerIdCheck != "" {
-		ans.PeerId = &peerId{
-			PeerIdType:  e.PeerIdType,
-			PeerIdValue: e.PeerIdValue,
-			PeerIdCheck: e.PeerIdCheck,
-		}
-	}
-
-	if e.LocalIdType != "" || e.LocalIdValue != "" {
-		ans.LocalId = &localId{
-			LocalIdType:  e.LocalIdType,
-			LocalIdValue: e.LocalIdValue,
-		}
-	}
-
-	switch e.AuthType {
-	case AuthPreSharedKey:
-		ans.PskAuth = &pskAuth{
-			Key: e.PreSharedKey,
-		}
-	case AuthCertificate:
-		ans.CAuth = &cAuth_v1{
-			LocalCert:                  e.LocalCert,
-			CertProfile:                e.CertProfile,
-			CertEnableStrictValidation: util.YesNo(e.CertEnableStrictValidation),
-			CertPermitPayloadMismatch:  util.YesNo(e.CertPermitPayloadMismatch),
-		}
-	}
-
-	if e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-		ans.Proto = &proto_v1{
-			Ikev1: &ikev1_v1{
-				Ikev1ExchangeMode:  e.Ikev1ExchangeMode,
-				Ikev1CryptoProfile: e.Ikev1CryptoProfile,
-			},
-		}
-
-		if e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-			ans.Proto.Ikev1.Dpd = &ikev1Dpd{
-				EnableDeadPeerDetection:   util.YesNo(e.EnableDeadPeerDetection),
-				DeadPeerDetectionInterval: e.DeadPeerDetectionInterval,
-				DeadPeerDetectionRetry:    e.DeadPeerDetectionRetry,
-			}
-		}
-	}
-
-	if e.EnablePassiveMode || e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum || e.EnableFragmentation {
-		s := protoCommon{
-			EnablePassiveMode: util.YesNo(e.EnablePassiveMode),
-		}
-
-		if e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum {
-			s.Nat = &protoNat{
-				EnableNatTraversal:            util.YesNo(e.EnableNatTraversal),
-				NatTraversalKeepAlive:         e.NatTraversalKeepAlive,
-				NatTraversalEnableUdpChecksum: util.YesNo(e.NatTraversalEnableUdpChecksum),
-			}
-		}
-
-		if e.EnableFragmentation {
-			s.Frag = &protoFrag{
-				EnableFragmentation: util.YesNo(e.EnableFragmentation),
-			}
-		}
-
-		ans.ProtoCommon = &s
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name     `xml:"entry"`
-	Name        string       `xml:"name,attr"`
-	Disabled    string       `xml:"disabled"`
-	EnableIpv6  string       `xml:"ipv6"`
-	PeerIp      peerIp_v1    `xml:"peer-address"`
-	PeerId      *peerId      `xml:"peer-id"`
-	LocalIp     localIp_v1   `xml:"local-address"`
-	LocalId     *localId     `xml:"local-id"`
-	PskAuth     *pskAuth     `xml:"authentication>pre-shared-key"`
-	CAuth       *cAuth_v2    `xml:"authentication>certificate"`
-	Proto       *proto_v2    `xml:"protocol"`
-	ProtoCommon *protoCommon `xml:"protocol-common"`
-}
-
-type cAuth_v2 struct {
-	CLocal                     cLocal `xml:"local-certificate"`
-	CertProfile                string `xml:"certificate-profile"`
-	CertUseManagementAsSource  string `xml:"use-management-as-source"`
-	CertEnableStrictValidation string `xml:"strict-validation-revocation"`
-	CertPermitPayloadMismatch  string `xml:"allow-id-payload-mismatch"`
-}
-
-type cLocal struct {
-	LocalCert string `xml:"name"`
-	Hau       *hau   `xml:"hash-and-url"`
-}
-
-type hau struct {
-	CertEnableHashAndUrl string `xml:"enable"`
-	CertBaseUrl          string `xml:"base-url"`
-}
-
-type proto_v2 struct {
-	Version string    `xml:"version"`
-	Ikev1   *ikev1_v1 `xml:"ikev1"`
-	Ikev2   *ikev2_v1 `xml:"ikev2"`
-}
-
-type ikev2_v1 struct {
-	Ikev2CryptoProfile    string    `xml:"ike-crypto-profile,omitempty"`
-	Ikev2CookieValidation string    `xml:"require-cookie"`
-	Dpd                   *ikev2Dpd `xml:"dpd"`
-}
-
-type ikev2Dpd struct {
-	EnableLivenessCheck   string `xml:"enable"`
-	LivenessCheckInterval int    `xml:"interval,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:       e.Name,
-		Disabled:   util.YesNo(e.Disabled),
-		EnableIpv6: util.YesNo(e.EnableIpv6),
-		LocalIp: localIp_v1{
-			Interface: e.Interface,
-			StaticIp:  e.LocalIpAddressValue,
-		},
-	}
-
-	switch e.PeerIpType {
-	case PeerTypeIp:
-		ans.PeerIp.Static = e.PeerIpValue
-	case PeerTypeDynamic:
-		s := ""
-		ans.PeerIp.Dynamic = &s
-	}
-
-	if e.PeerIdType != "" || e.PeerIdValue != "" || e.PeerIdCheck != "" {
-		ans.PeerId = &peerId{
-			PeerIdType:  e.PeerIdType,
-			PeerIdValue: e.PeerIdValue,
-			PeerIdCheck: e.PeerIdCheck,
-		}
-	}
-
-	if e.LocalIdType != "" || e.LocalIdValue != "" {
-		ans.LocalId = &localId{
-			LocalIdType:  e.LocalIdType,
-			LocalIdValue: e.LocalIdValue,
-		}
-	}
-
-	switch e.AuthType {
-	case AuthPreSharedKey:
-		ans.PskAuth = &pskAuth{
-			Key: e.PreSharedKey,
-		}
-	case AuthCertificate:
-		ans.CAuth = &cAuth_v2{
-			CLocal: cLocal{
-				LocalCert: e.LocalCert,
-			},
-			CertProfile:                e.CertProfile,
-			CertUseManagementAsSource:  util.YesNo(e.CertUseManagementAsSource),
-			CertEnableStrictValidation: util.YesNo(e.CertEnableStrictValidation),
-			CertPermitPayloadMismatch:  util.YesNo(e.CertPermitPayloadMismatch),
-		}
-
-		if e.CertEnableHashAndUrl || e.CertBaseUrl != "" {
-			ans.CAuth.CLocal.Hau = &hau{
-				CertEnableHashAndUrl: util.YesNo(e.CertEnableHashAndUrl),
-				CertBaseUrl:          e.CertBaseUrl,
-			}
-		}
-	}
-
-	if e.Version != "" || e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 || e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-		ans.Proto = &proto_v2{
-			Version: e.Version,
-		}
-
-		if e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-			ans.Proto.Ikev1 = &ikev1_v1{
-				Ikev1ExchangeMode:  e.Ikev1ExchangeMode,
-				Ikev1CryptoProfile: e.Ikev1CryptoProfile,
-			}
-
-			if e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-				ans.Proto.Ikev1.Dpd = &ikev1Dpd{
-					EnableDeadPeerDetection:   util.YesNo(e.EnableDeadPeerDetection),
-					DeadPeerDetectionInterval: e.DeadPeerDetectionInterval,
-					DeadPeerDetectionRetry:    e.DeadPeerDetectionRetry,
-				}
-			}
-		}
-
-		if e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-			ans.Proto.Ikev2 = &ikev2_v1{
-				Ikev2CryptoProfile:    e.Ikev2CryptoProfile,
-				Ikev2CookieValidation: util.YesNo(e.Ikev2CookieValidation),
-			}
-
-			if e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-				ans.Proto.Ikev2.Dpd = &ikev2Dpd{
-					EnableLivenessCheck:   util.YesNo(e.EnableLivenessCheck),
-					LivenessCheckInterval: e.LivenessCheckInterval,
-				}
-			}
-		}
-	}
-
-	if e.EnablePassiveMode || e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum || e.EnableFragmentation {
-		s := protoCommon{
-			EnablePassiveMode: util.YesNo(e.EnablePassiveMode),
-		}
-
-		if e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum {
-			s.Nat = &protoNat{
-				EnableNatTraversal:            util.YesNo(e.EnableNatTraversal),
-				NatTraversalKeepAlive:         e.NatTraversalKeepAlive,
-				NatTraversalEnableUdpChecksum: util.YesNo(e.NatTraversalEnableUdpChecksum),
-			}
-		}
-
-		if e.EnableFragmentation {
-			s.Frag = &protoFrag{
-				EnableFragmentation: util.YesNo(e.EnableFragmentation),
-			}
-		}
-
-		ans.ProtoCommon = &s
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName     xml.Name     `xml:"entry"`
-	Name        string       `xml:"name,attr"`
-	Disabled    string       `xml:"disabled"`
-	EnableIpv6  string       `xml:"ipv6"`
-	PeerIp      peerIp_v1    `xml:"peer-address"`
-	PeerId      *peerId      `xml:"peer-id"`
-	LocalIp     localIp_v2   `xml:"local-address"`
-	LocalId     *localId     `xml:"local-id"`
-	PskAuth     *pskAuth     `xml:"authentication>pre-shared-key"`
-	CAuth       *cAuth_v2    `xml:"authentication>certificate"`
-	Proto       *proto_v2    `xml:"protocol"`
-	ProtoCommon *protoCommon `xml:"protocol-common"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:       e.Name,
-		Disabled:   util.YesNo(e.Disabled),
-		EnableIpv6: util.YesNo(e.EnableIpv6),
-		LocalIp: localIp_v2{
-			Interface: e.Interface,
-		},
-	}
-
-	switch e.LocalIpAddressType {
-	case LocalTypeFloatingIp:
-		ans.LocalIp.FloatingIp = e.LocalIpAddressValue
-	default:
-		ans.LocalIp.StaticIp = e.LocalIpAddressValue
-	}
-
-	switch e.PeerIpType {
-	case PeerTypeIp:
-		ans.PeerIp.Static = e.PeerIpValue
-	case PeerTypeDynamic:
-		s := ""
-		ans.PeerIp.Dynamic = &s
-	}
-
-	if e.PeerIdType != "" || e.PeerIdValue != "" || e.PeerIdCheck != "" {
-		ans.PeerId = &peerId{
-			PeerIdType:  e.PeerIdType,
-			PeerIdValue: e.PeerIdValue,
-			PeerIdCheck: e.PeerIdCheck,
-		}
-	}
-
-	if e.LocalIdType != "" || e.LocalIdValue != "" {
-		ans.LocalId = &localId{
-			LocalIdType:  e.LocalIdType,
-			LocalIdValue: e.LocalIdValue,
-		}
-	}
-
-	switch e.AuthType {
-	case AuthPreSharedKey:
-		ans.PskAuth = &pskAuth{
-			Key: e.PreSharedKey,
-		}
-	case AuthCertificate:
-		ans.CAuth = &cAuth_v2{
-			CLocal: cLocal{
-				LocalCert: e.LocalCert,
-			},
-			CertProfile:                e.CertProfile,
-			CertUseManagementAsSource:  util.YesNo(e.CertUseManagementAsSource),
-			CertEnableStrictValidation: util.YesNo(e.CertEnableStrictValidation),
-			CertPermitPayloadMismatch:  util.YesNo(e.CertPermitPayloadMismatch),
-		}
-
-		if e.CertEnableHashAndUrl || e.CertBaseUrl != "" {
-			ans.CAuth.CLocal.Hau = &hau{
-				CertEnableHashAndUrl: util.YesNo(e.CertEnableHashAndUrl),
-				CertBaseUrl:          e.CertBaseUrl,
-			}
-		}
-	}
-
-	if e.Version != "" || e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 || e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-		ans.Proto = &proto_v2{
-			Version: e.Version,
-		}
-
-		if e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-			ans.Proto.Ikev1 = &ikev1_v1{
-				Ikev1ExchangeMode:  e.Ikev1ExchangeMode,
-				Ikev1CryptoProfile: e.Ikev1CryptoProfile,
-			}
-
-			if e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-				ans.Proto.Ikev1.Dpd = &ikev1Dpd{
-					EnableDeadPeerDetection:   util.YesNo(e.EnableDeadPeerDetection),
-					DeadPeerDetectionInterval: e.DeadPeerDetectionInterval,
-					DeadPeerDetectionRetry:    e.DeadPeerDetectionRetry,
-				}
-			}
-		}
-
-		if e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-			ans.Proto.Ikev2 = &ikev2_v1{
-				Ikev2CryptoProfile:    e.Ikev2CryptoProfile,
-				Ikev2CookieValidation: util.YesNo(e.Ikev2CookieValidation),
-			}
-
-			if e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-				ans.Proto.Ikev2.Dpd = &ikev2Dpd{
-					EnableLivenessCheck:   util.YesNo(e.EnableLivenessCheck),
-					LivenessCheckInterval: e.LivenessCheckInterval,
-				}
-			}
-		}
-	}
-
-	if e.EnablePassiveMode || e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum || e.EnableFragmentation {
-		s := protoCommon{
-			EnablePassiveMode: util.YesNo(e.EnablePassiveMode),
-		}
-
-		if e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum {
-			s.Nat = &protoNat{
-				EnableNatTraversal:            util.YesNo(e.EnableNatTraversal),
-				NatTraversalKeepAlive:         e.NatTraversalKeepAlive,
-				NatTraversalEnableUdpChecksum: util.YesNo(e.NatTraversalEnableUdpChecksum),
-			}
-		}
-
-		if e.EnableFragmentation {
-			s.Frag = &protoFrag{
-				EnableFragmentation: util.YesNo(e.EnableFragmentation),
-			}
-		}
-
-		ans.ProtoCommon = &s
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName     xml.Name     `xml:"entry"`
-	Name        string       `xml:"name,attr"`
-	Disabled    string       `xml:"disabled"`
-	EnableIpv6  string       `xml:"ipv6"`
-	PeerIp      peerIp_v2    `xml:"peer-address"`
-	PeerId      *peerId      `xml:"peer-id"`
-	LocalIp     localIp_v2   `xml:"local-address"`
-	LocalId     *localId     `xml:"local-id"`
-	PskAuth     *pskAuth     `xml:"authentication>pre-shared-key"`
-	CAuth       *cAuth_v2    `xml:"authentication>certificate"`
-	Proto       *proto_v2    `xml:"protocol"`
-	ProtoCommon *protoCommon `xml:"protocol-common"`
-}
-
-type peerIp_v2 struct {
-	Static  string  `xml:"ip,omitempty"`
-	Dynamic *string `xml:"dynamic"`
-	Fqdn    string  `xml:"fqdn,omitempty"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:       e.Name,
-		Disabled:   util.YesNo(e.Disabled),
-		EnableIpv6: util.YesNo(e.EnableIpv6),
-		LocalIp: localIp_v2{
-			Interface: e.Interface,
-		},
-	}
-
-	switch e.LocalIpAddressType {
-	case LocalTypeFloatingIp:
-		ans.LocalIp.FloatingIp = e.LocalIpAddressValue
-	default:
-		ans.LocalIp.StaticIp = e.LocalIpAddressValue
-	}
-
-	switch e.PeerIpType {
-	case PeerTypeIp:
-		ans.PeerIp.Static = e.PeerIpValue
-	case PeerTypeFqdn:
-		ans.PeerIp.Fqdn = e.PeerIpValue
-	case PeerTypeDynamic:
-		s := ""
-		ans.PeerIp.Dynamic = &s
-	}
-
-	if e.PeerIdType != "" || e.PeerIdValue != "" || e.PeerIdCheck != "" {
-		ans.PeerId = &peerId{
-			PeerIdType:  e.PeerIdType,
-			PeerIdValue: e.PeerIdValue,
-			PeerIdCheck: e.PeerIdCheck,
-		}
-	}
-
-	if e.LocalIdType != "" || e.LocalIdValue != "" {
-		ans.LocalId = &localId{
-			LocalIdType:  e.LocalIdType,
-			LocalIdValue: e.LocalIdValue,
-		}
-	}
-
-	switch e.AuthType {
-	case AuthPreSharedKey:
-		ans.PskAuth = &pskAuth{
-			Key: e.PreSharedKey,
-		}
-	case AuthCertificate:
-		ans.CAuth = &cAuth_v2{
-			CLocal: cLocal{
-				LocalCert: e.LocalCert,
-			},
-			CertProfile:                e.CertProfile,
-			CertUseManagementAsSource:  util.YesNo(e.CertUseManagementAsSource),
-			CertEnableStrictValidation: util.YesNo(e.CertEnableStrictValidation),
-			CertPermitPayloadMismatch:  util.YesNo(e.CertPermitPayloadMismatch),
-		}
-
-		if e.CertEnableHashAndUrl || e.CertBaseUrl != "" {
-			ans.CAuth.CLocal.Hau = &hau{
-				CertEnableHashAndUrl: util.YesNo(e.CertEnableHashAndUrl),
-				CertBaseUrl:          e.CertBaseUrl,
-			}
-		}
-	}
-
-	if e.Version != "" || e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 || e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-		ans.Proto = &proto_v2{
-			Version: e.Version,
-		}
-
-		if e.Ikev1ExchangeMode != "" || e.Ikev1CryptoProfile != "" || e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-			ans.Proto.Ikev1 = &ikev1_v1{
-				Ikev1ExchangeMode:  e.Ikev1ExchangeMode,
-				Ikev1CryptoProfile: e.Ikev1CryptoProfile,
-			}
-
-			if e.EnableDeadPeerDetection || e.DeadPeerDetectionInterval != 0 || e.DeadPeerDetectionRetry != 0 {
-				ans.Proto.Ikev1.Dpd = &ikev1Dpd{
-					EnableDeadPeerDetection:   util.YesNo(e.EnableDeadPeerDetection),
-					DeadPeerDetectionInterval: e.DeadPeerDetectionInterval,
-					DeadPeerDetectionRetry:    e.DeadPeerDetectionRetry,
-				}
-			}
-		}
-
-		if e.Ikev2CryptoProfile != "" || e.Ikev2CookieValidation || e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-			ans.Proto.Ikev2 = &ikev2_v1{
-				Ikev2CryptoProfile:    e.Ikev2CryptoProfile,
-				Ikev2CookieValidation: util.YesNo(e.Ikev2CookieValidation),
-			}
-
-			if e.EnableLivenessCheck || e.LivenessCheckInterval != 0 {
-				ans.Proto.Ikev2.Dpd = &ikev2Dpd{
-					EnableLivenessCheck:   util.YesNo(e.EnableLivenessCheck),
-					LivenessCheckInterval: e.LivenessCheckInterval,
-				}
-			}
-		}
-	}
-
-	if e.EnablePassiveMode || e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum || e.EnableFragmentation {
-		s := protoCommon{
-			EnablePassiveMode: util.YesNo(e.EnablePassiveMode),
-		}
-
-		if e.EnableNatTraversal || e.NatTraversalKeepAlive != 0 || e.NatTraversalEnableUdpChecksum {
-			s.Nat = &protoNat{
-				EnableNatTraversal:            util.YesNo(e.EnableNatTraversal),
-				NatTraversalKeepAlive:         e.NatTraversalKeepAlive,
-				NatTraversalEnableUdpChecksum: util.YesNo(e.NatTraversalEnableUdpChecksum),
-			}
-		}
-
-		if e.EnableFragmentation {
-			s.Frag = &protoFrag{
-				EnableFragmentation: util.YesNo(e.EnableFragmentation),
-			}
-		}
-
-		ans.ProtoCommon = &s
-	}
-
-	return ans
-}
diff --git a/netw/ikegw/funcs.go b/netw/ikegw/funcs.go
deleted file mode 100644
index 9b8131f5..00000000
--- a/netw/ikegw/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package ikegw
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/ikegw/fw.go b/netw/ikegw/fw.go
deleted file mode 100644
index 0a1ae264..00000000
--- a/netw/ikegw/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package ikegw
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.IkeGateway namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"gateway",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ikegw/fw_test.go b/netw/ikegw/fw_test.go
deleted file mode 100644
index cb06398f..00000000
--- a/netw/ikegw/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ikegw
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			mc.Version = tc.version
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ikegw/pano.go b/netw/ikegw/pano.go
deleted file mode 100644
index 164bc54b..00000000
--- a/netw/ikegw/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package ikegw
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.IkeGateway namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"gateway",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ikegw/pano_test.go b/netw/ikegw/pano_test.go
deleted file mode 100644
index a5374032..00000000
--- a/netw/ikegw/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ikegw
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			mc.Version = tc.version
-			err := ns.Set("my template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ikegw/testdata_test.go b/netw/ikegw/testdata_test.go
deleted file mode 100644
index 71f9627d..00000000
--- a/netw/ikegw/testdata_test.go
+++ /dev/null
@@ -1,643 +0,0 @@
-package ikegw
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test1", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "test1",
-			Version:             Ikev1,
-			PeerIpType:          PeerTypeIp,
-			PeerIpValue:         "10.1.1.1",
-			Interface:           "tunnel.1",
-			LocalIpAddressType:  LocalTypeIp,
-			LocalIpAddressValue: "10.2.1.1",
-			AuthType:            AuthPreSharedKey,
-			PreSharedKey:        "secret",
-			LocalIdType:         "ipaddr",
-			LocalIdValue:        "10.3.1.1",
-			PeerIdType:          "fqdn",
-			PeerIdValue:         "example.com",
-			PeerIdCheck:         "exact",
-		}},
-		{"test2", version.Number{6, 1, 0, ""}, Entry{
-			Name:                       "test2",
-			Version:                    Ikev1,
-			PeerIpType:                 PeerTypeDynamic,
-			Interface:                  "tunnel.2",
-			LocalIpAddressType:         LocalTypeIp,
-			LocalIpAddressValue:        "10.2.1.1",
-			AuthType:                   AuthCertificate,
-			LocalCert:                  "myCert",
-			CertProfile:                "my cert profile",
-			CertPermitPayloadMismatch:  true,
-			CertEnableStrictValidation: true,
-			LocalIdType:                "ipaddr",
-			LocalIdValue:               "10.3.1.1",
-			PeerIdType:                 "fqdn",
-			PeerIdValue:                "example.com",
-			PeerIdCheck:                "wildcard",
-			Ikev1ExchangeMode:          "auto",
-			Ikev1CryptoProfile:         "my crypto profile",
-		}},
-		{"test3", version.Number{6, 1, 0, ""}, Entry{
-			Name:                          "test3",
-			Version:                       Ikev1,
-			PeerIpType:                    PeerTypeDynamic,
-			Interface:                     "tunnel.3",
-			LocalIpAddressType:            LocalTypeIp,
-			LocalIpAddressValue:           "10.2.1.1",
-			AuthType:                      AuthPreSharedKey,
-			PreSharedKey:                  "another secret",
-			LocalIdType:                   "ipaddr",
-			LocalIdValue:                  "10.3.1.1",
-			PeerIdType:                    "fqdn",
-			PeerIdValue:                   "example.com",
-			PeerIdCheck:                   "wildcard",
-			EnablePassiveMode:             true,
-			EnableNatTraversal:            true,
-			NatTraversalKeepAlive:         7,
-			NatTraversalEnableUdpChecksum: true,
-		}},
-		{"test4", version.Number{6, 1, 0, ""}, Entry{
-			Name:                      "test4",
-			Version:                   Ikev1,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			EnableFragmentation:       true,
-		}},
-		{"test5", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "test5",
-			Version:             Ikev1,
-			PeerIpType:          PeerTypeIp,
-			PeerIpValue:         "10.1.1.1",
-			Interface:           "tunnel.1",
-			LocalIpAddressType:  LocalTypeIp,
-			LocalIpAddressValue: "10.2.1.1",
-			AuthType:            AuthPreSharedKey,
-			PreSharedKey:        "secret",
-			LocalIdType:         "ipaddr",
-			LocalIdValue:        "10.3.1.1",
-			PeerIdType:          "fqdn",
-			PeerIdValue:         "example.com",
-			PeerIdCheck:         "exact",
-		}},
-		{"test6", version.Number{7, 0, 0, ""}, Entry{
-			Name:                       "test6",
-			Version:                    Ikev1,
-			PeerIpType:                 PeerTypeDynamic,
-			Interface:                  "tunnel.2",
-			LocalIpAddressType:         LocalTypeIp,
-			LocalIpAddressValue:        "10.2.1.1",
-			AuthType:                   AuthCertificate,
-			LocalCert:                  "myCert",
-			CertProfile:                "my cert profile",
-			CertPermitPayloadMismatch:  true,
-			CertEnableStrictValidation: true,
-			LocalIdType:                "ipaddr",
-			LocalIdValue:               "10.3.1.1",
-			PeerIdType:                 "fqdn",
-			PeerIdValue:                "example.com",
-			PeerIdCheck:                "wildcard",
-			Ikev1ExchangeMode:          "auto",
-			Ikev1CryptoProfile:         "my crypto profile",
-		}},
-		{"test7", version.Number{7, 0, 0, ""}, Entry{
-			Name:                          "test7",
-			Version:                       Ikev1,
-			PeerIpType:                    PeerTypeDynamic,
-			Interface:                     "tunnel.3",
-			LocalIpAddressType:            LocalTypeIp,
-			LocalIpAddressValue:           "10.2.1.1",
-			AuthType:                      AuthPreSharedKey,
-			PreSharedKey:                  "another secret",
-			LocalIdType:                   "ipaddr",
-			LocalIdValue:                  "10.3.1.1",
-			PeerIdType:                    "fqdn",
-			PeerIdValue:                   "example.com",
-			PeerIdCheck:                   "wildcard",
-			EnablePassiveMode:             true,
-			EnableNatTraversal:            true,
-			NatTraversalKeepAlive:         7,
-			NatTraversalEnableUdpChecksum: true,
-		}},
-		{"test8", version.Number{7, 0, 0, ""}, Entry{
-			Name:                      "test8",
-			Version:                   Ikev1,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			EnableFragmentation:       true,
-		}},
-		{"test9", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "test9",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-		}},
-		{"test10", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "test10",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-		}},
-		{"test11", version.Number{7, 0, 0, ""}, Entry{
-			Name:                  "test11",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-			EnableFragmentation:   true,
-		}},
-		{"test12", version.Number{7, 0, 0, ""}, Entry{
-			Name:                      "test12",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-		{"test13", version.Number{7, 1, 0, ""}, Entry{
-			Name:                "test13",
-			Version:             Ikev1,
-			PeerIpType:          PeerTypeIp,
-			PeerIpValue:         "10.1.1.1",
-			Interface:           "tunnel.1",
-			LocalIpAddressType:  LocalTypeIp,
-			LocalIpAddressValue: "10.2.1.1",
-			AuthType:            AuthPreSharedKey,
-			PreSharedKey:        "secret",
-			LocalIdType:         "ipaddr",
-			LocalIdValue:        "10.3.1.1",
-			PeerIdType:          "fqdn",
-			PeerIdValue:         "example.com",
-			PeerIdCheck:         "exact",
-		}},
-		{"test14", version.Number{7, 1, 0, ""}, Entry{
-			Name:                       "test14",
-			Version:                    Ikev1,
-			PeerIpType:                 PeerTypeDynamic,
-			Interface:                  "tunnel.2",
-			LocalIpAddressType:         LocalTypeIp,
-			LocalIpAddressValue:        "10.2.1.1",
-			AuthType:                   AuthCertificate,
-			LocalCert:                  "myCert",
-			CertProfile:                "my cert profile",
-			CertPermitPayloadMismatch:  true,
-			CertEnableStrictValidation: true,
-			LocalIdType:                "ipaddr",
-			LocalIdValue:               "10.3.1.1",
-			PeerIdType:                 "fqdn",
-			PeerIdValue:                "example.com",
-			PeerIdCheck:                "wildcard",
-			Ikev1ExchangeMode:          "auto",
-			Ikev1CryptoProfile:         "my crypto profile",
-		}},
-		{"test15", version.Number{7, 1, 0, ""}, Entry{
-			Name:                          "test15",
-			Version:                       Ikev1,
-			PeerIpType:                    PeerTypeDynamic,
-			Interface:                     "tunnel.3",
-			LocalIpAddressType:            LocalTypeIp,
-			LocalIpAddressValue:           "10.2.1.1",
-			AuthType:                      AuthPreSharedKey,
-			PreSharedKey:                  "another secret",
-			LocalIdType:                   "ipaddr",
-			LocalIdValue:                  "10.3.1.1",
-			PeerIdType:                    "fqdn",
-			PeerIdValue:                   "example.com",
-			PeerIdCheck:                   "wildcard",
-			EnablePassiveMode:             true,
-			EnableNatTraversal:            true,
-			NatTraversalKeepAlive:         7,
-			NatTraversalEnableUdpChecksum: true,
-		}},
-		{"test16", version.Number{7, 1, 0, ""}, Entry{
-			Name:                      "test16",
-			Version:                   Ikev1,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			EnableFragmentation:       true,
-		}},
-		{"test17", version.Number{7, 1, 0, ""}, Entry{
-			Name:                  "test17",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-		}},
-		{"test18", version.Number{7, 1, 0, ""}, Entry{
-			Name:                  "test18",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-		}},
-		{"test19", version.Number{7, 1, 0, ""}, Entry{
-			Name:                  "test19",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-			EnableFragmentation:   true,
-		}},
-		{"test20", version.Number{7, 1, 0, ""}, Entry{
-			Name:                      "test20",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-		{"test21", version.Number{7, 1, 0, ""}, Entry{
-			Name:                      "test21",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeFloatingIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-		{"test22", version.Number{8, 1, 0, ""}, Entry{
-			Name:                "test22",
-			Version:             Ikev1,
-			PeerIpType:          PeerTypeIp,
-			PeerIpValue:         "10.1.1.1",
-			Interface:           "tunnel.1",
-			LocalIpAddressType:  LocalTypeIp,
-			LocalIpAddressValue: "10.2.1.1",
-			AuthType:            AuthPreSharedKey,
-			PreSharedKey:        "secret",
-			LocalIdType:         "ipaddr",
-			LocalIdValue:        "10.3.1.1",
-			PeerIdType:          "fqdn",
-			PeerIdValue:         "example.com",
-			PeerIdCheck:         "exact",
-		}},
-		{"test23", version.Number{8, 1, 0, ""}, Entry{
-			Name:                       "test23",
-			Version:                    Ikev1,
-			PeerIpType:                 PeerTypeDynamic,
-			Interface:                  "tunnel.2",
-			LocalIpAddressType:         LocalTypeIp,
-			LocalIpAddressValue:        "10.2.1.1",
-			AuthType:                   AuthCertificate,
-			LocalCert:                  "myCert",
-			CertProfile:                "my cert profile",
-			CertPermitPayloadMismatch:  true,
-			CertEnableStrictValidation: true,
-			LocalIdType:                "ipaddr",
-			LocalIdValue:               "10.3.1.1",
-			PeerIdType:                 "fqdn",
-			PeerIdValue:                "example.com",
-			PeerIdCheck:                "wildcard",
-			Ikev1ExchangeMode:          "auto",
-			Ikev1CryptoProfile:         "my crypto profile",
-		}},
-		{"test24", version.Number{8, 1, 0, ""}, Entry{
-			Name:                          "test24",
-			Version:                       Ikev1,
-			PeerIpType:                    PeerTypeDynamic,
-			Interface:                     "tunnel.3",
-			LocalIpAddressType:            LocalTypeIp,
-			LocalIpAddressValue:           "10.2.1.1",
-			AuthType:                      AuthPreSharedKey,
-			PreSharedKey:                  "another secret",
-			LocalIdType:                   "ipaddr",
-			LocalIdValue:                  "10.3.1.1",
-			PeerIdType:                    "fqdn",
-			PeerIdValue:                   "example.com",
-			PeerIdCheck:                   "wildcard",
-			EnablePassiveMode:             true,
-			EnableNatTraversal:            true,
-			NatTraversalKeepAlive:         7,
-			NatTraversalEnableUdpChecksum: true,
-		}},
-		{"test25", version.Number{8, 1, 0, ""}, Entry{
-			Name:                      "test25",
-			Version:                   Ikev1,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			EnableFragmentation:       true,
-		}},
-		{"test26", version.Number{8, 1, 0, ""}, Entry{
-			Name:                  "test26",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-		}},
-		{"test27", version.Number{8, 1, 0, ""}, Entry{
-			Name:                  "test27",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-		}},
-		{"test28", version.Number{8, 1, 0, ""}, Entry{
-			Name:                  "test28",
-			Version:               Ikev2,
-			PeerIpType:            PeerTypeIp,
-			PeerIpValue:           "10.3.4.5",
-			Interface:             "tunnel.4",
-			LocalIpAddressType:    LocalTypeIp,
-			LocalIpAddressValue:   "10.2.1.1",
-			AuthType:              AuthPreSharedKey,
-			PreSharedKey:          "more secrets",
-			LocalIdType:           "ipaddr",
-			LocalIdValue:          "10.3.1.1",
-			PeerIdType:            "fqdn",
-			PeerIdValue:           "example.com",
-			PeerIdCheck:           "wildcard",
-			Ikev2CryptoProfile:    "v2 crypto profile",
-			Ikev2CookieValidation: true,
-			EnableLivenessCheck:   true,
-			LivenessCheckInterval: 7,
-			EnableFragmentation:   true,
-		}},
-		{"test29", version.Number{8, 1, 0, ""}, Entry{
-			Name:                      "test29",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeIp,
-			PeerIpValue:               "10.3.4.5",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-		{"test30", version.Number{8, 1, 0, ""}, Entry{
-			Name:                      "test30",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeFqdn,
-			PeerIpValue:               "panw.com",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-		{"test31", version.Number{8, 1, 0, ""}, Entry{
-			Name:                      "test31",
-			Version:                   Ikev2Preferred,
-			PeerIpType:                PeerTypeFqdn,
-			PeerIpValue:               "panw.com",
-			Interface:                 "tunnel.4",
-			LocalIpAddressType:        LocalTypeFloatingIp,
-			LocalIpAddressValue:       "10.2.1.1",
-			AuthType:                  AuthPreSharedKey,
-			PreSharedKey:              "more secrets",
-			LocalIdType:               "ipaddr",
-			LocalIdValue:              "10.3.1.1",
-			PeerIdType:                "fqdn",
-			PeerIdValue:               "example.com",
-			PeerIdCheck:               "wildcard",
-			Ikev1ExchangeMode:         "auto",
-			Ikev1CryptoProfile:        "my crypto profile",
-			EnableDeadPeerDetection:   true,
-			DeadPeerDetectionInterval: 7,
-			DeadPeerDetectionRetry:    4,
-			Ikev2CryptoProfile:        "v2 crypto profile",
-			Ikev2CookieValidation:     true,
-			EnableLivenessCheck:       true,
-			LivenessCheckInterval:     11,
-			EnableFragmentation:       true,
-		}},
-	}
-}
diff --git a/netw/interface/aggregate/const.go b/netw/interface/aggregate/const.go
deleted file mode 100644
index 90adb311..00000000
--- a/netw/interface/aggregate/const.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package aggregate
-
-// Valid Mode values.
-const (
-	ModeHa            = "ha"
-	ModeDecryptMirror = "decrypt-mirror"
-	ModeVirtualWire   = "virtual-wire"
-	ModeLayer2        = "layer2"
-	ModeLayer3        = "layer3"
-)
-
-// Valid values for LacpMode.
-const (
-	LacpModePassive = "passive"
-	LacpModeActive  = "active"
-)
-
-// Valid values for LacpTransmissionRate.
-const (
-	LacpTransmissionRateFast = "fast"
-	LacpTransmissionRateSlow = "slow"
-)
-
-const (
-	singular = "aggregate ethernet interface"
-	plural   = "aggregate ethernet interfaces"
-)
diff --git a/netw/interface/aggregate/doc.go b/netw/interface/aggregate/doc.go
deleted file mode 100644
index b6d5cc58..00000000
--- a/netw/interface/aggregate/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package aggregate is the client.Network.AggregateInterface namespace.
-
-Normalized object:  Entry
-*/
-package aggregate
diff --git a/netw/interface/aggregate/entry.go b/netw/interface/aggregate/entry.go
deleted file mode 100644
index 24cede18..00000000
--- a/netw/interface/aggregate/entry.go
+++ /dev/null
@@ -1,1307 +0,0 @@
-package aggregate
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an aggregate
-// ethernet interface.
-type Entry struct {
-	Name                        string
-	Mode                        string
-	NetflowProfile              string
-	Mtu                         int
-	AdjustTcpMss                bool
-	Ipv4MssAdjust               int
-	Ipv6MssAdjust               int
-	EnableUntaggedSubinterface  bool
-	StaticIps                   []string // ordered
-	Ipv6Enabled                 bool
-	Ipv6InterfaceId             string
-	ManagementProfile           string
-	EnableDhcp                  bool
-	CreateDhcpDefaultRoute      bool
-	DhcpDefaultRouteMetric      int
-	LacpEnable                  bool   // ha, l2, l3
-	LacpFastFailover            bool   // ha, l2, l3
-	LacpMode                    string // ha, l2, l3
-	LacpTransmissionRate        string // ha, l2, l3
-	LacpSystemPriority          int    // ha, l2, l3
-	LacpMaxPorts                int    // ha, l2, l3
-	LacpHaPassivePreNegotiation bool   // l2, l3
-	LacpHaEnableSameSystemMac   bool   // l2, l3
-	LacpHaSameSystemMacAddress  string // l2, l3
-	LldpEnable                  bool
-	LldpProfile                 string
-	LldpHaPassivePreNegotiation bool
-	Comment                     string
-	DecryptForward              bool   // 8.1+
-	DhcpSendHostnameEnable      bool   // 9.0+
-	DhcpSendHostnameValue       string // 9.0+
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Mode = s.Mode
-	o.NetflowProfile = s.NetflowProfile
-	o.Mtu = s.Mtu
-	o.AdjustTcpMss = s.AdjustTcpMss
-	o.Ipv4MssAdjust = s.Ipv4MssAdjust
-	o.Ipv6MssAdjust = s.Ipv6MssAdjust
-	o.EnableUntaggedSubinterface = s.EnableUntaggedSubinterface
-	o.StaticIps = s.StaticIps
-	o.Ipv6Enabled = s.Ipv6Enabled
-	o.Ipv6InterfaceId = s.Ipv6InterfaceId
-	o.ManagementProfile = s.ManagementProfile
-	o.EnableDhcp = s.EnableDhcp
-	o.CreateDhcpDefaultRoute = s.CreateDhcpDefaultRoute
-	o.DhcpDefaultRouteMetric = s.DhcpDefaultRouteMetric
-	o.Comment = s.Comment
-	o.LacpEnable = s.LacpEnable
-	o.LacpFastFailover = s.LacpFastFailover
-	o.LacpMode = s.LacpMode
-	o.LacpTransmissionRate = s.LacpTransmissionRate
-	o.LacpSystemPriority = s.LacpSystemPriority
-	o.LacpMaxPorts = s.LacpMaxPorts
-	o.LacpHaPassivePreNegotiation = s.LacpHaPassivePreNegotiation
-	o.LacpHaEnableSameSystemMac = s.LacpHaEnableSameSystemMac
-	o.LacpHaSameSystemMacAddress = s.LacpHaSameSystemMacAddress
-	o.LldpEnable = s.LldpEnable
-	o.LldpProfile = s.LldpProfile
-	o.LldpHaPassivePreNegotiation = s.LldpHaPassivePreNegotiation
-	o.DecryptForward = s.DecryptForward
-	o.DhcpSendHostnameEnable = s.DhcpSendHostnameEnable
-	o.DhcpSendHostnameValue = s.DhcpSendHostnameValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	var iName string
-	if o.Mode != ModeHa {
-		iName = o.Name
-	}
-	_, fn := versioning(v)
-
-	return o.Name, iName, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Comment: o.Comment,
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.Ha != nil:
-		ans.Mode = ModeHa
-		if o.Ha.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.Ha.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.Ha.Lacp.LacpFastFailover)
-			ans.LacpMode = o.Ha.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.Ha.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.Ha.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.Ha.Lacp.LacpMaxPorts
-		}
-	case o.DecryptMirror != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.VirtualWire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.VirtualWire.NetflowProfile
-
-		if o.VirtualWire.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.VirtualWire.Lldp.LldpEnable)
-			ans.LldpProfile = o.VirtualWire.Lldp.LldpProfile
-			if o.VirtualWire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.VirtualWire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.VirtualWire.Subinterfaces != nil {
-			ans.raw["vwsi"] = util.CleanRawXml(o.VirtualWire.Subinterfaces.Text)
-		}
-	case o.L2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.L2.NetflowProfile
-
-		if o.L2.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L2.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L2.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L2.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L2.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L2.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L2.Lacp.LacpMaxPorts
-
-			if o.L2.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L2.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L2.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L2.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L2.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L2.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L2.Lldp.LldpEnable)
-			ans.LldpProfile = o.L2.Lldp.LldpProfile
-			if o.L2.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L2.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L2.Subinterfaces != nil {
-			ans.raw["l2si"] = util.CleanRawXml(o.L2.Subinterfaces.Text)
-		}
-	case o.L3 != nil:
-		ans.Mode = ModeLayer3
-		ans.Mtu = o.L3.Mtu
-		ans.EnableUntaggedSubinterface = util.AsBool(o.L3.EnableUntaggedSubinterface)
-		ans.StaticIps = util.EntToStr(o.L3.StaticIps)
-		ans.ManagementProfile = o.L3.ManagementProfile
-		ans.NetflowProfile = o.L3.NetflowProfile
-
-		if o.L3.Mss != nil {
-			ans.AdjustTcpMss = util.AsBool(o.L3.Mss.AdjustTcpMss)
-			ans.Ipv4MssAdjust = o.L3.Mss.Ipv4MssAdjust
-			ans.Ipv6MssAdjust = o.L3.Mss.Ipv6MssAdjust
-		}
-
-		if o.L3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.L3.Ipv6.Ipv6Enabled)
-			ans.Ipv6InterfaceId = o.L3.Ipv6.Ipv6InterfaceId
-
-			if o.L3.Ipv6.Address != nil {
-				ans.raw["v6addr"] = util.CleanRawXml(o.L3.Ipv6.Address.Text)
-			}
-			if o.L3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.L3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.L3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.L3.Dhcp.EnableDhcp)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.L3.Dhcp.CreateDhcpDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.L3.Dhcp.DhcpDefaultRouteMetric
-		}
-
-		if o.L3.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L3.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L3.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L3.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L3.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L3.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L3.Lacp.LacpMaxPorts
-
-			if o.L3.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L3.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L3.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L3.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L3.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L3.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L3.Lldp.LldpEnable)
-			ans.LldpProfile = o.L3.Lldp.LldpProfile
-			if o.L3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.L3.Arp.Text)
-		}
-		if o.L3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.L3.Ndp.Text)
-		}
-		if o.L3.Subinterfaces != nil {
-			ans.raw["l3si"] = util.CleanRawXml(o.L3.Subinterfaces.Text)
-		}
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Comment: o.Comment,
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.Ha != nil:
-		ans.Mode = ModeHa
-		if o.Ha.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.Ha.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.Ha.Lacp.LacpFastFailover)
-			ans.LacpMode = o.Ha.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.Ha.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.Ha.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.Ha.Lacp.LacpMaxPorts
-		}
-	case o.DecryptMirror != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.VirtualWire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.VirtualWire.NetflowProfile
-
-		if o.VirtualWire.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.VirtualWire.Lldp.LldpEnable)
-			ans.LldpProfile = o.VirtualWire.Lldp.LldpProfile
-			if o.VirtualWire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.VirtualWire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.VirtualWire.Subinterfaces != nil {
-			ans.raw["vwsi"] = util.CleanRawXml(o.VirtualWire.Subinterfaces.Text)
-		}
-	case o.L2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.L2.NetflowProfile
-
-		if o.L2.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L2.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L2.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L2.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L2.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L2.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L2.Lacp.LacpMaxPorts
-
-			if o.L2.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L2.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L2.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L2.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L2.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L2.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L2.Lldp.LldpEnable)
-			ans.LldpProfile = o.L2.Lldp.LldpProfile
-			if o.L2.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L2.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L2.Subinterfaces != nil {
-			ans.raw["l2si"] = util.CleanRawXml(o.L2.Subinterfaces.Text)
-		}
-	case o.L3 != nil:
-		ans.Mode = ModeLayer3
-		ans.Mtu = o.L3.Mtu
-		ans.EnableUntaggedSubinterface = util.AsBool(o.L3.EnableUntaggedSubinterface)
-		ans.StaticIps = util.EntToStr(o.L3.StaticIps)
-		ans.ManagementProfile = o.L3.ManagementProfile
-		ans.NetflowProfile = o.L3.NetflowProfile
-		ans.DecryptForward = util.AsBool(o.L3.DecryptForward)
-
-		if o.L3.Mss != nil {
-			ans.AdjustTcpMss = util.AsBool(o.L3.Mss.AdjustTcpMss)
-			ans.Ipv4MssAdjust = o.L3.Mss.Ipv4MssAdjust
-			ans.Ipv6MssAdjust = o.L3.Mss.Ipv6MssAdjust
-		}
-
-		if o.L3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.L3.Ipv6.Ipv6Enabled)
-			ans.Ipv6InterfaceId = o.L3.Ipv6.Ipv6InterfaceId
-
-			if o.L3.Ipv6.Address != nil {
-				ans.raw["v6addr"] = util.CleanRawXml(o.L3.Ipv6.Address.Text)
-			}
-			if o.L3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.L3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.L3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.L3.Dhcp.EnableDhcp)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.L3.Dhcp.CreateDhcpDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.L3.Dhcp.DhcpDefaultRouteMetric
-		}
-
-		if o.L3.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L3.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L3.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L3.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L3.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L3.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L3.Lacp.LacpMaxPorts
-
-			if o.L3.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L3.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L3.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L3.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L3.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L3.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L3.Lldp.LldpEnable)
-			ans.LldpProfile = o.L3.Lldp.LldpProfile
-			if o.L3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.L3.Arp.Text)
-		}
-		if o.L3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.L3.Ndp.Text)
-		}
-		if o.L3.Subinterfaces != nil {
-			ans.raw["l3si"] = util.CleanRawXml(o.L3.Subinterfaces.Text)
-		}
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Comment: o.Comment,
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.Ha != nil:
-		ans.Mode = ModeHa
-		if o.Ha.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.Ha.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.Ha.Lacp.LacpFastFailover)
-			ans.LacpMode = o.Ha.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.Ha.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.Ha.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.Ha.Lacp.LacpMaxPorts
-		}
-	case o.DecryptMirror != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.VirtualWire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.VirtualWire.NetflowProfile
-
-		if o.VirtualWire.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.VirtualWire.Lldp.LldpEnable)
-			ans.LldpProfile = o.VirtualWire.Lldp.LldpProfile
-			if o.VirtualWire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.VirtualWire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.VirtualWire.Subinterfaces != nil {
-			ans.raw["vwsi"] = util.CleanRawXml(o.VirtualWire.Subinterfaces.Text)
-		}
-	case o.L2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.L2.NetflowProfile
-
-		if o.L2.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L2.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L2.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L2.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L2.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L2.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L2.Lacp.LacpMaxPorts
-
-			if o.L2.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L2.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L2.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L2.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L2.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L2.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L2.Lldp.LldpEnable)
-			ans.LldpProfile = o.L2.Lldp.LldpProfile
-			if o.L2.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L2.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L2.Subinterfaces != nil {
-			ans.raw["l2si"] = util.CleanRawXml(o.L2.Subinterfaces.Text)
-		}
-	case o.L3 != nil:
-		ans.Mode = ModeLayer3
-		ans.Mtu = o.L3.Mtu
-		ans.EnableUntaggedSubinterface = util.AsBool(o.L3.EnableUntaggedSubinterface)
-		ans.StaticIps = util.EntToStr(o.L3.StaticIps)
-		ans.ManagementProfile = o.L3.ManagementProfile
-		ans.NetflowProfile = o.L3.NetflowProfile
-		ans.DecryptForward = util.AsBool(o.L3.DecryptForward)
-
-		if o.L3.Mss != nil {
-			ans.AdjustTcpMss = util.AsBool(o.L3.Mss.AdjustTcpMss)
-			ans.Ipv4MssAdjust = o.L3.Mss.Ipv4MssAdjust
-			ans.Ipv6MssAdjust = o.L3.Mss.Ipv6MssAdjust
-		}
-
-		if o.L3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.L3.Ipv6.Ipv6Enabled)
-			ans.Ipv6InterfaceId = o.L3.Ipv6.Ipv6InterfaceId
-
-			if o.L3.Ipv6.Address != nil {
-				ans.raw["v6addr"] = util.CleanRawXml(o.L3.Ipv6.Address.Text)
-			}
-			if o.L3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.L3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.L3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.L3.Dhcp.EnableDhcp)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.L3.Dhcp.CreateDhcpDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.L3.Dhcp.DhcpDefaultRouteMetric
-
-			if o.L3.Dhcp.Hostname != nil {
-				ans.DhcpSendHostnameEnable = util.AsBool(o.L3.Dhcp.Hostname.DhcpSendHostnameEnable)
-				ans.DhcpSendHostnameValue = o.L3.Dhcp.Hostname.DhcpSendHostnameValue
-			}
-		}
-
-		if o.L3.Lacp != nil {
-			ans.LacpEnable = util.AsBool(o.L3.Lacp.LacpEnable)
-			ans.LacpFastFailover = util.AsBool(o.L3.Lacp.LacpFastFailover)
-			ans.LacpMode = o.L3.Lacp.LacpMode
-			ans.LacpTransmissionRate = o.L3.Lacp.LacpTransmissionRate
-			ans.LacpSystemPriority = o.L3.Lacp.LacpSystemPriority
-			ans.LacpMaxPorts = o.L3.Lacp.LacpMaxPorts
-
-			if o.L3.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.L3.Lacp.Ha.LacpHaPassivePreNegotiation)
-				if o.L3.Lacp.Ha.Mac != nil {
-					ans.LacpHaEnableSameSystemMac = util.AsBool(o.L3.Lacp.Ha.Mac.LacpHaEnableSameSystemMac)
-					ans.LacpHaSameSystemMacAddress = o.L3.Lacp.Ha.Mac.LacpHaSameSystemMacAddress
-				}
-			}
-		}
-
-		if o.L3.Lldp != nil {
-			ans.LldpEnable = util.AsBool(o.L3.Lldp.LldpEnable)
-			ans.LldpProfile = o.L3.Lldp.LldpProfile
-			if o.L3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.L3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.L3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.L3.Arp.Text)
-		}
-		if o.L3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.L3.Ndp.Text)
-		}
-		if o.L3.Subinterfaces != nil {
-			ans.raw["l3si"] = util.CleanRawXml(o.L3.Subinterfaces.Text)
-		}
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName       xml.Name   `xml:"entry"`
-	Name          string     `xml:"name,attr"`
-	Ha            *ha        `xml:"ha"`
-	DecryptMirror *string    `xml:"decrypt-mirror"`
-	VirtualWire   *layer2    `xml:"virtual-wire"`
-	L2            *layer2    `xml:"layer2"`
-	L3            *layer3_v1 `xml:"layer3"`
-	Comment       string     `xml:"comment,omitempty"`
-}
-
-type ha struct {
-	Lacp *lacpNoHa `xml:"lacp"`
-}
-
-type lacpNoHa struct {
-	LacpEnable           string `xml:"enable"`
-	LacpFastFailover     string `xml:"fast-failover"`
-	LacpMode             string `xml:"mode,omitempty"`
-	LacpTransmissionRate string `xml:"transmission-rate,omitempty"`
-	LacpSystemPriority   int    `xml:"system-priority,omitempty"`
-	LacpMaxPorts         int    `xml:"max-ports,omitempty"`
-}
-
-type layer2 struct {
-	NetflowProfile string       `xml:"netflow-profile,omitempty"`
-	Subinterfaces  *util.RawXml `xml:"units"`
-	Lacp           *lacpWithHa  `xml:"lacp"`
-	Lldp           *lldp        `xml:"lldp"`
-}
-
-type lacpWithHa struct {
-	LacpEnable           string  `xml:"enable"`
-	LacpFastFailover     string  `xml:"fast-failover"`
-	LacpMode             string  `xml:"mode,omitempty"`
-	LacpTransmissionRate string  `xml:"transmission-rate,omitempty"`
-	LacpSystemPriority   int     `xml:"system-priority,omitempty"`
-	LacpMaxPorts         int     `xml:"max-ports,omitempty"`
-	Ha                   *lacpHa `xml:"high-availability"`
-}
-
-type lacpHa struct {
-	Mac                         *lacpHaMac `xml:"use-same-system-mac"`
-	LacpHaPassivePreNegotiation string     `xml:"passive-pre-negotiation"`
-}
-
-type lacpHaMac struct {
-	LacpHaEnableSameSystemMac  string `xml:"enable"`
-	LacpHaSameSystemMacAddress string `xml:"mac-address,omitempty"`
-}
-
-type lldp struct {
-	LldpEnable  string  `xml:"enable"`
-	LldpProfile string  `xml:"profile,omitempty"`
-	Ha          *lldpHa `xml:"high-availability"`
-}
-
-type lldpHa struct {
-	LldpHaPassivePreNegotiation string `xml:"passive-pre-negotiation"`
-}
-
-type layer3_v1 struct {
-	Mtu                        int              `xml:"mtu,omitempty"`
-	Mss                        *mss             `xml:"adjust-tcp-mss"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface"`
-	Lacp                       *lacpWithHa      `xml:"lacp"`
-	Lldp                       *lldp            `xml:"lldp"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Dhcp                       *dhcpSettings_v1 `xml:"dhcp-client"`
-	Subinterfaces              *util.RawXml     `xml:"units"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-}
-
-type mss struct {
-	AdjustTcpMss  string `xml:"enable"`
-	Ipv4MssAdjust int    `xml:"ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust int    `xml:"ipv6-mss-adjustment,omitempty"`
-}
-
-type ipv6 struct {
-	Ipv6Enabled     string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Address         *util.RawXml `xml:"address"`
-	Neighbor        *util.RawXml `xml:"neighbor-discovery"`
-}
-
-type dhcpSettings_v1 struct {
-	EnableDhcp             string `xml:"enable"`
-	CreateDhcpDefaultRoute string `xml:"create-default-route"`
-	DhcpDefaultRouteMetric int    `xml:"default-route-metric,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:    e.Name,
-		Comment: e.Comment,
-	}
-
-	switch e.Mode {
-	case ModeHa:
-		ans.Ha = &ha{}
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 {
-			ans.Ha.Lacp = &lacpNoHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-		}
-	case ModeDecryptMirror:
-		s := ""
-		ans.DecryptMirror = &s
-	case ModeVirtualWire:
-		ans.VirtualWire = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.VirtualWire.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.VirtualWire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["vwsi"]; text != "" {
-			ans.VirtualWire.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer2:
-		ans.L2 = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L2.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L2.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L2.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L2.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L2.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["l2si"]; text != "" {
-			ans.L2.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer3:
-		ans.L3 = &layer3_v1{
-			Mtu:                        e.Mtu,
-			EnableUntaggedSubinterface: util.YesNo(e.EnableUntaggedSubinterface),
-			StaticIps:                  util.StrToEnt(e.StaticIps),
-			ManagementProfile:          e.ManagementProfile,
-			NetflowProfile:             e.NetflowProfile,
-		}
-
-		if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-			ans.L3.Mss = &mss{
-				AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-				Ipv4MssAdjust: e.Ipv4MssAdjust,
-				Ipv6MssAdjust: e.Ipv6MssAdjust,
-			}
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L3.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L3.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L3.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L3.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L3.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6addr := e.raw["v6addr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6addr != "" || v6nd != "" {
-			ans.L3.Ipv6 = &ipv6{
-				Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-
-			if v6addr != "" {
-				ans.L3.Ipv6.Address = &util.RawXml{v6addr}
-			}
-			if v6nd != "" {
-				ans.L3.Ipv6.Neighbor = &util.RawXml{v6nd}
-			}
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-			ans.L3.Dhcp = &dhcpSettings_v1{
-				EnableDhcp:             util.YesNo(e.EnableDhcp),
-				CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-			}
-		}
-
-		if text := e.raw["arp"]; text != "" {
-			ans.L3.Arp = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			ans.L3.Ndp = &util.RawXml{text}
-		}
-		if text := e.raw["l3si"]; text != "" {
-			ans.L3.Subinterfaces = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName       xml.Name   `xml:"entry"`
-	Name          string     `xml:"name,attr"`
-	Ha            *ha        `xml:"ha"`
-	DecryptMirror *string    `xml:"decrypt-mirror"`
-	VirtualWire   *layer2    `xml:"virtual-wire"`
-	L2            *layer2    `xml:"layer2"`
-	L3            *layer3_v2 `xml:"layer3"`
-	Comment       string     `xml:"comment,omitempty"`
-}
-
-type layer3_v2 struct {
-	Mtu                        int              `xml:"mtu,omitempty"`
-	Mss                        *mss             `xml:"adjust-tcp-mss"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface"`
-	DecryptForward             string           `xml:"decrypt-forward,omitempty"`
-	Lacp                       *lacpWithHa      `xml:"lacp"`
-	Lldp                       *lldp            `xml:"lldp"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Dhcp                       *dhcpSettings_v1 `xml:"dhcp-client"`
-	Subinterfaces              *util.RawXml     `xml:"units"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:    e.Name,
-		Comment: e.Comment,
-	}
-
-	switch e.Mode {
-	case ModeHa:
-		ans.Ha = &ha{}
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 {
-			ans.Ha.Lacp = &lacpNoHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-		}
-	case ModeDecryptMirror:
-		s := ""
-		ans.DecryptMirror = &s
-	case ModeVirtualWire:
-		ans.VirtualWire = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.VirtualWire.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.VirtualWire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["vwsi"]; text != "" {
-			ans.VirtualWire.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer2:
-		ans.L2 = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L2.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L2.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L2.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L2.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L2.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["l2si"]; text != "" {
-			ans.L2.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer3:
-		ans.L3 = &layer3_v2{
-			Mtu:                        e.Mtu,
-			EnableUntaggedSubinterface: util.YesNo(e.EnableUntaggedSubinterface),
-			StaticIps:                  util.StrToEnt(e.StaticIps),
-			ManagementProfile:          e.ManagementProfile,
-			NetflowProfile:             e.NetflowProfile,
-		}
-
-		if e.DecryptForward {
-			ans.L3.DecryptForward = util.YesNo(e.DecryptForward)
-		}
-
-		if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-			ans.L3.Mss = &mss{
-				AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-				Ipv4MssAdjust: e.Ipv4MssAdjust,
-				Ipv6MssAdjust: e.Ipv6MssAdjust,
-			}
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L3.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L3.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L3.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L3.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L3.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6addr := e.raw["v6addr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6addr != "" || v6nd != "" {
-			ans.L3.Ipv6 = &ipv6{
-				Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-
-			if v6addr != "" {
-				ans.L3.Ipv6.Address = &util.RawXml{v6addr}
-			}
-			if v6nd != "" {
-				ans.L3.Ipv6.Neighbor = &util.RawXml{v6nd}
-			}
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-			ans.L3.Dhcp = &dhcpSettings_v1{
-				EnableDhcp:             util.YesNo(e.EnableDhcp),
-				CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-			}
-		}
-
-		if text := e.raw["arp"]; text != "" {
-			ans.L3.Arp = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			ans.L3.Ndp = &util.RawXml{text}
-		}
-		if text := e.raw["l3si"]; text != "" {
-			ans.L3.Subinterfaces = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName       xml.Name   `xml:"entry"`
-	Name          string     `xml:"name,attr"`
-	Ha            *ha        `xml:"ha"`
-	DecryptMirror *string    `xml:"decrypt-mirror"`
-	VirtualWire   *layer2    `xml:"virtual-wire"`
-	L2            *layer2    `xml:"layer2"`
-	L3            *layer3_v3 `xml:"layer3"`
-	Comment       string     `xml:"comment,omitempty"`
-}
-
-type layer3_v3 struct {
-	Mtu                        int              `xml:"mtu,omitempty"`
-	Mss                        *mss             `xml:"adjust-tcp-mss"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface"`
-	DecryptForward             string           `xml:"decrypt-forward,omitempty"`
-	Lacp                       *lacpWithHa      `xml:"lacp"`
-	Lldp                       *lldp            `xml:"lldp"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Dhcp                       *dhcpSettings_v2 `xml:"dhcp-client"`
-	Subinterfaces              *util.RawXml     `xml:"units"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-}
-
-type dhcpSettings_v2 struct {
-	EnableDhcp             string        `xml:"enable"`
-	CreateDhcpDefaultRoute string        `xml:"create-default-route"`
-	DhcpDefaultRouteMetric int           `xml:"default-route-metric,omitempty"`
-	Hostname               *dhcpHostname `xml:"send-hostname"`
-}
-
-type dhcpHostname struct {
-	DhcpSendHostnameEnable string `xml:"enable"`
-	DhcpSendHostnameValue  string `xml:"hostname,omitempty"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:    e.Name,
-		Comment: e.Comment,
-	}
-
-	switch e.Mode {
-	case ModeHa:
-		ans.Ha = &ha{}
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 {
-			ans.Ha.Lacp = &lacpNoHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-		}
-	case ModeDecryptMirror:
-		s := ""
-		ans.DecryptMirror = &s
-	case ModeVirtualWire:
-		ans.VirtualWire = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.VirtualWire.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.VirtualWire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["vwsi"]; text != "" {
-			ans.VirtualWire.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer2:
-		ans.L2 = &layer2{
-			NetflowProfile: e.NetflowProfile,
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L2.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L2.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L2.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L2.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L2.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		if text := e.raw["l2si"]; text != "" {
-			ans.L2.Subinterfaces = &util.RawXml{text}
-		}
-	case ModeLayer3:
-		ans.L3 = &layer3_v3{
-			Mtu:                        e.Mtu,
-			EnableUntaggedSubinterface: util.YesNo(e.EnableUntaggedSubinterface),
-			StaticIps:                  util.StrToEnt(e.StaticIps),
-			ManagementProfile:          e.ManagementProfile,
-			NetflowProfile:             e.NetflowProfile,
-		}
-
-		if e.DecryptForward {
-			ans.L3.DecryptForward = util.YesNo(e.DecryptForward)
-		}
-
-		if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-			ans.L3.Mss = &mss{
-				AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-				Ipv4MssAdjust: e.Ipv4MssAdjust,
-				Ipv6MssAdjust: e.Ipv6MssAdjust,
-			}
-		}
-
-		if e.LacpEnable || e.LacpFastFailover || e.LacpMode != "" || e.LacpTransmissionRate != "" || e.LacpSystemPriority != 0 || e.LacpMaxPorts != 0 || e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-			ans.L3.Lacp = &lacpWithHa{
-				LacpEnable:           util.YesNo(e.LacpEnable),
-				LacpFastFailover:     util.YesNo(e.LacpFastFailover),
-				LacpMode:             e.LacpMode,
-				LacpTransmissionRate: e.LacpTransmissionRate,
-				LacpSystemPriority:   e.LacpSystemPriority,
-				LacpMaxPorts:         e.LacpMaxPorts,
-			}
-
-			if e.LacpHaPassivePreNegotiation || e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-				ans.L3.Lacp.Ha = &lacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				}
-
-				if e.LacpHaEnableSameSystemMac || e.LacpHaSameSystemMacAddress != "" {
-					ans.L3.Lacp.Ha.Mac = &lacpHaMac{
-						LacpHaEnableSameSystemMac:  util.YesNo(e.LacpHaEnableSameSystemMac),
-						LacpHaSameSystemMacAddress: e.LacpHaSameSystemMacAddress,
-					}
-				}
-			}
-		}
-
-		if e.LldpEnable || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.L3.Lldp = &lldp{
-				LldpEnable:  util.YesNo(e.LldpEnable),
-				LldpProfile: e.LldpProfile,
-			}
-			if e.LldpHaPassivePreNegotiation {
-				ans.L3.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6addr := e.raw["v6addr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6addr != "" || v6nd != "" {
-			ans.L3.Ipv6 = &ipv6{
-				Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-
-			if v6addr != "" {
-				ans.L3.Ipv6.Address = &util.RawXml{v6addr}
-			}
-			if v6nd != "" {
-				ans.L3.Ipv6.Neighbor = &util.RawXml{v6nd}
-			}
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 || e.DhcpSendHostnameEnable || e.DhcpSendHostnameValue != "" {
-			ans.L3.Dhcp = &dhcpSettings_v2{
-				EnableDhcp:             util.YesNo(e.EnableDhcp),
-				CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-			}
-
-			if e.DhcpSendHostnameEnable || e.DhcpSendHostnameValue != "" {
-				ans.L3.Dhcp.Hostname = &dhcpHostname{
-					DhcpSendHostnameEnable: util.YesNo(e.DhcpSendHostnameEnable),
-					DhcpSendHostnameValue:  e.DhcpSendHostnameValue,
-				}
-			}
-		}
-
-		if text := e.raw["arp"]; text != "" {
-			ans.L3.Arp = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			ans.L3.Ndp = &util.RawXml{text}
-		}
-		if text := e.raw["l3si"]; text != "" {
-			ans.L3.Subinterfaces = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/interface/aggregate/funcs.go b/netw/interface/aggregate/funcs.go
deleted file mode 100644
index cbaed11f..00000000
--- a/netw/interface/aggregate/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package aggregate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/aggregate/fw.go b/netw/interface/aggregate/fw.go
deleted file mode 100644
index c5f1a93e..00000000
--- a/netw/interface/aggregate/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package aggregate
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.AggregateInterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"aggregate-ethernet",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/aggregate/fw_test.go b/netw/interface/aggregate/fw_test.go
deleted file mode 100644
index b39d1ffb..00000000
--- a/netw/interface/aggregate/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package aggregate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/aggregate/pano.go b/netw/interface/aggregate/pano.go
deleted file mode 100644
index c370dc03..00000000
--- a/netw/interface/aggregate/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package aggregate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.AggregateInterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"aggregate-ethernet",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/aggregate/pano_test.go b/netw/interface/aggregate/pano_test.go
deleted file mode 100644
index 6bc8507a..00000000
--- a/netw/interface/aggregate/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package aggregate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", "vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/aggregate/testdata_test.go b/netw/interface/aggregate/testdata_test.go
deleted file mode 100644
index c54e0829..00000000
--- a/netw/interface/aggregate/testdata_test.go
+++ /dev/null
@@ -1,422 +0,0 @@
-package aggregate
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 ha", version.Number{7, 1, 0, ""}, Entry{
-			Name:    "ae1",
-			Mode:    ModeHa,
-			Comment: "my description",
-		}},
-		{"v1 ha with lacp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                 "ae1",
-			Mode:                 ModeHa,
-			Comment:              "my description",
-			LacpEnable:           true,
-			LacpFastFailover:     true,
-			LacpMode:             LacpModeActive,
-			LacpTransmissionRate: LacpTransmissionRateFast,
-			LacpSystemPriority:   42,
-			LacpMaxPorts:         5,
-		}},
-		{"v1 decrypt mirror", version.Number{7, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeDecryptMirror,
-		}},
-		{"v1 virtual wire basic", version.Number{7, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeVirtualWire,
-		}},
-		{"v1 virtual wire lldp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeVirtualWire,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v1 virtual wire full", version.Number{7, 1, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeVirtualWire,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"vwsi": "subinterfaces",
-			},
-		}},
-		{"v1 l2 basic", version.Number{7, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeLayer2,
-		}},
-		{"v1 l2 lldp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v1 l2 lacp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v1 l2 full", version.Number{7, 1, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeLayer2,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"l2si": "subinterfaces",
-			},
-		}},
-		{"v1 l3 static ips", version.Number{7, 1, 0, ""}, Entry{
-			Name:              "ae1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.2.3.1/24", "10.2.4.1/24"},
-			ManagementProfile: "allow pings",
-			NetflowProfile:    "some netflow profile",
-		}},
-		{"v1 l3 dhcp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-		}},
-		{"v1 l3 other stuff", version.Number{7, 1, 0, ""}, Entry{
-			Name:                       "ae1",
-			Mode:                       ModeLayer3,
-			EnableUntaggedSubinterface: true,
-			AdjustTcpMss:               true,
-			Ipv4MssAdjust:              11,
-			Ipv6MssAdjust:              12,
-			Mtu:                        13,
-			raw: map[string]string{
-				"ndp":    "ndp config",
-				"l3si":   "layer3 subinterfaces",
-				"arp":    "arp config",
-				"v6addr": "ipv6 address info",
-				"v6nd":   "ipv6 neighbor discovery config",
-			},
-		}},
-		{"v1 l3 ipv6", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "ae1",
-			Mode:            ModeLayer3,
-			Ipv6Enabled:     true,
-			Ipv6InterfaceId: "ipv6 interface id",
-		}},
-		{"v1 l3 lacp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v1 l3 lldp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v2 ha", version.Number{8, 1, 0, ""}, Entry{
-			Name:    "ae1",
-			Mode:    ModeHa,
-			Comment: "my description",
-		}},
-		{"v2 ha with lacp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                 "ae1",
-			Mode:                 ModeHa,
-			Comment:              "my description",
-			LacpEnable:           true,
-			LacpFastFailover:     true,
-			LacpMode:             LacpModeActive,
-			LacpTransmissionRate: LacpTransmissionRateFast,
-			LacpSystemPriority:   42,
-			LacpMaxPorts:         5,
-		}},
-		{"v2 decrypt mirror", version.Number{8, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeDecryptMirror,
-		}},
-		{"v2 virtual wire basic", version.Number{8, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeVirtualWire,
-		}},
-		{"v2 virtual wire lldp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeVirtualWire,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v2 virtual wire full", version.Number{8, 1, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeVirtualWire,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"vwsi": "subinterfaces",
-			},
-		}},
-		{"v2 l2 basic", version.Number{8, 1, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeLayer2,
-		}},
-		{"v2 l2 lldp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v2 l2 lacp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v2 l2 full", version.Number{8, 1, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeLayer2,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"l2si": "subinterfaces",
-			},
-		}},
-		{"v2 l3 static ips", version.Number{8, 1, 0, ""}, Entry{
-			Name:              "ae1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.2.3.1/24", "10.2.4.1/24"},
-			ManagementProfile: "allow pings",
-			NetflowProfile:    "some netflow profile",
-		}},
-		{"v2 l3 dhcp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-		}},
-		{"v2 l3 dhcp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-		}},
-		{"v2 l3 other stuff", version.Number{8, 1, 0, ""}, Entry{
-			Name:                       "ae1",
-			Mode:                       ModeLayer3,
-			EnableUntaggedSubinterface: true,
-			DecryptForward:             true,
-			AdjustTcpMss:               true,
-			Ipv4MssAdjust:              11,
-			Ipv6MssAdjust:              12,
-			Mtu:                        13,
-			raw: map[string]string{
-				"ndp":    "ndp config",
-				"l3si":   "layer3 subinterfaces",
-				"arp":    "arp config",
-				"v6addr": "ipv6 address info",
-				"v6nd":   "ipv6 neighbor discovery config",
-			},
-		}},
-		{"v2 l3 lacp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v2 l3 lldp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v2 l3 ipv6", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "ae1",
-			Mode:            ModeLayer3,
-			Ipv6Enabled:     true,
-			Ipv6InterfaceId: "ipv6 interface id",
-		}},
-		{"v3 ha", version.Number{9, 0, 0, ""}, Entry{
-			Name:    "ae1",
-			Mode:    ModeHa,
-			Comment: "my description",
-		}},
-		{"v3 ha with lacp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                 "ae1",
-			Mode:                 ModeHa,
-			Comment:              "my description",
-			LacpEnable:           true,
-			LacpFastFailover:     true,
-			LacpMode:             LacpModeActive,
-			LacpTransmissionRate: LacpTransmissionRateFast,
-			LacpSystemPriority:   42,
-			LacpMaxPorts:         5,
-		}},
-		{"v3 decrypt mirror", version.Number{9, 0, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeDecryptMirror,
-		}},
-		{"v3 virtual wire basic", version.Number{9, 0, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeVirtualWire,
-		}},
-		{"v3 virtual wire lldp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeVirtualWire,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v3 virtual wire full", version.Number{9, 0, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeVirtualWire,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"vwsi": "subinterfaces",
-			},
-		}},
-		{"v3 l2 basic", version.Number{9, 0, 0, ""}, Entry{
-			Name: "ae1",
-			Mode: ModeLayer2,
-		}},
-		{"v3 l2 lldp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v3 l2 lacp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer2,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v3 l2 full", version.Number{9, 0, 0, ""}, Entry{
-			Name:           "ae1",
-			Mode:           ModeLayer2,
-			NetflowProfile: "my netflow profile",
-			raw: map[string]string{
-				"l2si": "subinterfaces",
-			},
-		}},
-		{"v3 l3 static ips", version.Number{9, 0, 0, ""}, Entry{
-			Name:              "ae1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.2.3.1/24", "10.2.4.1/24"},
-			ManagementProfile: "allow pings",
-			NetflowProfile:    "some netflow profile",
-		}},
-		{"v3 l3 dhcp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-		}},
-		{"v3 l3 dhcp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-		}},
-		{"v3 l3 dhcp with send hostname", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "ae1",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 42,
-			DhcpSendHostnameEnable: true,
-			DhcpSendHostnameValue:  "example.com",
-		}},
-		{"v3 l3 other stuff", version.Number{9, 0, 0, ""}, Entry{
-			Name:                       "ae1",
-			Mode:                       ModeLayer3,
-			EnableUntaggedSubinterface: true,
-			DecryptForward:             true,
-			AdjustTcpMss:               true,
-			Ipv4MssAdjust:              11,
-			Ipv6MssAdjust:              12,
-			Mtu:                        13,
-			raw: map[string]string{
-				"ndp":    "ndp config",
-				"l3si":   "layer3 subinterfaces",
-				"arp":    "arp config",
-				"v6addr": "ipv6 address info",
-				"v6nd":   "ipv6 neighbor discovery config",
-			},
-		}},
-		{"v3 l3 lacp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LacpEnable:                  true,
-			LacpFastFailover:            true,
-			LacpMode:                    LacpModeActive,
-			LacpTransmissionRate:        LacpTransmissionRateFast,
-			LacpSystemPriority:          42,
-			LacpMaxPorts:                5,
-			LacpHaPassivePreNegotiation: true,
-			LacpHaEnableSameSystemMac:   true,
-			LacpHaSameSystemMacAddress:  "00:30:48:52:aa:bb",
-		}},
-		{"v3 l3 lldp", version.Number{9, 0, 0, ""}, Entry{
-			Name:                        "ae1",
-			Mode:                        ModeLayer3,
-			LldpEnable:                  true,
-			LldpProfile:                 "profile",
-			LldpHaPassivePreNegotiation: true,
-		}},
-		{"v3 l3 ipv6", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "ae1",
-			Mode:            ModeLayer3,
-			Ipv6Enabled:     true,
-			Ipv6InterfaceId: "ipv6 interface id",
-		}},
-	}
-}
diff --git a/netw/interface/arp/const.go b/netw/interface/arp/const.go
deleted file mode 100644
index c527b078..00000000
--- a/netw/interface/arp/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package arp
-
-// Valid values for the iType param.
-const (
-	TypeEthernet  = "ethernet"
-	TypeAggregate = "aggregate-ethernet"
-	TypeVlan      = "vlan"
-)
-
-const (
-	singular = "arp entry"
-	plural   = "arp entries"
-)
diff --git a/netw/interface/arp/doc.go b/netw/interface/arp/doc.go
deleted file mode 100644
index 355c6701..00000000
--- a/netw/interface/arp/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package arp is the client.Network.Arp namespace.
-
-If you're configuring arp for a VLAN interface, leave the iName param empty and
-specify the vlan name (eg: vlan.1) as the subName.
-
-Normalized object:  Entry
-*/
-package arp
diff --git a/netw/interface/arp/entry.go b/netw/interface/arp/entry.go
deleted file mode 100644
index 2f40a7d3..00000000
--- a/netw/interface/arp/entry.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package arp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an arp entry.
-type Entry struct {
-	Ip         string
-	MacAddress string
-	Interface  string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Ip field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.MacAddress = s.MacAddress
-	o.Interface = s.Interface
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Ip, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Ip)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Ip:         o.Ip,
-		MacAddress: o.MacAddress,
-		Interface:  o.Interface,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName    xml.Name `xml:"entry"`
-	Ip         string   `xml:"name,attr"`
-	MacAddress string   `xml:"hw-address"`
-	Interface  string   `xml:"interface,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Ip:         e.Ip,
-		MacAddress: e.MacAddress,
-		Interface:  e.Interface,
-	}
-
-	return ans
-}
diff --git a/netw/interface/arp/funcs.go b/netw/interface/arp/funcs.go
deleted file mode 100644
index 9fa341ed..00000000
--- a/netw/interface/arp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package arp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Ip
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/arp/fw.go b/netw/interface/arp/fw.go
deleted file mode 100644
index 9b1377d1..00000000
--- a/netw/interface/arp/fw.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package arp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Arp namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list object names.
-func (c *Firewall) GetList(iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(iType, iName, subName), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of object names.
-func (c *Firewall) ShowList(iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(iType, iName, subName), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(iType, iName, subName, ip string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, iName, subName), ip, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(iType, iName, subName, ip string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, iName, subName), ip, ans)
-	return first(ans, err)
-}
-
-// GetAll performs a GET to retrieve information for all objects.
-func (c *Firewall) GetAll(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs a SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(iType, iName, subName string, e ...Entry) error {
-	return c.ns.Set(c.pather(iType, iName, subName), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(iType, iName, subName string, e Entry) error {
-	return c.ns.Edit(c.pather(iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(iType, iName, subName string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(iType, iName, subName), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(iType, iName, subName, v)
-	}
-}
-
-func (c *Firewall) xpath(iType, iName, subName string, vals []string) ([]string, error) {
-	// Sanity checks.
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType != TypeVlan {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans, "arp", util.AsEntryXpath(vals))
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/arp/fw_test.go b/netw/interface/arp/fw_test.go
deleted file mode 100644
index 7576f827..00000000
--- a/netw/interface/arp/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package arp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.iType, tc.iName, tc.subName, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.iType, tc.iName, tc.subName, tc.conf.Ip)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/arp/pano.go b/netw/interface/arp/pano.go
deleted file mode 100644
index ff71bcc6..00000000
--- a/netw/interface/arp/pano.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package arp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Arp namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list object names.
-func (c *Panorama) GetList(tmpl, ts, iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, iType, iName, subName), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of object names.
-func (c *Panorama) ShowList(tmpl, ts, iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, iType, iName, subName), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, iType, iName, subName, ip string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, iName, subName), ip, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, iType, iName, subName, ip string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, iName, subName), ip, ans)
-	return first(ans, err)
-}
-
-// GetAll performs a GET to retrieve information for all objects.
-func (c *Panorama) GetAll(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs a SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, iType, iName, subName string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, iType, iName, subName), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, iType, iName, subName string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, iType, iName, subName string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, iType, iName, subName), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, iType, iName, subName, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, iType, iName, subName string, vals []string) ([]string, error) {
-	// Sanity checks.
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType != TypeVlan {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans, "arp", util.AsEntryXpath(vals))
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/arp/pano_test.go b/netw/interface/arp/pano_test.go
deleted file mode 100644
index 96c8d62f..00000000
--- a/netw/interface/arp/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package arp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.iType, tc.iName, tc.subName, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.iType, tc.iName, tc.subName, tc.conf.Ip)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/arp/testdata_test.go b/netw/interface/arp/testdata_test.go
deleted file mode 100644
index 85da6260..00000000
--- a/netw/interface/arp/testdata_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package arp
-
-type tc struct {
-	desc    string
-	iType   string
-	iName   string
-	subName string
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"eth no sub", TypeEthernet, "ethernet1/5", "", Entry{
-			Ip:         "10.1.1.1",
-			MacAddress: "00:30:48:52:ab:c1",
-		}},
-		{"eth with sub", TypeEthernet, "ethernet1/5", "ethernet1/5.7", Entry{
-			Ip:         "10.1.1.2",
-			MacAddress: "00:30:48:52:ab:c2",
-		}},
-		{"agg no sub", TypeAggregate, "ae5", "", Entry{
-			Ip:         "10.1.1.3",
-			MacAddress: "00:30:48:52:ab:c3",
-		}},
-		{"agg with sub", TypeAggregate, "ae5", "ae5.4", Entry{
-			Ip:         "10.1.1.4",
-			MacAddress: "00:30:48:52:ab:c4",
-		}},
-		{"vlan", TypeVlan, "", "vlan.4", Entry{
-			Ip:         "10.1.1.5",
-			MacAddress: "00:30:48:52:ab:c5",
-			Interface:  "vlan.2",
-		}},
-	}
-}
diff --git a/netw/interface/eth/const.go b/netw/interface/eth/const.go
deleted file mode 100644
index d9048239..00000000
--- a/netw/interface/eth/const.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package eth
-
-// These are valid values for the Mode parameter.
-const (
-	ModeLayer3         = "layer3"
-	ModeLayer2         = "layer2"
-	ModeVirtualWire    = "virtual-wire"
-	ModeTap            = "tap"
-	ModeHa             = "ha"
-	ModeDecryptMirror  = "decrypt-mirror"
-	ModeAggregateGroup = "aggregate-group"
-)
-
-const (
-	singular = "ethernet interface"
-	plural   = "ethernet interfaces"
-)
diff --git a/netw/interface/eth/doc.go b/netw/interface/eth/doc.go
deleted file mode 100644
index 9981af50..00000000
--- a/netw/interface/eth/doc.go
+++ /dev/null
@@ -1,14 +0,0 @@
-/*
-Package eth is the client.Network.EthernetInterface namespace.
-
-The Set() and Edit() functions in these namespaces takes a vsys parameter.  These
-functions do not force you to specify a vsys to import the interface into, however
-it should be noted that interfaces must be imported into a vsys in order for PAN-OS
-to be able to use that interface.
-
-Interfaces with a Mode of "ha" or "aggregate-group" will not be imported, as
-is proper for these types of interfaces.
-
-Normalized object:  Entry
-*/
-package eth
diff --git a/netw/interface/eth/entry.go b/netw/interface/eth/entry.go
deleted file mode 100644
index a4ca8fe6..00000000
--- a/netw/interface/eth/entry.go
+++ /dev/null
@@ -1,1392 +0,0 @@
-package eth
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an ethernet
-// interface.
-type Entry struct {
-	Name                        string
-	Mode                        string
-	StaticIps                   []string // ordered
-	EnableDhcp                  bool
-	CreateDhcpDefaultRoute      bool
-	DhcpDefaultRouteMetric      int
-	Ipv6Enabled                 bool
-	Ipv6InterfaceId             string
-	ManagementProfile           string
-	Mtu                         int
-	AdjustTcpMss                bool
-	NetflowProfile              string
-	LldpEnabled                 bool
-	LldpProfile                 string
-	LldpHaPassivePreNegotiation bool
-	LacpHaPassivePreNegotiation bool
-	LinkSpeed                   string
-	LinkDuplex                  string
-	LinkState                   string
-	AggregateGroup              string
-	Comment                     string
-	LacpPortPriority            int
-	Ipv4MssAdjust               int    // 7.1+
-	Ipv6MssAdjust               int    // 7.1+
-	EnableUntaggedSubinterface  bool   // 7.1+
-	DecryptForward              bool   // 8.1+
-	RxPolicingRate              int    // 8.1+
-	TxPolicingRate              int    // 8.1+
-	DhcpSendHostnameEnable      bool   // 9.0+
-	DhcpSendHostnameValue       string // 9.0+
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Mode = s.Mode
-	o.StaticIps = s.StaticIps
-	o.EnableDhcp = s.EnableDhcp
-	o.CreateDhcpDefaultRoute = s.CreateDhcpDefaultRoute
-	o.DhcpDefaultRouteMetric = s.DhcpDefaultRouteMetric
-	o.Ipv6Enabled = s.Ipv6Enabled
-	o.ManagementProfile = s.ManagementProfile
-	o.Mtu = s.Mtu
-	o.AdjustTcpMss = s.AdjustTcpMss
-	o.NetflowProfile = s.NetflowProfile
-	o.LldpEnabled = s.LldpEnabled
-	o.LldpProfile = s.LldpProfile
-	o.LldpHaPassivePreNegotiation = s.LldpHaPassivePreNegotiation
-	o.LacpHaPassivePreNegotiation = s.LacpHaPassivePreNegotiation
-	o.LinkSpeed = s.LinkSpeed
-	o.LinkDuplex = s.LinkDuplex
-	o.LinkState = s.LinkState
-	o.AggregateGroup = s.AggregateGroup
-	o.Comment = s.Comment
-	o.LacpPortPriority = s.LacpPortPriority
-	o.Ipv4MssAdjust = s.Ipv4MssAdjust
-	o.Ipv6MssAdjust = s.Ipv6MssAdjust
-	o.EnableUntaggedSubinterface = s.EnableUntaggedSubinterface
-	o.DecryptForward = s.DecryptForward
-	o.RxPolicingRate = s.RxPolicingRate
-	o.TxPolicingRate = s.TxPolicingRate
-	o.DhcpSendHostnameEnable = s.DhcpSendHostnameEnable
-	o.DhcpSendHostnameValue = s.DhcpSendHostnameValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	var iName string
-	if o.Mode != ModeHa && o.Mode != ModeAggregateGroup {
-		iName = o.Name
-	}
-	_, fn := versioning(v)
-
-	return o.Name, iName, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		LinkSpeed:  o.LinkSpeed,
-		LinkDuplex: o.LinkDuplex,
-		LinkState:  o.LinkState,
-		Comment:    o.Comment,
-	}
-
-	if o.Lacp != nil {
-		ans.LacpPortPriority = o.Lacp.LacpPortPriority
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.ModeL3 != nil:
-		ans.Mode = ModeLayer3
-		ans.ManagementProfile = o.ModeL3.ManagementProfile
-		ans.Mtu = o.ModeL3.Mtu
-		ans.NetflowProfile = o.ModeL3.NetflowProfile
-		ans.AdjustTcpMss = util.AsBool(o.ModeL3.AdjustTcpMss)
-		ans.StaticIps = util.EntToStr(o.ModeL3.StaticIps)
-		if o.ModeL3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.ModeL3.Dhcp.Enable)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.ModeL3.Dhcp.CreateDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.ModeL3.Dhcp.Metric
-		}
-
-		if o.ModeL3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.ModeL3.Ipv6.Enabled)
-			ans.Ipv6InterfaceId = o.ModeL3.Ipv6.Ipv6InterfaceId
-			if o.ModeL3.Ipv6.Address != nil {
-				ans.raw["v6adr"] = util.CleanRawXml(o.ModeL3.Ipv6.Address.Text)
-			}
-			if o.ModeL3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.ModeL3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.ModeL3.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL3.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL3.Lldp.LldpProfile
-
-			if o.ModeL3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeL3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.ModeL3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.ModeL3.Arp.Text)
-		}
-		if o.ModeL3.Subinterface != nil {
-			ans.raw["l3subinterface"] = util.CleanRawXml(o.ModeL3.Subinterface.Text)
-		}
-	case o.ModeL2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.ModeL2.NetflowProfile
-		if o.ModeL2.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL2.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL2.Lldp.LldpProfile
-		}
-		if o.ModeL2.Subinterface != nil {
-			ans.raw["l2subinterface"] = util.CleanRawXml(o.ModeL2.Subinterface.Text)
-		}
-	case o.ModeVwire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.ModeVwire.NetflowProfile
-		if o.ModeVwire.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeVwire.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeVwire.Lldp.LldpProfile
-			if o.ModeVwire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Lacp != nil {
-			if o.ModeVwire.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lacp.Ha.LacpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Subinterface != nil {
-			ans.raw["vwsub"] = util.CleanRawXml(o.ModeVwire.Subinterface.Text)
-		}
-	case o.TapMode != nil:
-		ans.Mode = ModeTap
-	case o.HaMode != nil:
-		ans.Mode = ModeHa
-	case o.DecryptMirrorMode != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.AggregateGroup != "":
-		ans.Mode = ModeAggregateGroup
-		ans.AggregateGroup = o.AggregateGroup
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name   `xml:"entry"`
-	Name              string     `xml:"name,attr"`
-	ModeL2            *otherMode `xml:"layer2"`
-	ModeL3            *l3Mode_v1 `xml:"layer3"`
-	ModeVwire         *otherMode `xml:"virtual-wire"`
-	TapMode           *emptyMode `xml:"tap"`
-	HaMode            *emptyMode `xml:"ha"`
-	DecryptMirrorMode *emptyMode `xml:"decrypt-mirror"`
-	AggregateGroup    string     `xml:"aggregate-group,omitempty"`
-	LinkSpeed         string     `xml:"link-speed,omitempty"`
-	LinkDuplex        string     `xml:"link-duplex,omitempty"`
-	LinkState         string     `xml:"link-state,omitempty"`
-	Comment           string     `xml:"comment"`
-	Lacp              *lacp      `xml:"lacp"`
-}
-
-type emptyMode struct{}
-
-type otherMode struct {
-	NetflowProfile string       `xml:"netflow-profile,omitempty"`
-	Lldp           *lldp        `xml:"lldp"`
-	Subinterface   *util.RawXml `xml:"units"`
-	Lacp           *omLacp      `xml:"lacp"`
-}
-
-type lldp struct {
-	LldpEnabled string  `xml:"enable"`
-	LldpProfile string  `xml:"profile,omitempty"`
-	Ha          *lldpHa `xml:"high-availability"`
-}
-
-type lldpHa struct {
-	LldpHaPassivePreNegotiation string `xml:"passive-pre-negotiation"`
-}
-
-type omLacp struct {
-	Ha *omLacpHa `xml:"high-availability"`
-}
-
-type omLacpHa struct {
-	LacpHaPassivePreNegotiation string `xml:"passive-pre-negotiation"`
-}
-
-type l3Mode_v1 struct {
-	Ipv6              *ipv6            `xml:"ipv6"`
-	ManagementProfile string           `xml:"interface-management-profile,omitempty"`
-	Mtu               int              `xml:"mtu,omitempty"`
-	NetflowProfile    string           `xml:"netflow-profile,omitempty"`
-	AdjustTcpMss      string           `xml:"adjust-tcp-mss"`
-	StaticIps         *util.EntryType  `xml:"ip"`
-	Dhcp              *dhcpSettings_v1 `xml:"dhcp-client"`
-	Lldp              *lldp            `xml:"lldp"`
-	Arp               *util.RawXml     `xml:"arp"`
-	Subinterface      *util.RawXml     `xml:"units"`
-}
-
-type ipv6 struct {
-	Enabled         string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Address         *util.RawXml `xml:"address"`
-	Neighbor        *util.RawXml `xml:"neighbor-discovery"`
-}
-
-type dhcpSettings_v1 struct {
-	Enable             string `xml:"enable"`
-	CreateDefaultRoute string `xml:"create-default-route"`
-	Metric             int    `xml:"default-route-metric,omitempty"`
-}
-
-type lacp struct {
-	LacpPortPriority int `xml:"omitempty"`
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		LinkSpeed:  o.LinkSpeed,
-		LinkDuplex: o.LinkDuplex,
-		LinkState:  o.LinkState,
-		Comment:    o.Comment,
-	}
-
-	if o.Lacp != nil {
-		ans.LacpPortPriority = o.Lacp.LacpPortPriority
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.ModeL3 != nil:
-		ans.Mode = ModeLayer3
-		ans.ManagementProfile = o.ModeL3.ManagementProfile
-		ans.Mtu = o.ModeL3.Mtu
-		ans.NetflowProfile = o.ModeL3.NetflowProfile
-		ans.AdjustTcpMss = util.AsBool(o.ModeL3.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.ModeL3.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.ModeL3.Ipv6MssAdjust
-		ans.StaticIps = util.EntToStr(o.ModeL3.StaticIps)
-		ans.EnableUntaggedSubinterface = util.AsBool(o.ModeL3.EnableUntaggedSubinterface)
-
-		if o.ModeL3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.ModeL3.Dhcp.Enable)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.ModeL3.Dhcp.CreateDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.ModeL3.Dhcp.Metric
-		}
-
-		if o.ModeL3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.ModeL3.Ipv6.Enabled)
-			ans.Ipv6InterfaceId = o.ModeL3.Ipv6.Ipv6InterfaceId
-			if o.ModeL3.Ipv6.Address != nil {
-				ans.raw["v6adr"] = util.CleanRawXml(o.ModeL3.Ipv6.Address.Text)
-			}
-			if o.ModeL3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.ModeL3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.ModeL3.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL3.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL3.Lldp.LldpProfile
-
-			if o.ModeL3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeL3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.ModeL3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.ModeL3.Arp.Text)
-		}
-		if o.ModeL3.Subinterface != nil {
-			ans.raw["l3subinterface"] = util.CleanRawXml(o.ModeL3.Subinterface.Text)
-		}
-		if o.ModeL3.Pppoe != nil {
-			ans.raw["pppoe"] = util.CleanRawXml(o.ModeL3.Pppoe.Text)
-		}
-		if o.ModeL3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.ModeL3.Ndp.Text)
-		}
-	case o.ModeL2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.ModeL2.NetflowProfile
-		if o.ModeL2.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL2.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL2.Lldp.LldpProfile
-		}
-		if o.ModeL2.Subinterface != nil {
-			ans.raw["l2subinterface"] = util.CleanRawXml(o.ModeL2.Subinterface.Text)
-		}
-	case o.ModeVwire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.ModeVwire.NetflowProfile
-		if o.ModeVwire.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeVwire.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeVwire.Lldp.LldpProfile
-			if o.ModeVwire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Lacp != nil {
-			if o.ModeVwire.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lacp.Ha.LacpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Subinterface != nil {
-			ans.raw["vwsub"] = util.CleanRawXml(o.ModeVwire.Subinterface.Text)
-		}
-	case o.TapMode != nil:
-		ans.Mode = ModeTap
-	case o.HaMode != nil:
-		ans.Mode = ModeHa
-	case o.DecryptMirrorMode != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.AggregateGroup != "":
-		ans.Mode = ModeAggregateGroup
-		ans.AggregateGroup = o.AggregateGroup
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		LinkSpeed:  o.LinkSpeed,
-		LinkDuplex: o.LinkDuplex,
-		LinkState:  o.LinkState,
-		Comment:    o.Comment,
-	}
-
-	if o.Lacp != nil {
-		ans.LacpPortPriority = o.Lacp.LacpPortPriority
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.ModeL3 != nil:
-		ans.Mode = ModeLayer3
-		ans.ManagementProfile = o.ModeL3.ManagementProfile
-		ans.Mtu = o.ModeL3.Mtu
-		ans.NetflowProfile = o.ModeL3.NetflowProfile
-		ans.AdjustTcpMss = util.AsBool(o.ModeL3.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.ModeL3.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.ModeL3.Ipv6MssAdjust
-		ans.StaticIps = util.EntToStr(o.ModeL3.StaticIps)
-		ans.EnableUntaggedSubinterface = util.AsBool(o.ModeL3.EnableUntaggedSubinterface)
-		ans.DecryptForward = util.AsBool(o.ModeL3.DecryptForward)
-
-		if o.ModeL3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.ModeL3.Dhcp.Enable)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.ModeL3.Dhcp.CreateDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.ModeL3.Dhcp.Metric
-		}
-
-		if o.ModeL3.Policing != nil {
-			ans.RxPolicingRate = o.ModeL3.Policing.RxPolicingRate
-			ans.TxPolicingRate = o.ModeL3.Policing.TxPolicingRate
-		}
-
-		if o.ModeL3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.ModeL3.Ipv6.Enabled)
-			ans.Ipv6InterfaceId = o.ModeL3.Ipv6.Ipv6InterfaceId
-			if o.ModeL3.Ipv6.Address != nil {
-				ans.raw["v6adr"] = util.CleanRawXml(o.ModeL3.Ipv6.Address.Text)
-			}
-			if o.ModeL3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.ModeL3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.ModeL3.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL3.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL3.Lldp.LldpProfile
-
-			if o.ModeL3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeL3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.ModeL3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.ModeL3.Arp.Text)
-		}
-		if o.ModeL3.Subinterface != nil {
-			ans.raw["l3subinterface"] = util.CleanRawXml(o.ModeL3.Subinterface.Text)
-		}
-		if o.ModeL3.Pppoe != nil {
-			ans.raw["pppoe"] = util.CleanRawXml(o.ModeL3.Pppoe.Text)
-		}
-		if o.ModeL3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.ModeL3.Ndp.Text)
-		}
-	case o.ModeL2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.ModeL2.NetflowProfile
-		if o.ModeL2.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL2.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL2.Lldp.LldpProfile
-		}
-		if o.ModeL2.Subinterface != nil {
-			ans.raw["l2subinterface"] = util.CleanRawXml(o.ModeL2.Subinterface.Text)
-		}
-	case o.ModeVwire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.ModeVwire.NetflowProfile
-		if o.ModeVwire.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeVwire.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeVwire.Lldp.LldpProfile
-			if o.ModeVwire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Lacp != nil {
-			if o.ModeVwire.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lacp.Ha.LacpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Subinterface != nil {
-			ans.raw["vwsub"] = util.CleanRawXml(o.ModeVwire.Subinterface.Text)
-		}
-	case o.TapMode != nil:
-		ans.Mode = ModeTap
-	case o.HaMode != nil:
-		ans.Mode = ModeHa
-	case o.DecryptMirrorMode != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.AggregateGroup != "":
-		ans.Mode = ModeAggregateGroup
-		ans.AggregateGroup = o.AggregateGroup
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		LinkSpeed:  o.LinkSpeed,
-		LinkDuplex: o.LinkDuplex,
-		LinkState:  o.LinkState,
-		Comment:    o.Comment,
-	}
-
-	if o.Lacp != nil {
-		ans.LacpPortPriority = o.Lacp.LacpPortPriority
-	}
-
-	ans.raw = make(map[string]string)
-	switch {
-	case o.ModeL3 != nil:
-		ans.Mode = ModeLayer3
-		ans.ManagementProfile = o.ModeL3.ManagementProfile
-		ans.Mtu = o.ModeL3.Mtu
-		ans.NetflowProfile = o.ModeL3.NetflowProfile
-		ans.AdjustTcpMss = util.AsBool(o.ModeL3.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.ModeL3.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.ModeL3.Ipv6MssAdjust
-		ans.StaticIps = util.EntToStr(o.ModeL3.StaticIps)
-		ans.EnableUntaggedSubinterface = util.AsBool(o.ModeL3.EnableUntaggedSubinterface)
-		ans.DecryptForward = util.AsBool(o.ModeL3.DecryptForward)
-
-		if o.ModeL3.Dhcp != nil {
-			ans.EnableDhcp = util.AsBool(o.ModeL3.Dhcp.Enable)
-			ans.CreateDhcpDefaultRoute = util.AsBool(o.ModeL3.Dhcp.CreateDefaultRoute)
-			ans.DhcpDefaultRouteMetric = o.ModeL3.Dhcp.Metric
-			if o.ModeL3.Dhcp.Hostname != nil {
-				ans.DhcpSendHostnameEnable = util.AsBool(o.ModeL3.Dhcp.Hostname.DhcpSendHostnameEnable)
-				ans.DhcpSendHostnameValue = o.ModeL3.Dhcp.Hostname.DhcpSendHostnameValue
-			}
-		}
-
-		if o.ModeL3.Policing != nil {
-			ans.RxPolicingRate = o.ModeL3.Policing.RxPolicingRate
-			ans.TxPolicingRate = o.ModeL3.Policing.TxPolicingRate
-		}
-
-		if o.ModeL3.Ipv6 != nil {
-			ans.Ipv6Enabled = util.AsBool(o.ModeL3.Ipv6.Enabled)
-			ans.Ipv6InterfaceId = o.ModeL3.Ipv6.Ipv6InterfaceId
-			if o.ModeL3.Ipv6.Address != nil {
-				ans.raw["v6adr"] = util.CleanRawXml(o.ModeL3.Ipv6.Address.Text)
-			}
-			if o.ModeL3.Ipv6.Neighbor != nil {
-				ans.raw["v6nd"] = util.CleanRawXml(o.ModeL3.Ipv6.Neighbor.Text)
-			}
-		}
-
-		if o.ModeL3.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL3.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL3.Lldp.LldpProfile
-
-			if o.ModeL3.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeL3.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-
-		if o.ModeL3.Arp != nil {
-			ans.raw["arp"] = util.CleanRawXml(o.ModeL3.Arp.Text)
-		}
-		if o.ModeL3.Subinterface != nil {
-			ans.raw["l3subinterface"] = util.CleanRawXml(o.ModeL3.Subinterface.Text)
-		}
-		if o.ModeL3.Pppoe != nil {
-			ans.raw["pppoe"] = util.CleanRawXml(o.ModeL3.Pppoe.Text)
-		}
-		if o.ModeL3.Ndp != nil {
-			ans.raw["ndp"] = util.CleanRawXml(o.ModeL3.Ndp.Text)
-		}
-		if o.ModeL3.Ipv6Client != nil {
-			ans.raw["v6client"] = util.CleanRawXml(o.ModeL3.Ipv6Client.Text)
-		}
-		if o.ModeL3.Ddns != nil {
-			ans.raw["ddns"] = util.CleanRawXml(o.ModeL3.Ddns.Text)
-		}
-	case o.ModeL2 != nil:
-		ans.Mode = ModeLayer2
-		ans.NetflowProfile = o.ModeL2.NetflowProfile
-		if o.ModeL2.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeL2.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeL2.Lldp.LldpProfile
-		}
-		if o.ModeL2.Subinterface != nil {
-			ans.raw["l2subinterface"] = util.CleanRawXml(o.ModeL2.Subinterface.Text)
-		}
-	case o.ModeVwire != nil:
-		ans.Mode = ModeVirtualWire
-		ans.NetflowProfile = o.ModeVwire.NetflowProfile
-		if o.ModeVwire.Lldp != nil {
-			ans.LldpEnabled = util.AsBool(o.ModeVwire.Lldp.LldpEnabled)
-			ans.LldpProfile = o.ModeVwire.Lldp.LldpProfile
-			if o.ModeVwire.Lldp.Ha != nil {
-				ans.LldpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lldp.Ha.LldpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Lacp != nil {
-			if o.ModeVwire.Lacp.Ha != nil {
-				ans.LacpHaPassivePreNegotiation = util.AsBool(o.ModeVwire.Lacp.Ha.LacpHaPassivePreNegotiation)
-			}
-		}
-		if o.ModeVwire.Subinterface != nil {
-			ans.raw["vwsub"] = util.CleanRawXml(o.ModeVwire.Subinterface.Text)
-		}
-	case o.TapMode != nil:
-		ans.Mode = ModeTap
-	case o.HaMode != nil:
-		ans.Mode = ModeHa
-	case o.DecryptMirrorMode != nil:
-		ans.Mode = ModeDecryptMirror
-	case o.AggregateGroup != "":
-		ans.Mode = ModeAggregateGroup
-		ans.AggregateGroup = o.AggregateGroup
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName           xml.Name   `xml:"entry"`
-	Name              string     `xml:"name,attr"`
-	ModeL3            *l3Mode_v2 `xml:"layer3"`
-	ModeL2            *otherMode `xml:"layer2"`
-	ModeVwire         *otherMode `xml:"virtual-wire"`
-	TapMode           *emptyMode `xml:"tap"`
-	HaMode            *emptyMode `xml:"ha"`
-	DecryptMirrorMode *emptyMode `xml:"decrypt-mirror"`
-	AggregateGroup    string     `xml:"aggregate-group,omitempty"`
-	LinkSpeed         string     `xml:"link-speed,omitempty"`
-	LinkDuplex        string     `xml:"link-duplex,omitempty"`
-	LinkState         string     `xml:"link-state,omitempty"`
-	Comment           string     `xml:"comment"`
-	Lacp              *lacp      `xml:"lacp"`
-}
-
-type l3Mode_v2 struct {
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Mtu                        int              `xml:"mtu,omitempty"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-	AdjustTcpMss               string           `xml:"adjust-tcp-mss>enable"`
-	Ipv4MssAdjust              int              `xml:"adjust-tcp-mss>ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust              int              `xml:"adjust-tcp-mss>ipv6-mss-adjustment,omitempty"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Dhcp                       *dhcpSettings_v1 `xml:"dhcp-client"`
-	Lldp                       *lldp            `xml:"lldp"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface,omitempty"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Pppoe                      *util.RawXml     `xml:"pppoe"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	Subinterface               *util.RawXml     `xml:"units"`
-}
-
-type entry_v3 struct {
-	XMLName           xml.Name   `xml:"entry"`
-	Name              string     `xml:"name,attr"`
-	ModeL3            *l3Mode_v3 `xml:"layer3"`
-	ModeL2            *otherMode `xml:"layer2"`
-	ModeVwire         *otherMode `xml:"virtual-wire"`
-	TapMode           *emptyMode `xml:"tap"`
-	HaMode            *emptyMode `xml:"ha"`
-	DecryptMirrorMode *emptyMode `xml:"decrypt-mirror"`
-	AggregateGroup    string     `xml:"aggregate-group,omitempty"`
-	LinkSpeed         string     `xml:"link-speed,omitempty"`
-	LinkDuplex        string     `xml:"link-duplex,omitempty"`
-	LinkState         string     `xml:"link-state,omitempty"`
-	Comment           string     `xml:"comment"`
-	Lacp              *lacp      `xml:"lacp"`
-}
-
-type l3Mode_v3 struct {
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Mtu                        int              `xml:"mtu,omitempty"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-	AdjustTcpMss               string           `xml:"adjust-tcp-mss>enable"`
-	Ipv4MssAdjust              int              `xml:"adjust-tcp-mss>ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust              int              `xml:"adjust-tcp-mss>ipv6-mss-adjustment,omitempty"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Dhcp                       *dhcpSettings_v1 `xml:"dhcp-client"`
-	Lldp                       *lldp            `xml:"lldp"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface,omitempty"`
-	DecryptForward             string           `xml:"decrypt-forward,omitempty"`
-	Policing                   *policing        `xml:"policing"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Pppoe                      *util.RawXml     `xml:"pppoe"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	Subinterface               *util.RawXml     `xml:"units"`
-}
-
-type policing struct {
-	RxPolicingRate int `xml:"rx-rate,omitempty"`
-	TxPolicingRate int `xml:"tx-rate,omitempty"`
-}
-
-type entry_v4 struct {
-	XMLName           xml.Name   `xml:"entry"`
-	Name              string     `xml:"name,attr"`
-	ModeL3            *l3Mode_v4 `xml:"layer3"`
-	ModeL2            *otherMode `xml:"layer2"`
-	ModeVwire         *otherMode `xml:"virtual-wire"`
-	TapMode           *emptyMode `xml:"tap"`
-	HaMode            *emptyMode `xml:"ha"`
-	DecryptMirrorMode *emptyMode `xml:"decrypt-mirror"`
-	AggregateGroup    string     `xml:"aggregate-group,omitempty"`
-	LinkSpeed         string     `xml:"link-speed,omitempty"`
-	LinkDuplex        string     `xml:"link-duplex,omitempty"`
-	LinkState         string     `xml:"link-state,omitempty"`
-	Comment           string     `xml:"comment"`
-	Lacp              *lacp      `xml:"lacp"`
-}
-
-type l3Mode_v4 struct {
-	Ipv6                       *ipv6            `xml:"ipv6"`
-	ManagementProfile          string           `xml:"interface-management-profile,omitempty"`
-	Mtu                        int              `xml:"mtu,omitempty"`
-	NetflowProfile             string           `xml:"netflow-profile,omitempty"`
-	AdjustTcpMss               string           `xml:"adjust-tcp-mss>enable"`
-	Ipv4MssAdjust              int              `xml:"adjust-tcp-mss>ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust              int              `xml:"adjust-tcp-mss>ipv6-mss-adjustment,omitempty"`
-	StaticIps                  *util.EntryType  `xml:"ip"`
-	Dhcp                       *dhcpSettings_v2 `xml:"dhcp-client"`
-	Lldp                       *lldp            `xml:"lldp"`
-	EnableUntaggedSubinterface string           `xml:"untagged-sub-interface,omitempty"`
-	DecryptForward             string           `xml:"decrypt-forward,omitempty"`
-	Policing                   *policing        `xml:"policing"`
-	Arp                        *util.RawXml     `xml:"arp"`
-	Pppoe                      *util.RawXml     `xml:"pppoe"`
-	Ndp                        *util.RawXml     `xml:"ndp-proxy"`
-	Ipv6Client                 *util.RawXml     `xml:"ipv6-client"`
-	Subinterface               *util.RawXml     `xml:"units"`
-	Ddns                       *util.RawXml     `xml:"ddns-config"`
-}
-
-type dhcpSettings_v2 struct {
-	Enable             string        `xml:"enable"`
-	CreateDefaultRoute string        `xml:"create-default-route"`
-	Metric             int           `xml:"default-route-metric,omitempty"`
-	Hostname           *dhcpHostname `xml:"send-hostname"`
-}
-
-type dhcpHostname struct {
-	DhcpSendHostnameEnable string `xml:"enable,omitempty"`
-	DhcpSendHostnameValue  string `xml:"hostname,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:       e.Name,
-		LinkSpeed:  e.LinkSpeed,
-		LinkDuplex: e.LinkDuplex,
-		LinkState:  e.LinkState,
-		Comment:    e.Comment,
-	}
-
-	if e.LacpPortPriority > 0 {
-		ans.Lacp = &lacp{
-			LacpPortPriority: e.LacpPortPriority,
-		}
-	}
-
-	switch e.Mode {
-	case ModeLayer3:
-		i := &l3Mode_v1{
-			StaticIps:         util.StrToEnt(e.StaticIps),
-			ManagementProfile: e.ManagementProfile,
-			Mtu:               e.Mtu,
-			NetflowProfile:    e.NetflowProfile,
-			AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-			i.Dhcp = &dhcpSettings_v1{
-				Enable:             util.YesNo(e.EnableDhcp),
-				CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				Metric:             e.DhcpDefaultRouteMetric,
-			}
-		}
-
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			i.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				i.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6adr := e.raw["v6adr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nd != "" {
-			v6 := ipv6{
-				Enabled:         util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-			if v6adr != "" {
-				v6.Address = &util.RawXml{v6adr}
-			}
-			if v6nd != "" {
-				v6.Neighbor = &util.RawXml{v6nd}
-			}
-			i.Ipv6 = &v6
-		}
-
-		if text, present := e.raw["arp"]; present {
-			i.Arp = &util.RawXml{text}
-		}
-		if text, present := e.raw["l3subinterface"]; present {
-			i.Subinterface = &util.RawXml{text}
-		}
-		ans.ModeL3 = i
-	case ModeLayer2:
-		ans.ModeL2 = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" {
-			ans.ModeL2.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-		}
-		if text := e.raw["l2subinterface"]; text != "" {
-			ans.ModeL2.Subinterface = &util.RawXml{text}
-		}
-	case ModeVirtualWire:
-		ans.ModeVwire = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.ModeVwire.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				ans.ModeVwire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-		if e.LacpHaPassivePreNegotiation {
-			ans.ModeVwire.Lacp = &omLacp{
-				Ha: &omLacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				},
-			}
-		}
-		if text := e.raw["vwsub"]; text != "" {
-			ans.ModeVwire.Subinterface = &util.RawXml{text}
-		}
-	case ModeTap:
-		ans.TapMode = &emptyMode{}
-	case ModeHa:
-		ans.HaMode = &emptyMode{}
-	case ModeDecryptMirror:
-		ans.DecryptMirrorMode = &emptyMode{}
-	case ModeAggregateGroup:
-		ans.AggregateGroup = e.AggregateGroup
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:       e.Name,
-		LinkSpeed:  e.LinkSpeed,
-		LinkDuplex: e.LinkDuplex,
-		LinkState:  e.LinkState,
-		Comment:    e.Comment,
-	}
-
-	if e.LacpPortPriority > 0 {
-		ans.Lacp = &lacp{
-			LacpPortPriority: e.LacpPortPriority,
-		}
-	}
-
-	switch e.Mode {
-	case ModeLayer3:
-		i := &l3Mode_v2{
-			StaticIps:         util.StrToEnt(e.StaticIps),
-			ManagementProfile: e.ManagementProfile,
-			Mtu:               e.Mtu,
-			NetflowProfile:    e.NetflowProfile,
-			AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust:     e.Ipv4MssAdjust,
-			Ipv6MssAdjust:     e.Ipv6MssAdjust,
-		}
-
-		if e.EnableUntaggedSubinterface {
-			i.EnableUntaggedSubinterface = util.YesNo(e.EnableUntaggedSubinterface)
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-			i.Dhcp = &dhcpSettings_v1{
-				Enable:             util.YesNo(e.EnableDhcp),
-				CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				Metric:             e.DhcpDefaultRouteMetric,
-			}
-		}
-
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			i.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				i.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6adr := e.raw["v6adr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nd != "" {
-			v6 := ipv6{
-				Enabled:         util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-			if v6adr != "" {
-				v6.Address = &util.RawXml{v6adr}
-			}
-			if v6nd != "" {
-				v6.Neighbor = &util.RawXml{v6nd}
-			}
-			i.Ipv6 = &v6
-		}
-
-		if text, present := e.raw["arp"]; present {
-			i.Arp = &util.RawXml{text}
-		}
-		if text, present := e.raw["l3subinterface"]; present {
-			i.Subinterface = &util.RawXml{text}
-		}
-		if text := e.raw["pppoe"]; text != "" {
-			i.Pppoe = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			i.Ndp = &util.RawXml{text}
-		}
-		ans.ModeL3 = i
-	case ModeLayer2:
-		ans.ModeL2 = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" {
-			ans.ModeL2.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-		}
-		if text := e.raw["l2subinterface"]; text != "" {
-			ans.ModeL2.Subinterface = &util.RawXml{text}
-		}
-	case ModeVirtualWire:
-		ans.ModeVwire = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.ModeVwire.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				ans.ModeVwire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-		if e.LacpHaPassivePreNegotiation {
-			ans.ModeVwire.Lacp = &omLacp{
-				Ha: &omLacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				},
-			}
-		}
-		if text := e.raw["vwsub"]; text != "" {
-			ans.ModeVwire.Subinterface = &util.RawXml{text}
-		}
-	case ModeTap:
-		ans.TapMode = &emptyMode{}
-	case ModeHa:
-		ans.HaMode = &emptyMode{}
-	case ModeDecryptMirror:
-		ans.DecryptMirrorMode = &emptyMode{}
-	case ModeAggregateGroup:
-		ans.AggregateGroup = e.AggregateGroup
-	}
-
-	return ans
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:       e.Name,
-		LinkSpeed:  e.LinkSpeed,
-		LinkDuplex: e.LinkDuplex,
-		LinkState:  e.LinkState,
-		Comment:    e.Comment,
-	}
-
-	if e.LacpPortPriority > 0 {
-		ans.Lacp = &lacp{
-			LacpPortPriority: e.LacpPortPriority,
-		}
-	}
-
-	switch e.Mode {
-	case ModeLayer3:
-		i := &l3Mode_v3{
-			StaticIps:         util.StrToEnt(e.StaticIps),
-			ManagementProfile: e.ManagementProfile,
-			Mtu:               e.Mtu,
-			NetflowProfile:    e.NetflowProfile,
-			AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust:     e.Ipv4MssAdjust,
-			Ipv6MssAdjust:     e.Ipv6MssAdjust,
-		}
-
-		if e.EnableUntaggedSubinterface {
-			i.EnableUntaggedSubinterface = util.YesNo(e.EnableUntaggedSubinterface)
-		}
-
-		if e.DecryptForward {
-			i.DecryptForward = util.YesNo(e.DecryptForward)
-		}
-
-		if e.RxPolicingRate != 0 || e.TxPolicingRate != 0 {
-			i.Policing = &policing{
-				RxPolicingRate: e.RxPolicingRate,
-				TxPolicingRate: e.TxPolicingRate,
-			}
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-			i.Dhcp = &dhcpSettings_v1{
-				Enable:             util.YesNo(e.EnableDhcp),
-				CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				Metric:             e.DhcpDefaultRouteMetric,
-			}
-		}
-
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			i.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				i.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6adr := e.raw["v6adr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nd != "" {
-			v6 := ipv6{
-				Enabled:         util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-			if v6adr != "" {
-				v6.Address = &util.RawXml{v6adr}
-			}
-			if v6nd != "" {
-				v6.Neighbor = &util.RawXml{v6nd}
-			}
-			i.Ipv6 = &v6
-		}
-
-		if text, present := e.raw["arp"]; present {
-			i.Arp = &util.RawXml{text}
-		}
-		if text, present := e.raw["l3subinterface"]; present {
-			i.Subinterface = &util.RawXml{text}
-		}
-		if text := e.raw["pppoe"]; text != "" {
-			i.Pppoe = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			i.Ndp = &util.RawXml{text}
-		}
-		ans.ModeL3 = i
-	case ModeLayer2:
-		ans.ModeL2 = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" {
-			ans.ModeL2.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-		}
-		if text := e.raw["l2subinterface"]; text != "" {
-			ans.ModeL2.Subinterface = &util.RawXml{text}
-		}
-	case ModeVirtualWire:
-		ans.ModeVwire = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.ModeVwire.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				ans.ModeVwire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-		if e.LacpHaPassivePreNegotiation {
-			ans.ModeVwire.Lacp = &omLacp{
-				Ha: &omLacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				},
-			}
-		}
-		if text := e.raw["vwsub"]; text != "" {
-			ans.ModeVwire.Subinterface = &util.RawXml{text}
-		}
-	case ModeTap:
-		ans.TapMode = &emptyMode{}
-	case ModeHa:
-		ans.HaMode = &emptyMode{}
-	case ModeDecryptMirror:
-		ans.DecryptMirrorMode = &emptyMode{}
-	case ModeAggregateGroup:
-		ans.AggregateGroup = e.AggregateGroup
-	}
-
-	return ans
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:       e.Name,
-		LinkSpeed:  e.LinkSpeed,
-		LinkDuplex: e.LinkDuplex,
-		LinkState:  e.LinkState,
-		Comment:    e.Comment,
-	}
-
-	if e.LacpPortPriority > 0 {
-		ans.Lacp = &lacp{
-			LacpPortPriority: e.LacpPortPriority,
-		}
-	}
-
-	switch e.Mode {
-	case ModeLayer3:
-		i := &l3Mode_v4{
-			StaticIps:         util.StrToEnt(e.StaticIps),
-			ManagementProfile: e.ManagementProfile,
-			Mtu:               e.Mtu,
-			NetflowProfile:    e.NetflowProfile,
-			AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust:     e.Ipv4MssAdjust,
-			Ipv6MssAdjust:     e.Ipv6MssAdjust,
-		}
-
-		if e.EnableUntaggedSubinterface {
-			i.EnableUntaggedSubinterface = util.YesNo(e.EnableUntaggedSubinterface)
-		}
-
-		if e.DecryptForward {
-			i.DecryptForward = util.YesNo(e.DecryptForward)
-		}
-
-		if e.RxPolicingRate != 0 || e.TxPolicingRate != 0 {
-			i.Policing = &policing{
-				RxPolicingRate: e.RxPolicingRate,
-				TxPolicingRate: e.TxPolicingRate,
-			}
-		}
-
-		if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 || e.DhcpSendHostnameEnable || e.DhcpSendHostnameValue != "" {
-			i.Dhcp = &dhcpSettings_v2{
-				Enable:             util.YesNo(e.EnableDhcp),
-				CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-				Metric:             e.DhcpDefaultRouteMetric,
-			}
-
-			if e.DhcpSendHostnameEnable || e.DhcpSendHostnameValue != "" {
-				i.Dhcp.Hostname = &dhcpHostname{
-					DhcpSendHostnameEnable: util.YesNo(e.DhcpSendHostnameEnable),
-					DhcpSendHostnameValue:  e.DhcpSendHostnameValue,
-				}
-			}
-		}
-
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			i.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				i.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-
-		v6adr := e.raw["v6adr"]
-		v6nd := e.raw["v6nd"]
-		if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nd != "" {
-			v6 := ipv6{
-				Enabled:         util.YesNo(e.Ipv6Enabled),
-				Ipv6InterfaceId: e.Ipv6InterfaceId,
-			}
-			if v6adr != "" {
-				v6.Address = &util.RawXml{v6adr}
-			}
-			if v6nd != "" {
-				v6.Neighbor = &util.RawXml{v6nd}
-			}
-			i.Ipv6 = &v6
-		}
-
-		if text, present := e.raw["arp"]; present {
-			i.Arp = &util.RawXml{text}
-		}
-		if text, present := e.raw["l3subinterface"]; present {
-			i.Subinterface = &util.RawXml{text}
-		}
-		if text := e.raw["pppoe"]; text != "" {
-			i.Pppoe = &util.RawXml{text}
-		}
-		if text := e.raw["ndp"]; text != "" {
-			i.Ndp = &util.RawXml{text}
-		}
-		if text := e.raw["v6client"]; text != "" {
-			i.Ipv6Client = &util.RawXml{text}
-		}
-		if text := e.raw["ddns"]; text != "" {
-			i.Ddns = &util.RawXml{text}
-		}
-		ans.ModeL3 = i
-	case ModeLayer2:
-		ans.ModeL2 = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" {
-			ans.ModeL2.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-		}
-		if text := e.raw["l2subinterface"]; text != "" {
-			ans.ModeL2.Subinterface = &util.RawXml{text}
-		}
-	case ModeVirtualWire:
-		ans.ModeVwire = &otherMode{
-			NetflowProfile: e.NetflowProfile,
-		}
-		if e.LldpEnabled || e.LldpProfile != "" || e.LldpHaPassivePreNegotiation {
-			ans.ModeVwire.Lldp = &lldp{
-				LldpEnabled: util.YesNo(e.LldpEnabled),
-				LldpProfile: e.LldpProfile,
-			}
-
-			if e.LldpHaPassivePreNegotiation {
-				ans.ModeVwire.Lldp.Ha = &lldpHa{
-					LldpHaPassivePreNegotiation: util.YesNo(e.LldpHaPassivePreNegotiation),
-				}
-			}
-		}
-		if e.LacpHaPassivePreNegotiation {
-			ans.ModeVwire.Lacp = &omLacp{
-				Ha: &omLacpHa{
-					LacpHaPassivePreNegotiation: util.YesNo(e.LacpHaPassivePreNegotiation),
-				},
-			}
-		}
-		if text := e.raw["vwsub"]; text != "" {
-			ans.ModeVwire.Subinterface = &util.RawXml{text}
-		}
-	case ModeTap:
-		ans.TapMode = &emptyMode{}
-	case ModeHa:
-		ans.HaMode = &emptyMode{}
-	case ModeDecryptMirror:
-		ans.DecryptMirrorMode = &emptyMode{}
-	case ModeAggregateGroup:
-		ans.AggregateGroup = e.AggregateGroup
-	}
-
-	return ans
-}
diff --git a/netw/interface/eth/funcs.go b/netw/interface/eth/funcs.go
deleted file mode 100644
index bfae4aac..00000000
--- a/netw/interface/eth/funcs.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package eth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/eth/fw.go b/netw/interface/eth/fw.go
deleted file mode 100644
index 22f82c0f..00000000
--- a/netw/interface/eth/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package eth
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.EthernetInterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"ethernet",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/eth/fw_test.go b/netw/interface/eth/fw_test.go
deleted file mode 100644
index f79d30c0..00000000
--- a/netw/interface/eth/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package eth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/eth/pano.go b/netw/interface/eth/pano.go
deleted file mode 100644
index ab2bc7bb..00000000
--- a/netw/interface/eth/pano.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package eth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.EthernetInterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"ethernet",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/eth/pano_test.go b/netw/interface/eth/pano_test.go
deleted file mode 100644
index 62dad468..00000000
--- a/netw/interface/eth/pano_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package eth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set("my template", "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/eth/testdata_test.go b/netw/interface/eth/testdata_test.go
deleted file mode 100644
index bd207636..00000000
--- a/netw/interface/eth/testdata_test.go
+++ /dev/null
@@ -1,406 +0,0 @@
-package eth
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{5, 0, 0, ""}, "vsys2", "vsys2", []string{"ethernet1/1"}, Entry{
-			Name:              "ethernet1/1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			NetflowProfile:    "some profile",
-			LinkSpeed:         "auto",
-			LinkDuplex:        "auto",
-			LinkState:         "up",
-			Comment:           "v1 basic l3",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/2"}, Entry{
-			Name:                   "ethernet1/2",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			Comment:                "v1 dhcp",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys4", "vsys4", []string{}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeHa,
-			Comment: "v1 ha no import",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name: "ethernet1/4",
-			Mode: ModeLayer3,
-			raw: map[string]string{
-				"arp":            "<arp>raw arp</arp>",
-				"v6adr":          "<address>raw ipv6 addresses</address>",
-				"v6nd":           "ipv6 neighbor info",
-				"l3subinterface": "<units>raw l3 subinterfaces</units>",
-			},
-			Comment: "v1 layer3 with raw config",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name:                        "ethernet1/4",
-			Mode:                        ModeLayer3,
-			LldpEnabled:                 true,
-			LldpProfile:                 "myLldpProfile",
-			LldpHaPassivePreNegotiation: true,
-			Comment:                     "l3 with lldp config",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/5"}, Entry{
-			Name: "ethernet1/5",
-			Mode: ModeLayer2,
-			raw: map[string]string{
-				"l2subinterface": "<units>raw l2 subinterfaces</units>",
-			},
-			Comment: "v1 layer2 with raw config",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name: "ethernet1/6",
-			Mode: ModeVirtualWire,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire basic",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LldpEnabled:                 true,
-			LldpHaPassivePreNegotiation: true,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lldp",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LacpHaPassivePreNegotiation: true,
-			LacpPortPriority:            42,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lacp",
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/7"}, Entry{
-			Name: "ethernet1/7",
-			Mode: ModeTap,
-		}},
-		{version.Number{5, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/3"}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeDecryptMirror,
-			Comment: "v1 decrypt mirror",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys2", "vsys2", []string{"ethernet1/1"}, Entry{
-			Name:              "ethernet1/1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     42,
-			Ipv6MssAdjust:     84,
-			NetflowProfile:    "some profile",
-			LinkSpeed:         "auto",
-			LinkDuplex:        "auto",
-			LinkState:         "up",
-			Comment:           "v2 basic l3",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/2"}, Entry{
-			Name:                   "ethernet1/2",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			Comment:                "v2 dhcp",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name:                        "ethernet1/4",
-			Mode:                        ModeLayer3,
-			LldpEnabled:                 true,
-			LldpProfile:                 "myLldpProfile",
-			LldpHaPassivePreNegotiation: true,
-			Comment:                     "l3 with lldp config",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys4", "vsys4", []string{}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeHa,
-			Comment: "v2 ha no import",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name: "ethernet1/4",
-			Mode: ModeLayer3,
-			raw: map[string]string{
-				"arp":            "<arp>raw arp</arp>",
-				"v6adr":          "<address>raw ipv6 addresses</address>",
-				"v6nd":           "ipv6 neighbor info",
-				"pppoe":          "pppoe info",
-				"ndp":            "ndp proxy info",
-				"l3subinterface": "<units>raw l3 subinterfaces</units>",
-			},
-			Comment: "v2 layer3 with raw config",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/5"}, Entry{
-			Name: "ethernet1/5",
-			Mode: ModeLayer2,
-			raw: map[string]string{
-				"l2subinterface": "<units>raw l2 subinterfaces</units>",
-			},
-			Comment: "v2 layer2 with raw config",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name: "ethernet1/6",
-			Mode: ModeVirtualWire,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LldpEnabled:                 true,
-			LldpHaPassivePreNegotiation: true,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lldp",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LacpHaPassivePreNegotiation: true,
-			LacpPortPriority:            42,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lacp",
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/7"}, Entry{
-			Name: "ethernet1/7",
-			Mode: ModeTap,
-		}},
-		{version.Number{8, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/3"}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeDecryptMirror,
-			Comment: "v2 decrypt mirror",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys2", "vsys2", []string{"ethernet1/1"}, Entry{
-			Name:              "ethernet1/1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     42,
-			Ipv6MssAdjust:     84,
-			NetflowProfile:    "some profile",
-			LinkSpeed:         "auto",
-			LinkDuplex:        "auto",
-			LinkState:         "up",
-			DecryptForward:    true,
-			RxPolicingRate:    88,
-			TxPolicingRate:    99,
-			Comment:           "v3 basic l3",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/2"}, Entry{
-			Name:                   "ethernet1/2",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			Comment:                "v3 dhcp",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name:                        "ethernet1/4",
-			Mode:                        ModeLayer3,
-			LldpEnabled:                 true,
-			LldpProfile:                 "myLldpProfile",
-			LldpHaPassivePreNegotiation: true,
-			Comment:                     "l3 with lldp config",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys4", "vsys4", []string{}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeHa,
-			Comment: "v3 ha no import",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name: "ethernet1/4",
-			Mode: ModeLayer3,
-			raw: map[string]string{
-				"arp":            "<arp>raw arp</arp>",
-				"v6adr":          "<address>raw ipv6 addresses</address>",
-				"v6nd":           "ipv6 neighbor info",
-				"pppoe":          "pppoe info",
-				"ndp":            "ndp proxy info",
-				"l3subinterface": "<units>raw l3 subinterfaces</units>",
-			},
-			Comment: "v3 layer3 with raw config",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/5"}, Entry{
-			Name: "ethernet1/5",
-			Mode: ModeLayer2,
-			raw: map[string]string{
-				"l2subinterface": "<units>raw l2 subinterfaces</units>",
-			},
-			Comment: "v3 layer2 with raw config",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name: "ethernet1/6",
-			Mode: ModeVirtualWire,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LldpEnabled:                 true,
-			LldpHaPassivePreNegotiation: true,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lldp",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LacpHaPassivePreNegotiation: true,
-			LacpPortPriority:            42,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lacp",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/3"}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeDecryptMirror,
-			Comment: "v3 decrypt mirror",
-		}},
-		{version.Number{8, 1, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/7"}, Entry{
-			Name: "ethernet1/7",
-			Mode: ModeTap,
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys2", "vsys2", []string{"ethernet1/1"}, Entry{
-			Name:              "ethernet1/1",
-			Mode:              ModeLayer3,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     42,
-			Ipv6MssAdjust:     84,
-			NetflowProfile:    "some profile",
-			LinkSpeed:         "auto",
-			LinkDuplex:        "auto",
-			LinkState:         "up",
-			DecryptForward:    true,
-			RxPolicingRate:    88,
-			TxPolicingRate:    99,
-			Comment:           "v4 basic l3",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/2"}, Entry{
-			Name:                   "ethernet1/2",
-			Mode:                   ModeLayer3,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			DhcpSendHostnameEnable: true,
-			DhcpSendHostnameValue:  "foo-hostname",
-			Comment:                "v4 dhcp",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name:                        "ethernet1/4",
-			Mode:                        ModeLayer3,
-			LldpEnabled:                 true,
-			LldpProfile:                 "myLldpProfile",
-			LldpHaPassivePreNegotiation: true,
-			Comment:                     "l3 with lldp config",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys4", "vsys4", []string{}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeHa,
-			Comment: "v4 ha no import",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys5", "vsys5", []string{"ethernet1/4"}, Entry{
-			Name: "ethernet1/4",
-			Mode: ModeLayer3,
-			raw: map[string]string{
-				"arp":            "<arp>raw arp</arp>",
-				"v6adr":          "<address>raw ipv6 addresses</address>",
-				"v6nd":           "ipv6 neighbor info",
-				"pppoe":          "pppoe info",
-				"ndp":            "ndp proxy info",
-				"l3subinterface": "<units>raw l3 subinterfaces</units>",
-				"v6client":       "ipv6 client info",
-				"ddns":           "ddns config",
-			},
-			Comment: "v4 layer3 with raw config",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/5"}, Entry{
-			Name: "ethernet1/5",
-			Mode: ModeLayer2,
-			raw: map[string]string{
-				"l2subinterface": "<units>raw l2 subinterfaces</units>",
-			},
-			Comment: "v4 layer2 with raw config",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys7", "vsys7", []string{}, Entry{
-			Name:           "ethernet1/7",
-			Mode:           ModeAggregateGroup,
-			AggregateGroup: "ae1",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name: "ethernet1/6",
-			Mode: ModeVirtualWire,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LldpEnabled:                 true,
-			LldpHaPassivePreNegotiation: true,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lldp",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/6"}, Entry{
-			Name:                        "ethernet1/6",
-			Mode:                        ModeVirtualWire,
-			LacpHaPassivePreNegotiation: true,
-			LacpPortPriority:            42,
-			raw: map[string]string{
-				"vwsub": "virtual wire subinterfaces",
-			},
-			Comment: "v1 vwire with lacp",
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys6", "vsys6", []string{"ethernet1/7"}, Entry{
-			Name: "ethernet1/7",
-			Mode: ModeTap,
-		}},
-		{version.Number{9, 0, 0, ""}, "vsys3", "vsys3", []string{"ethernet1/3"}, Entry{
-			Name:    "ethernet1/3",
-			Mode:    ModeDecryptMirror,
-			Comment: "v4 decrypt mirror",
-		}},
-	}
-}
diff --git a/netw/interface/ipv6/address/const.go b/netw/interface/ipv6/address/const.go
deleted file mode 100644
index 850ed8c7..00000000
--- a/netw/interface/ipv6/address/const.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package address
-
-// Valid values for iType.
-const (
-	TypeAggregate = "aggregate-ethernet"
-	TypeEthernet  = "ethernet"
-	TypeLoopback  = "loopback"
-	TypeTunnel    = "tunnel"
-	TypeVlan      = "vlan"
-)
-
-const (
-	singular = "ipv6 address"
-	plural   = "ipv6 addresses"
-)
diff --git a/netw/interface/ipv6/address/doc.go b/netw/interface/ipv6/address/doc.go
deleted file mode 100644
index f5acf24b..00000000
--- a/netw/interface/ipv6/address/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package address is the client.Network.Ipv6Address namespace.
-
-Note that loopback and tunnel interfaces do not have neighbor discovery config,
-so all router advertisement params should be left as empty for those types.
-
-Normalized object:  Entry
-*/
-package address
diff --git a/netw/interface/ipv6/address/entry.go b/netw/interface/ipv6/address/entry.go
deleted file mode 100644
index a8e5da6c..00000000
--- a/netw/interface/ipv6/address/entry.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package address
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an
-// IPv6 address.
-//
-// Note that loopback and tunnel interfaces do not have neighbor discovery config,
-// so all router advertisement params should be left as empty for those types.
-type Entry struct {
-	Name                string
-	Enabled             bool
-	InterfaceIdAsHost   bool
-	Anycast             bool
-	EnableRa            bool
-	RaValidLifetime     string
-	RaPreferredLifetime string
-	RaOnLink            bool
-	RaAutonomous        bool
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enabled = s.Enabled
-	o.InterfaceIdAsHost = s.InterfaceIdAsHost
-	o.Anycast = s.Anycast
-	o.EnableRa = s.EnableRa
-	o.RaValidLifetime = s.RaValidLifetime
-	o.RaPreferredLifetime = s.RaPreferredLifetime
-	o.RaOnLink = s.RaOnLink
-	o.RaAutonomous = s.RaAutonomous
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Enabled: util.AsBool(o.Enabled),
-	}
-
-	if o.InterfaceIdAsHost != nil {
-		ans.InterfaceIdAsHost = true
-	}
-
-	if o.Anycast != nil {
-		ans.Anycast = true
-	}
-
-	if o.Ra != nil {
-		ans.EnableRa = util.AsBool(o.Ra.EnableRa)
-		ans.RaValidLifetime = o.Ra.RaValidLifetime
-		ans.RaPreferredLifetime = o.Ra.RaPreferredLifetime
-		ans.RaOnLink = util.AsBool(o.Ra.RaOnLink)
-		ans.RaAutonomous = util.AsBool(o.Ra.RaAutonomous)
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name `xml:"entry"`
-	Name              string   `xml:"name,attr"`
-	Enabled           string   `xml:"enable-on-interface"`
-	InterfaceIdAsHost *string  `xml:"prefix"`
-	Anycast           *string  `xml:"anycast"`
-	Ra                *ra      `xml:"advertise"`
-}
-
-type ra struct {
-	EnableRa            string `xml:"enable"`
-	RaValidLifetime     string `xml:"valid-lifetime,omitempty"`
-	RaPreferredLifetime string `xml:"preferred-lifetime,omitempty"`
-	RaOnLink            string `xml:"onlink-flag"`
-	RaAutonomous        string `xml:"auto-config-flag"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:    e.Name,
-		Enabled: util.YesNo(e.Enabled),
-	}
-
-	s := ""
-
-	if e.InterfaceIdAsHost {
-		ans.InterfaceIdAsHost = &s
-	}
-
-	if e.Anycast {
-		ans.Anycast = &s
-	}
-
-	if e.EnableRa || e.RaValidLifetime != "" || e.RaPreferredLifetime != "" || e.RaOnLink || e.RaAutonomous {
-		ans.Ra = &ra{
-			EnableRa:            util.YesNo(e.EnableRa),
-			RaValidLifetime:     e.RaValidLifetime,
-			RaPreferredLifetime: e.RaPreferredLifetime,
-			RaOnLink:            util.YesNo(e.RaOnLink),
-			RaAutonomous:        util.YesNo(e.RaAutonomous),
-		}
-	}
-
-	return ans
-}
diff --git a/netw/interface/ipv6/address/funcs.go b/netw/interface/ipv6/address/funcs.go
deleted file mode 100644
index e910aba5..00000000
--- a/netw/interface/ipv6/address/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package address
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/ipv6/address/fw.go b/netw/interface/ipv6/address/fw.go
deleted file mode 100644
index e1ecc4f3..00000000
--- a/netw/interface/ipv6/address/fw.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package address
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Ipv6Address namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(iType, iName, subName), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(iType, iName, subName), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(iType, iName, subName string, e ...Entry) error {
-	return c.ns.Set(c.pather(iType, iName, subName), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(iType, iName, subName string, e Entry) error {
-	return c.ns.Edit(c.pather(iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(iType, iName, subName string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(iType, iName, subName), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(iType, iName, subName, v)
-	}
-}
-
-func (c *Firewall) xpath(iType, iName, subName string, vals []string) ([]string, error) {
-	// Sanity checks.
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan, TypeTunnel, TypeLoopback:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		} else if subName == "" {
-			return nil, fmt.Errorf("subName must be specified")
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType == TypeEthernet || iType == TypeAggregate {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans,
-		"ipv6",
-		"address",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/ipv6/address/fw_test.go b/netw/interface/ipv6/address/fw_test.go
deleted file mode 100644
index 037b9309..00000000
--- a/netw/interface/ipv6/address/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package address
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(TypeEthernet, "ethernet1/1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(TypeEthernet, "ethernet1/1", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/ipv6/address/pano.go b/netw/interface/ipv6/address/pano.go
deleted file mode 100644
index 8c1870ac..00000000
--- a/netw/interface/ipv6/address/pano.go
+++ /dev/null
@@ -1,146 +0,0 @@
-package address
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Ipv6Address namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, iType, iName, subName), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, iType, iName, subName string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, iType, iName, subName), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, iType, iName, subName string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, iType, iName, subName), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, iType, iName, subName string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, iType, iName, subName string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, iType, iName, subName), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, iType, iName, subName, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, iType, iName, subName), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, iType, iName, subName string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, iType, iName, subName), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, iType, iName, subName, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, iType, iName, subName string, vals []string) ([]string, error) {
-	// Sanity checks.
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan, TypeTunnel, TypeLoopback:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		} else if subName == "" {
-			return nil, fmt.Errorf("subName must be specified")
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 18)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType == TypeEthernet || iType == TypeAggregate {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans,
-		"ipv6",
-		"address",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/ipv6/address/pano_test.go b/netw/interface/ipv6/address/pano_test.go
deleted file mode 100644
index 84fca8d0..00000000
--- a/netw/interface/ipv6/address/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package address
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set("my template", "", TypeEthernet, "ethernet1/1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", TypeEthernet, "ethernet1/1", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/ipv6/address/testdata_test.go b/netw/interface/ipv6/address/testdata_test.go
deleted file mode 100644
index 0292a69c..00000000
--- a/netw/interface/ipv6/address/testdata_test.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package address
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 without neighbor config", version.Number{6, 1, 0, ""}, Entry{
-			Name:              "::1",
-			Enabled:           true,
-			InterfaceIdAsHost: false,
-			Anycast:           true,
-		}},
-		{"v1 with neighbor config pt1", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "::1",
-			Enabled:             false,
-			InterfaceIdAsHost:   true,
-			Anycast:             false,
-			EnableRa:            true,
-			RaValidLifetime:     "1234",
-			RaPreferredLifetime: "infinity",
-			RaOnLink:            true,
-			RaAutonomous:        false,
-		}},
-		{"v1 with neighbor config pt2", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "::1",
-			Enabled:             false,
-			InterfaceIdAsHost:   true,
-			Anycast:             false,
-			EnableRa:            false,
-			RaValidLifetime:     "infinity",
-			RaPreferredLifetime: "4321",
-			RaOnLink:            false,
-			RaAutonomous:        true,
-		}},
-	}
-}
diff --git a/netw/interface/ipv6/neighbor/config.go b/netw/interface/ipv6/neighbor/config.go
deleted file mode 100644
index d5b7728c..00000000
--- a/netw/interface/ipv6/neighbor/config.go
+++ /dev/null
@@ -1,320 +0,0 @@
-package neighbor
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of an IPv6
-// neighbor discovery configuration.
-//
-// Due to the fact that RaLifetime is a rangedint field where not only is 0
-// a valid value, but the default is 1800, this field will always be present
-// in the marshalled XML sent to PAN-OS if either of the following is true:
-//
-// * another Ra* field is non-zero
-// * this field is a value other than 1800
-//
-// PAN-OS 8.0+
-type Config struct {
-	EnableRa                          bool
-	RaMaxInterval                     int
-	RaMinInterval                     int
-	RaManagedFlag                     bool
-	RaOtherFlag                       bool
-	RaLinkMtu                         string
-	RaReachableTime                   string
-	RaRetransmissionTimer             string
-	RaHopLimit                        string
-	RaLifetime                        int
-	RaRouterPreference                string
-	RaEnableConsistencyCheck          bool
-	RaEnableDnsSupport                bool
-	RaDnsServers                      []RaDnsServer
-	RaDnsSuffixes                     []RaDnsSuffix
-	EnableNdpMonitor                  bool
-	EnableDuplicateAddressDetection   bool
-	DuplicateAddressDetectionAttempts int
-	NeighborSolicitationInterval      int
-	ReachableTime                     int
-	Neighbors                         []Neighbor
-}
-
-type RaDnsServer struct {
-	Name     string
-	Lifetime int
-}
-
-type RaDnsSuffix struct {
-	Name     string
-	Lifetime int
-}
-
-type Neighbor struct {
-	Name       string
-	MacAddress string
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.EnableRa = s.EnableRa
-	o.RaMaxInterval = s.RaMaxInterval
-	o.RaMinInterval = s.RaMinInterval
-	o.RaManagedFlag = s.RaManagedFlag
-	o.RaOtherFlag = s.RaOtherFlag
-	o.RaLinkMtu = s.RaLinkMtu
-	o.RaReachableTime = s.RaReachableTime
-	o.RaRetransmissionTimer = s.RaRetransmissionTimer
-	o.RaHopLimit = s.RaHopLimit
-	o.RaLifetime = s.RaLifetime
-	o.RaRouterPreference = s.RaRouterPreference
-	o.RaEnableConsistencyCheck = s.RaEnableConsistencyCheck
-	o.RaEnableDnsSupport = s.RaEnableDnsSupport
-	o.RaDnsServers = s.RaDnsServers
-	o.RaDnsSuffixes = s.RaDnsSuffixes
-	o.EnableNdpMonitor = s.EnableNdpMonitor
-	o.EnableDuplicateAddressDetection = s.EnableDuplicateAddressDetection
-	o.DuplicateAddressDetectionAttempts = s.DuplicateAddressDetectionAttempts
-	o.NeighborSolicitationInterval = s.NeighborSolicitationInterval
-	o.ReachableTime = s.ReachableTime
-	o.Neighbors = s.Neighbors
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"neighbor-discovery"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Config {
-	ans := Config{
-		EnableNdpMonitor:                  util.AsBool(o.EnableNdpMonitor),
-		EnableDuplicateAddressDetection:   util.AsBool(o.EnableDuplicateAddressDetection),
-		DuplicateAddressDetectionAttempts: o.DuplicateAddressDetectionAttempts,
-		NeighborSolicitationInterval:      o.NeighborSolicitationInterval,
-		ReachableTime:                     o.ReachableTime,
-	}
-
-	if o.Ra != nil {
-		ans.EnableRa = util.AsBool(o.Ra.EnableRa)
-		ans.RaMaxInterval = o.Ra.RaMaxInterval
-		ans.RaMinInterval = o.Ra.RaMinInterval
-		ans.RaManagedFlag = util.AsBool(o.Ra.RaManagedFlag)
-		ans.RaOtherFlag = util.AsBool(o.Ra.RaOtherFlag)
-		ans.RaLinkMtu = o.Ra.RaLinkMtu
-		ans.RaReachableTime = o.Ra.RaReachableTime
-		ans.RaRetransmissionTimer = o.Ra.RaRetransmissionTimer
-		ans.RaHopLimit = o.Ra.RaHopLimit
-		ans.RaLifetime = o.Ra.RaLifetime
-		ans.RaRouterPreference = o.Ra.RaRouterPreference
-		ans.RaEnableConsistencyCheck = util.AsBool(o.Ra.RaEnableConsistencyCheck)
-
-		if o.Ra.Dns != nil {
-			ans.RaEnableDnsSupport = util.AsBool(o.Ra.Dns.RaEnableDnsSupport)
-
-			if o.Ra.Dns.Servers != nil {
-				list := make([]RaDnsServer, 0, len(o.Ra.Dns.Servers.Entries))
-				for _, v := range o.Ra.Dns.Servers.Entries {
-					list = append(list, RaDnsServer{
-						Name:     v.Name,
-						Lifetime: v.Lifetime,
-					})
-				}
-
-				ans.RaDnsServers = list
-			}
-
-			if o.Ra.Dns.Suffixes != nil {
-				list := make([]RaDnsSuffix, 0, len(o.Ra.Dns.Suffixes.Entries))
-				for _, v := range o.Ra.Dns.Suffixes.Entries {
-					list = append(list, RaDnsSuffix{
-						Name:     v.Name,
-						Lifetime: v.Lifetime,
-					})
-				}
-
-				ans.RaDnsSuffixes = list
-			}
-		}
-	}
-
-	if o.Neighbors != nil {
-		list := make([]Neighbor, 0, len(o.Neighbors.Entries))
-		for _, v := range o.Neighbors.Entries {
-			list = append(list, Neighbor{
-				Name:       v.Name,
-				MacAddress: v.MacAddress,
-			})
-		}
-
-		ans.Neighbors = list
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                           xml.Name   `xml:"neighbor-discovery"`
-	Ra                                *ra        `xml:"router-advertisement"`
-	EnableNdpMonitor                  string     `xml:"enable-ndp-monitor"`
-	EnableDuplicateAddressDetection   string     `xml:"enable-dad"`
-	DuplicateAddressDetectionAttempts int        `xml:"dad-attempts,omitempty"`
-	NeighborSolicitationInterval      int        `xml:"ns-interval,omitempty"`
-	ReachableTime                     int        `xml:"reachable-time,omitempty"`
-	Neighbors                         *neighbors `xml:"neighbor"`
-}
-
-type ra struct {
-	EnableRa                 string `xml:"enable"`
-	RaMaxInterval            int    `xml:"max-interval,omitempty"`
-	RaMinInterval            int    `xml:"min-interval,omitempty"`
-	RaManagedFlag            string `xml:"managed-flag"`
-	RaOtherFlag              string `xml:"other-flag"`
-	RaLinkMtu                string `xml:"link-mtu,omitempty"`
-	RaReachableTime          string `xml:"reachable-time,omitempty"`
-	RaRetransmissionTimer    string `xml:"retransmission-timer,omitempty"`
-	RaHopLimit               string `xml:"hop-limit,omitempty"`
-	RaLifetime               int    `xml:"lifetime"`
-	RaRouterPreference       string `xml:"router-preference,omitempty"`
-	RaEnableConsistencyCheck string `xml:"enable-consistency-check"`
-	Dns                      *dns   `xml:"dns"`
-}
-
-type dns struct {
-	RaEnableDnsSupport string       `xml:"enable"`
-	Servers            *dnsServers  `xml:"server"`
-	Suffixes           *dnsSuffixes `xml:"suffix"`
-}
-
-type dnsServers struct {
-	Entries []dnsServer `xml:"entry"`
-}
-
-type dnsServer struct {
-	Name     string `xml:"name,attr"`
-	Lifetime int    `xml:"lifetime,omitempty"`
-}
-
-type dnsSuffixes struct {
-	Entries []dnsSuffix `xml:"entry"`
-}
-
-type dnsSuffix struct {
-	Name     string `xml:"name,attr"`
-	Lifetime int    `xml:"lifetime,omitempty"`
-}
-
-type neighbors struct {
-	Entries []neighbor `xml:"entry"`
-}
-
-type neighbor struct {
-	Name       string `xml:"name,attr"`
-	MacAddress string `xml:"hw-address"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := entry_v1{
-		EnableNdpMonitor:                  util.YesNo(e.EnableNdpMonitor),
-		EnableDuplicateAddressDetection:   util.YesNo(e.EnableDuplicateAddressDetection),
-		DuplicateAddressDetectionAttempts: e.DuplicateAddressDetectionAttempts,
-		NeighborSolicitationInterval:      e.NeighborSolicitationInterval,
-		ReachableTime:                     e.ReachableTime,
-	}
-
-	incDns := e.RaEnableDnsSupport || len(e.RaDnsServers) > 0 || len(e.RaDnsSuffixes) > 0
-	if e.EnableRa || e.RaMaxInterval > 0 || e.RaMinInterval > 0 || e.RaManagedFlag ||
-		e.RaOtherFlag || e.RaLinkMtu != "" || e.RaReachableTime != "" ||
-		e.RaRetransmissionTimer != "" || e.RaHopLimit != "" || e.RaLifetime != 1800 ||
-		e.RaRouterPreference != "" || e.RaEnableConsistencyCheck ||
-		incDns {
-		ans.Ra = &ra{
-			EnableRa:                 util.YesNo(e.EnableRa),
-			RaMaxInterval:            e.RaMaxInterval,
-			RaMinInterval:            e.RaMinInterval,
-			RaManagedFlag:            util.YesNo(e.RaManagedFlag),
-			RaOtherFlag:              util.YesNo(e.RaOtherFlag),
-			RaLinkMtu:                e.RaLinkMtu,
-			RaReachableTime:          e.RaReachableTime,
-			RaRetransmissionTimer:    e.RaRetransmissionTimer,
-			RaHopLimit:               e.RaHopLimit,
-			RaLifetime:               e.RaLifetime,
-			RaRouterPreference:       e.RaRouterPreference,
-			RaEnableConsistencyCheck: util.YesNo(e.RaEnableConsistencyCheck),
-		}
-
-		if incDns {
-			ans.Ra.Dns = &dns{
-				RaEnableDnsSupport: util.YesNo(e.RaEnableDnsSupport),
-			}
-
-			if len(e.RaDnsServers) > 0 {
-				list := make([]dnsServer, 0, len(e.RaDnsServers))
-				for _, v := range e.RaDnsServers {
-					list = append(list, dnsServer{
-						Name:     v.Name,
-						Lifetime: v.Lifetime,
-					})
-				}
-
-				ans.Ra.Dns.Servers = &dnsServers{Entries: list}
-			}
-
-			if len(e.RaDnsSuffixes) > 0 {
-				list := make([]dnsSuffix, 0, len(e.RaDnsSuffixes))
-				for _, v := range e.RaDnsSuffixes {
-					list = append(list, dnsSuffix{
-						Name:     v.Name,
-						Lifetime: v.Lifetime,
-					})
-				}
-
-				ans.Ra.Dns.Suffixes = &dnsSuffixes{Entries: list}
-			}
-		}
-	}
-
-	if len(e.Neighbors) > 0 {
-		list := make([]neighbor, 0, len(e.Neighbors))
-		for _, v := range e.Neighbors {
-			list = append(list, neighbor{
-				Name:       v.Name,
-				MacAddress: v.MacAddress,
-			})
-		}
-
-		ans.Neighbors = &neighbors{Entries: list}
-	}
-
-	return ans
-}
diff --git a/netw/interface/ipv6/neighbor/const.go b/netw/interface/ipv6/neighbor/const.go
deleted file mode 100644
index e64410ce..00000000
--- a/netw/interface/ipv6/neighbor/const.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package neighbor
-
-// Valid values for RaRouterPreference.
-const (
-	RaRouterPreferenceHigh   = "High"
-	RaRouterPreferenceMedium = "Medium"
-	RaRouterPreferenceLow    = "Low"
-)
-
-// Valid values for the iType param.
-const (
-	TypeEthernet  = "ethernet"
-	TypeAggregate = "aggregate-ethernet"
-	TypeVlan      = "vlan"
-)
-
-const (
-	singular = "ipv6 neighbor"
-)
diff --git a/netw/interface/ipv6/neighbor/doc.go b/netw/interface/ipv6/neighbor/doc.go
deleted file mode 100644
index 9acc5f4d..00000000
--- a/netw/interface/ipv6/neighbor/doc.go
+++ /dev/null
@@ -1,11 +0,0 @@
-/*
-Package neighbor is the client.Network.Ipv6NeighborDiscovery namespace.
-
-PAN-OS 8.0+
-
-When configuring the neighbor discovery for iType=TypeVlan, the iName param
-should be an empty string.
-
-Normalized object:  Config
-*/
-package neighbor
diff --git a/netw/interface/ipv6/neighbor/funcs.go b/netw/interface/ipv6/neighbor/funcs.go
deleted file mode 100644
index cdb48455..00000000
--- a/netw/interface/ipv6/neighbor/funcs.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package neighbor
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/ipv6/neighbor/fw.go b/netw/interface/ipv6/neighbor/fw.go
deleted file mode 100644
index 3d5336a4..00000000
--- a/netw/interface/ipv6/neighbor/fw.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package neighbor
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Ipv6NeighborDiscovery namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(iType, iName, subName string, e Config) error {
-	return c.ns.Set(c.pather(iType, iName, subName), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(iType, iName, subName string, e Config) error {
-	return c.ns.Edit(c.pather(iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete(iType, iName, subName string) error {
-	return c.ns.Delete(c.pather(iType, iName, subName), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-func (c *Firewall) pather(iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(iType, iName, subName)
-	}
-}
-
-func (c *Firewall) xpath(iType, iName, subName string) ([]string, error) {
-	// Sanity checks.
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		} else if subName == "" {
-			return nil, fmt.Errorf("subName must be specified")
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType != TypeVlan {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans,
-		"ipv6",
-		"neighbor-discovery",
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/ipv6/neighbor/fw_test.go b/netw/interface/ipv6/neighbor/fw_test.go
deleted file mode 100644
index 19018c22..00000000
--- a/netw/interface/ipv6/neighbor/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package neighbor
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(TypeEthernet, "ethernet1/1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(TypeEthernet, "ethernet1/1", "")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/ipv6/neighbor/pano.go b/netw/interface/ipv6/neighbor/pano.go
deleted file mode 100644
index d5ca51da..00000000
--- a/netw/interface/ipv6/neighbor/pano.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package neighbor
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Ipv6NeighborDiscovery namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, iType, iName, subName string, e Config) error {
-	return c.ns.Set(c.pather(tmpl, ts, iType, iName, subName), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, iType, iName, subName string, e Config) error {
-	return c.ns.Edit(c.pather(tmpl, ts, iType, iName, subName), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Panorama) Delete(tmpl, ts, iType, iName, subName string) error {
-	return c.ns.Delete(c.pather(tmpl, ts, iType, iName, subName), nil, nil)
-}
-
-// FromPanosConfig retrieves object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, iType, iName, subName string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, iType, iName, subName), "", ans)
-	return first(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, iType, iName, subName string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, iType, iName, subName)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, iType, iName, subName string) ([]string, error) {
-	// Sanity checks.
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case TypeVlan:
-		if iName != "" {
-			return nil, fmt.Errorf("iName should be an empty string for %s types", iType)
-		} else if subName == "" {
-			return nil, fmt.Errorf("subName must be specified")
-		}
-	case TypeEthernet, TypeAggregate:
-		if iName == "" {
-			return nil, fmt.Errorf("iName must be specified")
-		}
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-	)
-
-	if iType != TypeVlan {
-		ans = append(ans, util.AsEntryXpath([]string{iName}), "layer3")
-	}
-
-	if subName != "" {
-		ans = append(ans, "units", util.AsEntryXpath([]string{subName}))
-	}
-
-	ans = append(ans,
-		"ipv6",
-		"neighbor-discovery",
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/ipv6/neighbor/pano_test.go b/netw/interface/ipv6/neighbor/pano_test.go
deleted file mode 100644
index 6f3ced16..00000000
--- a/netw/interface/ipv6/neighbor/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package neighbor
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", TypeEthernet, "ethernet1/1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", TypeEthernet, "ethernet1/1", "")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/ipv6/neighbor/testdata_test.go b/netw/interface/ipv6/neighbor/testdata_test.go
deleted file mode 100644
index 31f1fd91..00000000
--- a/netw/interface/ipv6/neighbor/testdata_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package neighbor
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 no route advertise", version.Number{8, 0, 0, ""}, Config{
-			EnableNdpMonitor:                  true,
-			DuplicateAddressDetectionAttempts: 7,
-			NeighborSolicitationInterval:      8,
-			ReachableTime:                     9,
-		}},
-		{"v1 no route advertise with neighbors", version.Number{8, 0, 0, ""}, Config{
-			EnableDuplicateAddressDetection:   true,
-			DuplicateAddressDetectionAttempts: 7,
-			NeighborSolicitationInterval:      8,
-			ReachableTime:                     9,
-			Neighbors: []Neighbor{
-				Neighbor{
-					Name:       "first",
-					MacAddress: "00:30:48:52:ab:bc",
-				},
-				Neighbor{
-					Name:       "second",
-					MacAddress: "00:30:48:52:ab:cd",
-				},
-			},
-		}},
-		{"v1 with ra", version.Number{8, 0, 0, ""}, Config{
-			EnableRa:                 true,
-			RaMaxInterval:            600,
-			RaMinInterval:            200,
-			RaManagedFlag:            true,
-			RaOtherFlag:              false,
-			RaLinkMtu:                "9216",
-			RaReachableTime:          "0",
-			RaRetransmissionTimer:    "1",
-			RaHopLimit:               "2",
-			RaLifetime:               2,
-			RaRouterPreference:       RaRouterPreferenceHigh,
-			RaEnableConsistencyCheck: true,
-		}},
-		{"v1 with dns servers", version.Number{8, 0, 0, ""}, Config{
-			RaEnableDnsSupport: true,
-			RaDnsServers: []RaDnsServer{
-				RaDnsServer{
-					Name:     "one",
-					Lifetime: 4,
-				},
-				RaDnsServer{
-					Name:     "two",
-					Lifetime: 3600,
-				},
-			},
-		}},
-		{"v1 with dns servers", version.Number{8, 0, 0, ""}, Config{
-			RaDnsSuffixes: []RaDnsSuffix{
-				RaDnsSuffix{
-					Name:     "alpha",
-					Lifetime: 4,
-				},
-				RaDnsSuffix{
-					Name:     "beta",
-					Lifetime: 3600,
-				},
-			},
-		}},
-	}
-}
diff --git a/netw/interface/loopback/const.go b/netw/interface/loopback/const.go
deleted file mode 100644
index 792eca6d..00000000
--- a/netw/interface/loopback/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package loopback
-
-const (
-	singular = "loopback interface"
-	plural   = "loopback interfaces"
-)
diff --git a/netw/interface/loopback/doc.go b/netw/interface/loopback/doc.go
deleted file mode 100644
index be5e1c10..00000000
--- a/netw/interface/loopback/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package loopback is the client.Network.LoopbackInterface namespace.
-//
-// Normalized object:  Entry
-package loopback
diff --git a/netw/interface/loopback/entry.go b/netw/interface/loopback/entry.go
deleted file mode 100644
index 7e13b52c..00000000
--- a/netw/interface/loopback/entry.go
+++ /dev/null
@@ -1,239 +0,0 @@
-package loopback
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a VLAN interface.
-type Entry struct {
-	Name              string
-	Comment           string
-	NetflowProfile    string
-	StaticIps         []string // ordered
-	ManagementProfile string
-	Mtu               int
-	AdjustTcpMss      bool
-	Ipv4MssAdjust     int
-	Ipv6MssAdjust     int
-	EnableIpv6        bool
-	Ipv6InterfaceId   string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Comment = s.Comment
-	o.NetflowProfile = s.NetflowProfile
-	o.StaticIps = s.StaticIps
-	o.ManagementProfile = s.ManagementProfile
-	o.Mtu = s.Mtu
-	o.AdjustTcpMss = s.AdjustTcpMss
-	o.Ipv4MssAdjust = s.Ipv4MssAdjust
-	o.Ipv6MssAdjust = s.Ipv6MssAdjust
-	o.EnableIpv6 = s.EnableIpv6
-	o.Ipv6InterfaceId = s.Ipv6InterfaceId
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Comment:           o.Comment,
-		NetflowProfile:    o.NetflowProfile,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		Mtu:               int(o.Mtu),
-		ManagementProfile: o.ManagementProfile,
-		AdjustTcpMss:      util.AsBool(o.AdjustTcpMss),
-	}
-
-	raw := make(map[string]string)
-	if o.Ipv6 != nil {
-		ans.EnableIpv6 = util.AsBool(o.Ipv6.EnableIpv6)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-
-		if o.Ipv6.Addresses != nil {
-			raw["v6a"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Comment           string          `xml:"comment,omitempty"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	AdjustTcpMss      string          `xml:"adjust-tcp-mss"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-}
-
-type ipv6 struct {
-	EnableIpv6      string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Addresses       *util.RawXml `xml:"address"`
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Comment:           o.Comment,
-		NetflowProfile:    o.NetflowProfile,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		Mtu:               int(o.Mtu),
-		ManagementProfile: o.ManagementProfile,
-		AdjustTcpMss:      util.AsBool(o.AdjustTcpMss),
-		Ipv4MssAdjust:     int(o.Ipv4MssAdjust),
-		Ipv6MssAdjust:     int(o.Ipv6MssAdjust),
-	}
-
-	raw := make(map[string]string)
-	if o.Ipv6 != nil {
-		ans.EnableIpv6 = util.AsBool(o.Ipv6.EnableIpv6)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-
-		if o.Ipv6.Addresses != nil {
-			raw["v6a"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Comment           string          `xml:"comment,omitempty"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	AdjustTcpMss      string          `xml:"adjust-tcp-mss>enable"`
-	Ipv4MssAdjust     int             `xml:"adjust-tcp-mss>ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust     int             `xml:"adjust-tcp-mss>ipv6-mss-adjustment,omitempty"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:              e.Name,
-		Comment:           e.Comment,
-		NetflowProfile:    e.NetflowProfile,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		Mtu:               e.Mtu,
-		ManagementProfile: e.ManagementProfile,
-		AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-	}
-
-	if e.raw["v6a"] != "" || e.EnableIpv6 || e.Ipv6InterfaceId != "" {
-		ans.Ipv6 = &ipv6{
-			EnableIpv6:      util.YesNo(e.EnableIpv6),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if text := e.raw["v6a"]; text != "" {
-			ans.Ipv6.Addresses = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:              e.Name,
-		Comment:           e.Comment,
-		NetflowProfile:    e.NetflowProfile,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		Mtu:               e.Mtu,
-		ManagementProfile: e.ManagementProfile,
-		AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-		Ipv4MssAdjust:     e.Ipv4MssAdjust,
-		Ipv6MssAdjust:     e.Ipv6MssAdjust,
-	}
-
-	if e.raw["v6a"] != "" || e.EnableIpv6 || e.Ipv6InterfaceId != "" {
-		ans.Ipv6 = &ipv6{
-			EnableIpv6:      util.YesNo(e.EnableIpv6),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if text := e.raw["v6a"]; text != "" {
-			ans.Ipv6.Addresses = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/interface/loopback/funcs.go b/netw/interface/loopback/funcs.go
deleted file mode 100644
index d80932b1..00000000
--- a/netw/interface/loopback/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package loopback
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/loopback/fw.go b/netw/interface/loopback/fw.go
deleted file mode 100644
index 45872d10..00000000
--- a/netw/interface/loopback/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package loopback
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.LoopbackInterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"loopback",
-		"units",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/loopback/fw_test.go b/netw/interface/loopback/fw_test.go
deleted file mode 100644
index b6b88af7..00000000
--- a/netw/interface/loopback/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package loopback
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/loopback/pano.go b/netw/interface/loopback/pano.go
deleted file mode 100644
index 39e4e6e1..00000000
--- a/netw/interface/loopback/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package loopback
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.LoopbackInterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"loopback",
-		"units",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/loopback/pano_test.go b/netw/interface/loopback/pano_test.go
deleted file mode 100644
index e41b5589..00000000
--- a/netw/interface/loopback/pano_test.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package loopback
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			if tc.tmpl == "" {
-				t.Skip()
-			}
-
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.tmpl, "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if mc.Template != tc.tmpl {
-					t.Errorf("template: %q != %q", tc.tmpl, mc.Template)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/loopback/testdata_test.go b/netw/interface/loopback/testdata_test.go
deleted file mode 100644
index 2e658679..00000000
--- a/netw/interface/loopback/testdata_test.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package loopback
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	tmpl       string
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{5, 0, 0, ""}, "one", "vsys2", "vsys2", []string{"loopback.1"}, Entry{
-			Name:              "loopback.1",
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{5, 0, 0, ""}, "two", "vsys3", "vsys3", []string{"loopback.2"}, Entry{
-			Name:      "loopback.2",
-			StaticIps: []string{"10.3.1.1/24"},
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-			},
-			Comment: "v1 raw no import",
-		}},
-		{version.Number{5, 0, 0, ""}, "", "", "", []string{"loopback.2"}, Entry{
-			Name:      "loopback.2",
-			StaticIps: []string{"10.3.1.1/24"},
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-			},
-			Comment: "v1 tmpl with raw",
-		}},
-		{version.Number{5, 0, 0, ""}, "", "", "", []string{"loopback.2"}, Entry{
-			Name:            "loopback.2",
-			StaticIps:       []string{"10.3.1.1/24"},
-			EnableIpv6:      true,
-			Ipv6InterfaceId: "someId",
-			Comment:         "v1 with ipv6 config",
-		}},
-		{version.Number{8, 0, 0, ""}, "three", "vsys2", "vsys2", []string{"loopback.3"}, Entry{
-			Name:              "loopback.3",
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     12,
-			Ipv6MssAdjust:     14,
-			NetflowProfile:    "some profile",
-			Comment:           "v2 basic",
-		}},
-		{version.Number{8, 0, 0, ""}, "", "", "", []string{"loopback.4"}, Entry{
-			Name:          "loopback.4",
-			StaticIps:     []string{"10.3.1.1/24"},
-			Ipv6MssAdjust: 1024,
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-			},
-			Comment: "v2 raw no import",
-		}},
-		{version.Number{8, 0, 0, ""}, "four", "vsys3", "vsys3", []string{"loopback.4"}, Entry{
-			Name:          "loopback.4",
-			StaticIps:     []string{"10.3.1.1/24"},
-			Ipv6MssAdjust: 1024,
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-			},
-			Comment: "v2 tmpl with raw",
-		}},
-		{version.Number{8, 0, 0, ""}, "", "", "", []string{"loopback.2"}, Entry{
-			Name:            "loopback.2",
-			StaticIps:       []string{"10.3.1.1/24"},
-			EnableIpv6:      true,
-			Ipv6InterfaceId: "someId",
-			Comment:         "v2 with ipv6 config",
-		}},
-	}
-}
diff --git a/netw/interface/subinterface/layer2/const.go b/netw/interface/subinterface/layer2/const.go
deleted file mode 100644
index bd5b2cfc..00000000
--- a/netw/interface/subinterface/layer2/const.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package layer2
-
-// Valid mType values.
-const (
-	VirtualWire = "virtual-wire"
-	Layer2      = "layer2"
-)
-
-// Valid iType values.
-const (
-	EthernetInterface  = "ethernet"
-	AggregateInterface = "aggregate-ethernet"
-)
-
-const (
-	singular = "layer2 subinterface"
-	plural   = "layer2 subinterfaces"
-)
diff --git a/netw/interface/subinterface/layer2/doc.go b/netw/interface/subinterface/layer2/doc.go
deleted file mode 100644
index 286d63c3..00000000
--- a/netw/interface/subinterface/layer2/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package layer2 is the client.Network.Layer2Subinterface namespace.
-//
-// Normalized object:  Entry
-package layer2
diff --git a/netw/interface/subinterface/layer2/entry.go b/netw/interface/subinterface/layer2/entry.go
deleted file mode 100644
index 48842c09..00000000
--- a/netw/interface/subinterface/layer2/entry.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package layer2
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a layer2
-// subinterface.
-type Entry struct {
-	Name           string
-	Tag            int
-	NetflowProfile string
-	Comment        string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Tag = s.Tag
-	o.NetflowProfile = s.NetflowProfile
-	o.Comment = s.Comment
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:           o.Name,
-		Tag:            o.Tag,
-		NetflowProfile: o.NetflowProfile,
-		Comment:        o.Comment,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName        xml.Name `xml:"entry"`
-	Name           string   `xml:"name,attr"`
-	Tag            int      `xml:"tag,omitempty"`
-	NetflowProfile string   `xml:"netflow-profile,omitempty"`
-	Comment        string   `xml:"comment,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:           e.Name,
-		Tag:            e.Tag,
-		NetflowProfile: e.NetflowProfile,
-		Comment:        e.Comment,
-	}
-
-	return ans
-}
diff --git a/netw/interface/subinterface/layer2/funcs.go b/netw/interface/subinterface/layer2/funcs.go
deleted file mode 100644
index d76b8ebd..00000000
--- a/netw/interface/subinterface/layer2/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package layer2
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/subinterface/layer2/fw.go b/netw/interface/subinterface/layer2/fw.go
deleted file mode 100644
index 2abe7334..00000000
--- a/netw/interface/subinterface/layer2/fw.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package layer2
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Layer2Subinterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(iType, eth, mType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(iType, eth, mType), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(iType, eth, mType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(iType, eth, mType), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll(iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(iType, eth, mType, vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(iType, eth, mType), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(iType, eth, mType, vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(iType, eth, mType), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(iType, eth, mType string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(iType, eth, mType), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(iType, eth, mType string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(iType, eth, mType, v)
-	}
-}
-
-func (c *Firewall) xpath(iType, eth, mType string, vals []string) ([]string, error) {
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case EthernetInterface, AggregateInterface:
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-	if eth == "" {
-		return nil, fmt.Errorf("eth must be specified")
-	}
-	switch mType {
-	case "":
-		return nil, fmt.Errorf("mType must be specified")
-	case VirtualWire, Layer2:
-	default:
-		return nil, fmt.Errorf("unknown mType value: %s", mType)
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-		util.AsEntryXpath([]string{eth}),
-		mType,
-		"units",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/subinterface/layer2/fw_test.go b/netw/interface/subinterface/layer2/fw_test.go
deleted file mode 100644
index c1f0564a..00000000
--- a/netw/interface/subinterface/layer2/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package layer2
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(EthernetInterface, "ethernet1/1", VirtualWire, tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(EthernetInterface, "ethernet1/1", VirtualWire, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/subinterface/layer2/pano.go b/netw/interface/subinterface/layer2/pano.go
deleted file mode 100644
index 8312a279..00000000
--- a/netw/interface/subinterface/layer2/pano.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package layer2
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Layer2Subinterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, iType, eth, mType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, iType, eth, mType), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, iType, eth, mType string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, iType, eth, mType), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts, iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, iType, eth, mType, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts, iType, eth, mType), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, iType, eth, mType, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts, iType, eth, mType), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, iType, eth, mType string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts, iType, eth, mType), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, iType, eth, mType, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, iType, eth, mType), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, iType, eth, mType string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, iType, eth, mType), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, iType, eth, mType string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, iType, eth, mType, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, iType, eth, mType string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case EthernetInterface, AggregateInterface:
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-	if eth == "" {
-		return nil, fmt.Errorf("eth must be specified")
-	}
-	switch mType {
-	case "":
-		return nil, fmt.Errorf("mType must be specified")
-	case VirtualWire, Layer2:
-	default:
-		return nil, fmt.Errorf("unknown mType value: %s", mType)
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-		util.AsEntryXpath([]string{eth}),
-		mType,
-		"units",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/subinterface/layer2/pano_test.go b/netw/interface/subinterface/layer2/pano_test.go
deleted file mode 100644
index 3973da03..00000000
--- a/netw/interface/subinterface/layer2/pano_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package layer2
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.tmpl, "", AggregateInterface, "ethernet1/1", Layer2, tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", AggregateInterface, "ethernet1/1", Layer2, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/subinterface/layer2/testdata_test.go b/netw/interface/subinterface/layer2/testdata_test.go
deleted file mode 100644
index 1431f84d..00000000
--- a/netw/interface/subinterface/layer2/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package layer2
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	tmpl       string
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{7, 1, 0, ""}, "tmpl1", "vsys1", "vsys1", []string{"ethernet1/1.2"}, Entry{
-			Name:           "ethernet1/1.2",
-			Tag:            2,
-			NetflowProfile: "netflow profile",
-			Comment:        "v1 basic",
-		}},
-	}
-}
diff --git a/netw/interface/subinterface/layer3/const.go b/netw/interface/subinterface/layer3/const.go
deleted file mode 100644
index e506d2bb..00000000
--- a/netw/interface/subinterface/layer3/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package layer3
-
-// Valid iType values.
-const (
-	EthernetInterface  = "ethernet"
-	AggregateInterface = "aggregate-ethernet"
-)
-
-const (
-	singular = "layer3 subinterface"
-	plural   = "layer3 subinterfaces"
-)
diff --git a/netw/interface/subinterface/layer3/doc.go b/netw/interface/subinterface/layer3/doc.go
deleted file mode 100644
index fb8d2c8a..00000000
--- a/netw/interface/subinterface/layer3/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package layer3 is the client.Network.Layer3Subinterface namespace.
-//
-// Normalized object:  Entry
-package layer3
diff --git a/netw/interface/subinterface/layer3/entry.go b/netw/interface/subinterface/layer3/entry.go
deleted file mode 100644
index adb2ad0a..00000000
--- a/netw/interface/subinterface/layer3/entry.go
+++ /dev/null
@@ -1,543 +0,0 @@
-package layer3
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a layer3
-// subinterface.
-type Entry struct {
-	Name                   string
-	Tag                    int
-	StaticIps              []string // ordered
-	Ipv6Enabled            bool
-	Ipv6InterfaceId        string
-	ManagementProfile      string
-	Mtu                    int
-	AdjustTcpMss           bool
-	Ipv4MssAdjust          int
-	Ipv6MssAdjust          int
-	NetflowProfile         string
-	Comment                string
-	EnableDhcp             bool
-	CreateDhcpDefaultRoute bool
-	DhcpDefaultRouteMetric int
-	DhcpSendHostnameEnable bool   // 9.0
-	DhcpSendHostnameValue  string // 9.0
-	DecryptForward         bool   // 8.1
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Tag = s.Tag
-	o.StaticIps = s.StaticIps
-	o.Ipv6Enabled = s.Ipv6Enabled
-	o.ManagementProfile = s.ManagementProfile
-	o.Mtu = s.Mtu
-	o.AdjustTcpMss = s.AdjustTcpMss
-	o.NetflowProfile = s.NetflowProfile
-	o.Comment = s.Comment
-	o.Ipv4MssAdjust = s.Ipv4MssAdjust
-	o.Ipv6MssAdjust = s.Ipv6MssAdjust
-	o.EnableDhcp = s.EnableDhcp
-	o.CreateDhcpDefaultRoute = s.CreateDhcpDefaultRoute
-	o.DhcpDefaultRouteMetric = s.DhcpDefaultRouteMetric
-	o.DhcpSendHostnameEnable = s.DhcpSendHostnameEnable
-	o.DhcpSendHostnameValue = s.DhcpSendHostnameValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Tag:               o.Tag,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		ManagementProfile: o.ManagementProfile,
-		Mtu:               o.Mtu,
-		NetflowProfile:    o.NetflowProfile,
-		Comment:           o.Comment,
-	}
-	ans.raw = make(map[string]string)
-
-	if o.Ipv6 != nil {
-		ans.Ipv6Enabled = util.AsBool(o.Ipv6.Ipv6Enabled)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-		if o.Ipv6.Addresses != nil {
-			ans.raw["v6adr"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-		if o.Ipv6.Neighbor != nil {
-			ans.raw["v6nbr"] = util.CleanRawXml(o.Ipv6.Neighbor.Text)
-		}
-	}
-
-	if o.Mss != nil {
-		ans.AdjustTcpMss = util.AsBool(o.Mss.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.Mss.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.Mss.Ipv6MssAdjust
-	}
-
-	if o.Dhcp != nil {
-		ans.EnableDhcp = util.AsBool(o.Dhcp.EnableDhcp)
-		ans.CreateDhcpDefaultRoute = util.AsBool(o.Dhcp.CreateDhcpDefaultRoute)
-		ans.DhcpDefaultRouteMetric = o.Dhcp.DhcpDefaultRouteMetric
-	}
-
-	if o.Arp != nil {
-		ans.raw["arp"] = util.CleanRawXml(o.Arp.Text)
-	}
-	if o.NdpProxy != nil {
-		ans.raw["ndp"] = util.CleanRawXml(o.NdpProxy.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Tag               int             `xml:"tag,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	Mss               *mss            `xml:"adjust-tcp-mss"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	Comment           string          `xml:"comment,omitempty"`
-	Dhcp              *dhcp_v1        `xml:"dhcp-client"`
-	Arp               *util.RawXml    `xml:"arp"`
-	NdpProxy          *util.RawXml    `xml:"ndp-proxy"`
-}
-
-type ipv6 struct {
-	Ipv6Enabled     string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Addresses       *util.RawXml `xml:"address"`
-	Neighbor        *util.RawXml `xml:"neighbor-discovery"`
-}
-
-type mss struct {
-	AdjustTcpMss  string `xml:"enable"`
-	Ipv4MssAdjust int    `xml:"ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust int    `xml:"ipv6-mss-adjustment,omitempty"`
-}
-
-type dhcp_v1 struct {
-	EnableDhcp             string `xml:"enable"`
-	CreateDhcpDefaultRoute string `xml:"create-default-route"`
-	DhcpDefaultRouteMetric int    `xml:"default-route-metric,omitempty"`
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Tag:               o.Tag,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		ManagementProfile: o.ManagementProfile,
-		Mtu:               o.Mtu,
-		NetflowProfile:    o.NetflowProfile,
-		Comment:           o.Comment,
-		DecryptForward:    util.AsBool(o.DecryptForward),
-	}
-	ans.raw = make(map[string]string)
-
-	if o.Ipv6 != nil {
-		ans.Ipv6Enabled = util.AsBool(o.Ipv6.Ipv6Enabled)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-		if o.Ipv6.Addresses != nil {
-			ans.raw["v6adr"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-		if o.Ipv6.Neighbor != nil {
-			ans.raw["v6nbr"] = util.CleanRawXml(o.Ipv6.Neighbor.Text)
-		}
-	}
-
-	if o.Mss != nil {
-		ans.AdjustTcpMss = util.AsBool(o.Mss.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.Mss.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.Mss.Ipv6MssAdjust
-	}
-
-	if o.Dhcp != nil {
-		ans.EnableDhcp = util.AsBool(o.Dhcp.EnableDhcp)
-		ans.CreateDhcpDefaultRoute = util.AsBool(o.Dhcp.CreateDhcpDefaultRoute)
-		ans.DhcpDefaultRouteMetric = o.Dhcp.DhcpDefaultRouteMetric
-	}
-
-	if o.Arp != nil {
-		ans.raw["arp"] = util.CleanRawXml(o.Arp.Text)
-	}
-	if o.NdpProxy != nil {
-		ans.raw["ndp"] = util.CleanRawXml(o.NdpProxy.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Tag:               o.Tag,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		ManagementProfile: o.ManagementProfile,
-		Mtu:               o.Mtu,
-		NetflowProfile:    o.NetflowProfile,
-		Comment:           o.Comment,
-		DecryptForward:    util.AsBool(o.DecryptForward),
-	}
-	ans.raw = make(map[string]string)
-
-	if o.Ipv6 != nil {
-		ans.Ipv6Enabled = util.AsBool(o.Ipv6.Ipv6Enabled)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-		if o.Ipv6.Addresses != nil {
-			ans.raw["v6adr"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-		if o.Ipv6.Neighbor != nil {
-			ans.raw["v6nbr"] = util.CleanRawXml(o.Ipv6.Neighbor.Text)
-		}
-	}
-
-	if o.Mss != nil {
-		ans.AdjustTcpMss = util.AsBool(o.Mss.AdjustTcpMss)
-		ans.Ipv4MssAdjust = o.Mss.Ipv4MssAdjust
-		ans.Ipv6MssAdjust = o.Mss.Ipv6MssAdjust
-	}
-
-	if o.Dhcp != nil {
-		ans.EnableDhcp = util.AsBool(o.Dhcp.EnableDhcp)
-		ans.CreateDhcpDefaultRoute = util.AsBool(o.Dhcp.CreateDhcpDefaultRoute)
-		ans.DhcpDefaultRouteMetric = o.Dhcp.DhcpDefaultRouteMetric
-		if o.Dhcp.Hostname != nil {
-			ans.DhcpSendHostnameEnable = util.AsBool(o.Dhcp.Hostname.DhcpSendHostnameEnable)
-			ans.DhcpSendHostnameValue = o.Dhcp.Hostname.DhcpSendHostnameValue
-		}
-	}
-
-	if o.Arp != nil {
-		ans.raw["arp"] = util.CleanRawXml(o.Arp.Text)
-	}
-	if o.NdpProxy != nil {
-		ans.raw["ndp"] = util.CleanRawXml(o.NdpProxy.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-	return ans
-}
-
-// 8.1
-type entry_v2 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Tag               int             `xml:"tag,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	Mss               *mss            `xml:"adjust-tcp-mss"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	Comment           string          `xml:"comment,omitempty"`
-	Dhcp              *dhcp_v1        `xml:"dhcp-client"`
-	Arp               *util.RawXml    `xml:"arp"`
-	NdpProxy          *util.RawXml    `xml:"ndp-proxy"`
-	DecryptForward    string          `xml:"decrypt-forward,omitempty"`
-}
-
-// 9.0
-type entry_v3 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Tag               int             `xml:"tag,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	Mss               *mss            `xml:"adjust-tcp-mss"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	Comment           string          `xml:"comment,omitempty"`
-	Dhcp              *dhcp_v2        `xml:"dhcp-client"`
-	Arp               *util.RawXml    `xml:"arp"`
-	NdpProxy          *util.RawXml    `xml:"ndp-proxy"`
-	DecryptForward    string          `xml:"decrypt-forward,omitempty"`
-	DdnsConfig        *util.RawXml    `xml:"ddns-config"`
-}
-
-type dhcp_v2 struct {
-	EnableDhcp             string        `xml:"enable"`
-	CreateDhcpDefaultRoute string        `xml:"create-default-route"`
-	DhcpDefaultRouteMetric int           `xml:"default-route-metric,omitempty"`
-	Hostname               *dhcpHostname `xml:"send-hostname"`
-}
-
-type dhcpHostname struct {
-	DhcpSendHostnameEnable string `xml:"enable"`
-	DhcpSendHostnameValue  string `xml:"hostname,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:              e.Name,
-		Tag:               e.Tag,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		ManagementProfile: e.ManagementProfile,
-		Mtu:               e.Mtu,
-		NetflowProfile:    e.NetflowProfile,
-		Comment:           e.Comment,
-	}
-
-	v6adr := e.raw["v6adr"]
-	v6nbr := e.raw["v6nbr"]
-	if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nbr != "" {
-		i6 := ipv6{
-			Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if v6adr != "" {
-			i6.Addresses = &util.RawXml{v6adr}
-		}
-		if v6nbr != "" {
-			i6.Neighbor = &util.RawXml{v6nbr}
-		}
-		ans.Ipv6 = &i6
-	}
-
-	if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-		ans.Mss = &mss{
-			AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust: e.Ipv4MssAdjust,
-			Ipv6MssAdjust: e.Ipv6MssAdjust,
-		}
-	}
-
-	if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-		ans.Dhcp = &dhcp_v1{
-			EnableDhcp:             util.YesNo(e.EnableDhcp),
-			CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-			DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-		}
-	}
-
-	if text, present := e.raw["arp"]; present {
-		ans.Arp = &util.RawXml{text}
-	}
-	if text, present := e.raw["ndp"]; present {
-		ans.NdpProxy = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:              e.Name,
-		Tag:               e.Tag,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		ManagementProfile: e.ManagementProfile,
-		Mtu:               e.Mtu,
-		NetflowProfile:    e.NetflowProfile,
-		Comment:           e.Comment,
-	}
-
-	if e.DecryptForward {
-		ans.DecryptForward = util.YesNo(e.DecryptForward)
-	}
-
-	v6adr := e.raw["v6adr"]
-	v6nbr := e.raw["v6nbr"]
-	if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nbr != "" {
-		i6 := ipv6{
-			Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if v6adr != "" {
-			i6.Addresses = &util.RawXml{v6adr}
-		}
-		if v6nbr != "" {
-			i6.Neighbor = &util.RawXml{v6nbr}
-		}
-		ans.Ipv6 = &i6
-	}
-
-	if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-		ans.Mss = &mss{
-			AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust: e.Ipv4MssAdjust,
-			Ipv6MssAdjust: e.Ipv6MssAdjust,
-		}
-	}
-
-	if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-		ans.Dhcp = &dhcp_v1{
-			EnableDhcp:             util.YesNo(e.EnableDhcp),
-			CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-			DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-		}
-	}
-
-	if text, present := e.raw["arp"]; present {
-		ans.Arp = &util.RawXml{text}
-	}
-	if text, present := e.raw["ndp"]; present {
-		ans.NdpProxy = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:              e.Name,
-		Tag:               e.Tag,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		ManagementProfile: e.ManagementProfile,
-		Mtu:               e.Mtu,
-		NetflowProfile:    e.NetflowProfile,
-		Comment:           e.Comment,
-	}
-
-	if e.DecryptForward {
-		ans.DecryptForward = util.YesNo(e.DecryptForward)
-	}
-
-	v6adr := e.raw["v6adr"]
-	v6nbr := e.raw["v6nbr"]
-	if e.Ipv6Enabled || e.Ipv6InterfaceId != "" || v6adr != "" || v6nbr != "" {
-		i6 := ipv6{
-			Ipv6Enabled:     util.YesNo(e.Ipv6Enabled),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if v6adr != "" {
-			i6.Addresses = &util.RawXml{v6adr}
-		}
-		if v6nbr != "" {
-			i6.Neighbor = &util.RawXml{v6nbr}
-		}
-		ans.Ipv6 = &i6
-	}
-
-	if e.AdjustTcpMss || e.Ipv4MssAdjust != 0 || e.Ipv6MssAdjust != 0 {
-		ans.Mss = &mss{
-			AdjustTcpMss:  util.YesNo(e.AdjustTcpMss),
-			Ipv4MssAdjust: e.Ipv4MssAdjust,
-			Ipv6MssAdjust: e.Ipv6MssAdjust,
-		}
-	}
-
-	dhn := e.DhcpSendHostnameEnable || e.DhcpSendHostnameValue != ""
-	if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 || dhn {
-		ans.Dhcp = &dhcp_v2{
-			EnableDhcp:             util.YesNo(e.EnableDhcp),
-			CreateDhcpDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-			DhcpDefaultRouteMetric: e.DhcpDefaultRouteMetric,
-		}
-
-		if dhn {
-			ans.Dhcp.Hostname = &dhcpHostname{
-				DhcpSendHostnameEnable: util.YesNo(e.DhcpSendHostnameEnable),
-				DhcpSendHostnameValue:  e.DhcpSendHostnameValue,
-			}
-		}
-	}
-
-	if text, present := e.raw["arp"]; present {
-		ans.Arp = &util.RawXml{text}
-	}
-	if text, present := e.raw["ndp"]; present {
-		ans.NdpProxy = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/interface/subinterface/layer3/funcs.go b/netw/interface/subinterface/layer3/funcs.go
deleted file mode 100644
index 3233b78c..00000000
--- a/netw/interface/subinterface/layer3/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package layer3
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/subinterface/layer3/fw.go b/netw/interface/subinterface/layer3/fw.go
deleted file mode 100644
index c57892f1..00000000
--- a/netw/interface/subinterface/layer3/fw.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package layer3
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Layer3Subinterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(iType, eth string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(iType, eth), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(iType, eth string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(iType, eth), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(iType, eth), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll(iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(iType, eth), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(iType, eth, vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(iType, eth), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(iType, eth, vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(iType, eth), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(iType, eth string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(iType, eth), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(iType, eth), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(iType, eth string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(iType, eth, v)
-	}
-}
-
-func (c *Firewall) xpath(iType, eth string, vals []string) ([]string, error) {
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case EthernetInterface, AggregateInterface:
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-	if eth == "" {
-		return nil, fmt.Errorf("eth must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-		util.AsEntryXpath([]string{eth}),
-		"layer3",
-		"units",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/subinterface/layer3/fw_test.go b/netw/interface/subinterface/layer3/fw_test.go
deleted file mode 100644
index e6db0563..00000000
--- a/netw/interface/subinterface/layer3/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package layer3
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(EthernetInterface, "ethernet1/1", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(EthernetInterface, "ethernet1/1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/subinterface/layer3/pano.go b/netw/interface/subinterface/layer3/pano.go
deleted file mode 100644
index a6593260..00000000
--- a/netw/interface/subinterface/layer3/pano.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package layer3
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Layer3Subinterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, iType, eth string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, iType, eth), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, iType, eth string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, iType, eth), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, iType, eth), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts, iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, iType, eth), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, iType, eth, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts, iType, eth), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, iType, eth, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts, iType, eth), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, iType, eth string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts, iType, eth), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, iType, eth, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, iType, eth), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, iType, eth string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, iType, eth), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, iType, eth string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, iType, eth, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, iType, eth string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	switch iType {
-	case "":
-		return nil, fmt.Errorf("iType must be specified")
-	case EthernetInterface, AggregateInterface:
-	default:
-		return nil, fmt.Errorf("unknown iType value: %s", iType)
-	}
-	if eth == "" {
-		return nil, fmt.Errorf("eth must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		iType,
-		util.AsEntryXpath([]string{eth}),
-		"layer3",
-		"units",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/subinterface/layer3/pano_test.go b/netw/interface/subinterface/layer3/pano_test.go
deleted file mode 100644
index 430bf213..00000000
--- a/netw/interface/subinterface/layer3/pano_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package layer3
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set("my template", "", AggregateInterface, "ethernet1/1", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", AggregateInterface, "ethernet1/1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/subinterface/layer3/testdata_test.go b/netw/interface/subinterface/layer3/testdata_test.go
deleted file mode 100644
index 0478b862..00000000
--- a/netw/interface/subinterface/layer3/testdata_test.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package layer3
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	tmpl       string
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{7, 1, 0, ""}, "tmpl1", "vsys1", "vsys1", []string{"ethernet1/1.2"}, Entry{
-			Name:              "ethernet1/1.2",
-			Tag:               2,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     5,
-			Ipv6MssAdjust:     6,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{7, 1, 0, ""}, "tmpl2", "vsys1", "vsys1", []string{"ethernet1/1.3"}, Entry{
-			Name:                   "ethernet1/1.3",
-			Tag:                    3,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp without default route",
-		}},
-		{version.Number{7, 1, 0, ""}, "tmpl3", "vsys1", "vsys1", []string{"ethernet1/1.4"}, Entry{
-			Name:                   "ethernet1/1.4",
-			Tag:                    4,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp with default route",
-		}},
-		{version.Number{7, 1, 0, ""}, "tmpl4", "vsys1", "vsys1", []string{"ethernet1/1.5"}, Entry{
-			Name:                   "ethernet1/1.5",
-			Tag:                    5,
-			Ipv6Enabled:            true,
-			Ipv6InterfaceId:        "v6-interface-id",
-			ManagementProfile:      "block everything",
-			Mtu:                    2600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			Comment:                "v1 dhcp with raw",
-			raw: map[string]string{
-				"arp":   "arp entries",
-				"ndp":   "ndp info",
-				"v6adr": "ipv6 addresses",
-				"v6nbr": "ipv6 neighbor info",
-			},
-		}},
-		{version.Number{8, 1, 0, ""}, "tmpl5", "vsys1", "vsys1", []string{"ethernet1/1.2"}, Entry{
-			Name:              "ethernet1/1.2",
-			Tag:               2,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     5,
-			Ipv6MssAdjust:     6,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{8, 1, 0, ""}, "tmpl6", "vsys1", "vsys1", []string{"ethernet1/1.3"}, Entry{
-			Name:                   "ethernet1/1.3",
-			Tag:                    3,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp without default route",
-		}},
-		{version.Number{8, 1, 0, ""}, "tmpl7", "vsys1", "vsys1", []string{"ethernet1/1.4"}, Entry{
-			Name:                   "ethernet1/1.4",
-			Tag:                    4,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp with default route",
-		}},
-		{version.Number{8, 1, 0, ""}, "tmpl8", "vsys1", "vsys1", []string{"ethernet1/1.5"}, Entry{
-			Name:                   "ethernet1/1.5",
-			Tag:                    5,
-			DecryptForward:         true,
-			Ipv6Enabled:            true,
-			Ipv6InterfaceId:        "v6-interface-id",
-			ManagementProfile:      "block everything",
-			Mtu:                    2600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			Comment:                "v1 dhcp with raw and decrypt forward",
-			raw: map[string]string{
-				"arp":   "arp entries",
-				"ndp":   "ndp info",
-				"v6adr": "ipv6 addresses",
-				"v6nbr": "ipv6 neighbor info",
-			},
-		}},
-		{version.Number{9, 0, 0, ""}, "tmpl9", "vsys1", "vsys1", []string{"ethernet1/1.2"}, Entry{
-			Name:              "ethernet1/1.2",
-			Tag:               2,
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			Ipv6Enabled:       true,
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     5,
-			Ipv6MssAdjust:     6,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{9, 0, 0, ""}, "tmpl10", "vsys1", "vsys1", []string{"ethernet1/1.3"}, Entry{
-			Name:                   "ethernet1/1.3",
-			Tag:                    3,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp without default route",
-		}},
-		{version.Number{9, 0, 0, ""}, "tmpl11", "vsys1", "vsys1", []string{"ethernet1/1.4"}, Entry{
-			Name:                   "ethernet1/1.4",
-			Tag:                    4,
-			ManagementProfile:      "enable ping",
-			Mtu:                    1600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 5,
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp with default route",
-		}},
-		{version.Number{9, 0, 0, ""}, "tmpl12", "vsys1", "vsys1", []string{"ethernet1/1.5"}, Entry{
-			Name:                   "ethernet1/1.5",
-			Tag:                    5,
-			DecryptForward:         true,
-			Ipv6Enabled:            true,
-			Ipv6InterfaceId:        "v6-interface-id",
-			ManagementProfile:      "block everything",
-			Mtu:                    2600,
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			Comment:                "v1 dhcp with raw and decrypt forward",
-			raw: map[string]string{
-				"arp":   "arp entries",
-				"ndp":   "ndp info",
-				"v6adr": "ipv6 addresses",
-				"v6nbr": "ipv6 neighbor info",
-			},
-		}},
-		{version.Number{9, 0, 0, ""}, "tmpl13", "vsys1", "vsys1", []string{"ethernet1/1.6"}, Entry{
-			Name:                   "ethernet1/1.6",
-			Tag:                    6,
-			ManagementProfile:      "allow ssh",
-			Mtu:                    1100,
-			EnableDhcp:             true,
-			DhcpSendHostnameEnable: true,
-			DhcpSendHostnameValue:  "foo.bar.com",
-			NetflowProfile:         "some profile",
-			Comment:                "v1 dhcp with send hostname",
-		}},
-	}
-}
diff --git a/netw/interface/tunnel/const.go b/netw/interface/tunnel/const.go
deleted file mode 100644
index fa72e8af..00000000
--- a/netw/interface/tunnel/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package tunnel
-
-const (
-	singular = "tunnel interface"
-	plural   = "tunnel interfaces"
-)
diff --git a/netw/interface/tunnel/doc.go b/netw/interface/tunnel/doc.go
deleted file mode 100644
index 5c80b9b2..00000000
--- a/netw/interface/tunnel/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package loopback is the client.Network.TunnelInterface namespace.
-//
-// Normalized object:  Entry
-package tunnel
diff --git a/netw/interface/tunnel/entry.go b/netw/interface/tunnel/entry.go
deleted file mode 100644
index 569ffa56..00000000
--- a/netw/interface/tunnel/entry.go
+++ /dev/null
@@ -1,138 +0,0 @@
-package tunnel
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a VLAN interface.
-type Entry struct {
-	Name              string
-	Comment           string
-	NetflowProfile    string
-	StaticIps         []string // ordered
-	ManagementProfile string
-	Mtu               int
-	EnableIpv6        bool
-	Ipv6InterfaceId   string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Comment = s.Comment
-	o.NetflowProfile = s.NetflowProfile
-	o.StaticIps = s.StaticIps
-	o.ManagementProfile = s.ManagementProfile
-	o.Mtu = s.Mtu
-	o.EnableIpv6 = s.EnableIpv6
-	o.Ipv6InterfaceId = s.Ipv6InterfaceId
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Comment:           o.Comment,
-		NetflowProfile:    o.NetflowProfile,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		Mtu:               int(o.Mtu),
-		ManagementProfile: o.ManagementProfile,
-	}
-
-	raw := make(map[string]string)
-
-	if o.Ipv6 != nil {
-		ans.EnableIpv6 = util.AsBool(o.Ipv6.EnableIpv6)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-
-		if o.Ipv6.Addresses != nil {
-			raw["v6a"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Comment           string          `xml:"comment,omitempty"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-}
-
-type ipv6 struct {
-	EnableIpv6      string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Addresses       *util.RawXml `xml:"address"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:              e.Name,
-		Comment:           e.Comment,
-		NetflowProfile:    e.NetflowProfile,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		Mtu:               e.Mtu,
-		ManagementProfile: e.ManagementProfile,
-	}
-
-	if e.raw["v6a"] != "" || e.EnableIpv6 || e.Ipv6InterfaceId != "" {
-		ans.Ipv6 = &ipv6{
-			EnableIpv6:      util.YesNo(e.EnableIpv6),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if text := e.raw["v6a"]; text != "" {
-			ans.Ipv6.Addresses = &util.RawXml{text}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/interface/tunnel/funcs.go b/netw/interface/tunnel/funcs.go
deleted file mode 100644
index 97e21453..00000000
--- a/netw/interface/tunnel/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package tunnel
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/tunnel/fw.go b/netw/interface/tunnel/fw.go
deleted file mode 100644
index d493fb53..00000000
--- a/netw/interface/tunnel/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package tunnel
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.TunnelInterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"tunnel",
-		"units",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/tunnel/fw_test.go b/netw/interface/tunnel/fw_test.go
deleted file mode 100644
index 375a8d1a..00000000
--- a/netw/interface/tunnel/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package tunnel
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/tunnel/pano.go b/netw/interface/tunnel/pano.go
deleted file mode 100644
index dde38eed..00000000
--- a/netw/interface/tunnel/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package tunnel
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.TunnelInterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"tunnel",
-		"units",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/tunnel/pano_test.go b/netw/interface/tunnel/pano_test.go
deleted file mode 100644
index db75e7de..00000000
--- a/netw/interface/tunnel/pano_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package tunnel
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.tmpl, "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if mc.Template != tc.tmpl {
-					t.Errorf("template: %q != %q", tc.tmpl, mc.Template)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/tunnel/testdata_test.go b/netw/interface/tunnel/testdata_test.go
deleted file mode 100644
index 760a45a3..00000000
--- a/netw/interface/tunnel/testdata_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package tunnel
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	tmpl       string
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{6, 1, 0, ""}, "one", "vsys2", "vsys2", []string{"tunnel.1"}, Entry{
-			Name:              "tunnel.1",
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{6, 1, 0, ""}, "two", "vsys3", "vsys3", []string{"tunnel.2"}, Entry{
-			Name:      "tunnel.2",
-			StaticIps: []string{"10.3.1.1/24"},
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-			},
-			Comment: "v1 raw no import",
-		}},
-		{version.Number{6, 1, 0, ""}, "two", "vsys3", "vsys3", []string{"tunnel.3"}, Entry{
-			Name:            "tunnel.3",
-			StaticIps:       []string{"10.3.1.1/24"},
-			EnableIpv6:      true,
-			Ipv6InterfaceId: "myId",
-			Comment:         "v1 no import with ipv6 config",
-		}},
-	}
-}
diff --git a/netw/interface/vlan/const.go b/netw/interface/vlan/const.go
deleted file mode 100644
index 360c2b1d..00000000
--- a/netw/interface/vlan/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package vlan
-
-const (
-	singular = "vlan interface"
-	plural   = "vlan interfaces"
-)
diff --git a/netw/interface/vlan/doc.go b/netw/interface/vlan/doc.go
deleted file mode 100644
index dccecfb1..00000000
--- a/netw/interface/vlan/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package vlan is the client.Network.VlanInterface namespace.
-//
-// Normalized object:  Entry
-package vlan
diff --git a/netw/interface/vlan/entry.go b/netw/interface/vlan/entry.go
deleted file mode 100644
index d6452634..00000000
--- a/netw/interface/vlan/entry.go
+++ /dev/null
@@ -1,326 +0,0 @@
-package vlan
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a VLAN interface.
-type Entry struct {
-	Name                   string
-	Comment                string
-	NetflowProfile         string
-	StaticIps              []string // ordered
-	EnableDhcp             bool
-	CreateDhcpDefaultRoute bool
-	DhcpDefaultRouteMetric int
-	ManagementProfile      string
-	Mtu                    int
-	AdjustTcpMss           bool
-	Ipv4MssAdjust          int
-	Ipv6MssAdjust          int
-	EnableIpv6             bool
-	Ipv6InterfaceId        string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Comment = s.Comment
-	o.NetflowProfile = s.NetflowProfile
-	o.StaticIps = s.StaticIps
-	o.EnableDhcp = s.EnableDhcp
-	o.CreateDhcpDefaultRoute = s.CreateDhcpDefaultRoute
-	o.DhcpDefaultRouteMetric = s.DhcpDefaultRouteMetric
-	o.ManagementProfile = s.ManagementProfile
-	o.Mtu = s.Mtu
-	o.AdjustTcpMss = s.AdjustTcpMss
-	o.Ipv4MssAdjust = s.Ipv4MssAdjust
-	o.Ipv6MssAdjust = s.Ipv6MssAdjust
-	o.EnableIpv6 = s.EnableIpv6
-	o.Ipv6InterfaceId = s.Ipv6InterfaceId
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Comment:           o.Comment,
-		NetflowProfile:    o.NetflowProfile,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		Mtu:               int(o.Mtu),
-		ManagementProfile: o.ManagementProfile,
-		AdjustTcpMss:      util.AsBool(o.AdjustTcpMss),
-	}
-	if o.Dhcp != nil {
-		ans.EnableDhcp = util.AsBool(o.Dhcp.Enable)
-		ans.CreateDhcpDefaultRoute = util.AsBool(o.Dhcp.CreateDefaultRoute)
-		ans.DhcpDefaultRouteMetric = int(o.Dhcp.Metric)
-	}
-
-	ans.raw = make(map[string]string)
-	if o.Ipv6 != nil {
-		ans.EnableIpv6 = util.AsBool(o.Ipv6.EnableIpv6)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-
-		if o.Ipv6.Addresses != nil {
-			ans.raw["v6a"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-		if o.Ipv6.Neighbor != nil {
-			ans.raw["v6n"] = util.CleanRawXml(o.Ipv6.Neighbor.Text)
-		}
-	}
-	if o.Arp != nil {
-		ans.raw["arp"] = util.CleanRawXml(o.Arp.Text)
-	}
-	if o.NdpProxy != nil {
-		ans.raw["ndp"] = util.CleanRawXml(o.NdpProxy.Text)
-	}
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Comment           string          `xml:"comment,omitempty"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Dhcp              *dhcpSettings   `xml:"dhcp-client"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	AdjustTcpMss      string          `xml:"adjust-tcp-mss"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-
-	Arp      *util.RawXml `xml:"arp"`
-	NdpProxy *util.RawXml `xml:"ndp-proxy"`
-}
-
-type dhcpSettings struct {
-	Enable             string `xml:"enable"`
-	CreateDefaultRoute string `xml:"create-default-route"`
-	Metric             int    `xml:"default-route-metric,omitempty"`
-}
-
-type ipv6 struct {
-	EnableIpv6      string       `xml:"enabled"`
-	Ipv6InterfaceId string       `xml:"interface-id,omitempty"`
-	Addresses       *util.RawXml `xml:"address"`
-	Neighbor        *util.RawXml `xml:"neighbor-discovery"`
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		Comment:           o.Comment,
-		NetflowProfile:    o.NetflowProfile,
-		StaticIps:         util.EntToStr(o.StaticIps),
-		Mtu:               int(o.Mtu),
-		ManagementProfile: o.ManagementProfile,
-		AdjustTcpMss:      util.AsBool(o.AdjustTcpMss),
-		Ipv4MssAdjust:     int(o.Ipv4MssAdjust),
-		Ipv6MssAdjust:     int(o.Ipv6MssAdjust),
-	}
-	if o.Dhcp != nil {
-		ans.EnableDhcp = util.AsBool(o.Dhcp.Enable)
-		ans.CreateDhcpDefaultRoute = util.AsBool(o.Dhcp.CreateDefaultRoute)
-		ans.DhcpDefaultRouteMetric = int(o.Dhcp.Metric)
-	}
-
-	ans.raw = make(map[string]string)
-	if o.Ipv6 != nil {
-		ans.EnableIpv6 = util.AsBool(o.Ipv6.EnableIpv6)
-		ans.Ipv6InterfaceId = o.Ipv6.Ipv6InterfaceId
-
-		if o.Ipv6.Addresses != nil {
-			ans.raw["v6a"] = util.CleanRawXml(o.Ipv6.Addresses.Text)
-		}
-		if o.Ipv6.Neighbor != nil {
-			ans.raw["v6n"] = util.CleanRawXml(o.Ipv6.Neighbor.Text)
-		}
-	}
-	if o.Arp != nil {
-		ans.raw["arp"] = util.CleanRawXml(o.Arp.Text)
-	}
-	if o.NdpProxy != nil {
-		ans.raw["ndp"] = util.CleanRawXml(o.NdpProxy.Text)
-	}
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName           xml.Name        `xml:"entry"`
-	Name              string          `xml:"name,attr"`
-	Comment           string          `xml:"comment,omitempty"`
-	NetflowProfile    string          `xml:"netflow-profile,omitempty"`
-	StaticIps         *util.EntryType `xml:"ip"`
-	Dhcp              *dhcpSettings   `xml:"dhcp-client"`
-	Mtu               int             `xml:"mtu,omitempty"`
-	ManagementProfile string          `xml:"interface-management-profile,omitempty"`
-	AdjustTcpMss      string          `xml:"adjust-tcp-mss>enable"`
-	Ipv4MssAdjust     int             `xml:"adjust-tcp-mss>ipv4-mss-adjustment,omitempty"`
-	Ipv6MssAdjust     int             `xml:"adjust-tcp-mss>ipv6-mss-adjustment,omitempty"`
-	Ipv6              *ipv6           `xml:"ipv6"`
-
-	Arp      *util.RawXml `xml:"arp"`
-	NdpProxy *util.RawXml `xml:"ndp-proxy"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:              e.Name,
-		Comment:           e.Comment,
-		NetflowProfile:    e.NetflowProfile,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		Mtu:               e.Mtu,
-		ManagementProfile: e.ManagementProfile,
-		AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-	}
-
-	if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-		v := dhcpSettings{
-			Enable:             util.YesNo(e.EnableDhcp),
-			CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-			Metric:             e.DhcpDefaultRouteMetric,
-		}
-		ans.Dhcp = &v
-	}
-
-	if e.raw["v6a"] != "" || e.raw["v6n"] != "" || e.EnableIpv6 || e.Ipv6InterfaceId != "" {
-		ans.Ipv6 = &ipv6{
-			EnableIpv6:      util.YesNo(e.EnableIpv6),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if text := e.raw["v6a"]; text != "" {
-			ans.Ipv6.Addresses = &util.RawXml{text}
-		}
-
-		if text := e.raw["v6n"]; text != "" {
-			ans.Ipv6.Neighbor = &util.RawXml{text}
-		}
-	}
-
-	if text, ok := e.raw["arp"]; ok {
-		ans.Arp = &util.RawXml{text}
-	}
-	if text, ok := e.raw["ndp"]; ok {
-		ans.NdpProxy = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:              e.Name,
-		Comment:           e.Comment,
-		NetflowProfile:    e.NetflowProfile,
-		StaticIps:         util.StrToEnt(e.StaticIps),
-		Mtu:               e.Mtu,
-		ManagementProfile: e.ManagementProfile,
-		AdjustTcpMss:      util.YesNo(e.AdjustTcpMss),
-		Ipv4MssAdjust:     e.Ipv4MssAdjust,
-		Ipv6MssAdjust:     e.Ipv6MssAdjust,
-	}
-
-	if e.EnableDhcp || e.CreateDhcpDefaultRoute || e.DhcpDefaultRouteMetric != 0 {
-		v := dhcpSettings{
-			Enable:             util.YesNo(e.EnableDhcp),
-			CreateDefaultRoute: util.YesNo(e.CreateDhcpDefaultRoute),
-			Metric:             e.DhcpDefaultRouteMetric,
-		}
-		ans.Dhcp = &v
-	}
-
-	if e.raw["v6a"] != "" || e.raw["v6n"] != "" || e.EnableIpv6 || e.Ipv6InterfaceId != "" {
-		ans.Ipv6 = &ipv6{
-			EnableIpv6:      util.YesNo(e.EnableIpv6),
-			Ipv6InterfaceId: e.Ipv6InterfaceId,
-		}
-
-		if text := e.raw["v6a"]; text != "" {
-			ans.Ipv6.Addresses = &util.RawXml{text}
-		}
-
-		if text := e.raw["v6n"]; text != "" {
-			ans.Ipv6.Neighbor = &util.RawXml{text}
-		}
-	}
-
-	if text, ok := e.raw["arp"]; ok {
-		ans.Arp = &util.RawXml{text}
-	}
-	if text, ok := e.raw["ndp"]; ok {
-		ans.NdpProxy = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/interface/vlan/funcs.go b/netw/interface/vlan/funcs.go
deleted file mode 100644
index 5f861d03..00000000
--- a/netw/interface/vlan/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package vlan
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.InterfaceImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/interface/vlan/fw.go b/netw/interface/vlan/fw.go
deleted file mode 100644
index db620186..00000000
--- a/netw/interface/vlan/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package vlan
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.VlanInterface namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"vlan",
-		"units",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/vlan/fw_test.go b/netw/interface/vlan/fw_test.go
deleted file mode 100644
index a712cc52..00000000
--- a/netw/interface/vlan/fw_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package vlan
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/vlan/pano.go b/netw/interface/vlan/pano.go
deleted file mode 100644
index 4929feaa..00000000
--- a/netw/interface/vlan/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package vlan
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.VlanInterface namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"interface",
-		"vlan",
-		"units",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/interface/vlan/pano_test.go b/netw/interface/vlan/pano_test.go
deleted file mode 100644
index f9234e56..00000000
--- a/netw/interface/vlan/pano_test.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package vlan
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.conf.Comment, func(t *testing.T) {
-			var err error
-			if tc.tmpl == "" {
-				t.Skip()
-			}
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err = ns.Set(tc.tmpl, "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.importVsys != mc.Vsys {
-					t.Errorf("vsys: %q != %q", tc.importVsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/interface/vlan/testdata_test.go b/netw/interface/vlan/testdata_test.go
deleted file mode 100644
index 830b5969..00000000
--- a/netw/interface/vlan/testdata_test.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package vlan
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version    version.Number
-	tmpl       string
-	vsys       string
-	importVsys string
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{5, 0, 0, ""}, "tmpl", "vsys2", "vsys2", []string{"vlan.1"}, Entry{
-			Name:              "vlan.1",
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			NetflowProfile:    "some profile",
-			Comment:           "v1 basic",
-		}},
-		{version.Number{5, 0, 0, ""}, "tmpl", "vsys3", "vsys3", []string{"vlan.2"}, Entry{
-			Name:                   "vlan.2",
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			Comment:                "v1 dhcp",
-		}},
-		{version.Number{5, 0, 0, ""}, "", "", "", []string{"vlan.3"}, Entry{
-			Name:       "vlan.3",
-			EnableDhcp: true,
-			raw: map[string]string{
-				"arp": "<arp>raw arp</arp>",
-				"ndp": "<ndp-proxy>raw ndp</ndp-proxy>",
-			},
-			Comment: "v1 raw no import",
-		}},
-		{version.Number{5, 0, 0, ""}, "", "", "", []string{"vlan.4"}, Entry{
-			Name:       "vlan.4",
-			EnableDhcp: true,
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-				"v6n": "ipv6 neighbor discovery config",
-			},
-			Comment: "v1 ipv6 raw no import",
-		}},
-		{version.Number{5, 0, 0, ""}, "", "", "", []string{"vlan.5"}, Entry{
-			Name:            "vlan.5",
-			EnableIpv6:      true,
-			Ipv6InterfaceId: "myId",
-			Comment:         "v1 ipv6 only",
-		}},
-		{version.Number{8, 0, 0, ""}, "tmpl", "vsys2", "vsys2", []string{"vlan.4"}, Entry{
-			Name:              "vlan.4",
-			StaticIps:         []string{"10.1.1.1/24", "10.2.1.1/24"},
-			ManagementProfile: "enable ping",
-			Mtu:               1500,
-			AdjustTcpMss:      true,
-			Ipv4MssAdjust:     12,
-			Ipv6MssAdjust:     14,
-			NetflowProfile:    "some profile",
-			Comment:           "v2 basic",
-		}},
-		{version.Number{8, 0, 0, ""}, "tmpl", "vsys3", "vsys3", []string{"vlan.5"}, Entry{
-			Name:                   "vlan.5",
-			EnableDhcp:             true,
-			CreateDhcpDefaultRoute: true,
-			DhcpDefaultRouteMetric: 12,
-			Comment:                "v2 dhcp",
-		}},
-		{version.Number{8, 0, 0, ""}, "", "", "", []string{"vlan.6"}, Entry{
-			Name:       "vlan.6",
-			EnableDhcp: true,
-			raw: map[string]string{
-				"arp": "<arp>raw arp</arp>",
-				"ndp": "<ndp-proxy>raw ndp</ndp-proxy>",
-			},
-			Comment: "v2 raw no import",
-		}},
-		{version.Number{8, 0, 0, ""}, "", "", "", []string{"vlan.4"}, Entry{
-			Name:       "vlan.4",
-			EnableDhcp: true,
-			raw: map[string]string{
-				"v6a": "ipv6 addresses",
-				"v6n": "ipv6 neighbor discovery config",
-			},
-			Comment: "v2 ipv6 raw no import",
-		}},
-		{version.Number{8, 0, 0, ""}, "", "", "", []string{"vlan.5"}, Entry{
-			Name:            "vlan.5",
-			EnableIpv6:      true,
-			Ipv6InterfaceId: "myId",
-			Comment:         "v2 ipv6 only",
-		}},
-	}
-}
diff --git a/netw/ipsectunnel/const.go b/netw/ipsectunnel/const.go
deleted file mode 100644
index 317fde1e..00000000
--- a/netw/ipsectunnel/const.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package ipsectunnel
-
-const (
-	TypeAutoKey                = "auto-key"
-	TypeManualKey              = "manual-key"
-	TypeGlobalProtectSatellite = "global-protect-satellite"
-)
-
-const (
-	MkEspEncryptionDes    = "des"
-	MkEspEncryption3des   = "3des"
-	MkEspEncryptionAes128 = "aes-128-cbc"
-	MkEspEncryptionAes192 = "aes-192-cbc"
-	MkEspEncryptionAes256 = "aes-256-cbc"
-	MkEspEncryptionNull   = "null"
-)
-
-const (
-	MkProtocolEsp = "esp"
-	MkProtocolAh  = "ah"
-)
-
-const (
-	MkAuthTypeMd5    = "md5"
-	MkAuthTypeSha1   = "sha1"
-	MkAuthTypeSha256 = "sha256"
-	MkAuthTypeSha384 = "sha384"
-	MkAuthTypeSha512 = "sha512"
-	MkAuthTypeNone   = "none"
-)
-
-const (
-	singular = "ipsec tunnel"
-	plural   = "ipsec tunnels"
-)
diff --git a/netw/ipsectunnel/doc.go b/netw/ipsectunnel/doc.go
deleted file mode 100644
index 1e08bdcc..00000000
--- a/netw/ipsectunnel/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package ipsectunnel is the client.Network.IpsecTunnel namespace.
-//
-// Normalized object:  Entry
-package ipsectunnel
diff --git a/netw/ipsectunnel/entry.go b/netw/ipsectunnel/entry.go
deleted file mode 100644
index a64c68c4..00000000
--- a/netw/ipsectunnel/entry.go
+++ /dev/null
@@ -1,1086 +0,0 @@
-package ipsectunnel
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an IKE gateway.
-type Entry struct {
-	Name                       string
-	TunnelInterface            string
-	AntiReplay                 bool
-	EnableIpv6                 bool
-	Type                       string
-	AkIkeGateway               string
-	AkIpsecCryptoProfile       string
-	MkLocalSpi                 string
-	MkInterface                string
-	MkRemoteSpi                string
-	MkRemoteAddress            string
-	MkLocalAddressIp           string
-	MkLocalAddressFloatingIp   string
-	MkProtocol                 string
-	MkAuthType                 string
-	MkAuthKey                  string
-	MkEspEncryptionType        string
-	MkEspEncryptionKey         string
-	GpsInterface               string
-	GpsPortalAddress           string
-	GpsPreferIpv6              bool
-	GpsInterfaceIpIpv4         string
-	GpsInterfaceIpIpv6         string
-	GpsInterfaceFloatingIpIpv4 string
-	GpsInterfaceFloatingIpIpv6 string
-	GpsPublishConnectedRoutes  bool
-	GpsPublishRoutes           []string
-	GpsLocalCertificate        string
-	GpsCertificateProfile      string
-	CopyTos                    bool
-	CopyFlowLabel              bool
-	EnableTunnelMonitor        bool
-	TunnelMonitorDestinationIp string
-	TunnelMonitorSourceIp      string
-	TunnelMonitorProxyId       string
-	TunnelMonitorProfile       string
-	Disabled                   bool
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.TunnelInterface = s.TunnelInterface
-	o.AntiReplay = s.AntiReplay
-	o.EnableIpv6 = s.EnableIpv6
-	o.Type = s.Type
-	o.AkIkeGateway = s.AkIkeGateway
-	o.AkIpsecCryptoProfile = s.AkIpsecCryptoProfile
-	o.MkLocalSpi = s.MkLocalSpi
-	o.MkInterface = s.MkInterface
-	o.MkRemoteSpi = s.MkRemoteSpi
-	o.MkRemoteAddress = s.MkRemoteAddress
-	o.MkLocalAddressIp = s.MkLocalAddressIp
-	o.MkLocalAddressFloatingIp = s.MkLocalAddressFloatingIp
-	o.MkProtocol = s.MkProtocol
-	o.MkAuthType = s.MkAuthType
-	o.MkAuthKey = s.MkAuthKey
-	o.MkEspEncryptionType = s.MkEspEncryptionType
-	o.MkEspEncryptionKey = s.MkEspEncryptionKey
-	o.GpsInterface = s.GpsInterface
-	o.GpsPreferIpv6 = s.GpsPreferIpv6
-	o.GpsInterfaceIpIpv4 = s.GpsInterfaceIpIpv4
-	o.GpsInterfaceIpIpv6 = s.GpsInterfaceIpIpv6
-	o.GpsInterfaceFloatingIpIpv4 = s.GpsInterfaceFloatingIpIpv4
-	o.GpsInterfaceFloatingIpIpv6 = s.GpsInterfaceFloatingIpIpv6
-	o.GpsPublishConnectedRoutes = s.GpsPublishConnectedRoutes
-	if s.GpsPublishRoutes == nil {
-		o.GpsPublishRoutes = nil
-	} else {
-		o.GpsPublishRoutes = make([]string, len(s.GpsPublishRoutes))
-		copy(o.GpsPublishRoutes, s.GpsPublishRoutes)
-	}
-	o.GpsLocalCertificate = s.GpsLocalCertificate
-	o.GpsCertificateProfile = s.GpsCertificateProfile
-	o.AntiReplay = s.AntiReplay
-	o.CopyTos = s.CopyTos
-	o.CopyFlowLabel = s.CopyFlowLabel
-	o.EnableTunnelMonitor = s.EnableTunnelMonitor
-	o.TunnelMonitorDestinationIp = s.TunnelMonitorDestinationIp
-	o.TunnelMonitorSourceIp = s.TunnelMonitorSourceIp
-	o.TunnelMonitorProxyId = s.TunnelMonitorProxyId
-	o.TunnelMonitorProfile = s.TunnelMonitorProfile
-	o.Disabled = s.Disabled
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-func specifyEncryption(val string, v int) string {
-	switch v {
-	case 2:
-		switch val {
-		case MkEspEncryptionDes:
-			return "des"
-		case MkEspEncryption3des:
-			return "3des"
-		case MkEspEncryptionAes128:
-			return "aes-128-cbc"
-		case MkEspEncryptionAes192:
-			return "aes-192-cbc"
-		case MkEspEncryptionAes256:
-			return "aes-256-cbc"
-		case MkEspEncryptionNull:
-			return "null"
-		}
-	case 1:
-		switch val {
-		case MkEspEncryptionDes:
-			return "des"
-		case MkEspEncryption3des:
-			return "3des"
-		case MkEspEncryptionAes128:
-			return "aes128"
-		case MkEspEncryptionAes192:
-			return "aes192"
-		case MkEspEncryptionAes256:
-			return "aes256"
-		case MkEspEncryptionNull:
-			return "null"
-		}
-	}
-
-	return val
-}
-
-func normalizeEncryption(val string) string {
-	switch val {
-	case "des":
-		return MkEspEncryptionDes
-	case "3des":
-		return MkEspEncryption3des
-	case "aes-128-cbc", "aes128":
-		return MkEspEncryptionAes128
-	case "aes-192-cbc", "aes192":
-		return MkEspEncryptionAes192
-	case "aes-256-cbc", "aes256":
-		return MkEspEncryptionAes256
-	case "null":
-		return MkEspEncryptionNull
-	}
-
-	return val
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TunnelInterface: o.TunnelInterface,
-		AntiReplay:      util.AsBool(o.AntiReplay),
-		CopyTos:         util.AsBool(o.CopyTos),
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Ak != nil {
-		ans.Type = TypeAutoKey
-		ans.AkIkeGateway = util.EntToOneStr(o.Ak.AkIkeGateway)
-		ans.AkIpsecCryptoProfile = o.Ak.AkIpsecCryptoProfile
-
-		if o.Ak.ProxyIpv4 != nil {
-			ans.raw["pv4"] = util.CleanRawXml(o.Ak.ProxyIpv4.Text)
-		}
-
-		if o.Ak.ProxyIpv6 != nil {
-			ans.raw["pv6"] = util.CleanRawXml(o.Ak.ProxyIpv6.Text)
-		}
-	} else if o.Mk != nil {
-		ans.Type = TypeManualKey
-		ans.MkLocalSpi = o.Mk.MkLocalSpi
-		ans.MkInterface = o.Mk.Local.MkInterface
-		ans.MkLocalAddressIp = o.Mk.Local.MkLocalAddressIp
-		ans.MkRemoteAddress = o.Mk.Peer.MkRemoteAddress
-		ans.MkRemoteSpi = o.Mk.MkRemoteSpi
-
-		if o.Mk.Esp != nil {
-			ans.MkProtocol = MkProtocolEsp
-			if o.Mk.Esp.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Esp.AuthMd5.Value
-			} else if o.Mk.Esp.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Esp.AuthSha1.Value
-			} else if o.Mk.Esp.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Esp.AuthSha256.Value
-			} else if o.Mk.Esp.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Esp.AuthSha384.Value
-			} else if o.Mk.Esp.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Esp.AuthSha512.Value
-			} else if o.Mk.Esp.AuthNone != nil {
-				ans.MkAuthType = MkAuthTypeNone
-			}
-
-			ans.MkEspEncryptionType = normalizeEncryption(o.Mk.Esp.MkEspEncryptionType)
-			ans.MkEspEncryptionKey = o.Mk.Esp.MkEspEncryptionKey
-		} else if o.Mk.Ah != nil {
-			ans.MkProtocol = MkProtocolAh
-			if o.Mk.Ah.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Ah.AuthMd5.Value
-			} else if o.Mk.Ah.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Ah.AuthSha1.Value
-			} else if o.Mk.Ah.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Ah.AuthSha256.Value
-			} else if o.Mk.Ah.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Ah.AuthSha384.Value
-			} else if o.Mk.Ah.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Ah.AuthSha512.Value
-			}
-		}
-	} else if o.Gps != nil {
-		ans.Type = TypeGlobalProtectSatellite
-		ans.GpsPortalAddress = o.Gps.GpsPortalAddress
-		ans.GpsPublishRoutes = util.MemToStr(o.Gps.GpsPublishRoutes)
-		ans.GpsInterface = o.Gps.Local.GpsInterface
-		ans.GpsInterfaceIpIpv4 = o.Gps.Local.GpsInterfaceIpIpv4
-
-		if o.Gps.Pcr != nil {
-			ans.GpsPublishConnectedRoutes = util.AsBool(o.Gps.Pcr.GpsPublishConnectedRoutes)
-		}
-
-		if o.Gps.Ca != nil {
-			ans.GpsLocalCertificate = o.Gps.Ca.GpsLocalCertificate
-			ans.GpsCertificateProfile = o.Gps.Ca.GpsCertificateProfile
-		}
-	}
-
-	if o.TunnelMonitor != nil {
-		ans.EnableTunnelMonitor = util.AsBool(o.TunnelMonitor.EnableTunnelMonitor)
-		ans.TunnelMonitorDestinationIp = o.TunnelMonitor.TunnelMonitorDestinationIp
-		ans.TunnelMonitorSourceIp = o.TunnelMonitor.TunnelMonitorSourceIp
-		ans.TunnelMonitorProfile = o.TunnelMonitor.TunnelMonitorProfile
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TunnelInterface: o.TunnelInterface,
-		AntiReplay:      util.AsBool(o.AntiReplay),
-		CopyTos:         util.AsBool(o.CopyTos),
-		EnableIpv6:      util.AsBool(o.EnableIpv6),
-		Disabled:        util.AsBool(o.Disabled),
-		CopyFlowLabel:   util.AsBool(o.CopyFlowLabel),
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Ak != nil {
-		ans.Type = TypeAutoKey
-		ans.AkIkeGateway = util.EntToOneStr(o.Ak.AkIkeGateway)
-		ans.AkIpsecCryptoProfile = o.Ak.AkIpsecCryptoProfile
-
-		if o.Ak.ProxyIpv4 != nil {
-			ans.raw["pv4"] = util.CleanRawXml(o.Ak.ProxyIpv4.Text)
-		}
-
-		if o.Ak.ProxyIpv6 != nil {
-			ans.raw["pv6"] = util.CleanRawXml(o.Ak.ProxyIpv6.Text)
-		}
-	} else if o.Mk != nil {
-		ans.Type = TypeManualKey
-		ans.MkLocalSpi = o.Mk.MkLocalSpi
-		ans.MkInterface = o.Mk.Local.MkInterface
-		ans.MkLocalAddressIp = o.Mk.Local.MkLocalAddressIp
-		ans.MkLocalAddressFloatingIp = o.Mk.Local.MkLocalAddressFloatingIp
-		ans.MkRemoteAddress = o.Mk.Peer.MkRemoteAddress
-		ans.MkRemoteSpi = o.Mk.MkRemoteSpi
-
-		if o.Mk.Esp != nil {
-			ans.MkProtocol = MkProtocolEsp
-			if o.Mk.Esp.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Esp.AuthMd5.Value
-			} else if o.Mk.Esp.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Esp.AuthSha1.Value
-			} else if o.Mk.Esp.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Esp.AuthSha256.Value
-			} else if o.Mk.Esp.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Esp.AuthSha384.Value
-			} else if o.Mk.Esp.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Esp.AuthSha512.Value
-			} else if o.Mk.Esp.AuthNone != nil {
-				ans.MkAuthType = MkAuthTypeNone
-			}
-
-			ans.MkEspEncryptionType = normalizeEncryption(o.Mk.Esp.MkEspEncryptionType)
-			ans.MkEspEncryptionKey = o.Mk.Esp.MkEspEncryptionKey
-		} else if o.Mk.Ah != nil {
-			ans.MkProtocol = MkProtocolAh
-			if o.Mk.Ah.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Ah.AuthMd5.Value
-			} else if o.Mk.Ah.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Ah.AuthSha1.Value
-			} else if o.Mk.Ah.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Ah.AuthSha256.Value
-			} else if o.Mk.Ah.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Ah.AuthSha384.Value
-			} else if o.Mk.Ah.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Ah.AuthSha512.Value
-			}
-		}
-	} else if o.Gps != nil {
-		ans.Type = TypeGlobalProtectSatellite
-		ans.GpsPortalAddress = o.Gps.GpsPortalAddress
-		ans.GpsPublishRoutes = util.MemToStr(o.Gps.GpsPublishRoutes)
-		ans.GpsInterface = o.Gps.Local.GpsInterface
-		ans.GpsInterfaceIpIpv4 = o.Gps.Local.GpsInterfaceIpIpv4
-		ans.GpsInterfaceFloatingIpIpv4 = o.Gps.Local.GpsInterfaceFloatingIpIpv4
-
-		if o.Gps.Pcr != nil {
-			ans.GpsPublishConnectedRoutes = util.AsBool(o.Gps.Pcr.GpsPublishConnectedRoutes)
-		}
-
-		if o.Gps.Ca != nil {
-			ans.GpsLocalCertificate = o.Gps.Ca.GpsLocalCertificate
-			ans.GpsCertificateProfile = o.Gps.Ca.GpsCertificateProfile
-		}
-	}
-
-	if o.TunnelMonitor != nil {
-		ans.EnableTunnelMonitor = util.AsBool(o.TunnelMonitor.EnableTunnelMonitor)
-		ans.TunnelMonitorDestinationIp = o.TunnelMonitor.TunnelMonitorDestinationIp
-		ans.TunnelMonitorSourceIp = o.TunnelMonitor.TunnelMonitorSourceIp
-		ans.TunnelMonitorProfile = o.TunnelMonitor.TunnelMonitorProfile
-		ans.TunnelMonitorProxyId = o.TunnelMonitor.TunnelMonitorProxyId
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		TunnelInterface: o.TunnelInterface,
-		AntiReplay:      util.AsBool(o.AntiReplay),
-		CopyTos:         util.AsBool(o.CopyTos),
-		EnableIpv6:      util.AsBool(o.EnableIpv6),
-		Disabled:        util.AsBool(o.Disabled),
-		CopyFlowLabel:   util.AsBool(o.CopyFlowLabel),
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Ak != nil {
-		ans.Type = TypeAutoKey
-		ans.AkIkeGateway = util.EntToOneStr(o.Ak.AkIkeGateway)
-		ans.AkIpsecCryptoProfile = o.Ak.AkIpsecCryptoProfile
-
-		if o.Ak.ProxyIpv4 != nil {
-			ans.raw["pv4"] = util.CleanRawXml(o.Ak.ProxyIpv4.Text)
-		}
-
-		if o.Ak.ProxyIpv6 != nil {
-			ans.raw["pv6"] = util.CleanRawXml(o.Ak.ProxyIpv6.Text)
-		}
-	} else if o.Mk != nil {
-		ans.Type = TypeManualKey
-		ans.MkLocalSpi = o.Mk.MkLocalSpi
-		ans.MkInterface = o.Mk.Local.MkInterface
-		ans.MkLocalAddressIp = o.Mk.Local.MkLocalAddressIp
-		ans.MkLocalAddressFloatingIp = o.Mk.Local.MkLocalAddressFloatingIp
-		ans.MkRemoteAddress = o.Mk.Peer.MkRemoteAddress
-		ans.MkRemoteSpi = o.Mk.MkRemoteSpi
-
-		if o.Mk.Esp != nil {
-			ans.MkProtocol = MkProtocolEsp
-			if o.Mk.Esp.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Esp.AuthMd5.Value
-			} else if o.Mk.Esp.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Esp.AuthSha1.Value
-			} else if o.Mk.Esp.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Esp.AuthSha256.Value
-			} else if o.Mk.Esp.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Esp.AuthSha384.Value
-			} else if o.Mk.Esp.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Esp.AuthSha512.Value
-			} else if o.Mk.Esp.AuthNone != nil {
-				ans.MkAuthType = MkAuthTypeNone
-			}
-
-			ans.MkEspEncryptionType = normalizeEncryption(o.Mk.Esp.MkEspEncryptionType)
-			ans.MkEspEncryptionKey = o.Mk.Esp.MkEspEncryptionKey
-		} else if o.Mk.Ah != nil {
-			ans.MkProtocol = MkProtocolAh
-			if o.Mk.Ah.AuthMd5 != nil {
-				ans.MkAuthType = MkAuthTypeMd5
-				ans.MkAuthKey = o.Mk.Ah.AuthMd5.Value
-			} else if o.Mk.Ah.AuthSha1 != nil {
-				ans.MkAuthType = MkAuthTypeSha1
-				ans.MkAuthKey = o.Mk.Ah.AuthSha1.Value
-			} else if o.Mk.Ah.AuthSha256 != nil {
-				ans.MkAuthType = MkAuthTypeSha256
-				ans.MkAuthKey = o.Mk.Ah.AuthSha256.Value
-			} else if o.Mk.Ah.AuthSha384 != nil {
-				ans.MkAuthType = MkAuthTypeSha384
-				ans.MkAuthKey = o.Mk.Ah.AuthSha384.Value
-			} else if o.Mk.Ah.AuthSha512 != nil {
-				ans.MkAuthType = MkAuthTypeSha512
-				ans.MkAuthKey = o.Mk.Ah.AuthSha512.Value
-			}
-		}
-	} else if o.Gps != nil {
-		ans.Type = TypeGlobalProtectSatellite
-		ans.GpsPortalAddress = o.Gps.GpsPortalAddress
-		ans.GpsPreferIpv6 = util.AsBool(o.Gps.GpsPreferIpv6)
-		ans.GpsPublishRoutes = util.MemToStr(o.Gps.GpsPublishRoutes)
-		ans.GpsInterface = o.Gps.Local.GpsInterface
-
-		if o.Gps.Pcr != nil {
-			ans.GpsPublishConnectedRoutes = util.AsBool(o.Gps.Pcr.GpsPublishConnectedRoutes)
-		}
-
-		if o.Gps.Local.Ip != nil {
-			ans.GpsInterfaceIpIpv4 = o.Gps.Local.Ip.Ipv4
-			ans.GpsInterfaceIpIpv6 = o.Gps.Local.Ip.Ipv6
-		}
-
-		if o.Gps.Local.Floating != nil {
-			ans.GpsInterfaceFloatingIpIpv4 = o.Gps.Local.Floating.Ipv4
-			ans.GpsInterfaceFloatingIpIpv6 = o.Gps.Local.Floating.Ipv6
-		}
-
-		if o.Gps.Ca != nil {
-			ans.GpsLocalCertificate = o.Gps.Ca.GpsLocalCertificate
-			ans.GpsCertificateProfile = o.Gps.Ca.GpsCertificateProfile
-		}
-	}
-
-	if o.TunnelMonitor != nil {
-		ans.EnableTunnelMonitor = util.AsBool(o.TunnelMonitor.EnableTunnelMonitor)
-		ans.TunnelMonitorDestinationIp = o.TunnelMonitor.TunnelMonitorDestinationIp
-		ans.TunnelMonitorSourceIp = o.TunnelMonitor.TunnelMonitorSourceIp
-		ans.TunnelMonitorProfile = o.TunnelMonitor.TunnelMonitorProfile
-		ans.TunnelMonitorProxyId = o.TunnelMonitor.TunnelMonitorProxyId
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name   `xml:"entry"`
-	Name            string     `xml:"name,attr"`
-	TunnelInterface string     `xml:"tunnel-interface"`
-	AntiReplay      string     `xml:"anti-replay,omitempty"`
-	Ak              *ak        `xml:"auto-key"`
-	Mk              *mk_v1     `xml:"manual-key"`
-	Gps             *gps_v1    `xml:"global-protect-satellite"`
-	TunnelMonitor   *tunMon_v1 `xml:"tunnel-monitor"`
-	CopyTos         string     `xml:"copy-tos"`
-}
-
-type ak struct {
-	AkIkeGateway         *util.EntryType `xml:"ike-gateway"`
-	AkIpsecCryptoProfile string          `xml:"ipsec-crypto-profile,omitempty"`
-	ProxyIpv4            *util.RawXml    `xml:"proxy-id"`
-	ProxyIpv6            *util.RawXml    `xml:"proxy-id-v6"`
-}
-
-type mk_v1 struct {
-	MkLocalSpi  string     `xml:"local-spi"`
-	Local       mkLocal_v1 `xml:"local-address"`
-	Peer        mkPeer     `xml:"peer-address"`
-	MkRemoteSpi string     `xml:"remote-spi"`
-	Esp         *mkEsp     `xml:"esp"`
-	Ah          *mkAh      `xml:"ah"`
-}
-
-type mkLocal_v1 struct {
-	MkInterface      string `xml:"interface"`
-	MkLocalAddressIp string `xml:"ip,omitempty"`
-}
-
-type mkPeer struct {
-	MkRemoteAddress string `xml:"ip"`
-}
-
-type mkEsp struct {
-	AuthMd5             *authKey `xml:"authentication>md5"`
-	AuthSha1            *authKey `xml:"authentication>sha1"`
-	AuthSha256          *authKey `xml:"authentication>sha256"`
-	AuthSha384          *authKey `xml:"authentication>sha384"`
-	AuthSha512          *authKey `xml:"authentication>sha512"`
-	AuthNone            *string  `xml:"authentication>none"`
-	MkEspEncryptionType string   `xml:"encryption>algorithm"`
-	MkEspEncryptionKey  string   `xml:"encryption>key,omitempty"`
-}
-
-type authKey struct {
-	Value string `xml:"key"`
-}
-
-type mkAh struct {
-	AuthMd5    *authKey `xml:"md5"`
-	AuthSha1   *authKey `xml:"sha1"`
-	AuthSha256 *authKey `xml:"sha256"`
-	AuthSha384 *authKey `xml:"sha384"`
-	AuthSha512 *authKey `xml:"sha512"`
-}
-
-type gps_v1 struct {
-	GpsPortalAddress string           `xml:"portal-address"`
-	Local            gpsLocal_v1      `xml:"local-address"`
-	Pcr              *gpsPcr          `xml:"publish-connected-routes"`
-	GpsPublishRoutes *util.MemberType `xml:"publish-routes"`
-	Ca               *gpsCa           `xml:"external-ca"`
-}
-
-type gpsLocal_v1 struct {
-	GpsInterface       string `xml:"interface"`
-	GpsInterfaceIpIpv4 string `xml:"ip,omitempty"`
-}
-
-type gpsPcr struct {
-	GpsPublishConnectedRoutes string `xml:"enable"`
-}
-
-type gpsCa struct {
-	GpsLocalCertificate   string `xml:"local-certificate,omitempty"`
-	GpsCertificateProfile string `xml:"certificate-profile,omitempty"`
-}
-
-type tunMon_v1 struct {
-	EnableTunnelMonitor        string `xml:"enable"`
-	TunnelMonitorDestinationIp string `xml:"destination-ip,omitempty"`
-	TunnelMonitorSourceIp      string `xml:"source-ip,omitempty"`
-	TunnelMonitorProfile       string `xml:"tunnel-monitor-profile,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:            e.Name,
-		TunnelInterface: e.TunnelInterface,
-		CopyTos:         util.YesNo(e.CopyTos),
-	}
-	if e.AntiReplay {
-		// NOTE(gfreeman) PAN-OS errors if you send this as false...???
-		ans.AntiReplay = util.YesNo(e.AntiReplay)
-	}
-
-	switch e.Type {
-	case TypeAutoKey:
-		ans.Ak = &ak{
-			AkIkeGateway:         util.OneStrToEnt(e.AkIkeGateway),
-			AkIpsecCryptoProfile: e.AkIpsecCryptoProfile,
-		}
-
-		if text, present := e.raw["pv4"]; present {
-			ans.Ak.ProxyIpv4 = &util.RawXml{text}
-		}
-
-		if text, present := e.raw["pv6"]; present {
-			ans.Ak.ProxyIpv6 = &util.RawXml{text}
-		}
-	case TypeManualKey:
-		ans.Mk = &mk_v1{
-			MkLocalSpi:  e.MkLocalSpi,
-			MkRemoteSpi: e.MkRemoteSpi,
-			Local: mkLocal_v1{
-				MkInterface:      e.MkInterface,
-				MkLocalAddressIp: e.MkLocalAddressIp,
-			},
-			Peer: mkPeer{
-				MkRemoteAddress: e.MkRemoteAddress,
-			},
-		}
-
-		switch e.MkProtocol {
-		case MkProtocolEsp:
-			ans.Mk.Esp = &mkEsp{
-				MkEspEncryptionType: specifyEncryption(e.MkEspEncryptionType, 1),
-				MkEspEncryptionKey:  e.MkEspEncryptionKey,
-			}
-
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Esp.AuthMd5 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha1:
-				ans.Mk.Esp.AuthSha1 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha256:
-				ans.Mk.Esp.AuthSha256 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha384:
-				ans.Mk.Esp.AuthSha384 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha512:
-				ans.Mk.Esp.AuthSha512 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeNone:
-				s := ""
-				ans.Mk.Esp.AuthNone = &s
-			}
-		case MkProtocolAh:
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Ah = &mkAh{AuthMd5: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha1:
-				ans.Mk.Ah = &mkAh{AuthSha1: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha256:
-				ans.Mk.Ah = &mkAh{AuthSha256: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha384:
-				ans.Mk.Ah = &mkAh{AuthSha384: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha512:
-				ans.Mk.Ah = &mkAh{AuthSha512: &authKey{Value: e.MkAuthKey}}
-			}
-		}
-	case TypeGlobalProtectSatellite:
-		ans.Gps = &gps_v1{
-			GpsPortalAddress: e.GpsPortalAddress,
-			Local: gpsLocal_v1{
-				GpsInterface:       e.GpsInterface,
-				GpsInterfaceIpIpv4: e.GpsInterfaceIpIpv4,
-			},
-			GpsPublishRoutes: util.StrToMem(e.GpsPublishRoutes),
-		}
-
-		if e.GpsPublishConnectedRoutes {
-			ans.Gps.Pcr = &gpsPcr{util.YesNo(e.GpsPublishConnectedRoutes)}
-		}
-
-		if e.GpsLocalCertificate != "" || e.GpsCertificateProfile != "" {
-			ans.Gps.Ca = &gpsCa{
-				GpsLocalCertificate:   e.GpsLocalCertificate,
-				GpsCertificateProfile: e.GpsCertificateProfile,
-			}
-		}
-	}
-
-	if e.EnableTunnelMonitor || e.TunnelMonitorDestinationIp != "" || e.TunnelMonitorSourceIp != "" || e.TunnelMonitorProfile != "" {
-		ans.TunnelMonitor = &tunMon_v1{
-			EnableTunnelMonitor:        util.YesNo(e.EnableTunnelMonitor),
-			TunnelMonitorDestinationIp: e.TunnelMonitorDestinationIp,
-			TunnelMonitorSourceIp:      e.TunnelMonitorSourceIp,
-			TunnelMonitorProfile:       e.TunnelMonitorProfile,
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName         xml.Name   `xml:"entry"`
-	Name            string     `xml:"name,attr"`
-	TunnelInterface string     `xml:"tunnel-interface"`
-	AntiReplay      string     `xml:"anti-replay,omitempty"`
-	Ak              *ak        `xml:"auto-key"`
-	Mk              *mk_v2     `xml:"manual-key"`
-	Gps             *gps_v2    `xml:"global-protect-satellite"`
-	TunnelMonitor   *tunMon_v2 `xml:"tunnel-monitor"`
-	CopyTos         string     `xml:"copy-tos"`
-	EnableIpv6      string     `xml:"ipv6"`
-	Disabled        string     `xml:"disabled"`
-	CopyFlowLabel   string     `xml:"copy-flow-label"`
-}
-
-type mk_v2 struct {
-	MkLocalSpi  string     `xml:"local-spi"`
-	Local       mkLocal_v2 `xml:"local-address"`
-	Peer        mkPeer     `xml:"peer-address"`
-	MkRemoteSpi string     `xml:"remote-spi"`
-	Esp         *mkEsp     `xml:"esp"`
-	Ah          *mkAh      `xml:"ah"`
-}
-
-type mkLocal_v2 struct {
-	MkInterface              string `xml:"interface"`
-	MkLocalAddressIp         string `xml:"ip,omitempty"`
-	MkLocalAddressFloatingIp string `xml:"floating-ip,omitempty"`
-}
-
-type gps_v2 struct {
-	GpsPortalAddress string           `xml:"portal-address"`
-	Local            gpsLocal_v2      `xml:"local-address"`
-	Pcr              *gpsPcr          `xml:"publish-connected-routes"`
-	GpsPublishRoutes *util.MemberType `xml:"publish-routes"`
-	Ca               *gpsCa           `xml:"external-ca"`
-}
-
-type gpsLocal_v2 struct {
-	GpsInterface               string `xml:"interface"`
-	GpsInterfaceIpIpv4         string `xml:"ip,omitempty"`
-	GpsInterfaceFloatingIpIpv4 string `xml:"floating-ip,omitempty"`
-}
-
-type tunMon_v2 struct {
-	EnableTunnelMonitor        string `xml:"enable"`
-	TunnelMonitorDestinationIp string `xml:"destination-ip,omitempty"`
-	TunnelMonitorSourceIp      string `xml:"source-ip,omitempty"`
-	TunnelMonitorProfile       string `xml:"tunnel-monitor-profile,omitempty"`
-	TunnelMonitorProxyId       string `xml:"proxy-id,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:            e.Name,
-		TunnelInterface: e.TunnelInterface,
-		CopyTos:         util.YesNo(e.CopyTos),
-		EnableIpv6:      util.YesNo(e.EnableIpv6),
-		Disabled:        util.YesNo(e.Disabled),
-		CopyFlowLabel:   util.YesNo(e.CopyFlowLabel),
-	}
-	if e.AntiReplay {
-		// NOTE(gfreeman) PAN-OS errors if you send this as false...???
-		ans.AntiReplay = util.YesNo(e.AntiReplay)
-	}
-
-	switch e.Type {
-	case TypeAutoKey:
-		ans.Ak = &ak{
-			AkIkeGateway:         util.OneStrToEnt(e.AkIkeGateway),
-			AkIpsecCryptoProfile: e.AkIpsecCryptoProfile,
-		}
-
-		if text, present := e.raw["pv4"]; present {
-			ans.Ak.ProxyIpv4 = &util.RawXml{text}
-		}
-
-		if text, present := e.raw["pv6"]; present {
-			ans.Ak.ProxyIpv6 = &util.RawXml{text}
-		}
-	case TypeManualKey:
-		ans.Mk = &mk_v2{
-			MkLocalSpi:  e.MkLocalSpi,
-			MkRemoteSpi: e.MkRemoteSpi,
-			Local: mkLocal_v2{
-				MkInterface:              e.MkInterface,
-				MkLocalAddressIp:         e.MkLocalAddressIp,
-				MkLocalAddressFloatingIp: e.MkLocalAddressFloatingIp,
-			},
-			Peer: mkPeer{
-				MkRemoteAddress: e.MkRemoteAddress,
-			},
-		}
-
-		switch e.MkProtocol {
-		case MkProtocolEsp:
-			ans.Mk.Esp = &mkEsp{
-				MkEspEncryptionType: specifyEncryption(e.MkEspEncryptionType, 2),
-				MkEspEncryptionKey:  e.MkEspEncryptionKey,
-			}
-
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Esp.AuthMd5 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha1:
-				ans.Mk.Esp.AuthSha1 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha256:
-				ans.Mk.Esp.AuthSha256 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha384:
-				ans.Mk.Esp.AuthSha384 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha512:
-				ans.Mk.Esp.AuthSha512 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeNone:
-				s := ""
-				ans.Mk.Esp.AuthNone = &s
-			}
-		case MkProtocolAh:
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Ah = &mkAh{AuthMd5: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha1:
-				ans.Mk.Ah = &mkAh{AuthSha1: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha256:
-				ans.Mk.Ah = &mkAh{AuthSha256: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha384:
-				ans.Mk.Ah = &mkAh{AuthSha384: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha512:
-				ans.Mk.Ah = &mkAh{AuthSha512: &authKey{Value: e.MkAuthKey}}
-			}
-		}
-	case TypeGlobalProtectSatellite:
-		ans.Gps = &gps_v2{
-			GpsPortalAddress: e.GpsPortalAddress,
-			Local: gpsLocal_v2{
-				GpsInterface:               e.GpsInterface,
-				GpsInterfaceIpIpv4:         e.GpsInterfaceIpIpv4,
-				GpsInterfaceFloatingIpIpv4: e.GpsInterfaceFloatingIpIpv4,
-			},
-			GpsPublishRoutes: util.StrToMem(e.GpsPublishRoutes),
-		}
-
-		if e.GpsPublishConnectedRoutes {
-			ans.Gps.Pcr = &gpsPcr{util.YesNo(e.GpsPublishConnectedRoutes)}
-		}
-
-		if e.GpsLocalCertificate != "" || e.GpsCertificateProfile != "" {
-			ans.Gps.Ca = &gpsCa{
-				GpsLocalCertificate:   e.GpsLocalCertificate,
-				GpsCertificateProfile: e.GpsCertificateProfile,
-			}
-		}
-	}
-
-	if e.EnableTunnelMonitor || e.TunnelMonitorDestinationIp != "" || e.TunnelMonitorSourceIp != "" || e.TunnelMonitorProfile != "" || e.TunnelMonitorProxyId != "" {
-		ans.TunnelMonitor = &tunMon_v2{
-			EnableTunnelMonitor:        util.YesNo(e.EnableTunnelMonitor),
-			TunnelMonitorDestinationIp: e.TunnelMonitorDestinationIp,
-			TunnelMonitorSourceIp:      e.TunnelMonitorSourceIp,
-			TunnelMonitorProfile:       e.TunnelMonitorProfile,
-			TunnelMonitorProxyId:       e.TunnelMonitorProxyId,
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName         xml.Name   `xml:"entry"`
-	Name            string     `xml:"name,attr"`
-	TunnelInterface string     `xml:"tunnel-interface"`
-	AntiReplay      string     `xml:"anti-replay,omitempty"`
-	Ak              *ak        `xml:"auto-key"`
-	Mk              *mk_v2     `xml:"manual-key"`
-	Gps             *gps_v3    `xml:"global-protect-satellite"`
-	TunnelMonitor   *tunMon_v2 `xml:"tunnel-monitor"`
-	CopyTos         string     `xml:"copy-tos"`
-	EnableIpv6      string     `xml:"ipv6"`
-	Disabled        string     `xml:"disabled"`
-	CopyFlowLabel   string     `xml:"copy-flow-label"`
-}
-
-type gps_v3 struct {
-	GpsPreferIpv6    string           `xml:"ipv6-preferred"`
-	GpsPortalAddress string           `xml:"portal-address"`
-	Local            gpsLocal_v3      `xml:"local-address"`
-	Pcr              *gpsPcr          `xml:"publish-connected-routes"`
-	GpsPublishRoutes *util.MemberType `xml:"publish-routes"`
-	Ca               *gpsCa           `xml:"external-ca"`
-}
-
-type gpsLocal_v3 struct {
-	GpsInterface string      `xml:"interface"`
-	Ip           *gpsLocalIp `xml:"ip"`
-	Floating     *gpsLocalIp `xml:"floating-ip"`
-}
-
-type gpsLocalIp struct {
-	Ipv4 string `xml:"ipv4,omitempty"`
-	Ipv6 string `xml:"ipv6,omitempty"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:            e.Name,
-		TunnelInterface: e.TunnelInterface,
-		CopyTos:         util.YesNo(e.CopyTos),
-		EnableIpv6:      util.YesNo(e.EnableIpv6),
-		Disabled:        util.YesNo(e.Disabled),
-		CopyFlowLabel:   util.YesNo(e.CopyFlowLabel),
-	}
-	if e.AntiReplay {
-		// NOTE(gfreeman) PAN-OS errors if you send this as false...???
-		ans.AntiReplay = util.YesNo(e.AntiReplay)
-	}
-
-	switch e.Type {
-	case TypeAutoKey:
-		ans.Ak = &ak{
-			AkIkeGateway:         util.OneStrToEnt(e.AkIkeGateway),
-			AkIpsecCryptoProfile: e.AkIpsecCryptoProfile,
-		}
-
-		if text, present := e.raw["pv4"]; present {
-			ans.Ak.ProxyIpv4 = &util.RawXml{text}
-		}
-
-		if text, present := e.raw["pv6"]; present {
-			ans.Ak.ProxyIpv6 = &util.RawXml{text}
-		}
-	case TypeManualKey:
-		ans.Mk = &mk_v2{
-			MkLocalSpi:  e.MkLocalSpi,
-			MkRemoteSpi: e.MkRemoteSpi,
-			Local: mkLocal_v2{
-				MkInterface:              e.MkInterface,
-				MkLocalAddressIp:         e.MkLocalAddressIp,
-				MkLocalAddressFloatingIp: e.MkLocalAddressFloatingIp,
-			},
-			Peer: mkPeer{
-				MkRemoteAddress: e.MkRemoteAddress,
-			},
-		}
-
-		switch e.MkProtocol {
-		case MkProtocolEsp:
-			ans.Mk.Esp = &mkEsp{
-				MkEspEncryptionType: specifyEncryption(e.MkEspEncryptionType, 2),
-				MkEspEncryptionKey:  e.MkEspEncryptionKey,
-			}
-
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Esp.AuthMd5 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha1:
-				ans.Mk.Esp.AuthSha1 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha256:
-				ans.Mk.Esp.AuthSha256 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha384:
-				ans.Mk.Esp.AuthSha384 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeSha512:
-				ans.Mk.Esp.AuthSha512 = &authKey{Value: e.MkAuthKey}
-			case MkAuthTypeNone:
-				s := ""
-				ans.Mk.Esp.AuthNone = &s
-			}
-		case MkProtocolAh:
-			switch e.MkAuthType {
-			case MkAuthTypeMd5:
-				ans.Mk.Ah = &mkAh{AuthMd5: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha1:
-				ans.Mk.Ah = &mkAh{AuthSha1: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha256:
-				ans.Mk.Ah = &mkAh{AuthSha256: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha384:
-				ans.Mk.Ah = &mkAh{AuthSha384: &authKey{Value: e.MkAuthKey}}
-			case MkAuthTypeSha512:
-				ans.Mk.Ah = &mkAh{AuthSha512: &authKey{Value: e.MkAuthKey}}
-			}
-		}
-	case TypeGlobalProtectSatellite:
-		ans.Gps = &gps_v3{
-			GpsPortalAddress: e.GpsPortalAddress,
-			GpsPreferIpv6:    util.YesNo(e.GpsPreferIpv6),
-			Local: gpsLocal_v3{
-				GpsInterface: e.GpsInterface,
-			},
-			GpsPublishRoutes: util.StrToMem(e.GpsPublishRoutes),
-		}
-
-		if e.GpsPublishConnectedRoutes {
-			ans.Gps.Pcr = &gpsPcr{util.YesNo(e.GpsPublishConnectedRoutes)}
-		}
-
-		if e.GpsInterfaceIpIpv4 != "" || e.GpsInterfaceIpIpv6 != "" {
-			ans.Gps.Local.Ip = &gpsLocalIp{
-				Ipv4: e.GpsInterfaceIpIpv4,
-				Ipv6: e.GpsInterfaceIpIpv6,
-			}
-		}
-
-		if e.GpsInterfaceFloatingIpIpv4 != "" || e.GpsInterfaceFloatingIpIpv6 != "" {
-			ans.Gps.Local.Floating = &gpsLocalIp{
-				Ipv4: e.GpsInterfaceFloatingIpIpv4,
-				Ipv6: e.GpsInterfaceFloatingIpIpv6,
-			}
-		}
-
-		if e.GpsLocalCertificate != "" || e.GpsCertificateProfile != "" {
-			ans.Gps.Ca = &gpsCa{
-				GpsLocalCertificate:   e.GpsLocalCertificate,
-				GpsCertificateProfile: e.GpsCertificateProfile,
-			}
-		}
-	}
-
-	if e.EnableTunnelMonitor || e.TunnelMonitorDestinationIp != "" || e.TunnelMonitorSourceIp != "" || e.TunnelMonitorProfile != "" || e.TunnelMonitorProxyId != "" {
-		ans.TunnelMonitor = &tunMon_v2{
-			EnableTunnelMonitor:        util.YesNo(e.EnableTunnelMonitor),
-			TunnelMonitorDestinationIp: e.TunnelMonitorDestinationIp,
-			TunnelMonitorSourceIp:      e.TunnelMonitorSourceIp,
-			TunnelMonitorProfile:       e.TunnelMonitorProfile,
-			TunnelMonitorProxyId:       e.TunnelMonitorProxyId,
-		}
-	}
-
-	return ans
-}
diff --git a/netw/ipsectunnel/funcs.go b/netw/ipsectunnel/funcs.go
deleted file mode 100644
index 5a8074e6..00000000
--- a/netw/ipsectunnel/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package ipsectunnel
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/ipsectunnel/fw.go b/netw/ipsectunnel/fw.go
deleted file mode 100644
index f45ee93f..00000000
--- a/netw/ipsectunnel/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package ipsectunnel
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.IpsecTunnel namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"ipsec",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ipsectunnel/fw_test.go b/netw/ipsectunnel/fw_test.go
deleted file mode 100644
index a33c01b0..00000000
--- a/netw/ipsectunnel/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ipsectunnel
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ipsectunnel/pano.go b/netw/ipsectunnel/pano.go
deleted file mode 100644
index cb67565b..00000000
--- a/netw/ipsectunnel/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package ipsectunnel
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.IpsecTunnel namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"ipsec",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ipsectunnel/pano_test.go b/netw/ipsectunnel/pano_test.go
deleted file mode 100644
index 368e34e5..00000000
--- a/netw/ipsectunnel/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ipsectunnel
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("some template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("some template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/const.go b/netw/ipsectunnel/proxyid/ipv4/const.go
deleted file mode 100644
index 4cd6b98a..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package ipv4
-
-const (
-	singular = "ipsec tunnel proxy id"
-	plural   = "ipsec tunnel proxy ids"
-)
diff --git a/netw/ipsectunnel/proxyid/ipv4/doc.go b/netw/ipsectunnel/proxyid/ipv4/doc.go
deleted file mode 100644
index d9a86635..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-// Package ipv4 is the client.Network.IpsecTunnelProxyId namespace.
-//
-// The `tun` param in functions is the name of the IPSec Tunnel.
-//
-// Normalized object:  Entry
-package ipv4
diff --git a/netw/ipsectunnel/proxyid/ipv4/entry.go b/netw/ipsectunnel/proxyid/ipv4/entry.go
deleted file mode 100644
index 4d9fec5c..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/entry.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package ipv4
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an interface
-// management profile.
-type Entry struct {
-	Name              string
-	Local             string
-	Remote            string
-	ProtocolAny       bool
-	ProtocolNumber    int
-	ProtocolTcpLocal  int
-	ProtocolTcpRemote int
-	ProtocolUdpLocal  int
-	ProtocolUdpRemote int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Local = s.Local
-	o.Remote = s.Remote
-	o.ProtocolAny = s.ProtocolAny
-	o.ProtocolNumber = s.ProtocolNumber
-	o.ProtocolTcpLocal = s.ProtocolTcpLocal
-	o.ProtocolTcpRemote = s.ProtocolTcpRemote
-	o.ProtocolUdpLocal = s.ProtocolUdpLocal
-	o.ProtocolUdpRemote = s.ProtocolUdpRemote
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Local:  o.Local,
-		Remote: o.Remote,
-	}
-
-	if o.Protocol != nil {
-		if o.Protocol.Any != nil {
-			ans.ProtocolAny = true
-		} else if o.Protocol.Number != 0 {
-			ans.ProtocolNumber = o.Protocol.Number
-		} else if o.Protocol.Tcp != nil {
-			ans.ProtocolTcpLocal = o.Protocol.Tcp.Local
-			ans.ProtocolTcpRemote = o.Protocol.Tcp.Remote
-		} else if o.Protocol.Udp != nil {
-			ans.ProtocolUdpLocal = o.Protocol.Udp.Local
-			ans.ProtocolUdpRemote = o.Protocol.Udp.Remote
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	Local    string   `xml:"local,omitempty"`
-	Remote   string   `xml:"remote,omitempty"`
-	Protocol *proto   `xml:"protocol"`
-}
-
-type proto struct {
-	Any    *string   `xml:"any"`
-	Number int       `xml:"number,omitempty"`
-	Tcp    *subProto `xml:"tcp"`
-	Udp    *subProto `xml:"udp"`
-}
-
-type subProto struct {
-	Local  int `xml:"local-port,omitempty"`
-	Remote int `xml:"remote-port,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Local:  e.Local,
-		Remote: e.Remote,
-	}
-
-	var p *proto
-	if e.ProtocolAny {
-		sp := ""
-		p = &proto{Any: &sp}
-	} else if e.ProtocolNumber != 0 {
-		p = &proto{Number: e.ProtocolNumber}
-	} else if e.ProtocolTcpLocal != 0 || e.ProtocolTcpRemote != 0 {
-		p = &proto{Tcp: &subProto{
-			Local:  e.ProtocolTcpLocal,
-			Remote: e.ProtocolTcpRemote,
-		}}
-	} else if e.ProtocolUdpLocal != 0 || e.ProtocolUdpRemote != 0 {
-		p = &proto{Udp: &subProto{
-			Local:  e.ProtocolUdpLocal,
-			Remote: e.ProtocolUdpRemote,
-		}}
-	}
-	if p != nil {
-		ans.Protocol = p
-	}
-
-	return ans
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/funcs.go b/netw/ipsectunnel/proxyid/ipv4/funcs.go
deleted file mode 100644
index 8f9d0524..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/fw.go b/netw/ipsectunnel/proxyid/ipv4/fw.go
deleted file mode 100644
index 29a651da..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.IpsecTunnelProxyId namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(tun string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tun), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(tun string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tun), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tun), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tun), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tun), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tun), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(tun string, e ...Entry) error {
-	return c.ns.Set(c.pather(tun), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(tun string, e Entry) error {
-	return c.ns.Edit(c.pather(tun), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(tun string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tun), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tun), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tun), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(tun string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tun, v)
-	}
-}
-
-func (c *Firewall) xpath(tun string, vals []string) ([]string, error) {
-	if tun == "" {
-		return nil, fmt.Errorf("tun must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"ipsec",
-		util.AsEntryXpath([]string{tun}),
-		"auto-key",
-		"proxy-id",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/fw_test.go b/netw/ipsectunnel/proxyid/ipv4/fw_test.go
deleted file mode 100644
index 18f7d80f..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/fw_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set("tunnel", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tunnel", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/pano.go b/netw/ipsectunnel/proxyid/ipv4/pano.go
deleted file mode 100644
index 3df60e39..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.IpsecTunnelProxyId namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, tun string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, tun), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, tun string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, tun), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, tun), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, tun), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, tun), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, tun), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, tun string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, tun), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, tun string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, tun), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, tun string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, tun), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, tun, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, tun), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, tun string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, tun), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, tun string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, tun, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, tun string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if tun == "" {
-		return nil, fmt.Errorf("tun must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"ipsec",
-		util.AsEntryXpath([]string{tun}),
-		"auto-key",
-		"proxy-id",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/pano_test.go b/netw/ipsectunnel/proxyid/ipv4/pano_test.go
deleted file mode 100644
index f5a07f9a..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/pano_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set("template", "", "tunnel", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("template", "", "tunnel", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/ipsectunnel/proxyid/ipv4/testdata_test.go b/netw/ipsectunnel/proxyid/ipv4/testdata_test.go
deleted file mode 100644
index 33692c3d..00000000
--- a/netw/ipsectunnel/proxyid/ipv4/testdata_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package ipv4
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"any proto", Entry{
-			Name:        "test any",
-			Local:       "local",
-			Remote:      "remote",
-			ProtocolAny: true,
-		}},
-		{"number proto", Entry{
-			Name:           "test any",
-			Local:          "local",
-			Remote:         "remote",
-			ProtocolNumber: 42,
-		}},
-		{"tcp proto", Entry{
-			Name:              "test any",
-			Local:             "local",
-			Remote:            "remote",
-			ProtocolTcpLocal:  1,
-			ProtocolTcpRemote: 2,
-		}},
-		{"udp proto", Entry{
-			Name:              "test any",
-			Local:             "local",
-			Remote:            "remote",
-			ProtocolUdpLocal:  3,
-			ProtocolUdpRemote: 4,
-		}},
-	}
-}
diff --git a/netw/ipsectunnel/testdata_test.go b/netw/ipsectunnel/testdata_test.go
deleted file mode 100644
index 090985ea..00000000
--- a/netw/ipsectunnel/testdata_test.go
+++ /dev/null
@@ -1,686 +0,0 @@
-package ipsectunnel
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 auto key", version.Number{6, 1, 0, ""}, Entry{
-			Name:                       "auto key",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 true,
-			CopyTos:                    false,
-			Type:                       TypeAutoKey,
-			AkIkeGateway:               "my gateway",
-			AkIpsecCryptoProfile:       "my profile",
-			EnableTunnelMonitor:        true,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v1 manual key esp md5", version.Number{6, 1, 0, ""}, Entry{
-			Name:                       "manual key esp md5",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 false,
-			CopyTos:                    true,
-			Type:                       TypeManualKey,
-			MkLocalSpi:                 "local spi",
-			MkRemoteSpi:                "remote spi",
-			MkInterface:                "mk interface",
-			MkLocalAddressIp:           "10.5.5.5",
-			MkRemoteAddress:            "192.168.55.55",
-			MkProtocol:                 MkProtocolEsp,
-			MkEspEncryptionType:        MkEspEncryptionAes128,
-			MkEspEncryptionKey:         "esp key",
-			MkAuthType:                 MkAuthTypeMd5,
-			MkAuthKey:                  "auth secret",
-			EnableTunnelMonitor:        false,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v1 manual key esp sha1", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "manual key esp sha1",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionDes,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha1,
-			MkAuthKey:           "auth key",
-		}},
-		{"v1 manual key esp sha256", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "manual key esp sha256",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionDes,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha256,
-			MkAuthKey:           "auth key",
-		}},
-		{"v1 manual key esp sha384", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "manual key esp sha384",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes192,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha384,
-			MkAuthKey:           "auth key",
-		}},
-		{"v1 manual key esp sha512", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "manual key esp sha512",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes256,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha512,
-			MkAuthKey:           "auth key",
-		}},
-		{"v1 manual key esp none", version.Number{6, 1, 0, ""}, Entry{
-			Name:                "manual key esp none",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryption3des,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeNone,
-		}},
-		{"v1 manual key ah md5", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "manual key ah md5",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeMd5,
-			MkAuthKey:        "auth key",
-		}},
-		{"v1 manual key ah sha1", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "manual key ah sha1",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha1,
-			MkAuthKey:        "auth key",
-		}},
-		{"v1 manual key ah sha256", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "manual key ah sha256",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha256,
-			MkAuthKey:        "auth key",
-		}},
-		{"v1 manual key ah sha384", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "manual key ah sha384",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha384,
-			MkAuthKey:        "auth key",
-		}},
-		{"v1 manual key ah sha512", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "manual key ah sha512",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha512,
-			MkAuthKey:        "auth key",
-		}},
-		{"v1 gps no cert", version.Number{6, 1, 0, ""}, Entry{
-			Name:                      "gps no cert",
-			TunnelInterface:           "tunnel.1",
-			AntiReplay:                true,
-			CopyTos:                   true,
-			Type:                      TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes: true,
-			GpsPublishRoutes:          []string{"route1", "route2"},
-			GpsInterface:              "gps interface",
-			GpsInterfaceIpIpv4:        "gps ipv4 ip",
-		}},
-		{"v1 gps with cert", version.Number{6, 1, 0, ""}, Entry{
-			Name:                      "gps with cert",
-			TunnelInterface:           "tunnel.1",
-			AntiReplay:                true,
-			CopyTos:                   true,
-			Type:                      TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes: false,
-			GpsInterface:              "gps interface",
-			GpsInterfaceIpIpv4:        "gps ipv4 ip",
-			GpsLocalCertificate:       "my cert",
-			GpsCertificateProfile:     "cert prof",
-		}},
-		{"v2 auto key", version.Number{7, 0, 0, ""}, Entry{
-			Name:                       "auto key",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 true,
-			CopyTos:                    false,
-			EnableIpv6:                 true,
-			Disabled:                   false,
-			CopyFlowLabel:              true,
-			Type:                       TypeAutoKey,
-			AkIkeGateway:               "my gateway",
-			AkIpsecCryptoProfile:       "my profile",
-			EnableTunnelMonitor:        true,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v2 manual key esp md5", version.Number{7, 0, 0, ""}, Entry{
-			Name:                       "manual key esp md5",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 false,
-			CopyTos:                    true,
-			EnableIpv6:                 false,
-			Disabled:                   true,
-			CopyFlowLabel:              true,
-			Type:                       TypeManualKey,
-			MkLocalSpi:                 "local spi",
-			MkRemoteSpi:                "remote spi",
-			MkInterface:                "mk interface",
-			MkLocalAddressIp:           "10.5.5.5",
-			MkRemoteAddress:            "192.168.55.55",
-			MkProtocol:                 MkProtocolEsp,
-			MkEspEncryptionType:        MkEspEncryptionAes128,
-			MkEspEncryptionKey:         "esp key",
-			MkAuthType:                 MkAuthTypeMd5,
-			MkAuthKey:                  "auth secret",
-			EnableTunnelMonitor:        false,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v2 manual key esp sha1", version.Number{7, 0, 0, ""}, Entry{
-			Name:                     "manual key esp sha1",
-			TunnelInterface:          "tunnel.1",
-			AntiReplay:               true,
-			CopyTos:                  true,
-			EnableIpv6:               true,
-			Disabled:                 true,
-			CopyFlowLabel:            true,
-			Type:                     TypeManualKey,
-			MkLocalSpi:               "local spi",
-			MkRemoteSpi:              "remote spi",
-			MkInterface:              "mk interface",
-			MkLocalAddressFloatingIp: "10.5.5.5",
-			MkRemoteAddress:          "192.168.55.55",
-			MkProtocol:               MkProtocolEsp,
-			MkEspEncryptionType:      MkEspEncryptionDes,
-			MkEspEncryptionKey:       "enc key",
-			MkAuthType:               MkAuthTypeSha1,
-			MkAuthKey:                "auth key",
-			TunnelMonitorProxyId:     "tun proxy id",
-		}},
-		{"v2 manual key esp sha256", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha256",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionDes,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha256,
-			MkAuthKey:           "auth key",
-		}},
-		{"v2 manual key esp sha384", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha384",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes192,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha384,
-			MkAuthKey:           "auth key",
-		}},
-		{"v2 manual key esp sha512", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha512",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes256,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha512,
-			MkAuthKey:           "auth key",
-		}},
-		{"v2 manual key esp none", version.Number{7, 0, 0, ""}, Entry{
-			Name:                "manual key esp none",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryption3des,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeNone,
-		}},
-		{"v2 manual key ah md5", version.Number{7, 0, 0, ""}, Entry{
-			Name:             "manual key ah md5",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeMd5,
-			MkAuthKey:        "auth key",
-		}},
-		{"v2 manual key ah sha1", version.Number{7, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha1",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha1,
-			MkAuthKey:        "auth key",
-		}},
-		{"v2 manual key ah sha256", version.Number{7, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha256",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha256,
-			MkAuthKey:        "auth key",
-		}},
-		{"v2 manual key ah sha384", version.Number{7, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha384",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha384,
-			MkAuthKey:        "auth key",
-		}},
-		{"v2 manual key ah sha512", version.Number{7, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha512",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha512,
-			MkAuthKey:        "auth key",
-		}},
-		{"v2 gps no cert", version.Number{7, 0, 0, ""}, Entry{
-			Name:                      "gps no cert",
-			TunnelInterface:           "tunnel.1",
-			AntiReplay:                true,
-			CopyTos:                   true,
-			Type:                      TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes: true,
-			GpsPublishRoutes:          []string{"route1", "route2"},
-			GpsInterface:              "gps interface",
-			GpsInterfaceIpIpv4:        "gps ipv4 ip",
-		}},
-		{"v2 gps with cert", version.Number{7, 0, 0, ""}, Entry{
-			Name:                       "gps with cert",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 true,
-			CopyTos:                    true,
-			Type:                       TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes:  false,
-			GpsInterface:               "gps interface",
-			GpsInterfaceFloatingIpIpv4: "gps ipv4 floating ip",
-			GpsLocalCertificate:        "my cert",
-			GpsCertificateProfile:      "cert prof",
-		}},
-		{"v3 auto key", version.Number{8, 0, 0, ""}, Entry{
-			Name:                       "auto key",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 true,
-			CopyTos:                    false,
-			EnableIpv6:                 true,
-			Disabled:                   false,
-			CopyFlowLabel:              true,
-			Type:                       TypeAutoKey,
-			AkIkeGateway:               "my gateway",
-			AkIpsecCryptoProfile:       "my profile",
-			EnableTunnelMonitor:        true,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v3 manual key esp md5", version.Number{8, 0, 0, ""}, Entry{
-			Name:                       "manual key esp md5",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 false,
-			CopyTos:                    true,
-			EnableIpv6:                 false,
-			Disabled:                   true,
-			CopyFlowLabel:              true,
-			Type:                       TypeManualKey,
-			MkLocalSpi:                 "local spi",
-			MkRemoteSpi:                "remote spi",
-			MkInterface:                "mk interface",
-			MkLocalAddressIp:           "10.5.5.5",
-			MkRemoteAddress:            "192.168.55.55",
-			MkProtocol:                 MkProtocolEsp,
-			MkEspEncryptionType:        MkEspEncryptionAes128,
-			MkEspEncryptionKey:         "esp key",
-			MkAuthType:                 MkAuthTypeMd5,
-			MkAuthKey:                  "auth secret",
-			EnableTunnelMonitor:        false,
-			TunnelMonitorDestinationIp: "10.1.1.1",
-			TunnelMonitorSourceIp:      "192.168.1.1",
-			TunnelMonitorProfile:       "tun prof",
-		}},
-		{"v3 manual key esp sha1", version.Number{8, 0, 0, ""}, Entry{
-			Name:                     "manual key esp sha1",
-			TunnelInterface:          "tunnel.1",
-			AntiReplay:               true,
-			CopyTos:                  true,
-			EnableIpv6:               true,
-			Disabled:                 true,
-			CopyFlowLabel:            true,
-			Type:                     TypeManualKey,
-			MkLocalSpi:               "local spi",
-			MkRemoteSpi:              "remote spi",
-			MkInterface:              "mk interface",
-			MkLocalAddressFloatingIp: "10.5.5.5",
-			MkRemoteAddress:          "192.168.55.55",
-			MkProtocol:               MkProtocolEsp,
-			MkEspEncryptionType:      MkEspEncryptionDes,
-			MkEspEncryptionKey:       "enc key",
-			MkAuthType:               MkAuthTypeSha1,
-			MkAuthKey:                "auth key",
-			TunnelMonitorProxyId:     "tun proxy id",
-		}},
-		{"v3 manual key esp sha256", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha256",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionDes,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha256,
-			MkAuthKey:           "auth key",
-		}},
-		{"v3 manual key esp sha384", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha384",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes192,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha384,
-			MkAuthKey:           "auth key",
-		}},
-		{"v3 manual key esp sha512", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "manual key esp sha512",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryptionAes256,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeSha512,
-			MkAuthKey:           "auth key",
-		}},
-		{"v3 manual key esp none", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "manual key esp none",
-			TunnelInterface:     "tunnel.1",
-			AntiReplay:          true,
-			CopyTos:             true,
-			Type:                TypeManualKey,
-			MkLocalSpi:          "local spi",
-			MkRemoteSpi:         "remote spi",
-			MkInterface:         "mk interface",
-			MkLocalAddressIp:    "10.5.5.5",
-			MkRemoteAddress:     "192.168.55.55",
-			MkProtocol:          MkProtocolEsp,
-			MkEspEncryptionType: MkEspEncryption3des,
-			MkEspEncryptionKey:  "enc key",
-			MkAuthType:          MkAuthTypeNone,
-		}},
-		{"v3 manual key ah md5", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "manual key ah md5",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeMd5,
-			MkAuthKey:        "auth key",
-		}},
-		{"v3 manual key ah sha1", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha1",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha1,
-			MkAuthKey:        "auth key",
-		}},
-		{"v3 manual key ah sha256", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha256",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha256,
-			MkAuthKey:        "auth key",
-		}},
-		{"v3 manual key ah sha384", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha384",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha384,
-			MkAuthKey:        "auth key",
-		}},
-		{"v3 manual key ah sha512", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "manual key ah sha512",
-			TunnelInterface:  "tunnel.1",
-			AntiReplay:       true,
-			CopyTos:          true,
-			Type:             TypeManualKey,
-			MkLocalSpi:       "local spi",
-			MkRemoteSpi:      "remote spi",
-			MkInterface:      "mk interface",
-			MkLocalAddressIp: "10.5.5.5",
-			MkRemoteAddress:  "192.168.55.55",
-			MkProtocol:       MkProtocolAh,
-			MkAuthType:       MkAuthTypeSha512,
-			MkAuthKey:        "auth key",
-		}},
-		{"v3 gps no cert", version.Number{8, 0, 0, ""}, Entry{
-			Name:                      "gps no cert",
-			TunnelInterface:           "tunnel.1",
-			AntiReplay:                true,
-			CopyTos:                   true,
-			Type:                      TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes: true,
-			GpsPublishRoutes:          []string{"route1", "route2"},
-			GpsInterface:              "gps interface",
-			GpsInterfaceIpIpv4:        "gps ipv4 ip",
-			GpsInterfaceIpIpv6:        "gps ipv6 ip",
-		}},
-		{"v3 gps with cert", version.Number{8, 0, 0, ""}, Entry{
-			Name:                       "gps with cert",
-			TunnelInterface:            "tunnel.1",
-			AntiReplay:                 true,
-			CopyTos:                    true,
-			Type:                       TypeGlobalProtectSatellite,
-			GpsPublishConnectedRoutes:  false,
-			GpsInterface:               "gps interface",
-			GpsInterfaceFloatingIpIpv4: "gps ipv4 floating ip",
-			GpsInterfaceFloatingIpIpv6: "gps ipv6 floating ip",
-			GpsLocalCertificate:        "my cert",
-			GpsCertificateProfile:      "cert prof",
-		}},
-	}
-}
diff --git a/netw/pano.go b/netw/pano.go
deleted file mode 100644
index 460afbd1..00000000
--- a/netw/pano.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package netw
-
-import (
-	"github.com/PaloAltoNetworks/pango/netw/ikegw"
-	aggeth "github.com/PaloAltoNetworks/pango/netw/interface/aggregate"
-	"github.com/PaloAltoNetworks/pango/netw/interface/arp"
-	"github.com/PaloAltoNetworks/pango/netw/interface/eth"
-	ipv6a "github.com/PaloAltoNetworks/pango/netw/interface/ipv6/address"
-	ipv6n "github.com/PaloAltoNetworks/pango/netw/interface/ipv6/neighbor"
-	"github.com/PaloAltoNetworks/pango/netw/interface/loopback"
-	"github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer2"
-	"github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer3"
-	"github.com/PaloAltoNetworks/pango/netw/interface/tunnel"
-	vli "github.com/PaloAltoNetworks/pango/netw/interface/vlan"
-	"github.com/PaloAltoNetworks/pango/netw/ipsectunnel"
-	tpiv4 "github.com/PaloAltoNetworks/pango/netw/ipsectunnel/proxyid/ipv4"
-	"github.com/PaloAltoNetworks/pango/netw/profile/bfd"
-	"github.com/PaloAltoNetworks/pango/netw/profile/gp"
-	"github.com/PaloAltoNetworks/pango/netw/profile/ike"
-	"github.com/PaloAltoNetworks/pango/netw/profile/ipsec"
-	"github.com/PaloAltoNetworks/pango/netw/profile/mngtprof"
-	"github.com/PaloAltoNetworks/pango/netw/profile/monitor"
-	redist4 "github.com/PaloAltoNetworks/pango/netw/routing/profile/redist/ipv4"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate"
-	agaf "github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate/filter/advertise"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/aggregate/filter/suppress"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv/filter/advertise"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/conadv/filter/nonexist"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/exp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/imp"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/peer"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/peer/group"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/profile/auth"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/profile/dampening"
-	bgpredist "github.com/PaloAltoNetworks/pango/netw/routing/protocol/bgp/redist"
-	"github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf"
-	ospfarea "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area"
-	ospfint "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area/iface"
-	ospfvlink "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/area/vlink"
-	ospfexp "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/exp"
-	ospfauth "github.com/PaloAltoNetworks/pango/netw/routing/protocol/ospf/profile/auth"
-	"github.com/PaloAltoNetworks/pango/netw/routing/route/static/ipv4"
-	ipv6sr "github.com/PaloAltoNetworks/pango/netw/routing/route/static/ipv6"
-	"github.com/PaloAltoNetworks/pango/netw/routing/router"
-	"github.com/PaloAltoNetworks/pango/netw/tunnel/gre"
-	"github.com/PaloAltoNetworks/pango/netw/vlan"
-	"github.com/PaloAltoNetworks/pango/netw/zone"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network namespace.
-type Panorama struct {
-	AggregateInterface              *aggeth.Panorama
-	Arp                             *arp.Panorama
-	BfdProfile                      *bfd.Panorama
-	BgpAggregate                    *aggregate.Panorama
-	BgpAggAdvertiseFilter           *agaf.Panorama
-	BgpAggSuppressFilter            *suppress.Panorama
-	BgpAuthProfile                  *auth.Panorama
-	BgpConAdvAdvertiseFilter        *advertise.Panorama
-	BgpConAdvNonExistFilter         *nonexist.Panorama
-	BgpConditionalAdv               *conadv.Panorama
-	BgpConfig                       *bgp.Panorama
-	BgpDampeningProfile             *dampening.Panorama
-	BgpExport                       *exp.Panorama
-	BgpImport                       *imp.Panorama
-	BgpPeer                         *peer.Panorama
-	BgpPeerGroup                    *group.Panorama
-	BgpRedistRule                   *bgpredist.Panorama
-	EthernetInterface               *eth.Panorama
-	GlobalProtectIpsecCryptoProfile *gp.Panorama
-	GreTunnel                       *gre.Panorama
-	IkeCryptoProfile                *ike.Panorama
-	IkeGateway                      *ikegw.Panorama
-	IpsecCryptoProfile              *ipsec.Panorama
-	IpsecTunnel                     *ipsectunnel.Panorama
-	IpsecTunnelProxyId              *tpiv4.Panorama
-	Ipv6Address                     *ipv6a.Panorama
-	Ipv6NeighborDiscovery           *ipv6n.Panorama
-	Ipv6StaticRoute                 *ipv6sr.Panorama
-	Layer2Subinterface              *layer2.Panorama
-	Layer3Subinterface              *layer3.Panorama
-	LoopbackInterface               *loopback.Panorama
-	ManagementProfile               *mngtprof.Panorama
-	MonitorProfile                  *monitor.Panorama
-	OspfArea                        *ospfarea.Panorama
-	OspfAreaInterface               *ospfint.Panorama
-	OspfAreaVirtualLink             *ospfvlink.Panorama
-	OspfAuthProfile                 *ospfauth.Panorama
-	OspfConfig                      *ospf.Panorama
-	OspfExport                      *ospfexp.Panorama
-	RedistributionProfile           *redist4.Panorama
-	StaticRoute                     *ipv4.Panorama
-	TunnelInterface                 *tunnel.Panorama
-	VirtualRouter                   *router.Panorama
-	Vlan                            *vlan.Panorama
-	VlanInterface                   *vli.Panorama
-	Zone                            *zone.Panorama
-}
-
-func PanoramaNamespace(x util.XapiClient) *Panorama {
-	return &Panorama{
-		AggregateInterface:              aggeth.PanoramaNamespace(x),
-		Arp:                             arp.PanoramaNamespace(x),
-		BfdProfile:                      bfd.PanoramaNamespace(x),
-		BgpAggregate:                    aggregate.PanoramaNamespace(x),
-		BgpAggAdvertiseFilter:           agaf.PanoramaNamespace(x),
-		BgpAggSuppressFilter:            suppress.PanoramaNamespace(x),
-		BgpAuthProfile:                  auth.PanoramaNamespace(x),
-		BgpConAdvAdvertiseFilter:        advertise.PanoramaNamespace(x),
-		BgpConAdvNonExistFilter:         nonexist.PanoramaNamespace(x),
-		BgpConditionalAdv:               conadv.PanoramaNamespace(x),
-		BgpConfig:                       bgp.PanoramaNamespace(x),
-		BgpDampeningProfile:             dampening.PanoramaNamespace(x),
-		BgpExport:                       exp.PanoramaNamespace(x),
-		BgpImport:                       imp.PanoramaNamespace(x),
-		BgpPeer:                         peer.PanoramaNamespace(x),
-		BgpPeerGroup:                    group.PanoramaNamespace(x),
-		BgpRedistRule:                   bgpredist.PanoramaNamespace(x),
-		EthernetInterface:               eth.PanoramaNamespace(x),
-		GlobalProtectIpsecCryptoProfile: gp.PanoramaNamespace(x),
-		GreTunnel:                       gre.PanoramaNamespace(x),
-		IkeCryptoProfile:                ike.PanoramaNamespace(x),
-		IkeGateway:                      ikegw.PanoramaNamespace(x),
-		IpsecCryptoProfile:              ipsec.PanoramaNamespace(x),
-		IpsecTunnel:                     ipsectunnel.PanoramaNamespace(x),
-		IpsecTunnelProxyId:              tpiv4.PanoramaNamespace(x),
-		Ipv6Address:                     ipv6a.PanoramaNamespace(x),
-		Ipv6NeighborDiscovery:           ipv6n.PanoramaNamespace(x),
-		Ipv6StaticRoute:                 ipv6sr.PanoramaNamespace(x),
-		Layer2Subinterface:              layer2.PanoramaNamespace(x),
-		Layer3Subinterface:              layer3.PanoramaNamespace(x),
-		LoopbackInterface:               loopback.PanoramaNamespace(x),
-		ManagementProfile:               mngtprof.PanoramaNamespace(x),
-		MonitorProfile:                  monitor.PanoramaNamespace(x),
-		OspfArea:                        ospfarea.PanoramaNamespace(x),
-		OspfAreaInterface:               ospfint.PanoramaNamespace(x),
-		OspfAreaVirtualLink:             ospfvlink.PanoramaNamespace(x),
-		OspfAuthProfile:                 ospfauth.PanoramaNamespace(x),
-		OspfConfig:                      ospf.PanoramaNamespace(x),
-		OspfExport:                      ospfexp.PanoramaNamespace(x),
-		RedistributionProfile:           redist4.PanoramaNamespace(x),
-		StaticRoute:                     ipv4.PanoramaNamespace(x),
-		TunnelInterface:                 tunnel.PanoramaNamespace(x),
-		VirtualRouter:                   router.PanoramaNamespace(x),
-		Vlan:                            vlan.PanoramaNamespace(x),
-		VlanInterface:                   vli.PanoramaNamespace(x),
-		Zone:                            zone.PanoramaNamespace(x),
-	}
-}
diff --git a/netw/profile/bfd/const.go b/netw/profile/bfd/const.go
deleted file mode 100644
index ca08415a..00000000
--- a/netw/profile/bfd/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package bfd
-
-// Valid values for Entry.Mode.
-const (
-	ModeActive  = "active"
-	ModePassive = "passive"
-)
-
-const (
-	singular = "bfd profile"
-	plural   = "bfd profiles"
-)
diff --git a/netw/profile/bfd/doc.go b/netw/profile/bfd/doc.go
deleted file mode 100644
index 454cb659..00000000
--- a/netw/profile/bfd/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package bfd is the client.Network.BfdProfile namespace.
-//
-// Normalized object:  Entry
-package bfd
diff --git a/netw/profile/bfd/entry.go b/netw/profile/bfd/entry.go
deleted file mode 100644
index 8852de6c..00000000
--- a/netw/profile/bfd/entry.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package bfd
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BFD profile.
-type Entry struct {
-	Name                string
-	Mode                string
-	MinimumTxInterval   int
-	MinimumRxInterval   int
-	DetectionMultiplier int
-	HoldTime            int
-	MinimumRxTtl        int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Mode = s.Mode
-	o.MinimumTxInterval = s.MinimumTxInterval
-	o.MinimumRxInterval = s.MinimumRxInterval
-	o.DetectionMultiplier = s.DetectionMultiplier
-	o.HoldTime = s.HoldTime
-	o.MinimumRxTtl = s.MinimumRxTtl
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                o.Name,
-		Mode:                o.Mode,
-		MinimumTxInterval:   o.MinimumTxInterval,
-		MinimumRxInterval:   o.MinimumRxInterval,
-		DetectionMultiplier: o.DetectionMultiplier,
-		HoldTime:            o.HoldTime,
-	}
-
-	if o.Multihop != nil {
-		ans.MinimumRxTtl = o.Multihop.MinimumRxTtl
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName             xml.Name  `xml:"entry"`
-	Name                string    `xml:"name,attr"`
-	Mode                string    `xml:"mode,omitempty"`
-	MinimumTxInterval   int       `xml:"min-tx-interval,omitempty"`
-	MinimumRxInterval   int       `xml:"min-rx-interval,omitempty"`
-	DetectionMultiplier int       `xml:"detection-multiplier,omitempty"`
-	HoldTime            int       `xml:"hold-time,omitempty"`
-	Multihop            *multihop `xml:"multihop"`
-}
-
-type multihop struct {
-	MinimumRxTtl int `xml:"min-received-ttl"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                e.Name,
-		Mode:                e.Mode,
-		MinimumTxInterval:   e.MinimumTxInterval,
-		MinimumRxInterval:   e.MinimumRxInterval,
-		DetectionMultiplier: e.DetectionMultiplier,
-		HoldTime:            e.HoldTime,
-	}
-
-	if e.MinimumRxTtl != 0 {
-		ans.Multihop = &multihop{e.MinimumRxTtl}
-	}
-
-	return ans
-}
diff --git a/netw/profile/bfd/funcs.go b/netw/profile/bfd/funcs.go
deleted file mode 100644
index 5e7cc263..00000000
--- a/netw/profile/bfd/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package bfd
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/bfd/fw.go b/netw/profile/bfd/fw.go
deleted file mode 100644
index 92bbde15..00000000
--- a/netw/profile/bfd/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package bfd
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BfdProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"bfd-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/bfd/fw_test.go b/netw/profile/bfd/fw_test.go
deleted file mode 100644
index 8d5e25e9..00000000
--- a/netw/profile/bfd/fw_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package bfd
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/bfd/pano.go b/netw/profile/bfd/pano.go
deleted file mode 100644
index 52aa2439..00000000
--- a/netw/profile/bfd/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package bfd
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BfdProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"bfd-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/bfd/pano_test.go b/netw/profile/bfd/pano_test.go
deleted file mode 100644
index 1150a41d..00000000
--- a/netw/profile/bfd/pano_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package bfd
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set("tem1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tem1", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/bfd/testdata_test.go b/netw/profile/bfd/testdata_test.go
deleted file mode 100644
index 015f6b0c..00000000
--- a/netw/profile/bfd/testdata_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package bfd
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test1", Entry{
-			Name:                "test1",
-			Mode:                ModeActive,
-			MinimumTxInterval:   3,
-			MinimumRxInterval:   4,
-			DetectionMultiplier: 5,
-			HoldTime:            6,
-		}},
-		{"test2", Entry{
-			Name:         "test2",
-			MinimumRxTtl: 7,
-		}},
-		{"test3", Entry{
-			Name:     "test3",
-			Mode:     ModePassive,
-			HoldTime: 42,
-		}},
-	}
-}
diff --git a/netw/profile/gp/const.go b/netw/profile/gp/const.go
deleted file mode 100644
index c09342e7..00000000
--- a/netw/profile/gp/const.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package gp
-
-// Valid values for Entry.Encryption.
-const (
-	EncryptionAes128Cbc = "aes-128-cbc"
-	EncryptionAes128Gcm = "aes-128-gcm"
-	EncryptionAes256Gcm = "aes-256-gcm"
-)
-
-const (
-	AuthenticationSha1 = "sha1"
-)
-
-const (
-	singular = "globalprotect ipsec crypto profile"
-	plural   = "globalprotect ipsec crypto profiles"
-)
diff --git a/netw/profile/gp/doc.go b/netw/profile/gp/doc.go
deleted file mode 100644
index 50d2dabc..00000000
--- a/netw/profile/gp/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package gp is the client.Network.GlobalProtectIpsecCryptoProfile namespace.
-//
-// Normalized object:  Entry
-package gp
diff --git a/netw/profile/gp/entry.go b/netw/profile/gp/entry.go
deleted file mode 100644
index 39091e04..00000000
--- a/netw/profile/gp/entry.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package gp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a GlobalProtect
-// IPSec crypto profile.
-type Entry struct {
-	Name            string
-	Encryptions     []string
-	Authentications []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Encryptions = util.CopyStringSlice(s.Encryptions)
-	o.Authentications = util.CopyStringSlice(s.Authentications)
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		Encryptions:     util.MemToStr(o.Encryptions),
-		Authentications: util.MemToStr(o.Authentications),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name         `xml:"entry"`
-	Name            string           `xml:"name,attr"`
-	Encryptions     *util.MemberType `xml:"encryption"`
-	Authentications *util.MemberType `xml:"authentication"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:            e.Name,
-		Encryptions:     util.StrToMem(e.Encryptions),
-		Authentications: util.StrToMem(e.Authentications),
-	}
-
-	return ans
-}
diff --git a/netw/profile/gp/funcs.go b/netw/profile/gp/funcs.go
deleted file mode 100644
index c3f2e8d5..00000000
--- a/netw/profile/gp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package gp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/gp/fw.go b/netw/profile/gp/fw.go
deleted file mode 100644
index eb99ecdc..00000000
--- a/netw/profile/gp/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package gp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.GlobalProtectIpsecCryptoProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"global-protect-app-crypto-profiles",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/gp/fw_test.go b/netw/profile/gp/fw_test.go
deleted file mode 100644
index ed1b304f..00000000
--- a/netw/profile/gp/fw_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package gp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/gp/pano.go b/netw/profile/gp/pano.go
deleted file mode 100644
index 3ca3b785..00000000
--- a/netw/profile/gp/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package gp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.GlobalProtectIpsecCryptoProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"global-protect-app-crypto-profiles",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/gp/pano_test.go b/netw/profile/gp/pano_test.go
deleted file mode 100644
index f86abd95..00000000
--- a/netw/profile/gp/pano_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package gp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set("tem1", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tem1", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/gp/testdata_test.go b/netw/profile/gp/testdata_test.go
deleted file mode 100644
index 9220d329..00000000
--- a/netw/profile/gp/testdata_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package gp
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test1", Entry{
-			Name: "test1",
-			Encryptions: []string{
-				EncryptionAes128Cbc,
-				EncryptionAes128Gcm,
-			},
-			Authentications: []string{AuthenticationSha1},
-		}},
-		{"test2", Entry{
-			Name: "test2",
-			Encryptions: []string{
-				EncryptionAes256Gcm,
-			},
-			Authentications: []string{AuthenticationSha1},
-		}},
-	}
-}
diff --git a/netw/profile/ike/const.go b/netw/profile/ike/const.go
deleted file mode 100644
index bb19089e..00000000
--- a/netw/profile/ike/const.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package ike
-
-// Valid Entryption values.
-const (
-	EncryptionDes       = "des"
-	Encryption3des      = "3des"
-	EncryptionAes128    = "aes-128-cbc"
-	EncryptionAes192    = "aes-192-cbc"
-	EncryptionAes256    = "aes-256-cbc"
-	EncryptionAes128Gcm = "aes-128-gcm"
-	EncryptionAes256Gcm = "aes-256-gcm"
-)
-
-// Valid Time values.
-const (
-	TimeSeconds = "seconds"
-	TimeMinutes = "minutes"
-	TimeHours   = "hours"
-	TimeDays    = "days"
-)
-
-const (
-	singular = "ike crypto profile"
-	plural   = "ike crypto profiles"
-)
diff --git a/netw/profile/ike/doc.go b/netw/profile/ike/doc.go
deleted file mode 100644
index f467e602..00000000
--- a/netw/profile/ike/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package ike is the client.Network.IkeCryptoProfile namespace.
-//
-// Normalized object:  Entry
-package ike
diff --git a/netw/profile/ike/entry.go b/netw/profile/ike/entry.go
deleted file mode 100644
index 70a2d425..00000000
--- a/netw/profile/ike/entry.go
+++ /dev/null
@@ -1,325 +0,0 @@
-package ike
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// IKE crypto profile.
-type Entry struct {
-	Name                   string
-	DhGroup                []string
-	Authentication         []string
-	Encryption             []string
-	LifetimeType           string
-	LifetimeValue          int
-	AuthenticationMultiple int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.DhGroup = s.DhGroup
-	if s.DhGroup == nil {
-		o.DhGroup = nil
-	} else {
-		o.DhGroup = make([]string, len(s.DhGroup))
-		copy(o.DhGroup, s.DhGroup)
-	}
-	if s.Authentication == nil {
-		o.Authentication = nil
-	} else {
-		o.Authentication = make([]string, len(s.Authentication))
-		copy(o.Authentication, s.Authentication)
-	}
-	if s.Encryption == nil {
-		o.Encryption = nil
-	} else {
-		o.Encryption = make([]string, len(s.Encryption))
-		copy(o.Encryption, s.Encryption)
-	}
-	o.LifetimeType = s.LifetimeType
-	o.LifetimeValue = s.LifetimeValue
-	o.AuthenticationMultiple = s.AuthenticationMultiple
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-func specifyEncryption(vals []string, v int) []string {
-	if vals == nil {
-		return nil
-	}
-
-	nv := make([]string, len(vals))
-	switch v {
-	case 2:
-		for i := range vals {
-			switch vals[i] {
-			case EncryptionDes:
-				nv[i] = "des"
-			case Encryption3des:
-				nv[i] = "3des"
-			case EncryptionAes128:
-				nv[i] = "aes-128-cbc"
-			case EncryptionAes192:
-				nv[i] = "aes-192-cbc"
-			case EncryptionAes256:
-				nv[i] = "aes-256-cbc"
-			case EncryptionAes128Gcm:
-				nv[i] = "aes-128-gcm"
-			case EncryptionAes256Gcm:
-				nv[i] = "aes-256-gcm"
-			default:
-				nv[i] = vals[i]
-			}
-		}
-	case 1:
-		for i := range vals {
-			switch vals[i] {
-			case Encryption3des:
-				nv[i] = "3des"
-			case EncryptionAes128:
-				nv[i] = "aes128"
-			case EncryptionAes192:
-				nv[i] = "aes192"
-			case EncryptionAes256:
-				nv[i] = "aes256"
-			default:
-				nv[i] = vals[i]
-			}
-		}
-	default:
-		copy(nv, vals)
-	}
-
-	return nv
-}
-
-func normalizeEncryption(v []string) []string {
-	if v == nil {
-		return nil
-	}
-
-	ans := make([]string, len(v))
-	for i := range v {
-		switch v[i] {
-		case "des":
-			ans[i] = EncryptionDes
-		case "3des":
-			ans[i] = Encryption3des
-		case "aes-128-cbc", "aes128":
-			ans[i] = EncryptionAes128
-		case "aes-192-cbc", "aes192":
-			ans[i] = EncryptionAes192
-		case "aes-256-cbc", "aes256":
-			ans[i] = EncryptionAes256
-		case "aes-128-gcm":
-			ans[i] = EncryptionAes128Gcm
-		case "aes-256-gcm":
-			ans[i] = EncryptionAes256Gcm
-		default:
-			ans[i] = v[i]
-		}
-	}
-
-	return ans
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:           o.Name,
-		DhGroup:        util.MemToStr(o.DhGroup),
-		Authentication: util.MemToStr(o.Authentication),
-		Encryption:     normalizeEncryption(util.MemToStr(o.Encryption)),
-	}
-
-	if o.Lifetime != nil {
-		if o.Lifetime.Seconds != 0 {
-			ans.LifetimeType = TimeSeconds
-			ans.LifetimeValue = o.Lifetime.Seconds
-		} else if o.Lifetime.Minutes != 0 {
-			ans.LifetimeType = TimeMinutes
-			ans.LifetimeValue = o.Lifetime.Minutes
-		} else if o.Lifetime.Hours != 0 {
-			ans.LifetimeType = TimeHours
-			ans.LifetimeValue = o.Lifetime.Hours
-		} else if o.Lifetime.Days != 0 {
-			ans.LifetimeType = TimeDays
-			ans.LifetimeValue = o.Lifetime.Days
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                   o.Name,
-		DhGroup:                util.MemToStr(o.DhGroup),
-		Authentication:         util.MemToStr(o.Authentication),
-		Encryption:             normalizeEncryption(util.MemToStr(o.Encryption)),
-		AuthenticationMultiple: o.AuthenticationMultiple,
-	}
-
-	if o.Lifetime != nil {
-		if o.Lifetime.Seconds != 0 {
-			ans.LifetimeType = TimeSeconds
-			ans.LifetimeValue = o.Lifetime.Seconds
-		} else if o.Lifetime.Minutes != 0 {
-			ans.LifetimeType = TimeMinutes
-			ans.LifetimeValue = o.Lifetime.Minutes
-		} else if o.Lifetime.Hours != 0 {
-			ans.LifetimeType = TimeHours
-			ans.LifetimeValue = o.Lifetime.Hours
-		} else if o.Lifetime.Days != 0 {
-			ans.LifetimeType = TimeDays
-			ans.LifetimeValue = o.Lifetime.Days
-		}
-	}
-
-	// Normalize the encryption values.
-	for i := range ans.Encryption {
-		switch ans.Encryption[i] {
-		case "des":
-			ans.Encryption[i] = EncryptionDes
-		case "3des":
-			ans.Encryption[i] = Encryption3des
-		case "aes-128-cbc", "aes128":
-			ans.Encryption[i] = EncryptionAes128
-		case "aes-192-cbc", "aes192":
-			ans.Encryption[i] = EncryptionAes192
-		case "aes-256-cbc", "aes256":
-			ans.Encryption[i] = EncryptionAes256
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName        xml.Name         `xml:"entry"`
-	Name           string           `xml:"name,attr"`
-	DhGroup        *util.MemberType `xml:"dh-group"`
-	Authentication *util.MemberType `xml:"hash"`
-	Encryption     *util.MemberType `xml:"encryption"`
-	Lifetime       *lifetimeType    `xml:"lifetime"`
-}
-
-type lifetimeType struct {
-	Seconds int `xml:"seconds,omitempty"`
-	Minutes int `xml:"minutes,omitempty"`
-	Hours   int `xml:"hours,omitempty"`
-	Days    int `xml:"days,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:           e.Name,
-		DhGroup:        util.StrToMem(e.DhGroup),
-		Authentication: util.StrToMem(e.Authentication),
-		Encryption:     util.StrToMem(specifyEncryption(e.Encryption, 1)),
-	}
-
-	switch e.LifetimeType {
-	case TimeSeconds:
-		ans.Lifetime = &lifetimeType{Seconds: e.LifetimeValue}
-	case TimeMinutes:
-		ans.Lifetime = &lifetimeType{Minutes: e.LifetimeValue}
-	case TimeHours:
-		ans.Lifetime = &lifetimeType{Hours: e.LifetimeValue}
-	case TimeDays:
-		ans.Lifetime = &lifetimeType{Days: e.LifetimeValue}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	DhGroup                *util.MemberType `xml:"dh-group"`
-	Authentication         *util.MemberType `xml:"hash"`
-	Encryption             *util.MemberType `xml:"encryption"`
-	AuthenticationMultiple int              `xml:"authentication-multiple,omitempty"`
-	Lifetime               *lifetimeType    `xml:"lifetime"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                   e.Name,
-		DhGroup:                util.StrToMem(e.DhGroup),
-		Authentication:         util.StrToMem(e.Authentication),
-		Encryption:             util.StrToMem(specifyEncryption(e.Encryption, 2)),
-		AuthenticationMultiple: e.AuthenticationMultiple,
-	}
-
-	switch e.LifetimeType {
-	case TimeSeconds:
-		ans.Lifetime = &lifetimeType{Seconds: e.LifetimeValue}
-	case TimeMinutes:
-		ans.Lifetime = &lifetimeType{Minutes: e.LifetimeValue}
-	case TimeHours:
-		ans.Lifetime = &lifetimeType{Hours: e.LifetimeValue}
-	case TimeDays:
-		ans.Lifetime = &lifetimeType{Days: e.LifetimeValue}
-	}
-
-	return ans
-}
diff --git a/netw/profile/ike/funcs.go b/netw/profile/ike/funcs.go
deleted file mode 100644
index 32532990..00000000
--- a/netw/profile/ike/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package ike
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/ike/fw.go b/netw/profile/ike/fw.go
deleted file mode 100644
index 007a5612..00000000
--- a/netw/profile/ike/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package ike
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.IkeCryptoProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"ike-crypto-profiles",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/ike/fw_test.go b/netw/profile/ike/fw_test.go
deleted file mode 100644
index 700c1055..00000000
--- a/netw/profile/ike/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ike
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/ike/pano.go b/netw/profile/ike/pano.go
deleted file mode 100644
index a50a88e9..00000000
--- a/netw/profile/ike/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package ike
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.IkeCryptoProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"ike-crypto-profiles",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/ike/pano_test.go b/netw/profile/ike/pano_test.go
deleted file mode 100644
index a7bfe360..00000000
--- a/netw/profile/ike/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ike
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("my test", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my test", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/ike/testdata_test.go b/netw/profile/ike/testdata_test.go
deleted file mode 100644
index 03b2cfa2..00000000
--- a/netw/profile/ike/testdata_test.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package ike
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 md5 aes128 1sec", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test1",
-			DhGroup:        []string{"group1"},
-			Encryption:     []string{EncryptionAes128},
-			Authentication: []string{"md5"},
-			LifetimeType:   TimeSeconds,
-			LifetimeValue:  1,
-		}},
-		{"v1 sha1/256 aes128/192 2min", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test2",
-			DhGroup:        []string{"group2"},
-			Encryption:     []string{EncryptionAes128, EncryptionAes192},
-			Authentication: []string{"sha1", "sha256"},
-			LifetimeType:   TimeMinutes,
-			LifetimeValue:  2,
-		}},
-		{"v1 md5/sha512 3des/aes256 3hr", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test3",
-			DhGroup:        []string{"group5"},
-			Encryption:     []string{Encryption3des, EncryptionAes128},
-			Authentication: []string{"md5", "sha512"},
-			LifetimeType:   TimeHours,
-			LifetimeValue:  3,
-		}},
-		{"v1 sha384 aes192 4d", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test4",
-			DhGroup:        []string{"group14"},
-			Encryption:     []string{EncryptionAes192},
-			Authentication: []string{"sha384"},
-			LifetimeType:   TimeDays,
-			LifetimeValue:  4,
-		}},
-		{"v2 md5 aes128 1sec", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test1",
-			DhGroup:        []string{"group1"},
-			Encryption:     []string{EncryptionAes128},
-			Authentication: []string{"md5"},
-			LifetimeType:   TimeSeconds,
-			LifetimeValue:  1,
-		}},
-		{"v2 sha1/256 aes128/192 2min am5", version.Number{7, 0, 0, ""}, Entry{
-			Name:                   "test2",
-			DhGroup:                []string{"group2"},
-			Encryption:             []string{EncryptionAes128, EncryptionAes192},
-			Authentication:         []string{"sha1", "sha256"},
-			LifetimeType:           TimeMinutes,
-			LifetimeValue:          2,
-			AuthenticationMultiple: 5,
-		}},
-		{"v2 md5/sha512 3des/aes256 3hr", version.Number{7, 1, 0, ""}, Entry{
-			Name:           "test3",
-			DhGroup:        []string{"group5"},
-			Encryption:     []string{Encryption3des, EncryptionAes128},
-			Authentication: []string{"md5", "sha512"},
-			LifetimeType:   TimeHours,
-			LifetimeValue:  3,
-		}},
-		{"v2 sha384 aes192 4d am7", version.Number{7, 1, 0, ""}, Entry{
-			Name:                   "test4",
-			DhGroup:                []string{"group14"},
-			Encryption:             []string{EncryptionAes192},
-			Authentication:         []string{"sha384"},
-			LifetimeType:           TimeDays,
-			LifetimeValue:          4,
-			AuthenticationMultiple: 7,
-		}},
-	}
-}
diff --git a/netw/profile/ipsec/const.go b/netw/profile/ipsec/const.go
deleted file mode 100644
index 5b8bbb42..00000000
--- a/netw/profile/ipsec/const.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ipsec
-
-const (
-	ProtocolEsp = "esp"
-	ProtocolAh  = "ah"
-)
-
-const (
-	EncryptionDes       = "des"
-	Encryption3des      = "3des"
-	EncryptionAes128    = "aes-128-cbc"
-	EncryptionAes192    = "aes-192-cbc"
-	EncryptionAes256    = "aes-256-cbc"
-	EncryptionAes128Gcm = "aes-128-gcm"
-	EncryptionAes256Gcm = "aes-256-gcm"
-	EncryptionNull      = "null"
-)
-
-const (
-	TimeSeconds = "seconds"
-	TimeMinutes = "minutes"
-	TimeHours   = "hours"
-	TimeDays    = "days"
-)
-
-const (
-	SizeKb = "kb"
-	SizeMb = "mb"
-	SizeGb = "gb"
-	SizeTb = "tb"
-)
-
-const (
-	singular = "ipsec crypto profile"
-	plural   = "ipsec crypto profiles"
-)
diff --git a/netw/profile/ipsec/doc.go b/netw/profile/ipsec/doc.go
deleted file mode 100644
index 68e275df..00000000
--- a/netw/profile/ipsec/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package ipsec is the client.Network.IpsecCryptoProfile namespace.
-//
-// Normalized object:  Entry
-package ipsec
diff --git a/netw/profile/ipsec/entry.go b/netw/profile/ipsec/entry.go
deleted file mode 100644
index 8b0f8141..00000000
--- a/netw/profile/ipsec/entry.go
+++ /dev/null
@@ -1,412 +0,0 @@
-package ipsec
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an interface
-// management profile.
-type Entry struct {
-	Name           string
-	Protocol       string
-	Encryption     []string
-	Authentication []string
-	DhGroup        string
-	LifetimeType   string
-	LifetimeValue  int
-	LifesizeType   string
-	LifesizeValue  int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Protocol = s.Protocol
-	if s.Encryption == nil {
-		o.Encryption = nil
-	} else {
-		o.Encryption = make([]string, len(s.Encryption))
-		copy(o.Encryption, s.Encryption)
-	}
-	if s.Authentication == nil {
-		o.Authentication = nil
-	} else {
-		o.Authentication = make([]string, len(s.Authentication))
-		copy(o.Authentication, s.Authentication)
-	}
-	o.DhGroup = s.DhGroup
-	o.LifetimeType = s.LifetimeType
-	o.LifetimeValue = s.LifetimeValue
-	o.LifesizeType = s.LifesizeType
-	o.LifesizeValue = s.LifesizeValue
-}
-
-func specifyEncryption(vals []string, v int) []string {
-	if vals == nil {
-		return nil
-	}
-
-	nv := make([]string, len(vals))
-	switch v {
-	case 2:
-		for i := range vals {
-			switch vals[i] {
-			case EncryptionDes:
-				nv[i] = "des"
-			case Encryption3des:
-				nv[i] = "3des"
-			case EncryptionAes128:
-				nv[i] = "aes-128-cbc"
-			case EncryptionAes192:
-				nv[i] = "aes-192-cbc"
-			case EncryptionAes256:
-				nv[i] = "aes-256-cbc"
-			case EncryptionAes128Gcm:
-				nv[i] = "aes-128-gcm"
-			case EncryptionAes256Gcm:
-				nv[i] = "aes-256-gcm"
-			case EncryptionNull:
-				nv[i] = "null"
-			default:
-				nv[i] = vals[i]
-			}
-		}
-	case 1:
-		for i := range vals {
-			switch vals[i] {
-			case Encryption3des:
-				nv[i] = "3des"
-			case EncryptionAes128:
-				nv[i] = "aes128"
-			case EncryptionAes192:
-				nv[i] = "aes192"
-			case EncryptionAes256:
-				nv[i] = "aes256"
-			case EncryptionNull:
-				nv[i] = "null"
-			default:
-				nv[i] = vals[i]
-			}
-		}
-	default:
-		copy(nv, vals)
-	}
-
-	return nv
-}
-
-func normalizeEncryption(vals []string) []string {
-	if vals == nil {
-		return nil
-	}
-
-	nv := make([]string, len(vals))
-	for i := range vals {
-		switch vals[i] {
-		case "des":
-			nv[i] = EncryptionDes
-		case "3des":
-			nv[i] = Encryption3des
-		case "aes-128-cbc", "aes128":
-			nv[i] = EncryptionAes128
-		case "aes-192-cbc", "aes192":
-			nv[i] = EncryptionAes192
-		case "aes-256-cbc", "aes256":
-			nv[i] = EncryptionAes256
-		case "aes-128-gcm":
-			nv[i] = EncryptionAes128Gcm
-		case "aes-256-gcm":
-			nv[i] = EncryptionAes256Gcm
-		case "null":
-			nv[i] = EncryptionNull
-		default:
-			nv[i] = vals[i]
-		}
-	}
-
-	return nv
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		DhGroup: o.DhGroup,
-	}
-
-	if o.Esp != nil {
-		ans.Protocol = ProtocolEsp
-		ans.Encryption = normalizeEncryption(util.MemToStr(o.Esp.Encryption))
-		ans.Authentication = util.MemToStr(o.Esp.Authentication)
-	} else if o.Ah != nil {
-		ans.Protocol = ProtocolAh
-		ans.Authentication = util.MemToStr(o.Ah.Authentication)
-	}
-
-	if o.Lifetime != nil {
-		if o.Lifetime.Seconds != 0 {
-			ans.LifetimeType = TimeSeconds
-			ans.LifetimeValue = o.Lifetime.Seconds
-		} else if o.Lifetime.Minutes != 0 {
-			ans.LifetimeType = TimeMinutes
-			ans.LifetimeValue = o.Lifetime.Minutes
-		} else if o.Lifetime.Hours != 0 {
-			ans.LifetimeType = TimeHours
-			ans.LifetimeValue = o.Lifetime.Hours
-		} else if o.Lifetime.Days != 0 {
-			ans.LifetimeType = TimeDays
-			ans.LifetimeValue = o.Lifetime.Days
-		}
-	}
-
-	if o.Lifesize != nil {
-		if o.Lifesize.Kb != 0 {
-			ans.LifesizeType = SizeKb
-			ans.LifesizeValue = o.Lifesize.Kb
-		} else if o.Lifesize.Mb != 0 {
-			ans.LifesizeType = SizeMb
-			ans.LifesizeValue = o.Lifesize.Mb
-		} else if o.Lifesize.Gb != 0 {
-			ans.LifesizeType = SizeGb
-			ans.LifesizeValue = o.Lifesize.Gb
-		} else if o.Lifesize.Tb != 0 {
-			ans.LifesizeType = SizeTb
-			ans.LifesizeValue = o.Lifesize.Tb
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name      `xml:"entry"`
-	Name     string        `xml:"name,attr"`
-	Esp      *espType      `xml:"esp"`
-	Ah       *ahType       `xml:"ah"`
-	DhGroup  string        `xml:"dh-group,omitempty"`
-	Lifetime *lifetimeType `xml:"lifetime"`
-	Lifesize *lifesizeType `xml:"lifesize"`
-}
-
-type espType struct {
-	Encryption     *util.MemberType `xml:"encryption"`
-	Authentication *util.MemberType `xml:"authentication"`
-}
-
-type ahType struct {
-	Authentication *util.MemberType `xml:"authentication"`
-}
-
-type lifetimeType struct {
-	Seconds int `xml:"seconds,omitempty"`
-	Minutes int `xml:"minutes,omitempty"`
-	Hours   int `xml:"hours,omitempty"`
-	Days    int `xml:"days,omitempty"`
-}
-
-type lifesizeType struct {
-	Kb int `xml:"kb,omitempty"`
-	Mb int `xml:"mb,omitempty"`
-	Gb int `xml:"gb,omitempty"`
-	Tb int `xml:"tb,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:    e.Name,
-		DhGroup: e.DhGroup,
-	}
-
-	switch e.Protocol {
-	case ProtocolEsp:
-		ans.Esp = &espType{
-			Encryption:     util.StrToMem(specifyEncryption(e.Encryption, 1)),
-			Authentication: util.StrToMem(e.Authentication),
-		}
-	case ProtocolAh:
-		ans.Ah = &ahType{util.StrToMem(e.Authentication)}
-	}
-
-	switch e.LifetimeType {
-	case TimeSeconds:
-		ans.Lifetime = &lifetimeType{Seconds: e.LifetimeValue}
-	case TimeMinutes:
-		ans.Lifetime = &lifetimeType{Minutes: e.LifetimeValue}
-	case TimeHours:
-		ans.Lifetime = &lifetimeType{Hours: e.LifetimeValue}
-	case TimeDays:
-		ans.Lifetime = &lifetimeType{Days: e.LifetimeValue}
-	}
-
-	switch e.LifesizeType {
-	case SizeKb:
-		ans.Lifesize = &lifesizeType{Kb: e.LifesizeValue}
-	case SizeMb:
-		ans.Lifesize = &lifesizeType{Mb: e.LifesizeValue}
-	case SizeGb:
-		ans.Lifesize = &lifesizeType{Gb: e.LifesizeValue}
-	case SizeTb:
-		ans.Lifesize = &lifesizeType{Tb: e.LifesizeValue}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		DhGroup: o.DhGroup,
-	}
-
-	if o.Esp != nil {
-		ans.Protocol = ProtocolEsp
-		ans.Encryption = normalizeEncryption(util.MemToStr(o.Esp.Encryption))
-		ans.Authentication = util.MemToStr(o.Esp.Authentication)
-	} else if o.Ah != nil {
-		ans.Protocol = ProtocolAh
-		ans.Authentication = util.MemToStr(o.Ah.Authentication)
-	}
-
-	if o.Lifetime != nil {
-		if o.Lifetime.Seconds != 0 {
-			ans.LifetimeType = TimeSeconds
-			ans.LifetimeValue = o.Lifetime.Seconds
-		} else if o.Lifetime.Minutes != 0 {
-			ans.LifetimeType = TimeMinutes
-			ans.LifetimeValue = o.Lifetime.Minutes
-		} else if o.Lifetime.Hours != 0 {
-			ans.LifetimeType = TimeHours
-			ans.LifetimeValue = o.Lifetime.Hours
-		} else if o.Lifetime.Days != 0 {
-			ans.LifetimeType = TimeDays
-			ans.LifetimeValue = o.Lifetime.Days
-		}
-	}
-
-	if o.Lifesize != nil {
-		if o.Lifesize.Kb != 0 {
-			ans.LifesizeType = SizeKb
-			ans.LifesizeValue = o.Lifesize.Kb
-		} else if o.Lifesize.Mb != 0 {
-			ans.LifesizeType = SizeMb
-			ans.LifesizeValue = o.Lifesize.Mb
-		} else if o.Lifesize.Gb != 0 {
-			ans.LifesizeType = SizeGb
-			ans.LifesizeValue = o.Lifesize.Gb
-		} else if o.Lifesize.Tb != 0 {
-			ans.LifesizeType = SizeTb
-			ans.LifesizeValue = o.Lifesize.Tb
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName  xml.Name      `xml:"entry"`
-	Name     string        `xml:"name,attr"`
-	Esp      *espType      `xml:"esp"`
-	Ah       *ahType       `xml:"ah"`
-	DhGroup  string        `xml:"dh-group,omitempty"`
-	Lifetime *lifetimeType `xml:"lifetime"`
-	Lifesize *lifesizeType `xml:"lifesize"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:    e.Name,
-		DhGroup: e.DhGroup,
-	}
-
-	switch e.Protocol {
-	case ProtocolEsp:
-		ans.Esp = &espType{
-			Encryption:     util.StrToMem(specifyEncryption(e.Encryption, 2)),
-			Authentication: util.StrToMem(e.Authentication),
-		}
-	case ProtocolAh:
-		ans.Ah = &ahType{util.StrToMem(e.Authentication)}
-	}
-
-	switch e.LifetimeType {
-	case TimeSeconds:
-		ans.Lifetime = &lifetimeType{Seconds: e.LifetimeValue}
-	case TimeMinutes:
-		ans.Lifetime = &lifetimeType{Minutes: e.LifetimeValue}
-	case TimeHours:
-		ans.Lifetime = &lifetimeType{Hours: e.LifetimeValue}
-	case TimeDays:
-		ans.Lifetime = &lifetimeType{Days: e.LifetimeValue}
-	}
-
-	switch e.LifesizeType {
-	case SizeKb:
-		ans.Lifesize = &lifesizeType{Kb: e.LifesizeValue}
-	case SizeMb:
-		ans.Lifesize = &lifesizeType{Mb: e.LifesizeValue}
-	case SizeGb:
-		ans.Lifesize = &lifesizeType{Gb: e.LifesizeValue}
-	case SizeTb:
-		ans.Lifesize = &lifesizeType{Tb: e.LifesizeValue}
-	}
-
-	return ans
-}
diff --git a/netw/profile/ipsec/funcs.go b/netw/profile/ipsec/funcs.go
deleted file mode 100644
index 11c668d4..00000000
--- a/netw/profile/ipsec/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package ipsec
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/ipsec/fw.go b/netw/profile/ipsec/fw.go
deleted file mode 100644
index 7a746386..00000000
--- a/netw/profile/ipsec/fw.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package ipsec
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.IpsecCryptoProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"ipsec-crypto-profiles",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/ipsec/fw_test.go b/netw/profile/ipsec/fw_test.go
deleted file mode 100644
index b4f42347..00000000
--- a/netw/profile/ipsec/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ipsec
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/ipsec/pano.go b/netw/profile/ipsec/pano.go
deleted file mode 100644
index a8e102e6..00000000
--- a/netw/profile/ipsec/pano.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package ipsec
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.IpsecCryptoProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"ike",
-		"crypto-profiles",
-		"ipsec-crypto-profiles",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/ipsec/pano_test.go b/netw/profile/ipsec/pano_test.go
deleted file mode 100644
index eae4cc20..00000000
--- a/netw/profile/ipsec/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package ipsec
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("my test", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my test", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/ipsec/testdata_test.go b/netw/profile/ipsec/testdata_test.go
deleted file mode 100644
index 2558b862..00000000
--- a/netw/profile/ipsec/testdata_test.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package ipsec
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 esp aes128 aes192 sec kb", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test1",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{EncryptionAes128, EncryptionAes192},
-			Authentication: []string{"md5", "none"},
-			DhGroup:        "no-pfs",
-			LifetimeType:   TimeSeconds,
-			LifetimeValue:  1,
-			LifesizeType:   SizeKb,
-			LifesizeValue:  11,
-		}},
-		{"v1 esp 3des min mb", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test2",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{Encryption3des},
-			Authentication: []string{"sha1"},
-			DhGroup:        "group1",
-			LifetimeType:   TimeMinutes,
-			LifetimeValue:  2,
-			LifesizeType:   SizeMb,
-			LifesizeValue:  22,
-		}},
-		{"v1 esp aes256 hour gb", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test3",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{EncryptionAes256},
-			Authentication: []string{"md5", "sha384"},
-			DhGroup:        "group2",
-			LifetimeType:   TimeHours,
-			LifetimeValue:  3,
-			LifesizeType:   SizeGb,
-			LifesizeValue:  33,
-		}},
-		{"v1 ah both aes256 day tb", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "test4",
-			Protocol:       ProtocolAh,
-			Authentication: []string{"md5", "sha1", "sha512"},
-			DhGroup:        "group5",
-			LifetimeType:   TimeDays,
-			LifetimeValue:  4,
-			LifesizeType:   SizeTb,
-			LifesizeValue:  44,
-		}},
-		{"v2 esp aes128 aes192 sec kb", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test1",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{EncryptionAes128, EncryptionAes192},
-			Authentication: []string{"md5", "none"},
-			DhGroup:        "no-pfs",
-			LifetimeType:   TimeSeconds,
-			LifetimeValue:  1,
-			LifesizeType:   SizeKb,
-			LifesizeValue:  11,
-		}},
-		{"v2 esp 3des min mb", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test2",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{Encryption3des},
-			Authentication: []string{"sha1"},
-			DhGroup:        "group1",
-			LifetimeType:   TimeMinutes,
-			LifetimeValue:  2,
-			LifesizeType:   SizeMb,
-			LifesizeValue:  22,
-		}},
-		{"v2 esp aes256 hour gb", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test3",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{EncryptionAes256},
-			Authentication: []string{"md5", "sha384"},
-			DhGroup:        "group2",
-			LifetimeType:   TimeHours,
-			LifetimeValue:  3,
-			LifesizeType:   SizeGb,
-			LifesizeValue:  33,
-		}},
-		{"v2 ah both aes256 day tb", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test4",
-			Protocol:       ProtocolAh,
-			Authentication: []string{"md5", "sha1", "sha512"},
-			DhGroup:        "group5",
-			LifetimeType:   TimeDays,
-			LifetimeValue:  4,
-			LifesizeType:   SizeTb,
-			LifesizeValue:  44,
-		}},
-		{"v2 esp new stuff", version.Number{7, 0, 0, ""}, Entry{
-			Name:           "test5",
-			Protocol:       ProtocolEsp,
-			Encryption:     []string{EncryptionDes, EncryptionAes128Gcm, EncryptionAes256},
-			Authentication: []string{"none"},
-			DhGroup:        "group19",
-			LifetimeType:   TimeHours,
-			LifetimeValue:  5,
-		}},
-	}
-}
diff --git a/netw/profile/mngtprof/const.go b/netw/profile/mngtprof/const.go
deleted file mode 100644
index 6e3d9c92..00000000
--- a/netw/profile/mngtprof/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package mngtprof
-
-const (
-	singular = "interface management profile"
-	plural   = "interface management profiles"
-)
diff --git a/netw/profile/mngtprof/doc.go b/netw/profile/mngtprof/doc.go
deleted file mode 100644
index c619d378..00000000
--- a/netw/profile/mngtprof/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package mngtprof is the client.Network.ManagementProfile namespace.
-//
-// Normalized object:  Entry
-package mngtprof
diff --git a/netw/profile/mngtprof/entry.go b/netw/profile/mngtprof/entry.go
deleted file mode 100644
index be91d0f4..00000000
--- a/netw/profile/mngtprof/entry.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package mngtprof
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an interface
-// management profile.
-type Entry struct {
-	Name                    string
-	Ping                    bool
-	Telnet                  bool
-	Ssh                     bool
-	Http                    bool
-	HttpOcsp                bool
-	Https                   bool
-	Snmp                    bool
-	ResponsePages           bool
-	UseridService           bool
-	UseridSyslogListenerSsl bool
-	UseridSyslogListenerUdp bool
-	PermittedIps            []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Ping = s.Ping
-	o.Telnet = s.Telnet
-	o.Ssh = s.Ssh
-	o.Http = s.Http
-	o.HttpOcsp = s.HttpOcsp
-	o.Https = s.Https
-	o.Snmp = s.Snmp
-	o.ResponsePages = s.ResponsePages
-	o.UseridService = s.UseridService
-	o.UseridSyslogListenerSsl = s.UseridSyslogListenerSsl
-	o.UseridSyslogListenerUdp = s.UseridSyslogListenerUdp
-	if s.PermittedIps == nil {
-		o.PermittedIps = nil
-	} else {
-		o.PermittedIps = make([]string, len(s.PermittedIps))
-		copy(o.PermittedIps, s.PermittedIps)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		Ping:                    util.AsBool(o.Ping),
-		Telnet:                  util.AsBool(o.Telnet),
-		Ssh:                     util.AsBool(o.Ssh),
-		Http:                    util.AsBool(o.Http),
-		HttpOcsp:                util.AsBool(o.HttpOcsp),
-		Https:                   util.AsBool(o.Https),
-		Snmp:                    util.AsBool(o.Snmp),
-		ResponsePages:           util.AsBool(o.ResponsePages),
-		UseridService:           util.AsBool(o.UseridService),
-		UseridSyslogListenerSsl: util.AsBool(o.UseridSyslogListenerSsl),
-		UseridSyslogListenerUdp: util.AsBool(o.UseridSyslogListenerUdp),
-		PermittedIps:            util.EntToStr(o.PermittedIps),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                 xml.Name        `xml:"entry"`
-	Name                    string          `xml:"name,attr"`
-	Ping                    string          `xml:"ping"`
-	Telnet                  string          `xml:"telnet"`
-	Ssh                     string          `xml:"ssh"`
-	Http                    string          `xml:"http"`
-	HttpOcsp                string          `xml:"http-ocsp"`
-	Https                   string          `xml:"https"`
-	Snmp                    string          `xml:"snmp"`
-	ResponsePages           string          `xml:"response-pages"`
-	UseridService           string          `xml:"userid-service"`
-	UseridSyslogListenerSsl string          `xml:"userid-syslog-listener-ssl"`
-	UseridSyslogListenerUdp string          `xml:"userid-syslog-listener-udp"`
-	PermittedIps            *util.EntryType `xml:"permitted-ip"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                    e.Name,
-		Ping:                    util.YesNo(e.Ping),
-		Telnet:                  util.YesNo(e.Telnet),
-		Ssh:                     util.YesNo(e.Ssh),
-		Http:                    util.YesNo(e.Http),
-		HttpOcsp:                util.YesNo(e.HttpOcsp),
-		Https:                   util.YesNo(e.Https),
-		Snmp:                    util.YesNo(e.Snmp),
-		ResponsePages:           util.YesNo(e.ResponsePages),
-		UseridService:           util.YesNo(e.UseridService),
-		UseridSyslogListenerSsl: util.YesNo(e.UseridSyslogListenerSsl),
-		UseridSyslogListenerUdp: util.YesNo(e.UseridSyslogListenerUdp),
-		PermittedIps:            util.StrToEnt(e.PermittedIps),
-	}
-
-	return ans
-}
diff --git a/netw/profile/mngtprof/funcs.go b/netw/profile/mngtprof/funcs.go
deleted file mode 100644
index ed23a3fa..00000000
--- a/netw/profile/mngtprof/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package mngtprof
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/mngtprof/fw.go b/netw/profile/mngtprof/fw.go
deleted file mode 100644
index edea9b44..00000000
--- a/netw/profile/mngtprof/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package mngtprof
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.ManagementProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"interface-management-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/mngtprof/fw_test.go b/netw/profile/mngtprof/fw_test.go
deleted file mode 100644
index 23794713..00000000
--- a/netw/profile/mngtprof/fw_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package mngtprof
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/mngtprof/pano.go b/netw/profile/mngtprof/pano.go
deleted file mode 100644
index 1fb8329d..00000000
--- a/netw/profile/mngtprof/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package mngtprof
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.ManagementProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"interface-management-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/mngtprof/pano_test.go b/netw/profile/mngtprof/pano_test.go
deleted file mode 100644
index 7ca384a6..00000000
--- a/netw/profile/mngtprof/pano_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package mngtprof
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/mngtprof/testdata_test.go b/netw/profile/mngtprof/testdata_test.go
deleted file mode 100644
index 6388a0ae..00000000
--- a/netw/profile/mngtprof/testdata_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package mngtprof
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test1", Entry{
-			Name:                    "test1",
-			Ping:                    true,
-			Telnet:                  true,
-			Ssh:                     true,
-			Https:                   true,
-			UseridSyslogListenerSsl: true,
-		}},
-		{"test2", Entry{
-			Name:                    "test2",
-			Http:                    true,
-			HttpOcsp:                true,
-			Snmp:                    true,
-			ResponsePages:           true,
-			UseridService:           true,
-			UseridSyslogListenerUdp: true,
-		}},
-		{"test3", Entry{
-			Name:         "test3",
-			Ping:         true,
-			PermittedIps: []string{"10.1.1.1", "10.2.2.2"},
-		}},
-	}
-}
diff --git a/netw/profile/monitor/const.go b/netw/profile/monitor/const.go
deleted file mode 100644
index b6e43871..00000000
--- a/netw/profile/monitor/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package monitor
-
-// Valid Action values.
-const (
-	ActionWaitRecover = "wait-recover"
-	ActionFailOver    = "fail-over"
-)
-
-const (
-	singular = "monitor profile"
-	plural   = "monitor profiles"
-)
diff --git a/netw/profile/monitor/doc.go b/netw/profile/monitor/doc.go
deleted file mode 100644
index 71cc1847..00000000
--- a/netw/profile/monitor/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package monitor is the client.Network.MonitorProfile namespace.
-
-Normalized object:  Entry
-*/
-package monitor
diff --git a/netw/profile/monitor/entry.go b/netw/profile/monitor/entry.go
deleted file mode 100644
index 1c16e574..00000000
--- a/netw/profile/monitor/entry.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package monitor
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a monitor profile.
-type Entry struct {
-	Name      string
-	Interval  int
-	Threshold int
-	Action    string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Interval = s.Interval
-	o.Threshold = s.Threshold
-	o.Action = s.Action
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:      o.Name,
-		Interval:  o.Interval,
-		Threshold: o.Threshold,
-		Action:    o.Action,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName   xml.Name `xml:"entry"`
-	Name      string   `xml:"name,attr"`
-	Interval  int      `xml:"interval,omitempty"`
-	Threshold int      `xml:"threshold,omitempty"`
-	Action    string   `xml:"action,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:      e.Name,
-		Interval:  e.Interval,
-		Threshold: e.Threshold,
-		Action:    e.Action,
-	}
-
-	return ans
-}
diff --git a/netw/profile/monitor/funcs.go b/netw/profile/monitor/funcs.go
deleted file mode 100644
index 598fbdf9..00000000
--- a/netw/profile/monitor/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package monitor
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/profile/monitor/fw.go b/netw/profile/monitor/fw.go
deleted file mode 100644
index 8c8a135b..00000000
--- a/netw/profile/monitor/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package monitor
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.MonitorProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"monitor-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/monitor/fw_test.go b/netw/profile/monitor/fw_test.go
deleted file mode 100644
index a669526c..00000000
--- a/netw/profile/monitor/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package monitor
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/monitor/pano.go b/netw/profile/monitor/pano.go
deleted file mode 100644
index 68fbe963..00000000
--- a/netw/profile/monitor/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package monitor
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.MonitorProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"profiles",
-		"monitor-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/profile/monitor/pano_test.go b/netw/profile/monitor/pano_test.go
deleted file mode 100644
index 20055223..00000000
--- a/netw/profile/monitor/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package monitor
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/profile/monitor/testdata_test.go b/netw/profile/monitor/testdata_test.go
deleted file mode 100644
index 00e1dbbe..00000000
--- a/netw/profile/monitor/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package monitor
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 empty", version.Number{7, 1, 0, ""}, Entry{
-			Name: "v1",
-		}},
-		{"v1 basic", version.Number{7, 1, 0, ""}, Entry{
-			Name:      "v1",
-			Interval:  50,
-			Threshold: 7,
-			Action:    ActionWaitRecover,
-		}},
-	}
-}
diff --git a/netw/routing/profile/redist/ipv4/const.go b/netw/routing/profile/redist/ipv4/const.go
deleted file mode 100644
index 1e31067f..00000000
--- a/netw/routing/profile/redist/ipv4/const.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package ipv4
-
-// These are valid values for the Action param.
-const (
-	ActionRedist   = "redist"
-	ActionNoRedist = "no-redist"
-)
-
-// These are valid values for Types.
-const (
-	TypeBgp     = "bgp"
-	TypeConnect = "connect"
-	TypeOspf    = "ospf"
-	TypeRip     = "rip"
-	TypeStatic  = "static"
-)
-
-// These are valid values for OspfPathTypes.
-const (
-	OspfPathTypeIntraArea = "intra-area"
-	OspfPathTypeInterArea = "inter-area"
-	OspfPathTypeExt1      = "ext-1"
-	OspfPathTypeExt2      = "ext-2"
-)
-
-const (
-	singular = "redistribution profile"
-	plural   = "redistribution profiles"
-)
diff --git a/netw/routing/profile/redist/ipv4/doc.go b/netw/routing/profile/redist/ipv4/doc.go
deleted file mode 100644
index 00ddc4ba..00000000
--- a/netw/routing/profile/redist/ipv4/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package ipv4 is the client.Network.RedistributionProfile namespace.
-
-Normalized object:  Entry
-*/
-package ipv4
diff --git a/netw/routing/profile/redist/ipv4/entry.go b/netw/routing/profile/redist/ipv4/entry.go
deleted file mode 100644
index 6b36c30a..00000000
--- a/netw/routing/profile/redist/ipv4/entry.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package ipv4
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a redist profile.
-type Entry struct {
-	Name                   string
-	Priority               int
-	Action                 string
-	Types                  []string
-	Interfaces             []string
-	Destinations           []string
-	NextHops               []string
-	OspfPathTypes          []string
-	OspfAreas              []string
-	OspfTags               []string
-	BgpCommunities         []string
-	BgpExtendedCommunities []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Priority = s.Priority
-	o.Action = s.Action
-	if s.Types == nil {
-		o.Types = nil
-	} else {
-		o.Types = make([]string, len(s.Types))
-		copy(o.Types, s.Types)
-	}
-	if s.Interfaces == nil {
-		o.Interfaces = nil
-	} else {
-		o.Interfaces = make([]string, len(s.Interfaces))
-		copy(o.Interfaces, s.Interfaces)
-	}
-	if s.Destinations == nil {
-		o.Destinations = nil
-	} else {
-		o.Destinations = make([]string, len(s.Destinations))
-		copy(o.Destinations, s.Destinations)
-	}
-	if s.NextHops == nil {
-		o.NextHops = nil
-	} else {
-		o.NextHops = make([]string, len(s.NextHops))
-		copy(o.NextHops, s.NextHops)
-	}
-	if s.OspfPathTypes == nil {
-		o.OspfPathTypes = nil
-	} else {
-		o.OspfPathTypes = make([]string, len(s.OspfPathTypes))
-		copy(o.OspfPathTypes, s.OspfPathTypes)
-	}
-	if s.OspfAreas == nil {
-		o.OspfAreas = nil
-	} else {
-		o.OspfAreas = make([]string, len(s.OspfAreas))
-		copy(o.OspfAreas, s.OspfAreas)
-	}
-	if s.OspfTags == nil {
-		o.OspfTags = nil
-	} else {
-		o.OspfTags = make([]string, len(s.OspfTags))
-		copy(o.OspfTags, s.OspfTags)
-	}
-	if s.BgpCommunities == nil {
-		o.BgpCommunities = nil
-	} else {
-		o.BgpCommunities = make([]string, len(s.BgpCommunities))
-		copy(o.BgpCommunities, s.BgpCommunities)
-	}
-	if s.BgpExtendedCommunities == nil {
-		o.BgpExtendedCommunities = nil
-	} else {
-		o.BgpExtendedCommunities = make([]string, len(s.BgpExtendedCommunities))
-		copy(o.BgpExtendedCommunities, s.BgpExtendedCommunities)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:     o.Name,
-		Priority: o.Priority,
-	}
-
-	if o.Action.Redist != nil {
-		ans.Action = ActionRedist
-	} else if o.Action.NoRedist != nil {
-		ans.Action = ActionNoRedist
-	}
-
-	if o.Filter != nil {
-		ans.Types = util.MemToStr(o.Filter.Types)
-		ans.Interfaces = util.MemToStr(o.Filter.Interfaces)
-		ans.Destinations = util.MemToStr(o.Filter.Destinations)
-		ans.NextHops = util.MemToStr(o.Filter.NextHops)
-
-		if o.Filter.Ospf != nil {
-			ans.OspfPathTypes = util.MemToStr(o.Filter.Ospf.OspfPathTypes)
-			ans.OspfAreas = util.MemToStr(o.Filter.Ospf.OspfAreas)
-			ans.OspfTags = util.MemToStr(o.Filter.Ospf.OspfTags)
-		}
-
-		if o.Filter.Bgp != nil {
-			ans.BgpCommunities = util.MemToStr(o.Filter.Bgp.BgpCommunities)
-			ans.BgpExtendedCommunities = util.MemToStr(o.Filter.Bgp.BgpExtendedCommunities)
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	Priority int      `xml:"priority"`
-	Action   act      `xml:"action"`
-	Filter   *filter  `xml:"filter"`
-}
-
-type act struct {
-	Redist   *string `xml:"redist"`
-	NoRedist *string `xml:"no-redist"`
-}
-
-type filter struct {
-	Types        *util.MemberType `xml:"type"`
-	Interfaces   *util.MemberType `xml:"interface"`
-	Destinations *util.MemberType `xml:"destination"`
-	NextHops     *util.MemberType `xml:"nexthop"`
-	Ospf         *ospf            `xml:"ospf"`
-	Bgp          *bgp             `xml:"bgp"`
-}
-
-type ospf struct {
-	OspfPathTypes *util.MemberType `xml:"path-type"`
-	OspfAreas     *util.MemberType `xml:"area"`
-	OspfTags      *util.MemberType `xml:"tag"`
-}
-
-type bgp struct {
-	BgpCommunities         *util.MemberType `xml:"community"`
-	BgpExtendedCommunities *util.MemberType `xml:"extended-community"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:     e.Name,
-		Priority: e.Priority,
-	}
-
-	s := ""
-	switch e.Action {
-	case ActionRedist:
-		ans.Action.Redist = &s
-	case ActionNoRedist:
-		ans.Action.NoRedist = &s
-	}
-
-	if len(e.Types) != 0 || len(e.Interfaces) != 0 || len(e.Destinations) != 0 || len(e.NextHops) != 0 || len(e.OspfPathTypes) != 0 || len(e.OspfAreas) != 0 || len(e.OspfTags) != 0 || len(e.BgpCommunities) != 0 || len(e.BgpExtendedCommunities) != 0 {
-		f := &filter{
-			Types:        util.StrToMem(e.Types),
-			Interfaces:   util.StrToMem(e.Interfaces),
-			Destinations: util.StrToMem(e.Destinations),
-			NextHops:     util.StrToMem(e.NextHops),
-		}
-
-		if len(e.OspfPathTypes) != 0 || len(e.OspfAreas) != 0 || len(e.OspfTags) != 0 {
-			f.Ospf = &ospf{
-				OspfPathTypes: util.StrToMem(e.OspfPathTypes),
-				OspfAreas:     util.StrToMem(e.OspfAreas),
-				OspfTags:      util.StrToMem(e.OspfTags),
-			}
-		}
-
-		if len(e.BgpCommunities) != 0 || len(e.BgpExtendedCommunities) != 0 {
-			f.Bgp = &bgp{
-				BgpCommunities:         util.StrToMem(e.BgpCommunities),
-				BgpExtendedCommunities: util.StrToMem(e.BgpExtendedCommunities),
-			}
-		}
-
-		ans.Filter = f
-	}
-
-	return ans
-}
diff --git a/netw/routing/profile/redist/ipv4/funcs.go b/netw/routing/profile/redist/ipv4/funcs.go
deleted file mode 100644
index 8f9d0524..00000000
--- a/netw/routing/profile/redist/ipv4/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/profile/redist/ipv4/fw.go b/netw/routing/profile/redist/ipv4/fw.go
deleted file mode 100644
index 2e6f89ad..00000000
--- a/netw/routing/profile/redist/ipv4/fw.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.RedistributionProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"redist-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/profile/redist/ipv4/fw_test.go b/netw/routing/profile/redist/ipv4/fw_test.go
deleted file mode 100644
index 8cde92e5..00000000
--- a/netw/routing/profile/redist/ipv4/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/profile/redist/ipv4/pano.go b/netw/routing/profile/redist/ipv4/pano.go
deleted file mode 100644
index 5f6f68bd..00000000
--- a/netw/routing/profile/redist/ipv4/pano.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.RedistributionProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 14)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"redist-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/profile/redist/ipv4/pano_test.go b/netw/routing/profile/redist/ipv4/pano_test.go
deleted file mode 100644
index e317a192..00000000
--- a/netw/routing/profile/redist/ipv4/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("myTemplate", "", tc.vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("myTemplate", "", tc.vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/profile/redist/ipv4/testdata_test.go b/netw/routing/profile/redist/ipv4/testdata_test.go
deleted file mode 100644
index f0ca1ba5..00000000
--- a/netw/routing/profile/redist/ipv4/testdata_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package ipv4
-
-type testCase struct {
-	desc string
-	vr   string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"barebones redist", "v1", Entry{
-			Name:     "one",
-			Priority: 1,
-			Action:   ActionRedist,
-		}},
-		{"barebones no redist", "v1", Entry{
-			Name:     "two",
-			Priority: 2,
-			Action:   ActionNoRedist,
-		}},
-		{"redist static", "v1", Entry{
-			Name:     "three",
-			Priority: 3,
-			Action:   ActionRedist,
-			Types:    []string{TypeStatic},
-		}},
-		{"redist rip and connect", "v1", Entry{
-			Name:     "four",
-			Priority: 4,
-			Action:   ActionRedist,
-			Types:    []string{TypeRip, TypeConnect},
-		}},
-		{"no redist with ospf", "v1", Entry{
-			Name:          "five",
-			Priority:      5,
-			Action:        ActionNoRedist,
-			Types:         []string{TypeOspf},
-			OspfPathTypes: []string{OspfPathTypeExt1, OspfPathTypeExt2},
-			OspfAreas:     []string{"10.1.7.1", "10.1.7.2"},
-			OspfTags:      []string{"10.1.7.3", "10.1.7.4"},
-		}},
-		{"no redist with bgp", "v1", Entry{
-			Name:                   "six",
-			Priority:               6,
-			Action:                 ActionNoRedist,
-			Types:                  []string{TypeBgp},
-			BgpCommunities:         []string{"com1", "com2"},
-			BgpExtendedCommunities: []string{"excom1", "excom2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/const.go b/netw/routing/protocol/bgp/aggregate/const.go
deleted file mode 100644
index c952878d..00000000
--- a/netw/routing/protocol/bgp/aggregate/const.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package aggregate
-
-// Valid values for Origin.
-const (
-	OriginIgp        = "igp"
-	OriginEgp        = "egp"
-	OriginIncomplete = "incomplete"
-)
-
-// Valid values for CommunityType.
-const (
-	CommunityTypeNone        = "none"
-	CommunityTypeRemoveAll   = "remove-all"
-	CommunityTypeRemoveRegex = "remove-regex"
-	CommunityTypeAppend      = "append"
-	CommunityTypeOverwrite   = "overwrite"
-)
-
-// Valid values for CommunityValue when CommunityType is "append" or
-// "overwrite".
-const (
-	AppendNoExport    = "no-export"
-	AppendNoAdvertise = "no-advertise"
-	AppendLocalAs     = "local-as"
-	AppendNoPeer      = "nopeer"
-)
-
-// Valid values for AsPathType.  As of PAN-OS 8.1, "prepend" and
-// "remove-and-prepend" are disabled.
-const (
-	AsPathTypeNone             = "none"
-	AsPathTypeRemove           = "remove"
-	AsPathTypePrepend          = "prepend"
-	AsPathTypeRemoveAndPrepend = "remove-and-prepend"
-)
-
-const (
-	singular = "bgp aggregation policy"
-	plural   = "bgp aggregation policies"
-)
diff --git a/netw/routing/protocol/bgp/aggregate/doc.go b/netw/routing/protocol/bgp/aggregate/doc.go
deleted file mode 100644
index 8fe4d333..00000000
--- a/netw/routing/protocol/bgp/aggregate/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package aggregate is the client.Network.BgpAggregation namespace.
-
-Normalized object:  Entry
-*/
-package aggregate
diff --git a/netw/routing/protocol/bgp/aggregate/entry.go b/netw/routing/protocol/bgp/aggregate/entry.go
deleted file mode 100644
index 44406950..00000000
--- a/netw/routing/protocol/bgp/aggregate/entry.go
+++ /dev/null
@@ -1,302 +0,0 @@
-package aggregate
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// address aggregation policy.
-type Entry struct {
-	Name                   string
-	Prefix                 string
-	Enable                 bool
-	Summary                bool
-	AsSet                  bool
-	LocalPreference        string
-	Med                    string
-	Weight                 int
-	NextHop                string
-	Origin                 string
-	AsPathLimit            int
-	AsPathType             string
-	AsPathValue            string
-	CommunityType          string
-	CommunityValue         string
-	ExtendedCommunityType  string
-	ExtendedCommunityValue string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Prefix = s.Prefix
-	o.Enable = s.Enable
-	o.Summary = s.Summary
-	o.AsSet = s.AsSet
-	o.LocalPreference = s.LocalPreference
-	o.Med = s.Med
-	o.Weight = s.Weight
-	o.NextHop = s.NextHop
-	o.Origin = s.Origin
-	o.AsPathLimit = s.AsPathLimit
-	o.AsPathType = s.AsPathType
-	o.AsPathValue = s.AsPathValue
-	o.CommunityType = s.CommunityType
-	o.CommunityValue = s.CommunityValue
-	o.ExtendedCommunityType = s.ExtendedCommunityType
-	o.ExtendedCommunityValue = s.ExtendedCommunityValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Prefix:  o.Prefix,
-		Enable:  util.AsBool(o.Enable),
-		Summary: util.AsBool(o.Summary),
-		AsSet:   util.AsBool(o.AsSet),
-	}
-
-	if o.Options != nil {
-		ans.LocalPreference = o.Options.LocalPreference
-		ans.Med = o.Options.Med
-		ans.Weight = o.Options.Weight
-		ans.NextHop = o.Options.NextHop
-		ans.Origin = o.Options.Origin
-		ans.AsPathLimit = o.Options.AsPathLimit
-
-		if o.Options.AsPath != nil {
-			if o.Options.AsPath.None != nil {
-				ans.AsPathType = AsPathTypeNone
-			} else if o.Options.AsPath.Remove != nil {
-				ans.AsPathType = AsPathTypeRemove
-			} else if o.Options.AsPath.Prepend != "" {
-				ans.AsPathType = AsPathTypePrepend
-				ans.AsPathValue = o.Options.AsPath.Prepend
-			} else if o.Options.AsPath.RemoveAndPrepend != "" {
-				ans.AsPathType = AsPathTypeRemoveAndPrepend
-				ans.AsPathValue = o.Options.AsPath.RemoveAndPrepend
-			}
-		}
-
-		if o.Options.Community != nil {
-			if o.Options.Community.None != nil {
-				ans.CommunityType = CommunityTypeNone
-			} else if o.Options.Community.RemoveAll != nil {
-				ans.CommunityType = CommunityTypeRemoveAll
-			} else if o.Options.Community.RemoveRegex != "" {
-				ans.CommunityType = CommunityTypeRemoveRegex
-				ans.CommunityValue = o.Options.Community.RemoveRegex
-			} else if o.Options.Community.Append != nil {
-				ans.CommunityType = CommunityTypeAppend
-				ans.CommunityValue = util.MemToOneStr(o.Options.Community.Append)
-			} else if o.Options.Community.Overwrite != nil {
-				ans.CommunityType = CommunityTypeOverwrite
-				ans.CommunityValue = util.MemToOneStr(o.Options.Community.Overwrite)
-			}
-		}
-
-		if o.Options.ExtendedCommunity != nil {
-			if o.Options.ExtendedCommunity.None != nil {
-				ans.ExtendedCommunityType = CommunityTypeNone
-			} else if o.Options.ExtendedCommunity.RemoveAll != nil {
-				ans.ExtendedCommunityType = CommunityTypeRemoveAll
-			} else if o.Options.ExtendedCommunity.RemoveRegex != "" {
-				ans.ExtendedCommunityType = CommunityTypeRemoveRegex
-				ans.ExtendedCommunityValue = o.Options.ExtendedCommunity.RemoveRegex
-			} else if o.Options.ExtendedCommunity.Append != nil {
-				ans.ExtendedCommunityType = CommunityTypeAppend
-				ans.ExtendedCommunityValue = util.MemToOneStr(o.Options.ExtendedCommunity.Append)
-			} else if o.Options.ExtendedCommunity.Overwrite != nil {
-				ans.ExtendedCommunityType = CommunityTypeOverwrite
-				ans.ExtendedCommunityValue = util.MemToOneStr(o.Options.ExtendedCommunity.Overwrite)
-			}
-		}
-	}
-
-	m := make(map[string]string)
-	if o.SuppressFilters != nil {
-		m["sf"] = util.CleanRawXml(o.SuppressFilters.Text)
-	}
-	if o.AdvertiseFilters != nil {
-		m["af"] = util.CleanRawXml(o.AdvertiseFilters.Text)
-	}
-	if len(m) > 0 {
-		ans.raw = m
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName          xml.Name     `xml:"entry"`
-	Name             string       `xml:"name,attr"`
-	Prefix           string       `xml:"prefix"`
-	Enable           string       `xml:"enable"`
-	Summary          string       `xml:"summary"`
-	AsSet            string       `xml:"as-set"`
-	Options          *options     `xml:"aggregate-route-attributes"`
-	SuppressFilters  *util.RawXml `xml:"suppress-filters"`
-	AdvertiseFilters *util.RawXml `xml:"advertise-filters"`
-}
-
-type options struct {
-	LocalPreference   string  `xml:"local-preference,omitempty"`
-	Med               string  `xml:"med,omitempty"`
-	Weight            int     `xml:"weight,omitempty"`
-	NextHop           string  `xml:"nexthop,omitempty"`
-	Origin            string  `xml:"origin,omitempty"`
-	AsPathLimit       int     `xml:"as-path-limit,omitempty"`
-	AsPath            *asPath `xml:"as-path"`
-	Community         *comm   `xml:"community"`
-	ExtendedCommunity *comm   `xml:"extended-community"`
-}
-
-type asPath struct {
-	None             *string `xml:"none"`
-	Remove           *string `xml:"remove"`
-	Prepend          string  `xml:"prepend,omitempty"`
-	RemoveAndPrepend string  `xml:"remove-and-prepend,omitempty"`
-}
-
-type comm struct {
-	None        *string          `xml:"none"`
-	RemoveAll   *string          `xml:"remove-all"`
-	RemoveRegex string           `xml:"remove-regex,omitempty"`
-	Append      *util.MemberType `xml:"append"`
-	Overwrite   *util.MemberType `xml:"overwrite"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:    e.Name,
-		Prefix:  e.Prefix,
-		Enable:  util.YesNo(e.Enable),
-		Summary: util.YesNo(e.Summary),
-		AsSet:   util.YesNo(e.AsSet),
-	}
-	s := ""
-
-	if e.LocalPreference != "" || e.Med != "" || e.Weight != 0 || e.NextHop != "" || e.Origin != "" || e.AsPathLimit != 0 || e.AsPathType != "" || e.CommunityType != "" || e.ExtendedCommunityType != "" {
-		ans.Options = &options{
-			LocalPreference: e.LocalPreference,
-			Med:             e.Med,
-			Weight:          e.Weight,
-			NextHop:         e.NextHop,
-			Origin:          e.Origin,
-			AsPathLimit:     e.AsPathLimit,
-		}
-
-		switch e.AsPathType {
-		case AsPathTypeNone:
-			ans.Options.AsPath = &asPath{
-				None: &s,
-			}
-		case AsPathTypeRemove:
-			ans.Options.AsPath = &asPath{
-				Remove: &s,
-			}
-		case AsPathTypePrepend:
-			ans.Options.AsPath = &asPath{
-				Prepend: e.AsPathValue,
-			}
-		case AsPathTypeRemoveAndPrepend:
-			ans.Options.AsPath = &asPath{
-				RemoveAndPrepend: e.AsPathValue,
-			}
-		}
-
-		switch e.CommunityType {
-		case CommunityTypeNone:
-			ans.Options.Community = &comm{
-				None: &s,
-			}
-		case CommunityTypeRemoveAll:
-			ans.Options.Community = &comm{
-				RemoveAll: &s,
-			}
-		case CommunityTypeRemoveRegex:
-			ans.Options.Community = &comm{
-				RemoveRegex: e.CommunityValue,
-			}
-		case CommunityTypeAppend:
-			ans.Options.Community = &comm{
-				Append: util.OneStrToMem(e.CommunityValue),
-			}
-		case CommunityTypeOverwrite:
-			ans.Options.Community = &comm{
-				Overwrite: util.OneStrToMem(e.CommunityValue),
-			}
-		}
-
-		switch e.ExtendedCommunityType {
-		case CommunityTypeNone:
-			ans.Options.ExtendedCommunity = &comm{
-				None: &s,
-			}
-		case CommunityTypeRemoveAll:
-			ans.Options.ExtendedCommunity = &comm{
-				RemoveAll: &s,
-			}
-		case CommunityTypeRemoveRegex:
-			ans.Options.ExtendedCommunity = &comm{
-				RemoveRegex: e.ExtendedCommunityValue,
-			}
-		case CommunityTypeAppend:
-			ans.Options.ExtendedCommunity = &comm{
-				Append: util.OneStrToMem(e.ExtendedCommunityValue),
-			}
-		case CommunityTypeOverwrite:
-			ans.Options.ExtendedCommunity = &comm{
-				Overwrite: util.OneStrToMem(e.ExtendedCommunityValue),
-			}
-		}
-	}
-
-	if text, present := e.raw["sf"]; present {
-		ans.SuppressFilters = &util.RawXml{text}
-	}
-	if text, present := e.raw["af"]; present {
-		ans.AdvertiseFilters = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/const.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/const.go
deleted file mode 100644
index cebd655f..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package advertise
-
-// Valid values for RouteTable.
-const (
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-const (
-	singular = "bgp address aggregation policy advertisement filter"
-	plural   = "bgp address aggregation policy advertisement filters"
-)
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/doc.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/doc.go
deleted file mode 100644
index da7ae06c..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package advertise is the client.Network.BgpAggAdvertiseFilter namespace.
-
-Normalized object:  Entry
-*/
-package advertise
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/entry.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/entry.go
deleted file mode 100644
index ad07e207..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/entry.go
+++ /dev/null
@@ -1,305 +0,0 @@
-package advertise
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// aggregation advertisement filter.
-type Entry struct {
-	Name                   string
-	Enable                 bool
-	AsPathRegex            string
-	CommunityRegex         string
-	ExtendedCommunityRegex string
-	Med                    string
-	RouteTable             string // 8.0+
-	AddressPrefix          map[string]bool
-	NextHop                []string
-	FromPeer               []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AsPathRegex = s.AsPathRegex
-	o.CommunityRegex = s.CommunityRegex
-	o.ExtendedCommunityRegex = s.ExtendedCommunityRegex
-	o.Med = s.Med
-	o.RouteTable = s.RouteTable
-	o.AddressPrefix = s.AddressPrefix
-	o.NextHop = s.NextHop
-	o.FromPeer = s.FromPeer
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-	}
-
-	if o.Match != nil {
-		ans.Med = o.Match.Med
-		ans.NextHop = util.MemToStr(o.Match.NextHop)
-		ans.FromPeer = util.MemToStr(o.Match.FromPeer)
-
-		if o.Match.AsPathRegex != nil {
-			ans.AsPathRegex = o.Match.AsPathRegex.Regex
-		}
-
-		if o.Match.CommunityRegex != nil {
-			ans.CommunityRegex = o.Match.CommunityRegex.Regex
-		}
-
-		if o.Match.ExtendedCommunityRegex != nil {
-			ans.ExtendedCommunityRegex = o.Match.ExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.AddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.AddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.AddressPrefix = m
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-	}
-
-	if o.Match != nil {
-		ans.Med = o.Match.Med
-		ans.NextHop = util.MemToStr(o.Match.NextHop)
-		ans.FromPeer = util.MemToStr(o.Match.FromPeer)
-		ans.RouteTable = o.Match.RouteTable
-
-		if o.Match.AsPathRegex != nil {
-			ans.AsPathRegex = o.Match.AsPathRegex.Regex
-		}
-
-		if o.Match.CommunityRegex != nil {
-			ans.CommunityRegex = o.Match.CommunityRegex.Regex
-		}
-
-		if o.Match.ExtendedCommunityRegex != nil {
-			ans.ExtendedCommunityRegex = o.Match.ExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.AddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.AddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.AddressPrefix = m
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name  `xml:"entry"`
-	Name    string    `xml:"name,attr"`
-	Enable  string    `xml:"enable"`
-	Match   *match_v1 `xml:"match"`
-}
-
-type match_v1 struct {
-	AsPathRegex            *regex           `xml:"as-path"`
-	CommunityRegex         *regex           `xml:"community"`
-	ExtendedCommunityRegex *regex           `xml:"extended-community"`
-	Med                    string           `xml:"med,omitempty"`
-	AddressPrefix          *addPre          `xml:"address-prefix"`
-	NextHop                *util.MemberType `xml:"nexthop"`
-	FromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-type addPre struct {
-	Entry []apEntry `xml:"entry"`
-}
-
-type apEntry struct {
-	Name  string `xml:"name,attr"`
-	Exact string `xml:"exact"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-	}
-
-	if e.AsPathRegex != "" || e.CommunityRegex != "" || e.ExtendedCommunityRegex != "" || e.Med != "" || len(e.AddressPrefix) > 0 || len(e.NextHop) > 0 || len(e.FromPeer) > 0 {
-		ans.Match = &match_v1{
-			Med:      e.Med,
-			NextHop:  util.StrToMem(e.NextHop),
-			FromPeer: util.StrToMem(e.FromPeer),
-		}
-
-		if e.AsPathRegex != "" {
-			ans.Match.AsPathRegex = &regex{
-				Regex: e.AsPathRegex,
-			}
-		}
-
-		if e.CommunityRegex != "" {
-			ans.Match.CommunityRegex = &regex{
-				Regex: e.CommunityRegex,
-			}
-		}
-
-		if e.ExtendedCommunityRegex != "" {
-			ans.Match.ExtendedCommunityRegex = &regex{
-				Regex: e.ExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.AddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.AddressPrefix))
-			for k, v := range e.AddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.AddressPrefix = &addPre{apList}
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name  `xml:"entry"`
-	Name    string    `xml:"name,attr"`
-	Enable  string    `xml:"enable"`
-	Match   *match_v2 `xml:"match"`
-}
-
-type match_v2 struct {
-	AsPathRegex            *regex           `xml:"as-path"`
-	CommunityRegex         *regex           `xml:"community"`
-	ExtendedCommunityRegex *regex           `xml:"extended-community"`
-	Med                    string           `xml:"med,omitempty"`
-	RouteTable             string           `xml:"route-table,omitempty"`
-	AddressPrefix          *addPre          `xml:"address-prefix"`
-	NextHop                *util.MemberType `xml:"nexthop"`
-	FromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-	}
-
-	if e.AsPathRegex != "" || e.CommunityRegex != "" || e.ExtendedCommunityRegex != "" || e.Med != "" || e.RouteTable != "" || len(e.AddressPrefix) > 0 || len(e.NextHop) > 0 || len(e.FromPeer) > 0 {
-		ans.Match = &match_v2{
-			Med:        e.Med,
-			RouteTable: e.RouteTable,
-			NextHop:    util.StrToMem(e.NextHop),
-			FromPeer:   util.StrToMem(e.FromPeer),
-		}
-
-		if e.AsPathRegex != "" {
-			ans.Match.AsPathRegex = &regex{
-				Regex: e.AsPathRegex,
-			}
-		}
-
-		if e.CommunityRegex != "" {
-			ans.Match.CommunityRegex = &regex{
-				Regex: e.CommunityRegex,
-			}
-		}
-
-		if e.ExtendedCommunityRegex != "" {
-			ans.Match.ExtendedCommunityRegex = &regex{
-				Regex: e.ExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.AddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.AddressPrefix))
-			for k, v := range e.AddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.AddressPrefix = &addPre{apList}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/funcs.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/funcs.go
deleted file mode 100644
index a67db623..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/fw.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/fw.go
deleted file mode 100644
index 95b69179..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/fw.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpAggAdvertiseFilter namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, ag), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, ag), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, ag string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, ag), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, ag string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, ag), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, ag string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, ag), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, ag string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, ag, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, ag string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ag == "" {
-		return nil, fmt.Errorf("ag must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath([]string{ag}),
-		"advertise-filters",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/fw_test.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/fw_test.go
deleted file mode 100644
index 1c8959ba..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package advertise
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", "ag", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", "ag", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/pano.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/pano.go
deleted file mode 100644
index ec3707d0..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/pano.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpAggAdvertiseFilter namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, ag), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, ag), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, ag string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, ag), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, ag string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, ag), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, ag string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, ag), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, ag string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, ag, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, ag string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ag == "" {
-		return nil, fmt.Errorf("ag must be specified")
-	}
-
-	ans := make([]string, 0, 19)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath([]string{ag}),
-		"advertise-filters",
-		util.AsEntryXpath(vals),
-	)
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/pano_test.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/pano_test.go
deleted file mode 100644
index 4826d671..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package advertise
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", "ag", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", "ag", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/advertise/testdata_test.go b/netw/routing/protocol/bgp/aggregate/filter/advertise/testdata_test.go
deleted file mode 100644
index 67c224d9..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/advertise/testdata_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package advertise
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 minimal", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-		}},
-		{"v1 full", version.Number{7, 0, 0, ""}, Entry{
-			Name:                   "foo",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			AddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			NextHop:  []string{"nh1", "nh2"},
-			FromPeer: []string{"fp1", "fp2"},
-		}},
-		{"v2 minimal", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-		}},
-		{"v2 full", version.Number{8, 0, 0, ""}, Entry{
-			Name:                   "foo",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			RouteTable:             RouteTableBoth,
-			AddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			NextHop:  []string{"nh1", "nh2"},
-			FromPeer: []string{"fp1", "fp2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/const.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/const.go
deleted file mode 100644
index c5a989ff..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package suppress
-
-// Valid values for RouteTable.
-const (
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-const (
-	singular = "bgp address aggregation policy suppression filter"
-	plural   = "bgp address aggregation policy suppression filters"
-)
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/doc.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/doc.go
deleted file mode 100644
index 3131f1ae..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package suppress is the client.Network.BgpAggSuppressFilter namespace.
-
-Normalized object:  Entry
-*/
-package suppress
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/entry.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/entry.go
deleted file mode 100644
index 18a5f513..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/entry.go
+++ /dev/null
@@ -1,305 +0,0 @@
-package suppress
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// aggregation suppress filter.
-type Entry struct {
-	Name                   string
-	Enable                 bool
-	AsPathRegex            string
-	CommunityRegex         string
-	ExtendedCommunityRegex string
-	Med                    string
-	RouteTable             string // 8.0+
-	AddressPrefix          map[string]bool
-	NextHop                []string
-	FromPeer               []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AsPathRegex = s.AsPathRegex
-	o.CommunityRegex = s.CommunityRegex
-	o.ExtendedCommunityRegex = s.ExtendedCommunityRegex
-	o.Med = s.Med
-	o.RouteTable = s.RouteTable
-	o.AddressPrefix = s.AddressPrefix
-	o.NextHop = s.NextHop
-	o.FromPeer = s.FromPeer
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-	}
-
-	if o.Match != nil {
-		ans.Med = o.Match.Med
-		ans.NextHop = util.MemToStr(o.Match.NextHop)
-		ans.FromPeer = util.MemToStr(o.Match.FromPeer)
-
-		if o.Match.AsPathRegex != nil {
-			ans.AsPathRegex = o.Match.AsPathRegex.Regex
-		}
-
-		if o.Match.CommunityRegex != nil {
-			ans.CommunityRegex = o.Match.CommunityRegex.Regex
-		}
-
-		if o.Match.ExtendedCommunityRegex != nil {
-			ans.ExtendedCommunityRegex = o.Match.ExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.AddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.AddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.AddressPrefix = m
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-	}
-
-	if o.Match != nil {
-		ans.Med = o.Match.Med
-		ans.NextHop = util.MemToStr(o.Match.NextHop)
-		ans.FromPeer = util.MemToStr(o.Match.FromPeer)
-		ans.RouteTable = o.Match.RouteTable
-
-		if o.Match.AsPathRegex != nil {
-			ans.AsPathRegex = o.Match.AsPathRegex.Regex
-		}
-
-		if o.Match.CommunityRegex != nil {
-			ans.CommunityRegex = o.Match.CommunityRegex.Regex
-		}
-
-		if o.Match.ExtendedCommunityRegex != nil {
-			ans.ExtendedCommunityRegex = o.Match.ExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.AddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.AddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.AddressPrefix = m
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name  `xml:"entry"`
-	Name    string    `xml:"name,attr"`
-	Enable  string    `xml:"enable"`
-	Match   *match_v1 `xml:"match"`
-}
-
-type match_v1 struct {
-	AsPathRegex            *regex           `xml:"as-path"`
-	CommunityRegex         *regex           `xml:"community"`
-	ExtendedCommunityRegex *regex           `xml:"extended-community"`
-	Med                    string           `xml:"med,omitempty"`
-	AddressPrefix          *addPre          `xml:"address-prefix"`
-	NextHop                *util.MemberType `xml:"nexthop"`
-	FromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-type addPre struct {
-	Entry []apEntry `xml:"entry"`
-}
-
-type apEntry struct {
-	Name  string `xml:"name,attr"`
-	Exact string `xml:"exact"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-	}
-
-	if e.AsPathRegex != "" || e.CommunityRegex != "" || e.ExtendedCommunityRegex != "" || e.Med != "" || len(e.AddressPrefix) > 0 || len(e.NextHop) > 0 || len(e.FromPeer) > 0 {
-		ans.Match = &match_v1{
-			Med:      e.Med,
-			NextHop:  util.StrToMem(e.NextHop),
-			FromPeer: util.StrToMem(e.FromPeer),
-		}
-
-		if e.AsPathRegex != "" {
-			ans.Match.AsPathRegex = &regex{
-				Regex: e.AsPathRegex,
-			}
-		}
-
-		if e.CommunityRegex != "" {
-			ans.Match.CommunityRegex = &regex{
-				Regex: e.CommunityRegex,
-			}
-		}
-
-		if e.ExtendedCommunityRegex != "" {
-			ans.Match.ExtendedCommunityRegex = &regex{
-				Regex: e.ExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.AddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.AddressPrefix))
-			for k, v := range e.AddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.AddressPrefix = &addPre{apList}
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name  `xml:"entry"`
-	Name    string    `xml:"name,attr"`
-	Enable  string    `xml:"enable"`
-	Match   *match_v2 `xml:"match"`
-}
-
-type match_v2 struct {
-	AsPathRegex            *regex           `xml:"as-path"`
-	CommunityRegex         *regex           `xml:"community"`
-	ExtendedCommunityRegex *regex           `xml:"extended-community"`
-	Med                    string           `xml:"med,omitempty"`
-	RouteTable             string           `xml:"route-table,omitempty"`
-	AddressPrefix          *addPre          `xml:"address-prefix"`
-	NextHop                *util.MemberType `xml:"nexthop"`
-	FromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-	}
-
-	if e.AsPathRegex != "" || e.CommunityRegex != "" || e.ExtendedCommunityRegex != "" || e.Med != "" || e.RouteTable != "" || len(e.AddressPrefix) > 0 || len(e.NextHop) > 0 || len(e.FromPeer) > 0 {
-		ans.Match = &match_v2{
-			Med:        e.Med,
-			RouteTable: e.RouteTable,
-			NextHop:    util.StrToMem(e.NextHop),
-			FromPeer:   util.StrToMem(e.FromPeer),
-		}
-
-		if e.AsPathRegex != "" {
-			ans.Match.AsPathRegex = &regex{
-				Regex: e.AsPathRegex,
-			}
-		}
-
-		if e.CommunityRegex != "" {
-			ans.Match.CommunityRegex = &regex{
-				Regex: e.CommunityRegex,
-			}
-		}
-
-		if e.ExtendedCommunityRegex != "" {
-			ans.Match.ExtendedCommunityRegex = &regex{
-				Regex: e.ExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.AddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.AddressPrefix))
-			for k, v := range e.AddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.AddressPrefix = &addPre{apList}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/funcs.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/funcs.go
deleted file mode 100644
index ab2525d8..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package suppress
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/fw.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/fw.go
deleted file mode 100644
index d60e8c6d..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/fw.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package suppress
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpAggSuppressFilter namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, ag), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, ag), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, ag string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, ag), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, ag string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, ag), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, ag string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, ag), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, ag), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, ag string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, ag, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, ag string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ag == "" {
-		return nil, fmt.Errorf("ag must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath([]string{ag}),
-		"suppress-filters",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/fw_test.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/fw_test.go
deleted file mode 100644
index 71db4d46..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package suppress
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", "ag", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", "ag", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/pano.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/pano.go
deleted file mode 100644
index 994289e5..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/pano.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package suppress
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpAggSuppressFilter namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, ag), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, ag string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, ag), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, ag string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, ag), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, ag string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, ag), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, ag string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, ag), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, ag, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, ag), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, ag string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, ag), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, ag string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, ag, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, ag string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ag == "" {
-		return nil, fmt.Errorf("ag must be specified")
-	}
-
-	ans := make([]string, 0, 19)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath([]string{ag}),
-		"suppress-filters",
-		util.AsEntryXpath(vals),
-	)
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/pano_test.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/pano_test.go
deleted file mode 100644
index 7b8be9e7..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package suppress
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", "ag", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", "ag", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/filter/suppress/testdata_test.go b/netw/routing/protocol/bgp/aggregate/filter/suppress/testdata_test.go
deleted file mode 100644
index 4d4feda7..00000000
--- a/netw/routing/protocol/bgp/aggregate/filter/suppress/testdata_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package suppress
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 minimal", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-		}},
-		{"v1 full", version.Number{7, 0, 0, ""}, Entry{
-			Name:                   "foo",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			AddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			NextHop:  []string{"nh1", "nh2"},
-			FromPeer: []string{"fp1", "fp2"},
-		}},
-		{"v2 minimal", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-		}},
-		{"v2 full", version.Number{8, 0, 0, ""}, Entry{
-			Name:                   "foo",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			RouteTable:             RouteTableBoth,
-			AddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			NextHop:  []string{"nh1", "nh2"},
-			FromPeer: []string{"fp1", "fp2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/funcs.go b/netw/routing/protocol/bgp/aggregate/funcs.go
deleted file mode 100644
index d93fdb30..00000000
--- a/netw/routing/protocol/bgp/aggregate/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package aggregate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/fw.go b/netw/routing/protocol/bgp/aggregate/fw.go
deleted file mode 100644
index 98af84b6..00000000
--- a/netw/routing/protocol/bgp/aggregate/fw.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package aggregate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpAggregation namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/fw_test.go b/netw/routing/protocol/bgp/aggregate/fw_test.go
deleted file mode 100644
index f7ae4385..00000000
--- a/netw/routing/protocol/bgp/aggregate/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package aggregate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/pano.go b/netw/routing/protocol/bgp/aggregate/pano.go
deleted file mode 100644
index 63fc6eb3..00000000
--- a/netw/routing/protocol/bgp/aggregate/pano.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package aggregate
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpAggregate namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"aggregation",
-		"address",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/aggregate/pano_test.go b/netw/routing/protocol/bgp/aggregate/pano_test.go
deleted file mode 100644
index 08084b6b..00000000
--- a/netw/routing/protocol/bgp/aggregate/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package aggregate
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/aggregate/testdata_test.go b/netw/routing/protocol/bgp/aggregate/testdata_test.go
deleted file mode 100644
index 1cfe1b6f..00000000
--- a/netw/routing/protocol/bgp/aggregate/testdata_test.go
+++ /dev/null
@@ -1,113 +0,0 @@
-package aggregate
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"minimal", Entry{
-			Name:   "one",
-			Enable: true,
-			Prefix: "prefix",
-			raw: map[string]string{
-				"sf": "suppress filters",
-				"af": "advertise filters",
-			},
-		}},
-		{"community none", Entry{
-			Name:                  "two",
-			Prefix:                "prefix",
-			AsSet:                 false,
-			Enable:                false,
-			Summary:               true,
-			LocalPreference:       "local pref",
-			Med:                   "med",
-			Weight:                5,
-			NextHop:               "nexthop",
-			Origin:                "origin",
-			AsPathLimit:           6,
-			AsPathType:            AsPathTypeNone,
-			CommunityType:         CommunityTypeNone,
-			ExtendedCommunityType: CommunityTypeRemoveAll,
-			raw: map[string]string{
-				"af": "advertise filters",
-			},
-		}},
-		{"community removeall", Entry{
-			Name:                  "three",
-			Prefix:                "prefix",
-			AsSet:                 true,
-			Enable:                false,
-			Summary:               false,
-			LocalPreference:       "local pref",
-			Med:                   "med",
-			Weight:                5,
-			NextHop:               "nexthop",
-			Origin:                "origin",
-			AsPathLimit:           6,
-			AsPathType:            AsPathTypePrepend,
-			AsPathValue:           "1",
-			CommunityType:         CommunityTypeRemoveAll,
-			ExtendedCommunityType: CommunityTypeNone,
-			raw: map[string]string{
-				"sf": "suppress filters",
-			},
-		}},
-		{"community remove regex", Entry{
-			Name:                   "four",
-			Prefix:                 "prefix",
-			AsSet:                  true,
-			Enable:                 true,
-			Summary:                true,
-			LocalPreference:        "local pref",
-			Med:                    "med",
-			Weight:                 5,
-			NextHop:                "nexthop",
-			Origin:                 "origin",
-			AsPathLimit:            6,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeRemoveRegex,
-			CommunityValue:         "remove regex",
-			ExtendedCommunityType:  CommunityTypeAppend,
-			ExtendedCommunityValue: "append",
-		}},
-		{"community append", Entry{
-			Name:                   "five",
-			Prefix:                 "prefix",
-			AsSet:                  false,
-			Enable:                 false,
-			Summary:                false,
-			LocalPreference:        "local pref",
-			Med:                    "med",
-			Weight:                 5,
-			NextHop:                "nexthop",
-			Origin:                 "origin",
-			AsPathLimit:            6,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeAppend,
-			CommunityValue:         "append",
-			ExtendedCommunityType:  CommunityTypeOverwrite,
-			ExtendedCommunityValue: "overwrite",
-		}},
-		{"community overwrite", Entry{
-			Name:                   "six",
-			Prefix:                 "prefix",
-			AsSet:                  false,
-			Enable:                 false,
-			Summary:                false,
-			LocalPreference:        "local pref",
-			Med:                    "med",
-			Weight:                 5,
-			NextHop:                "nexthop",
-			Origin:                 "origin",
-			AsPathLimit:            6,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeOverwrite,
-			CommunityValue:         "Overwrite",
-			ExtendedCommunityType:  CommunityTypeRemoveRegex,
-			ExtendedCommunityValue: "remove regex",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/const.go b/netw/routing/protocol/bgp/conadv/const.go
deleted file mode 100644
index b8b321b5..00000000
--- a/netw/routing/protocol/bgp/conadv/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package conadv
-
-const (
-	singular = "bgp conditional advertisement"
-	plural   = "bgp conditional advertisements"
-)
diff --git a/netw/routing/protocol/bgp/conadv/doc.go b/netw/routing/protocol/bgp/conadv/doc.go
deleted file mode 100644
index d0b17dca..00000000
--- a/netw/routing/protocol/bgp/conadv/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package conadv is the client.Network.BgpConditionalAdv namespace.
-
-Normalized object:  Entry
-*/
-package conadv
diff --git a/netw/routing/protocol/bgp/conadv/entry.go b/netw/routing/protocol/bgp/conadv/entry.go
deleted file mode 100644
index 1620c6a5..00000000
--- a/netw/routing/protocol/bgp/conadv/entry.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package conadv
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// conditional advertisement.
-type Entry struct {
-	Name   string
-	Enable bool
-	UsedBy []string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.UsedBy = s.UsedBy
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-		UsedBy: util.MemToStr(o.UsedBy),
-	}
-
-	m := make(map[string]string)
-	if o.NonExistFilters != nil {
-		m["nf"] = util.CleanRawXml(o.NonExistFilters.Text)
-	}
-	if o.AdvertiseFilters != nil {
-		m["af"] = util.CleanRawXml(o.AdvertiseFilters.Text)
-	}
-	if len(m) > 0 {
-		ans.raw = m
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName          xml.Name         `xml:"entry"`
-	Name             string           `xml:"name,attr"`
-	Enable           string           `xml:"enable"`
-	UsedBy           *util.MemberType `xml:"used-by"`
-	NonExistFilters  *util.RawXml     `xml:"non-exist-filters"`
-	AdvertiseFilters *util.RawXml     `xml:"advertise-filters"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-		UsedBy: util.StrToMem(e.UsedBy),
-	}
-
-	if text, present := e.raw["nf"]; present {
-		ans.NonExistFilters = &util.RawXml{text}
-	}
-	if text, present := e.raw["af"]; present {
-		ans.AdvertiseFilters = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/const.go b/netw/routing/protocol/bgp/conadv/filter/advertise/const.go
deleted file mode 100644
index 5024be85..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package advertise
-
-// Valid values for RouteTable.
-const (
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-const (
-	singular = "bgp conditional advertisement advertise filter"
-	plural   = "bgp conditional advertisement advertise filters"
-)
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/doc.go b/netw/routing/protocol/bgp/conadv/filter/advertise/doc.go
deleted file mode 100644
index 3f5ab3d4..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package advertise is the client.Network.BgpConAdvAdvertiseFilter namespace.
-
-Normalized object:  Entry
-*/
-package advertise
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/entry.go b/netw/routing/protocol/bgp/conadv/filter/advertise/entry.go
deleted file mode 100644
index cf9beedc..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/entry.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package advertise
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// conditional advertisement advertise filter.
-type Entry struct {
-	Name                   string
-	Enable                 bool
-	AsPathRegex            string
-	CommunityRegex         string
-	ExtendedCommunityRegex string
-	Med                    string
-	RouteTable             string // 8.0+
-	AddressPrefix          []string
-	NextHop                []string
-	FromPeer               []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AsPathRegex = s.AsPathRegex
-	o.CommunityRegex = s.CommunityRegex
-	o.ExtendedCommunityRegex = s.ExtendedCommunityRegex
-	o.Med = s.Med
-	o.RouteTable = s.RouteTable
-	o.AddressPrefix = s.AddressPrefix
-	o.NextHop = s.NextHop
-	o.FromPeer = s.FromPeer
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Enable:        util.AsBool(o.Enable),
-		Med:           o.Med,
-		AddressPrefix: util.EntToStr(o.AddressPrefix),
-		NextHop:       util.MemToStr(o.NextHop),
-		FromPeer:      util.MemToStr(o.FromPeer),
-	}
-
-	if o.AsPathRegex != nil {
-		ans.AsPathRegex = o.AsPathRegex.Regex
-	}
-
-	if o.CommunityRegex != nil {
-		ans.CommunityRegex = o.CommunityRegex.Regex
-	}
-
-	if o.ExtendedCommunityRegex != nil {
-		ans.ExtendedCommunityRegex = o.ExtendedCommunityRegex.Regex
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Enable:        util.AsBool(o.Enable),
-		Med:           o.Med,
-		RouteTable:    o.RouteTable,
-		AddressPrefix: util.EntToStr(o.AddressPrefix),
-		NextHop:       util.MemToStr(o.NextHop),
-		FromPeer:      util.MemToStr(o.FromPeer),
-	}
-
-	if o.AsPathRegex != nil {
-		ans.AsPathRegex = o.AsPathRegex.Regex
-	}
-
-	if o.CommunityRegex != nil {
-		ans.CommunityRegex = o.CommunityRegex.Regex
-	}
-
-	if o.ExtendedCommunityRegex != nil {
-		ans.ExtendedCommunityRegex = o.ExtendedCommunityRegex.Regex
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Enable                 string           `xml:"enable"`
-	AsPathRegex            *regex           `xml:"match>as-path"`
-	CommunityRegex         *regex           `xml:"match>community"`
-	ExtendedCommunityRegex *regex           `xml:"match>extended-community"`
-	Med                    string           `xml:"match>med,omitempty"`
-	AddressPrefix          *util.EntryType  `xml:"match>address-prefix"`
-	NextHop                *util.MemberType `xml:"match>nexthop"`
-	FromPeer               *util.MemberType `xml:"match>from-peer"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		Enable:        util.YesNo(e.Enable),
-		Med:           e.Med,
-		AddressPrefix: util.StrToEnt(e.AddressPrefix),
-		NextHop:       util.StrToMem(e.NextHop),
-		FromPeer:      util.StrToMem(e.FromPeer),
-	}
-
-	if e.AsPathRegex != "" {
-		ans.AsPathRegex = &regex{
-			Regex: e.AsPathRegex,
-		}
-	}
-
-	if e.CommunityRegex != "" {
-		ans.CommunityRegex = &regex{
-			Regex: e.CommunityRegex,
-		}
-	}
-
-	if e.ExtendedCommunityRegex != "" {
-		ans.ExtendedCommunityRegex = &regex{
-			Regex: e.ExtendedCommunityRegex,
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Enable                 string           `xml:"enable"`
-	AsPathRegex            *regex           `xml:"match>as-path"`
-	CommunityRegex         *regex           `xml:"match>community"`
-	ExtendedCommunityRegex *regex           `xml:"match>extended-community"`
-	Med                    string           `xml:"match>med,omitempty"`
-	RouteTable             string           `xml:"match>route-table,omitempty"`
-	AddressPrefix          *util.EntryType  `xml:"match>address-prefix"`
-	NextHop                *util.MemberType `xml:"match>nexthop"`
-	FromPeer               *util.MemberType `xml:"match>from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		Enable:        util.YesNo(e.Enable),
-		Med:           e.Med,
-		RouteTable:    e.RouteTable,
-		AddressPrefix: util.StrToEnt(e.AddressPrefix),
-		NextHop:       util.StrToMem(e.NextHop),
-		FromPeer:      util.StrToMem(e.FromPeer),
-	}
-
-	if e.AsPathRegex != "" {
-		ans.AsPathRegex = &regex{
-			Regex: e.AsPathRegex,
-		}
-	}
-
-	if e.CommunityRegex != "" {
-		ans.CommunityRegex = &regex{
-			Regex: e.CommunityRegex,
-		}
-	}
-
-	if e.ExtendedCommunityRegex != "" {
-		ans.ExtendedCommunityRegex = &regex{
-			Regex: e.ExtendedCommunityRegex,
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/funcs.go b/netw/routing/protocol/bgp/conadv/filter/advertise/funcs.go
deleted file mode 100644
index a67db623..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/fw.go b/netw/routing/protocol/bgp/conadv/filter/advertise/fw.go
deleted file mode 100644
index c214fa98..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/fw.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpConAdvAdvertiseFilter namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, ca), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, ca), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, ca string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, ca), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, ca string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, ca), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, ca string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, ca), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, ca string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, ca, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, ca string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ca == "" {
-		return nil, fmt.Errorf("ca must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath([]string{ca}),
-		"advertise-filters",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/fw_test.go b/netw/routing/protocol/bgp/conadv/filter/advertise/fw_test.go
deleted file mode 100644
index 50742c9f..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package advertise
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", "ca", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", "ca", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/pano.go b/netw/routing/protocol/bgp/conadv/filter/advertise/pano.go
deleted file mode 100644
index 2af3194e..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/pano.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package advertise
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpConAdvAdvertiseFilter namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, ca), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, ca), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, ca string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, ca), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, ca string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, ca), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, ca string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, ca), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, ca string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, ca, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, ca string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ca == "" {
-		return nil, fmt.Errorf("ca must be specified")
-	}
-
-	ans := make([]string, 0, 19)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath([]string{ca}),
-		"advertise-filters",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/pano_test.go b/netw/routing/protocol/bgp/conadv/filter/advertise/pano_test.go
deleted file mode 100644
index c68f42f7..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package advertise
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", "ca", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", "ca", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/advertise/testdata_test.go b/netw/routing/protocol/bgp/conadv/filter/advertise/testdata_test.go
deleted file mode 100644
index d3e156d5..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/advertise/testdata_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package advertise
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 basic", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "one",
-			Enable: false,
-		}},
-		{"v1 full", version.Number{7, 0, 0, ""}, Entry{
-			Name:                   "two",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			AddressPrefix:          []string{"5.5.0.0", "6.6.0.0"},
-			NextHop:                []string{"nh1", "nh2"},
-			FromPeer:               []string{"fp1", "fp2"},
-		}},
-		{"v2 basic", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "three",
-			Enable: false,
-		}},
-		{"v2 full", version.Number{8, 0, 0, ""}, Entry{
-			Name:                   "four",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			RouteTable:             RouteTableUnicast,
-			AddressPrefix:          []string{"5.5.0.0", "6.6.0.0"},
-			NextHop:                []string{"nh1", "nh2"},
-			FromPeer:               []string{"fp1", "fp2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/const.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/const.go
deleted file mode 100644
index 7d51ba6d..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package nonexist
-
-// Valid values for RouteTable.
-const (
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-const (
-	singular = "bgp conditional advertisement non-exist filter"
-	plural   = "bgp conditional advertisement non-exist filters"
-)
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/doc.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/doc.go
deleted file mode 100644
index e914455c..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package nonexist is the client.Network.BgpConAdvNonExistFilter namespace.
-
-Normalized object:  Entry
-*/
-package nonexist
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/entry.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/entry.go
deleted file mode 100644
index cf14ffd8..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/entry.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package nonexist
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// conditional advertisement non-exist filter.
-type Entry struct {
-	Name                   string
-	Enable                 bool
-	AsPathRegex            string
-	CommunityRegex         string
-	ExtendedCommunityRegex string
-	Med                    string
-	RouteTable             string // 8.0+
-	AddressPrefix          []string
-	NextHop                []string
-	FromPeer               []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AsPathRegex = s.AsPathRegex
-	o.CommunityRegex = s.CommunityRegex
-	o.ExtendedCommunityRegex = s.ExtendedCommunityRegex
-	o.Med = s.Med
-	o.RouteTable = s.RouteTable
-	o.AddressPrefix = s.AddressPrefix
-	o.NextHop = s.NextHop
-	o.FromPeer = s.FromPeer
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Enable:        util.AsBool(o.Enable),
-		Med:           o.Med,
-		AddressPrefix: util.EntToStr(o.AddressPrefix),
-		NextHop:       util.MemToStr(o.NextHop),
-		FromPeer:      util.MemToStr(o.FromPeer),
-	}
-
-	if o.AsPathRegex != nil {
-		ans.AsPathRegex = o.AsPathRegex.Regex
-	}
-
-	if o.CommunityRegex != nil {
-		ans.CommunityRegex = o.CommunityRegex.Regex
-	}
-
-	if o.ExtendedCommunityRegex != nil {
-		ans.ExtendedCommunityRegex = o.ExtendedCommunityRegex.Regex
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Enable:        util.AsBool(o.Enable),
-		Med:           o.Med,
-		RouteTable:    o.RouteTable,
-		AddressPrefix: util.EntToStr(o.AddressPrefix),
-		NextHop:       util.MemToStr(o.NextHop),
-		FromPeer:      util.MemToStr(o.FromPeer),
-	}
-
-	if o.AsPathRegex != nil {
-		ans.AsPathRegex = o.AsPathRegex.Regex
-	}
-
-	if o.CommunityRegex != nil {
-		ans.CommunityRegex = o.CommunityRegex.Regex
-	}
-
-	if o.ExtendedCommunityRegex != nil {
-		ans.ExtendedCommunityRegex = o.ExtendedCommunityRegex.Regex
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Enable                 string           `xml:"enable"`
-	AsPathRegex            *regex           `xml:"match>as-path"`
-	CommunityRegex         *regex           `xml:"match>community"`
-	ExtendedCommunityRegex *regex           `xml:"match>extended-community"`
-	Med                    string           `xml:"match>med,omitempty"`
-	AddressPrefix          *util.EntryType  `xml:"match>address-prefix"`
-	NextHop                *util.MemberType `xml:"match>nexthop"`
-	FromPeer               *util.MemberType `xml:"match>from-peer"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		Enable:        util.YesNo(e.Enable),
-		Med:           e.Med,
-		AddressPrefix: util.StrToEnt(e.AddressPrefix),
-		NextHop:       util.StrToMem(e.NextHop),
-		FromPeer:      util.StrToMem(e.FromPeer),
-	}
-
-	if e.AsPathRegex != "" {
-		ans.AsPathRegex = &regex{
-			Regex: e.AsPathRegex,
-		}
-	}
-
-	if e.CommunityRegex != "" {
-		ans.CommunityRegex = &regex{
-			Regex: e.CommunityRegex,
-		}
-	}
-
-	if e.ExtendedCommunityRegex != "" {
-		ans.ExtendedCommunityRegex = &regex{
-			Regex: e.ExtendedCommunityRegex,
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Enable                 string           `xml:"enable"`
-	AsPathRegex            *regex           `xml:"match>as-path"`
-	CommunityRegex         *regex           `xml:"match>community"`
-	ExtendedCommunityRegex *regex           `xml:"match>extended-community"`
-	Med                    string           `xml:"match>med,omitempty"`
-	RouteTable             string           `xml:"match>route-table,omitempty"`
-	AddressPrefix          *util.EntryType  `xml:"match>address-prefix"`
-	NextHop                *util.MemberType `xml:"match>nexthop"`
-	FromPeer               *util.MemberType `xml:"match>from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		Enable:        util.YesNo(e.Enable),
-		Med:           e.Med,
-		RouteTable:    e.RouteTable,
-		AddressPrefix: util.StrToEnt(e.AddressPrefix),
-		NextHop:       util.StrToMem(e.NextHop),
-		FromPeer:      util.StrToMem(e.FromPeer),
-	}
-
-	if e.AsPathRegex != "" {
-		ans.AsPathRegex = &regex{
-			Regex: e.AsPathRegex,
-		}
-	}
-
-	if e.CommunityRegex != "" {
-		ans.CommunityRegex = &regex{
-			Regex: e.CommunityRegex,
-		}
-	}
-
-	if e.ExtendedCommunityRegex != "" {
-		ans.ExtendedCommunityRegex = &regex{
-			Regex: e.ExtendedCommunityRegex,
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/funcs.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/funcs.go
deleted file mode 100644
index ac3858fd..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package nonexist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/fw.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/fw.go
deleted file mode 100644
index 8bdffdab..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/fw.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package nonexist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpConAdvNonExistFilter namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, ca), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, ca), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, ca string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, ca), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, ca string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, ca), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, ca string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, ca), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, ca), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, ca string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, ca, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, ca string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ca == "" {
-		return nil, fmt.Errorf("ca must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath([]string{ca}),
-		"non-exist-filters",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/fw_test.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/fw_test.go
deleted file mode 100644
index ffe982c1..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package nonexist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", "ca", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", "ca", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/pano.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/pano.go
deleted file mode 100644
index 98a6e09c..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/pano.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package nonexist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpConAdvNonExistFilter namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, ca), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, ca string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, ca), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, ca string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, ca), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, ca string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, ca), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, ca string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, ca), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, ca, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, ca), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, ca string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, ca), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, ca string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, ca, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, ca string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if ca == "" {
-		return nil, fmt.Errorf("ca must be specified")
-	}
-
-	ans := make([]string, 0, 19)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath([]string{ca}),
-		"non-exist-filters",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/pano_test.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/pano_test.go
deleted file mode 100644
index 8f87be9e..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package nonexist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", "ca", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", "ca", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/filter/nonexist/testdata_test.go b/netw/routing/protocol/bgp/conadv/filter/nonexist/testdata_test.go
deleted file mode 100644
index 3ee3c560..00000000
--- a/netw/routing/protocol/bgp/conadv/filter/nonexist/testdata_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package nonexist
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 basic", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "one",
-			Enable: false,
-		}},
-		{"v1 full", version.Number{7, 0, 0, ""}, Entry{
-			Name:                   "two",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			AddressPrefix:          []string{"5.5.0.0", "6.6.0.0"},
-			NextHop:                []string{"nh1", "nh2"},
-			FromPeer:               []string{"fp1", "fp2"},
-		}},
-		{"v2 basic", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "three",
-			Enable: false,
-		}},
-		{"v2 full", version.Number{8, 0, 0, ""}, Entry{
-			Name:                   "four",
-			Enable:                 true,
-			AsPathRegex:            "as path regex",
-			CommunityRegex:         "community regex",
-			ExtendedCommunityRegex: "extended community regex",
-			Med:                    "match med",
-			RouteTable:             RouteTableUnicast,
-			AddressPrefix:          []string{"5.5.0.0", "6.6.0.0"},
-			NextHop:                []string{"nh1", "nh2"},
-			FromPeer:               []string{"fp1", "fp2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/funcs.go b/netw/routing/protocol/bgp/conadv/funcs.go
deleted file mode 100644
index fdd2b217..00000000
--- a/netw/routing/protocol/bgp/conadv/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package conadv
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/fw.go b/netw/routing/protocol/bgp/conadv/fw.go
deleted file mode 100644
index 44719683..00000000
--- a/netw/routing/protocol/bgp/conadv/fw.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package conadv
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpConditionalAdv namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/fw_test.go b/netw/routing/protocol/bgp/conadv/fw_test.go
deleted file mode 100644
index 4d66bf15..00000000
--- a/netw/routing/protocol/bgp/conadv/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package conadv
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/pano.go b/netw/routing/protocol/bgp/conadv/pano.go
deleted file mode 100644
index 01066819..00000000
--- a/netw/routing/protocol/bgp/conadv/pano.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package conadv
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpConditionalAdv namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"conditional-advertisement",
-		"policy",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/conadv/pano_test.go b/netw/routing/protocol/bgp/conadv/pano_test.go
deleted file mode 100644
index 211a4d75..00000000
--- a/netw/routing/protocol/bgp/conadv/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package conadv
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "ts", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/conadv/testdata_test.go b/netw/routing/protocol/bgp/conadv/testdata_test.go
deleted file mode 100644
index e9146c44..00000000
--- a/netw/routing/protocol/bgp/conadv/testdata_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package conadv
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"minimal", Entry{
-			Name:   "one",
-			Enable: false,
-		}},
-		{"standard", Entry{
-			Name:   "two",
-			Enable: true,
-			UsedBy: []string{"one", "two"},
-		}},
-		{"with raw", Entry{
-			Name:   "three",
-			Enable: true,
-			UsedBy: []string{"one", "two"},
-			raw: map[string]string{
-				"af": "advertisement filters",
-				"nf": "non exist filters",
-			},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/config.go b/netw/routing/protocol/bgp/config.go
deleted file mode 100644
index 049904f0..00000000
--- a/netw/routing/protocol/bgp/config.go
+++ /dev/null
@@ -1,821 +0,0 @@
-package bgp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of a virtual
-// router's BGP configuration.
-type Config struct {
-	Enable                        bool
-	RouterId                      string
-	AsNumber                      string // XML: local-as
-	BfdProfile                    string // 7.1+ ; XML: global-bfd/profile or the word "None"
-	RejectDefaultRoute            bool
-	InstallRoute                  bool
-	AggregateMed                  bool
-	DefaultLocalPreference        string
-	AsFormat                      string
-	AlwaysCompareMed              bool
-	DeterministicMedComparison    bool
-	EcmpMultiAs                   bool // 7.0+
-	EnforceFirstAs                bool // 8.0+
-	EnableGracefulRestart         bool
-	StaleRouteTime                int
-	LocalRestartTime              int
-	MaxPeerRestartTime            int
-	ReflectorClusterId            string
-	ConfederationMemberAs         string
-	AllowRedistributeDefaultRoute bool
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.Enable = s.Enable
-	o.RouterId = s.RouterId
-	o.AsNumber = s.AsNumber
-	o.BfdProfile = s.BfdProfile
-	o.RejectDefaultRoute = s.RejectDefaultRoute
-	o.InstallRoute = s.InstallRoute
-	o.AggregateMed = s.AggregateMed
-	o.DefaultLocalPreference = s.DefaultLocalPreference
-	o.AsFormat = s.AsFormat
-	o.AlwaysCompareMed = s.AlwaysCompareMed
-	o.DeterministicMedComparison = s.DeterministicMedComparison
-	o.EcmpMultiAs = s.EcmpMultiAs
-	o.EnforceFirstAs = s.EnforceFirstAs
-	o.EnableGracefulRestart = s.EnableGracefulRestart
-	o.StaleRouteTime = s.StaleRouteTime
-	o.LocalRestartTime = s.LocalRestartTime
-	o.MaxPeerRestartTime = s.MaxPeerRestartTime
-	o.ReflectorClusterId = s.ReflectorClusterId
-	o.ConfederationMemberAs = s.ConfederationMemberAs
-	o.AllowRedistributeDefaultRoute = s.AllowRedistributeDefaultRoute
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"bgp"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Config {
-	ans := Config{
-		Enable:                        util.AsBool(o.Enable),
-		RouterId:                      o.RouterId,
-		AsNumber:                      o.AsNumber,
-		RejectDefaultRoute:            util.AsBool(o.RejectDefaultRoute),
-		InstallRoute:                  util.AsBool(o.InstallRoute),
-		AllowRedistributeDefaultRoute: util.AsBool(o.AllowRedistributeDefaultRoute),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Options != nil {
-		ans.AsFormat = o.Options.AsFormat
-		ans.DefaultLocalPreference = o.Options.DefaultLocalPreference
-		ans.ReflectorClusterId = o.Options.ReflectorClusterId
-		ans.ConfederationMemberAs = o.Options.ConfederationMemberAs
-
-		if o.Options.Med != nil {
-			ans.AlwaysCompareMed = util.AsBool(o.Options.Med.AlwaysCompareMed)
-			ans.DeterministicMedComparison = util.AsBool(o.Options.Med.DeterministicMedComparison)
-		}
-
-		if o.Options.GracefulRestart != nil {
-			ans.EnableGracefulRestart = util.AsBool(o.Options.GracefulRestart.EnableGracefulRestart)
-			ans.StaleRouteTime = o.Options.GracefulRestart.StaleRouteTime
-			ans.LocalRestartTime = o.Options.GracefulRestart.LocalRestartTime
-			ans.MaxPeerRestartTime = o.Options.GracefulRestart.MaxPeerRestartTime
-		}
-
-		if o.Options.Aggregate != nil {
-			ans.AggregateMed = util.AsBool(o.Options.Aggregate.AggregateMed)
-		}
-
-		if o.Options.OutboundRouteFilter != nil {
-			raw["orf"] = util.CleanRawXml(o.Options.OutboundRouteFilter.Text)
-		}
-	}
-
-	if o.AuthProfile != nil {
-		raw["ap"] = util.CleanRawXml(o.AuthProfile.Text)
-	}
-	if o.DampeningProfile != nil {
-		raw["dp"] = util.CleanRawXml(o.DampeningProfile.Text)
-	}
-	if o.PeerGroup != nil {
-		raw["pg"] = util.CleanRawXml(o.PeerGroup.Text)
-	}
-	if o.Policy != nil {
-		raw["poli"] = util.CleanRawXml(o.Policy.Text)
-	}
-	if o.RedistRules != nil {
-		raw["rr"] = util.CleanRawXml(o.RedistRules.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"bgp"`
-}
-
-func (o *container_v2) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Config {
-	ans := Config{
-		Enable:                        util.AsBool(o.Enable),
-		RouterId:                      o.RouterId,
-		AsNumber:                      o.AsNumber,
-		RejectDefaultRoute:            util.AsBool(o.RejectDefaultRoute),
-		InstallRoute:                  util.AsBool(o.InstallRoute),
-		EcmpMultiAs:                   util.AsBool(o.EcmpMultiAs),
-		AllowRedistributeDefaultRoute: util.AsBool(o.AllowRedistributeDefaultRoute),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Options != nil {
-		ans.AsFormat = o.Options.AsFormat
-		ans.DefaultLocalPreference = o.Options.DefaultLocalPreference
-		ans.ReflectorClusterId = o.Options.ReflectorClusterId
-		ans.ConfederationMemberAs = o.Options.ConfederationMemberAs
-
-		if o.Options.Med != nil {
-			ans.AlwaysCompareMed = util.AsBool(o.Options.Med.AlwaysCompareMed)
-			ans.DeterministicMedComparison = util.AsBool(o.Options.Med.DeterministicMedComparison)
-		}
-
-		if o.Options.GracefulRestart != nil {
-			ans.EnableGracefulRestart = util.AsBool(o.Options.GracefulRestart.EnableGracefulRestart)
-			ans.StaleRouteTime = o.Options.GracefulRestart.StaleRouteTime
-			ans.LocalRestartTime = o.Options.GracefulRestart.LocalRestartTime
-			ans.MaxPeerRestartTime = o.Options.GracefulRestart.MaxPeerRestartTime
-		}
-
-		if o.Options.Aggregate != nil {
-			ans.AggregateMed = util.AsBool(o.Options.Aggregate.AggregateMed)
-		}
-
-		if o.Options.OutboundRouteFilter != nil {
-			raw["orf"] = util.CleanRawXml(o.Options.OutboundRouteFilter.Text)
-		}
-	}
-
-	if o.AuthProfile != nil {
-		raw["ap"] = util.CleanRawXml(o.AuthProfile.Text)
-	}
-	if o.DampeningProfile != nil {
-		raw["dp"] = util.CleanRawXml(o.DampeningProfile.Text)
-	}
-	if o.PeerGroup != nil {
-		raw["pg"] = util.CleanRawXml(o.PeerGroup.Text)
-	}
-	if o.Policy != nil {
-		raw["poli"] = util.CleanRawXml(o.Policy.Text)
-	}
-	if o.RedistRules != nil {
-		raw["rr"] = util.CleanRawXml(o.RedistRules.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"bgp"`
-}
-
-func (o *container_v3) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Config {
-	ans := Config{
-		Enable:                        util.AsBool(o.Enable),
-		RouterId:                      o.RouterId,
-		AsNumber:                      o.AsNumber,
-		RejectDefaultRoute:            util.AsBool(o.RejectDefaultRoute),
-		InstallRoute:                  util.AsBool(o.InstallRoute),
-		EcmpMultiAs:                   util.AsBool(o.EcmpMultiAs),
-		AllowRedistributeDefaultRoute: util.AsBool(o.AllowRedistributeDefaultRoute),
-	}
-
-	raw := make(map[string]string)
-
-	if o.GlobalBfd != nil {
-		ans.BfdProfile = o.GlobalBfd.BfdProfile
-	}
-
-	if o.Options != nil {
-		ans.AsFormat = o.Options.AsFormat
-		ans.DefaultLocalPreference = o.Options.DefaultLocalPreference
-		ans.ReflectorClusterId = o.Options.ReflectorClusterId
-		ans.ConfederationMemberAs = o.Options.ConfederationMemberAs
-
-		if o.Options.Med != nil {
-			ans.AlwaysCompareMed = util.AsBool(o.Options.Med.AlwaysCompareMed)
-			ans.DeterministicMedComparison = util.AsBool(o.Options.Med.DeterministicMedComparison)
-		}
-
-		if o.Options.GracefulRestart != nil {
-			ans.EnableGracefulRestart = util.AsBool(o.Options.GracefulRestart.EnableGracefulRestart)
-			ans.StaleRouteTime = o.Options.GracefulRestart.StaleRouteTime
-			ans.LocalRestartTime = o.Options.GracefulRestart.LocalRestartTime
-			ans.MaxPeerRestartTime = o.Options.GracefulRestart.MaxPeerRestartTime
-		}
-
-		if o.Options.Aggregate != nil {
-			ans.AggregateMed = util.AsBool(o.Options.Aggregate.AggregateMed)
-		}
-
-		if o.Options.OutboundRouteFilter != nil {
-			raw["orf"] = util.CleanRawXml(o.Options.OutboundRouteFilter.Text)
-		}
-	}
-
-	if o.AuthProfile != nil {
-		raw["ap"] = util.CleanRawXml(o.AuthProfile.Text)
-	}
-	if o.DampeningProfile != nil {
-		raw["dp"] = util.CleanRawXml(o.DampeningProfile.Text)
-	}
-	if o.PeerGroup != nil {
-		raw["pg"] = util.CleanRawXml(o.PeerGroup.Text)
-	}
-	if o.Policy != nil {
-		raw["poli"] = util.CleanRawXml(o.Policy.Text)
-	}
-	if o.RedistRules != nil {
-		raw["rr"] = util.CleanRawXml(o.RedistRules.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type container_v4 struct {
-	Answer []entry_v4 `xml:"bgp"`
-}
-
-func (o *container_v4) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Config {
-	ans := Config{
-		Enable:                        util.AsBool(o.Enable),
-		RouterId:                      o.RouterId,
-		AsNumber:                      o.AsNumber,
-		RejectDefaultRoute:            util.AsBool(o.RejectDefaultRoute),
-		InstallRoute:                  util.AsBool(o.InstallRoute),
-		EcmpMultiAs:                   util.AsBool(o.EcmpMultiAs),
-		EnforceFirstAs:                util.AsBool(o.EnforceFirstAs),
-		AllowRedistributeDefaultRoute: util.AsBool(o.AllowRedistributeDefaultRoute),
-	}
-
-	raw := make(map[string]string)
-
-	if o.GlobalBfd != nil {
-		ans.BfdProfile = o.GlobalBfd.BfdProfile
-	}
-
-	if o.Options != nil {
-		ans.AsFormat = o.Options.AsFormat
-		ans.DefaultLocalPreference = o.Options.DefaultLocalPreference
-		ans.ReflectorClusterId = o.Options.ReflectorClusterId
-		ans.ConfederationMemberAs = o.Options.ConfederationMemberAs
-
-		if o.Options.Med != nil {
-			ans.AlwaysCompareMed = util.AsBool(o.Options.Med.AlwaysCompareMed)
-			ans.DeterministicMedComparison = util.AsBool(o.Options.Med.DeterministicMedComparison)
-		}
-
-		if o.Options.GracefulRestart != nil {
-			ans.EnableGracefulRestart = util.AsBool(o.Options.GracefulRestart.EnableGracefulRestart)
-			ans.StaleRouteTime = o.Options.GracefulRestart.StaleRouteTime
-			ans.LocalRestartTime = o.Options.GracefulRestart.LocalRestartTime
-			ans.MaxPeerRestartTime = o.Options.GracefulRestart.MaxPeerRestartTime
-		}
-
-		if o.Options.Aggregate != nil {
-			ans.AggregateMed = util.AsBool(o.Options.Aggregate.AggregateMed)
-		}
-
-		if o.Options.OutboundRouteFilter != nil {
-			raw["orf"] = util.CleanRawXml(o.Options.OutboundRouteFilter.Text)
-		}
-	}
-
-	if o.AuthProfile != nil {
-		raw["ap"] = util.CleanRawXml(o.AuthProfile.Text)
-	}
-	if o.DampeningProfile != nil {
-		raw["dp"] = util.CleanRawXml(o.DampeningProfile.Text)
-	}
-	if o.PeerGroup != nil {
-		raw["pg"] = util.CleanRawXml(o.PeerGroup.Text)
-	}
-	if o.Policy != nil {
-		raw["poli"] = util.CleanRawXml(o.Policy.Text)
-	}
-	if o.RedistRules != nil {
-		raw["rr"] = util.CleanRawXml(o.RedistRules.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                       xml.Name  `xml:"bgp"`
-	Enable                        string    `xml:"enable"`
-	RouterId                      string    `xml:"router-id,omitempty"`
-	AsNumber                      string    `xml:"local-as,omitempty"`
-	RejectDefaultRoute            string    `xml:"reject-default-route"`
-	InstallRoute                  string    `xml:"install-route"`
-	AllowRedistributeDefaultRoute string    `xml:"allow-redist-default-route"`
-	Options                       *rOptions `xml:"routing-options"`
-
-	AuthProfile      *util.RawXml `xml:"auth-profile"`
-	DampeningProfile *util.RawXml `xml:"dampening-profile"`
-	PeerGroup        *util.RawXml `xml:"peer-group"`
-	Policy           *util.RawXml `xml:"policy"`
-	RedistRules      *util.RawXml `xml:"redist-rules"`
-}
-
-type rOptions struct {
-	AsFormat               string           `xml:"as-format,omitempty"`
-	Med                    *med             `xml:"med"`
-	DefaultLocalPreference string           `xml:"default-local-preference,omitempty"`
-	ReflectorClusterId     string           `xml:"reflector-cluster-id,omitempty"`
-	ConfederationMemberAs  string           `xml:"confederation-member-as,omitempty"`
-	GracefulRestart        *gracefulRestart `xml:"graceful-restart"`
-	Aggregate              *aggOptions      `xml:"aggregate"`
-
-	OutboundRouteFilter *util.RawXml `xml:"outbound-route-filter"`
-}
-
-type med struct {
-	AlwaysCompareMed           string `xml:"always-compare-med"`
-	DeterministicMedComparison string `xml:"deterministic-med-comparison"`
-}
-
-type gracefulRestart struct {
-	EnableGracefulRestart string `xml:"enable"`
-	StaleRouteTime        int    `xml:"stale-route-time,omitempty"`
-	LocalRestartTime      int    `xml:"local-restart-time,omitempty"`
-	MaxPeerRestartTime    int    `xml:"max-peer-restart-time,omitempty"`
-}
-
-type aggOptions struct {
-	AggregateMed string `xml:"aggregate-med"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := entry_v1{
-		Enable:                        util.YesNo(e.Enable),
-		RouterId:                      e.RouterId,
-		AsNumber:                      e.AsNumber,
-		RejectDefaultRoute:            util.YesNo(e.RejectDefaultRoute),
-		InstallRoute:                  util.YesNo(e.InstallRoute),
-		AllowRedistributeDefaultRoute: util.YesNo(e.AllowRedistributeDefaultRoute),
-	}
-
-	hasMed := e.AlwaysCompareMed || e.DeterministicMedComparison
-	hasGracefulRestart := e.EnableGracefulRestart || e.StaleRouteTime != 0 || e.LocalRestartTime != 0 || e.MaxPeerRestartTime != 0
-	hasAggOptions := e.AggregateMed
-
-	if hasMed || hasGracefulRestart || hasAggOptions || e.AsFormat != "" || e.DefaultLocalPreference != "" || e.ReflectorClusterId != "" || e.ConfederationMemberAs != "" {
-		o := rOptions{
-			AsFormat:               e.AsFormat,
-			DefaultLocalPreference: e.DefaultLocalPreference,
-			ReflectorClusterId:     e.ReflectorClusterId,
-			ConfederationMemberAs:  e.ConfederationMemberAs,
-		}
-
-		if hasMed {
-			o.Med = &med{
-				AlwaysCompareMed:           util.YesNo(e.AlwaysCompareMed),
-				DeterministicMedComparison: util.YesNo(e.DeterministicMedComparison),
-			}
-		}
-
-		if hasGracefulRestart {
-			o.GracefulRestart = &gracefulRestart{
-				EnableGracefulRestart: util.YesNo(e.EnableGracefulRestart),
-				StaleRouteTime:        e.StaleRouteTime,
-				LocalRestartTime:      e.LocalRestartTime,
-				MaxPeerRestartTime:    e.MaxPeerRestartTime,
-			}
-		}
-
-		if hasAggOptions {
-			o.Aggregate = &aggOptions{
-				AggregateMed: util.YesNo(e.AggregateMed),
-			}
-		}
-
-		if text, present := e.raw["orf"]; present {
-			o.OutboundRouteFilter = &util.RawXml{text}
-		}
-
-		ans.Options = &o
-	}
-
-	if text, present := e.raw["ap"]; present {
-		ans.AuthProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["dp"]; present {
-		ans.DampeningProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["pg"]; present {
-		ans.PeerGroup = &util.RawXml{text}
-	}
-	if text, present := e.raw["poli"]; present {
-		ans.Policy = &util.RawXml{text}
-	}
-	if text, present := e.raw["rr"]; present {
-		ans.RedistRules = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                       xml.Name  `xml:"bgp"`
-	Enable                        string    `xml:"enable"`
-	RouterId                      string    `xml:"router-id,omitempty"`
-	AsNumber                      string    `xml:"local-as,omitempty"`
-	RejectDefaultRoute            string    `xml:"reject-default-route"`
-	InstallRoute                  string    `xml:"install-route"`
-	EcmpMultiAs                   string    `xml:"ecmp-multi-as"`
-	AllowRedistributeDefaultRoute string    `xml:"allow-redist-default-route"`
-	Options                       *rOptions `xml:"routing-options"`
-
-	AuthProfile      *util.RawXml `xml:"auth-profile"`
-	DampeningProfile *util.RawXml `xml:"dampening-profile"`
-	PeerGroup        *util.RawXml `xml:"peer-group"`
-	Policy           *util.RawXml `xml:"policy"`
-	RedistRules      *util.RawXml `xml:"redist-rules"`
-}
-
-func specify_v2(e Config) interface{} {
-	ans := entry_v2{
-		Enable:                        util.YesNo(e.Enable),
-		RouterId:                      e.RouterId,
-		AsNumber:                      e.AsNumber,
-		RejectDefaultRoute:            util.YesNo(e.RejectDefaultRoute),
-		InstallRoute:                  util.YesNo(e.InstallRoute),
-		EcmpMultiAs:                   util.YesNo(e.EcmpMultiAs),
-		AllowRedistributeDefaultRoute: util.YesNo(e.AllowRedistributeDefaultRoute),
-	}
-
-	hasMed := e.AlwaysCompareMed || e.DeterministicMedComparison
-	hasGracefulRestart := e.EnableGracefulRestart || e.StaleRouteTime != 0 || e.LocalRestartTime != 0 || e.MaxPeerRestartTime != 0
-	hasAggOptions := e.AggregateMed
-
-	if hasMed || hasGracefulRestart || hasAggOptions || e.AsFormat != "" || e.DefaultLocalPreference != "" || e.ReflectorClusterId != "" || e.ConfederationMemberAs != "" {
-		o := rOptions{
-			AsFormat:               e.AsFormat,
-			DefaultLocalPreference: e.DefaultLocalPreference,
-			ReflectorClusterId:     e.ReflectorClusterId,
-			ConfederationMemberAs:  e.ConfederationMemberAs,
-		}
-
-		if hasMed {
-			o.Med = &med{
-				AlwaysCompareMed:           util.YesNo(e.AlwaysCompareMed),
-				DeterministicMedComparison: util.YesNo(e.DeterministicMedComparison),
-			}
-		}
-
-		if hasGracefulRestart {
-			o.GracefulRestart = &gracefulRestart{
-				EnableGracefulRestart: util.YesNo(e.EnableGracefulRestart),
-				StaleRouteTime:        e.StaleRouteTime,
-				LocalRestartTime:      e.LocalRestartTime,
-				MaxPeerRestartTime:    e.MaxPeerRestartTime,
-			}
-		}
-
-		if hasAggOptions {
-			o.Aggregate = &aggOptions{
-				AggregateMed: util.YesNo(e.AggregateMed),
-			}
-		}
-
-		if text, present := e.raw["orf"]; present {
-			o.OutboundRouteFilter = &util.RawXml{text}
-		}
-
-		ans.Options = &o
-	}
-
-	if text, present := e.raw["ap"]; present {
-		ans.AuthProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["dp"]; present {
-		ans.DampeningProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["pg"]; present {
-		ans.PeerGroup = &util.RawXml{text}
-	}
-	if text, present := e.raw["poli"]; present {
-		ans.Policy = &util.RawXml{text}
-	}
-	if text, present := e.raw["rr"]; present {
-		ans.RedistRules = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                       xml.Name   `xml:"bgp"`
-	Enable                        string     `xml:"enable"`
-	RouterId                      string     `xml:"router-id,omitempty"`
-	AsNumber                      string     `xml:"local-as,omitempty"`
-	GlobalBfd                     *globalBfd `xml:"global-bfd"`
-	RejectDefaultRoute            string     `xml:"reject-default-route"`
-	InstallRoute                  string     `xml:"install-route"`
-	EcmpMultiAs                   string     `xml:"ecmp-multi-as"`
-	AllowRedistributeDefaultRoute string     `xml:"allow-redist-default-route"`
-	Options                       *rOptions  `xml:"routing-options"`
-
-	AuthProfile      *util.RawXml `xml:"auth-profile"`
-	DampeningProfile *util.RawXml `xml:"dampening-profile"`
-	PeerGroup        *util.RawXml `xml:"peer-group"`
-	Policy           *util.RawXml `xml:"policy"`
-	RedistRules      *util.RawXml `xml:"redist-rules"`
-}
-
-type globalBfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-func specify_v3(e Config) interface{} {
-	ans := entry_v3{
-		Enable:                        util.YesNo(e.Enable),
-		RouterId:                      e.RouterId,
-		AsNumber:                      e.AsNumber,
-		RejectDefaultRoute:            util.YesNo(e.RejectDefaultRoute),
-		InstallRoute:                  util.YesNo(e.InstallRoute),
-		EcmpMultiAs:                   util.YesNo(e.EcmpMultiAs),
-		AllowRedistributeDefaultRoute: util.YesNo(e.AllowRedistributeDefaultRoute),
-	}
-
-	if e.BfdProfile != "" {
-		ans.GlobalBfd = &globalBfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	hasMed := e.AlwaysCompareMed || e.DeterministicMedComparison
-	hasGracefulRestart := e.EnableGracefulRestart || e.StaleRouteTime != 0 || e.LocalRestartTime != 0 || e.MaxPeerRestartTime != 0
-	hasAggOptions := e.AggregateMed
-
-	if hasMed || hasGracefulRestart || hasAggOptions || e.AsFormat != "" || e.DefaultLocalPreference != "" || e.ReflectorClusterId != "" || e.ConfederationMemberAs != "" {
-		o := rOptions{
-			AsFormat:               e.AsFormat,
-			DefaultLocalPreference: e.DefaultLocalPreference,
-			ReflectorClusterId:     e.ReflectorClusterId,
-			ConfederationMemberAs:  e.ConfederationMemberAs,
-		}
-
-		if hasMed {
-			o.Med = &med{
-				AlwaysCompareMed:           util.YesNo(e.AlwaysCompareMed),
-				DeterministicMedComparison: util.YesNo(e.DeterministicMedComparison),
-			}
-		}
-
-		if hasGracefulRestart {
-			o.GracefulRestart = &gracefulRestart{
-				EnableGracefulRestart: util.YesNo(e.EnableGracefulRestart),
-				StaleRouteTime:        e.StaleRouteTime,
-				LocalRestartTime:      e.LocalRestartTime,
-				MaxPeerRestartTime:    e.MaxPeerRestartTime,
-			}
-		}
-
-		if hasAggOptions {
-			o.Aggregate = &aggOptions{
-				AggregateMed: util.YesNo(e.AggregateMed),
-			}
-		}
-
-		if text, present := e.raw["orf"]; present {
-			o.OutboundRouteFilter = &util.RawXml{text}
-		}
-
-		ans.Options = &o
-	}
-
-	if text, present := e.raw["ap"]; present {
-		ans.AuthProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["dp"]; present {
-		ans.DampeningProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["pg"]; present {
-		ans.PeerGroup = &util.RawXml{text}
-	}
-	if text, present := e.raw["poli"]; present {
-		ans.Policy = &util.RawXml{text}
-	}
-	if text, present := e.raw["rr"]; present {
-		ans.RedistRules = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                       xml.Name   `xml:"bgp"`
-	Enable                        string     `xml:"enable"`
-	RouterId                      string     `xml:"router-id,omitempty"`
-	AsNumber                      string     `xml:"local-as,omitempty"`
-	GlobalBfd                     *globalBfd `xml:"global-bfd"`
-	RejectDefaultRoute            string     `xml:"reject-default-route"`
-	InstallRoute                  string     `xml:"install-route"`
-	EcmpMultiAs                   string     `xml:"ecmp-multi-as"`
-	EnforceFirstAs                string     `xml:"enforce-first-as"`
-	AllowRedistributeDefaultRoute string     `xml:"allow-redist-default-route"`
-	Options                       *rOptions  `xml:"routing-options"`
-
-	AuthProfile      *util.RawXml `xml:"auth-profile"`
-	DampeningProfile *util.RawXml `xml:"dampening-profile"`
-	PeerGroup        *util.RawXml `xml:"peer-group"`
-	Policy           *util.RawXml `xml:"policy"`
-	RedistRules      *util.RawXml `xml:"redist-rules"`
-}
-
-func specify_v4(e Config) interface{} {
-	ans := entry_v4{
-		Enable:                        util.YesNo(e.Enable),
-		RouterId:                      e.RouterId,
-		AsNumber:                      e.AsNumber,
-		RejectDefaultRoute:            util.YesNo(e.RejectDefaultRoute),
-		InstallRoute:                  util.YesNo(e.InstallRoute),
-		EcmpMultiAs:                   util.YesNo(e.EcmpMultiAs),
-		EnforceFirstAs:                util.YesNo(e.EnforceFirstAs),
-		AllowRedistributeDefaultRoute: util.YesNo(e.AllowRedistributeDefaultRoute),
-	}
-
-	if e.BfdProfile != "" {
-		ans.GlobalBfd = &globalBfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	hasMed := e.AlwaysCompareMed || e.DeterministicMedComparison
-	hasGracefulRestart := e.EnableGracefulRestart || e.StaleRouteTime != 0 || e.LocalRestartTime != 0 || e.MaxPeerRestartTime != 0
-	hasAggOptions := e.AggregateMed
-
-	if hasMed || hasGracefulRestart || hasAggOptions || e.AsFormat != "" || e.DefaultLocalPreference != "" || e.ReflectorClusterId != "" || e.ConfederationMemberAs != "" {
-		o := rOptions{
-			AsFormat:               e.AsFormat,
-			DefaultLocalPreference: e.DefaultLocalPreference,
-			ReflectorClusterId:     e.ReflectorClusterId,
-			ConfederationMemberAs:  e.ConfederationMemberAs,
-		}
-
-		if hasMed {
-			o.Med = &med{
-				AlwaysCompareMed:           util.YesNo(e.AlwaysCompareMed),
-				DeterministicMedComparison: util.YesNo(e.DeterministicMedComparison),
-			}
-		}
-
-		if hasGracefulRestart {
-			o.GracefulRestart = &gracefulRestart{
-				EnableGracefulRestart: util.YesNo(e.EnableGracefulRestart),
-				StaleRouteTime:        e.StaleRouteTime,
-				LocalRestartTime:      e.LocalRestartTime,
-				MaxPeerRestartTime:    e.MaxPeerRestartTime,
-			}
-		}
-
-		if hasAggOptions {
-			o.Aggregate = &aggOptions{
-				AggregateMed: util.YesNo(e.AggregateMed),
-			}
-		}
-
-		if text, present := e.raw["orf"]; present {
-			o.OutboundRouteFilter = &util.RawXml{text}
-		}
-
-		ans.Options = &o
-	}
-
-	if text, present := e.raw["ap"]; present {
-		ans.AuthProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["dp"]; present {
-		ans.DampeningProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["pg"]; present {
-		ans.PeerGroup = &util.RawXml{text}
-	}
-	if text, present := e.raw["poli"]; present {
-		ans.Policy = &util.RawXml{text}
-	}
-	if text, present := e.raw["rr"]; present {
-		ans.RedistRules = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/const.go b/netw/routing/protocol/bgp/const.go
deleted file mode 100644
index c4bb4f94..00000000
--- a/netw/routing/protocol/bgp/const.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package bgp
-
-// Valid values for AsFormat.
-const (
-	AsFormat2Byte = "2-byte"
-	AsFormat4Byte = "4-byte"
-)
-
-const (
-	singular = "bgp config"
-)
diff --git a/netw/routing/protocol/bgp/doc.go b/netw/routing/protocol/bgp/doc.go
deleted file mode 100644
index e6ae89f2..00000000
--- a/netw/routing/protocol/bgp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package bgp is the client.Network.BgpConfig namespace.
-
-Normalized object:  Config
-*/
-package bgp
diff --git a/netw/routing/protocol/bgp/exp/const.go b/netw/routing/protocol/bgp/exp/const.go
deleted file mode 100644
index 2a4dc088..00000000
--- a/netw/routing/protocol/bgp/exp/const.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package exp
-
-// Valid values for MatchRouteTable.
-const (
-	MatchRouteTableUnicast   = "unicast"
-	MatchRouteTableMulticast = "multicast"
-	MatchRouteTableBoth      = "both"
-)
-
-// Valid values for Action.
-const (
-	ActionAllow = "allow"
-	ActionDeny  = "deny"
-)
-
-// Valid values for Origin.
-const (
-	OriginIgp        = "igp"
-	OriginEgp        = "egp"
-	OriginIncomplete = "incomplete"
-)
-
-// Valid values for CommunityType.
-const (
-	CommunityTypeNone        = "none"
-	CommunityTypeRemoveAll   = "remove-all"
-	CommunityTypeRemoveRegex = "remove-regex"
-	CommunityTypeAppend      = "append"
-	CommunityTypeOverwrite   = "overwrite"
-)
-
-// Valid values for CommunityValue when CommunityType is "append" or
-// "overwrite".
-const (
-	AppendNoExport    = "no-export"
-	AppendNoAdvertise = "no-advertise"
-	AppendLocalAs     = "local-as"
-	AppendNoPeer      = "nopeer"
-)
-
-// Valid values for AsPathType.
-const (
-	AsPathTypeNone             = "none"
-	AsPathTypeRemove           = "remove"
-	AsPathTypePrepend          = "prepend"
-	AsPathTypeRemoveAndPrepend = "remove-and-prepend"
-)
-
-const (
-	singular = "bgp export rule"
-	plural   = "bgp export rules"
-)
diff --git a/netw/routing/protocol/bgp/exp/doc.go b/netw/routing/protocol/bgp/exp/doc.go
deleted file mode 100644
index a4005ee6..00000000
--- a/netw/routing/protocol/bgp/exp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package exp is the client.Network.BgpExport namespace.
-
-Normalized object:  Entry
-*/
-package exp
diff --git a/netw/routing/protocol/bgp/exp/entry.go b/netw/routing/protocol/bgp/exp/entry.go
deleted file mode 100644
index ce38a78b..00000000
--- a/netw/routing/protocol/bgp/exp/entry.go
+++ /dev/null
@@ -1,680 +0,0 @@
-package exp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// export rule.
-type Entry struct {
-	Name                        string
-	Enable                      bool
-	UsedBy                      []string
-	MatchAsPathRegex            string
-	MatchCommunityRegex         string
-	MatchExtendedCommunityRegex string
-	MatchMed                    string
-	MatchRouteTable             string // 8.0+
-	MatchAddressPrefix          map[string]bool
-	MatchNextHop                []string
-	MatchFromPeer               []string
-	Action                      string
-	LocalPreference             string
-	Med                         string
-	NextHop                     string
-	Origin                      string
-	AsPathLimit                 int
-	AsPathType                  string
-	AsPathValue                 string
-	CommunityType               string
-	CommunityValue              string
-	ExtendedCommunityType       string
-	ExtendedCommunityValue      string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.UsedBy = s.UsedBy
-	o.MatchAsPathRegex = s.MatchAsPathRegex
-	o.MatchCommunityRegex = s.MatchCommunityRegex
-	o.MatchExtendedCommunityRegex = s.MatchExtendedCommunityRegex
-	s.MatchMed = o.MatchMed
-	o.MatchRouteTable = s.MatchRouteTable
-	o.MatchAddressPrefix = s.MatchAddressPrefix
-	o.MatchNextHop = s.MatchNextHop
-	o.MatchFromPeer = s.MatchFromPeer
-	o.Action = s.Action
-	o.LocalPreference = s.LocalPreference
-	o.Med = s.Med
-	o.NextHop = s.NextHop
-	o.Origin = s.Origin
-	o.AsPathLimit = s.AsPathLimit
-	o.AsPathType = s.AsPathType
-	o.AsPathValue = s.AsPathValue
-	o.CommunityType = s.CommunityType
-	o.CommunityValue = s.CommunityValue
-	o.ExtendedCommunityType = s.ExtendedCommunityType
-	o.ExtendedCommunityValue = s.ExtendedCommunityValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-		UsedBy: util.MemToStr(o.UsedBy),
-	}
-
-	if o.Match != nil {
-		ans.MatchMed = o.Match.MatchMed
-		ans.MatchNextHop = util.MemToStr(o.Match.MatchNextHop)
-		ans.MatchFromPeer = util.MemToStr(o.Match.MatchFromPeer)
-
-		if o.Match.MatchAsPathRegex != nil {
-			ans.MatchAsPathRegex = o.Match.MatchAsPathRegex.Regex
-		}
-
-		if o.Match.MatchCommunityRegex != nil {
-			ans.MatchCommunityRegex = o.Match.MatchCommunityRegex.Regex
-		}
-
-		if o.Match.MatchExtendedCommunityRegex != nil {
-			ans.MatchExtendedCommunityRegex = o.Match.MatchExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.MatchAddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.MatchAddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.MatchAddressPrefix = m
-		}
-	}
-
-	if o.Action != nil {
-		if o.Action.Deny != nil {
-			ans.Action = ActionDeny
-		} else if o.Action.Allow != nil {
-			ans.Action = ActionAllow
-
-			if o.Action.Allow.Update != nil {
-				ans.LocalPreference = o.Action.Allow.Update.LocalPreference
-				ans.Med = o.Action.Allow.Update.Med
-				ans.NextHop = o.Action.Allow.Update.NextHop
-				ans.Origin = o.Action.Allow.Update.Origin
-				ans.AsPathLimit = o.Action.Allow.Update.AsPathLimit
-
-				if o.Action.Allow.Update.AsPath != nil {
-					if o.Action.Allow.Update.AsPath.None != nil {
-						ans.AsPathType = AsPathTypeNone
-					} else if o.Action.Allow.Update.AsPath.Remove != nil {
-						ans.AsPathType = AsPathTypeRemove
-					} else if o.Action.Allow.Update.AsPath.Prepend != "" {
-						ans.AsPathType = AsPathTypePrepend
-						ans.AsPathValue = o.Action.Allow.Update.AsPath.Prepend
-					} else if o.Action.Allow.Update.AsPath.RemoveAndPrepend != "" {
-						ans.AsPathType = AsPathTypeRemoveAndPrepend
-						ans.AsPathValue = o.Action.Allow.Update.AsPath.RemoveAndPrepend
-					}
-				}
-
-				if o.Action.Allow.Update.Community != nil {
-					if o.Action.Allow.Update.Community.None != nil {
-						ans.CommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.Community.RemoveAll != nil {
-						ans.CommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.Community.RemoveRegex != "" {
-						ans.CommunityType = CommunityTypeRemoveRegex
-						ans.CommunityValue = o.Action.Allow.Update.Community.RemoveRegex
-					} else if o.Action.Allow.Update.Community.Append != nil {
-						ans.CommunityType = CommunityTypeAppend
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Append)
-					} else if o.Action.Allow.Update.Community.Overwrite != nil {
-						ans.CommunityType = CommunityTypeOverwrite
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Overwrite)
-					}
-				}
-
-				if o.Action.Allow.Update.ExtendedCommunity != nil {
-					if o.Action.Allow.Update.ExtendedCommunity.None != nil {
-						ans.ExtendedCommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveAll != nil {
-						ans.ExtendedCommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveRegex != "" {
-						ans.ExtendedCommunityType = CommunityTypeRemoveRegex
-						ans.ExtendedCommunityValue = o.Action.Allow.Update.ExtendedCommunity.RemoveRegex
-					} else if o.Action.Allow.Update.ExtendedCommunity.Append != nil {
-						ans.ExtendedCommunityType = CommunityTypeAppend
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Append)
-					} else if o.Action.Allow.Update.ExtendedCommunity.Overwrite != nil {
-						ans.ExtendedCommunityType = CommunityTypeOverwrite
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Overwrite)
-					}
-				}
-			}
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-		UsedBy: util.MemToStr(o.UsedBy),
-	}
-
-	if o.Match != nil {
-		ans.MatchMed = o.Match.MatchMed
-		ans.MatchRouteTable = o.Match.MatchRouteTable
-		ans.MatchNextHop = util.MemToStr(o.Match.MatchNextHop)
-		ans.MatchFromPeer = util.MemToStr(o.Match.MatchFromPeer)
-
-		if o.Match.MatchAsPathRegex != nil {
-			ans.MatchAsPathRegex = o.Match.MatchAsPathRegex.Regex
-		}
-
-		if o.Match.MatchCommunityRegex != nil {
-			ans.MatchCommunityRegex = o.Match.MatchCommunityRegex.Regex
-		}
-
-		if o.Match.MatchExtendedCommunityRegex != nil {
-			ans.MatchExtendedCommunityRegex = o.Match.MatchExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.MatchAddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.MatchAddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.MatchAddressPrefix = m
-		}
-	}
-
-	if o.Action != nil {
-		if o.Action.Deny != nil {
-			ans.Action = ActionDeny
-		} else if o.Action.Allow != nil {
-			ans.Action = ActionAllow
-
-			if o.Action.Allow.Update != nil {
-				ans.LocalPreference = o.Action.Allow.Update.LocalPreference
-				ans.Med = o.Action.Allow.Update.Med
-				ans.NextHop = o.Action.Allow.Update.NextHop
-				ans.Origin = o.Action.Allow.Update.Origin
-				ans.AsPathLimit = o.Action.Allow.Update.AsPathLimit
-
-				if o.Action.Allow.Update.AsPath != nil {
-					if o.Action.Allow.Update.AsPath.None != nil {
-						ans.AsPathType = AsPathTypeNone
-					} else if o.Action.Allow.Update.AsPath.Remove != nil {
-						ans.AsPathType = AsPathTypeRemove
-					} else if o.Action.Allow.Update.AsPath.Prepend != "" {
-						ans.AsPathType = AsPathTypePrepend
-						ans.AsPathValue = o.Action.Allow.Update.AsPath.Prepend
-					} else if o.Action.Allow.Update.AsPath.RemoveAndPrepend != "" {
-						ans.AsPathType = AsPathTypeRemoveAndPrepend
-						ans.AsPathValue = o.Action.Allow.Update.AsPath.RemoveAndPrepend
-					}
-				}
-
-				if o.Action.Allow.Update.Community != nil {
-					if o.Action.Allow.Update.Community.None != nil {
-						ans.CommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.Community.RemoveAll != nil {
-						ans.CommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.Community.RemoveRegex != "" {
-						ans.CommunityType = CommunityTypeRemoveRegex
-						ans.CommunityValue = o.Action.Allow.Update.Community.RemoveRegex
-					} else if o.Action.Allow.Update.Community.Append != nil {
-						ans.CommunityType = CommunityTypeAppend
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Append)
-					} else if o.Action.Allow.Update.Community.Overwrite != nil {
-						ans.CommunityType = CommunityTypeOverwrite
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Overwrite)
-					}
-				}
-
-				if o.Action.Allow.Update.ExtendedCommunity != nil {
-					if o.Action.Allow.Update.ExtendedCommunity.None != nil {
-						ans.ExtendedCommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveAll != nil {
-						ans.ExtendedCommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveRegex != "" {
-						ans.ExtendedCommunityType = CommunityTypeRemoveRegex
-						ans.ExtendedCommunityValue = o.Action.Allow.Update.ExtendedCommunity.RemoveRegex
-					} else if o.Action.Allow.Update.ExtendedCommunity.Append != nil {
-						ans.ExtendedCommunityType = CommunityTypeAppend
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Append)
-					} else if o.Action.Allow.Update.ExtendedCommunity.Overwrite != nil {
-						ans.ExtendedCommunityType = CommunityTypeOverwrite
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Overwrite)
-					}
-				}
-			}
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name         `xml:"entry"`
-	Name    string           `xml:"name,attr"`
-	Enable  string           `xml:"enable"`
-	UsedBy  *util.MemberType `xml:"used-by"`
-	Match   *match_v1        `xml:"match"`
-	Action  *action          `xml:"action"`
-}
-
-type match_v1 struct {
-	MatchAsPathRegex            *regex           `xml:"as-path"`
-	MatchCommunityRegex         *regex           `xml:"community"`
-	MatchExtendedCommunityRegex *regex           `xml:"extended-community"`
-	MatchMed                    string           `xml:"med,omitempty"`
-	MatchAddressPrefix          *addPre          `xml:"address-prefix"`
-	MatchNextHop                *util.MemberType `xml:"nexthop"`
-	MatchFromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-type addPre struct {
-	Entry []apEntry `xml:"entry"`
-}
-
-type apEntry struct {
-	Name  string `xml:"name,attr"`
-	Exact string `xml:"exact"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-type action struct {
-	Deny  *string `xml:"deny"`
-	Allow *allow  `xml:"allow"`
-}
-
-type allow struct {
-	Update *update `xml:"update"`
-}
-
-type update struct {
-	LocalPreference   string    `xml:"local-preference,omitempty"`
-	Med               string    `xml:"med,omitempty"`
-	NextHop           string    `xml:"nexthop,omitempty"`
-	Origin            string    `xml:"origin,omitempty"`
-	AsPathLimit       int       `xml:"as-path-limit,omitempty"`
-	AsPath            *asPath   `xml:"as-path"`
-	Community         *allowCom `xml:"community"`
-	ExtendedCommunity *allowCom `xml:"extended-community"`
-}
-
-type asPath struct {
-	None             *string `xml:"none"`
-	Remove           *string `xml:"remove"`
-	Prepend          string  `xml:"prepend,omitempty"`
-	RemoveAndPrepend string  `xml:"remove-and-prepend,omitempty"`
-}
-
-type allowCom struct {
-	None        *string          `xml:"none"`
-	RemoveAll   *string          `xml:"remove-all"`
-	RemoveRegex string           `xml:"remove-regex,omitempty"`
-	Append      *util.MemberType `xml:"append"`
-	Overwrite   *util.MemberType `xml:"overwrite"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-		UsedBy: util.StrToMem(e.UsedBy),
-	}
-	s := ""
-
-	if e.MatchAsPathRegex != "" || e.MatchCommunityRegex != "" || e.MatchExtendedCommunityRegex != "" || e.MatchMed != "" || len(e.MatchAddressPrefix) > 0 || len(e.MatchNextHop) > 0 || len(e.MatchFromPeer) > 0 {
-		ans.Match = &match_v1{
-			MatchMed:      e.MatchMed,
-			MatchNextHop:  util.StrToMem(e.MatchNextHop),
-			MatchFromPeer: util.StrToMem(e.MatchFromPeer),
-		}
-
-		if e.MatchAsPathRegex != "" {
-			ans.Match.MatchAsPathRegex = &regex{
-				Regex: e.MatchAsPathRegex,
-			}
-		}
-
-		if e.MatchCommunityRegex != "" {
-			ans.Match.MatchCommunityRegex = &regex{
-				Regex: e.MatchCommunityRegex,
-			}
-		}
-
-		if e.MatchExtendedCommunityRegex != "" {
-			ans.Match.MatchExtendedCommunityRegex = &regex{
-				Regex: e.MatchExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.MatchAddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.MatchAddressPrefix))
-			for k, v := range e.MatchAddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.MatchAddressPrefix = &addPre{apList}
-		}
-	}
-
-	switch e.Action {
-	case ActionDeny:
-		ans.Action = &action{
-			Deny: &s,
-		}
-	case ActionAllow:
-		ans.Action = &action{
-			Allow: &allow{},
-		}
-
-		if e.LocalPreference != "" || e.Med != "" || e.NextHop != "" || e.Origin != "" || e.AsPathLimit != 0 || e.AsPathType != "" || e.CommunityType != "" || e.ExtendedCommunityType != "" {
-			u := update{
-				LocalPreference: e.LocalPreference,
-				Med:             e.Med,
-				NextHop:         e.NextHop,
-				Origin:          e.Origin,
-				AsPathLimit:     e.AsPathLimit,
-			}
-
-			switch e.AsPathType {
-			case AsPathTypeNone:
-				u.AsPath = &asPath{
-					None: &s,
-				}
-			case AsPathTypeRemove:
-				u.AsPath = &asPath{
-					Remove: &s,
-				}
-			case AsPathTypePrepend:
-				u.AsPath = &asPath{
-					Prepend: e.AsPathValue,
-				}
-			case AsPathTypeRemoveAndPrepend:
-				u.AsPath = &asPath{
-					RemoveAndPrepend: e.AsPathValue,
-				}
-			}
-
-			switch e.CommunityType {
-			case CommunityTypeNone:
-				u.Community = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.Community = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.Community = &allowCom{
-					RemoveRegex: e.CommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.Community = &allowCom{
-					Append: util.OneStrToMem(e.CommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.Community = &allowCom{
-					Overwrite: util.OneStrToMem(e.CommunityValue),
-				}
-			}
-
-			switch e.ExtendedCommunityType {
-			case CommunityTypeNone:
-				u.ExtendedCommunity = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.ExtendedCommunity = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.ExtendedCommunity = &allowCom{
-					RemoveRegex: e.ExtendedCommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.ExtendedCommunity = &allowCom{
-					Append: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.ExtendedCommunity = &allowCom{
-					Overwrite: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			}
-
-			ans.Action.Allow.Update = &u
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name         `xml:"entry"`
-	Name    string           `xml:"name,attr"`
-	Enable  string           `xml:"enable"`
-	UsedBy  *util.MemberType `xml:"used-by"`
-	Match   *match_v2        `xml:"match"`
-	Action  *action          `xml:"action"`
-}
-
-type match_v2 struct {
-	MatchAsPathRegex            *regex           `xml:"as-path"`
-	MatchCommunityRegex         *regex           `xml:"community"`
-	MatchExtendedCommunityRegex *regex           `xml:"extended-community"`
-	MatchMed                    string           `xml:"med,omitempty"`
-	MatchRouteTable             string           `xml:"route-table,omitempty"`
-	MatchAddressPrefix          *addPre          `xml:"address-prefix"`
-	MatchNextHop                *util.MemberType `xml:"nexthop"`
-	MatchFromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-		UsedBy: util.StrToMem(e.UsedBy),
-	}
-	s := ""
-
-	if e.MatchAsPathRegex != "" || e.MatchCommunityRegex != "" || e.MatchExtendedCommunityRegex != "" || e.MatchMed != "" || e.MatchRouteTable != "" || len(e.MatchAddressPrefix) > 0 || len(e.MatchNextHop) > 0 || len(e.MatchFromPeer) > 0 {
-		ans.Match = &match_v2{
-			MatchMed:        e.MatchMed,
-			MatchRouteTable: e.MatchRouteTable,
-			MatchNextHop:    util.StrToMem(e.MatchNextHop),
-			MatchFromPeer:   util.StrToMem(e.MatchFromPeer),
-		}
-
-		if e.MatchAsPathRegex != "" {
-			ans.Match.MatchAsPathRegex = &regex{
-				Regex: e.MatchAsPathRegex,
-			}
-		}
-
-		if e.MatchCommunityRegex != "" {
-			ans.Match.MatchCommunityRegex = &regex{
-				Regex: e.MatchCommunityRegex,
-			}
-		}
-
-		if e.MatchExtendedCommunityRegex != "" {
-			ans.Match.MatchExtendedCommunityRegex = &regex{
-				Regex: e.MatchExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.MatchAddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.MatchAddressPrefix))
-			for k, v := range e.MatchAddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.MatchAddressPrefix = &addPre{apList}
-		}
-	}
-
-	switch e.Action {
-	case ActionDeny:
-		ans.Action = &action{
-			Deny: &s,
-		}
-	case ActionAllow:
-		ans.Action = &action{
-			Allow: &allow{},
-		}
-
-		if e.LocalPreference != "" || e.Med != "" || e.NextHop != "" || e.Origin != "" || e.AsPathLimit != 0 || e.AsPathType != "" || e.CommunityType != "" || e.ExtendedCommunityType != "" {
-			u := update{
-				LocalPreference: e.LocalPreference,
-				Med:             e.Med,
-				NextHop:         e.NextHop,
-				Origin:          e.Origin,
-				AsPathLimit:     e.AsPathLimit,
-			}
-
-			switch e.AsPathType {
-			case AsPathTypeNone:
-				u.AsPath = &asPath{
-					None: &s,
-				}
-			case AsPathTypeRemove:
-				u.AsPath = &asPath{
-					Remove: &s,
-				}
-			case AsPathTypePrepend:
-				u.AsPath = &asPath{
-					Prepend: e.AsPathValue,
-				}
-			case AsPathTypeRemoveAndPrepend:
-				u.AsPath = &asPath{
-					RemoveAndPrepend: e.AsPathValue,
-				}
-			}
-
-			switch e.CommunityType {
-			case CommunityTypeNone:
-				u.Community = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.Community = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.Community = &allowCom{
-					RemoveRegex: e.CommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.Community = &allowCom{
-					Append: util.OneStrToMem(e.CommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.Community = &allowCom{
-					Overwrite: util.OneStrToMem(e.CommunityValue),
-				}
-			}
-
-			switch e.ExtendedCommunityType {
-			case CommunityTypeNone:
-				u.ExtendedCommunity = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.ExtendedCommunity = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.ExtendedCommunity = &allowCom{
-					RemoveRegex: e.ExtendedCommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.ExtendedCommunity = &allowCom{
-					Append: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.ExtendedCommunity = &allowCom{
-					Overwrite: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			}
-
-			ans.Action.Allow.Update = &u
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/exp/funcs.go b/netw/routing/protocol/bgp/exp/funcs.go
deleted file mode 100644
index a37b1f22..00000000
--- a/netw/routing/protocol/bgp/exp/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package exp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/exp/fw.go b/netw/routing/protocol/bgp/exp/fw.go
deleted file mode 100644
index d917958f..00000000
--- a/netw/routing/protocol/bgp/exp/fw.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package exp
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpExport namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vr), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vr, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vr, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of bgp export rules somewhere in relation
-// to another security policy.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vr string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vr)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vr), lister, movement, rule, names)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"export",
-		"rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/exp/fw_test.go b/netw/routing/protocol/bgp/exp/fw_test.go
deleted file mode 100644
index f107a5bd..00000000
--- a/netw/routing/protocol/bgp/exp/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package exp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/exp/pano.go b/netw/routing/protocol/bgp/exp/pano.go
deleted file mode 100644
index bb0127a3..00000000
--- a/netw/routing/protocol/bgp/exp/pano.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package exp
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpExport namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	err := c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(tmpl, ts, vr, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(tmpl, ts, vr, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of bgp export rules somewhere in relation
-// to another security policy.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(tmpl, ts, vr string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(tmpl, ts, vr)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(tmpl, ts, vr), lister, movement, rule, names)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"export",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/exp/pano_test.go b/netw/routing/protocol/bgp/exp/pano_test.go
deleted file mode 100644
index 33642cfe..00000000
--- a/netw/routing/protocol/bgp/exp/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package exp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/exp/testdata_test.go b/netw/routing/protocol/bgp/exp/testdata_test.go
deleted file mode 100644
index 6a664f7b..00000000
--- a/netw/routing/protocol/bgp/exp/testdata_test.go
+++ /dev/null
@@ -1,313 +0,0 @@
-package exp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 minimal with deny", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-			Action: ActionDeny,
-		}},
-		{"v1 community none", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      true,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			NextHop:               "nexthop",
-			Origin:                OriginIgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeRemove,
-			CommunityType:         CommunityTypeNone,
-			ExtendedCommunityType: CommunityTypeRemoveAll,
-		}},
-		{"v1 community remove all", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			NextHop:               "nexthop",
-			Origin:                OriginEgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeNone,
-			CommunityType:         CommunityTypeRemoveAll,
-			ExtendedCommunityType: CommunityTypeNone,
-		}},
-		{"v1 community remove regex", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeRemoveRegex,
-			CommunityValue:         "my allow community regex",
-			ExtendedCommunityType:  CommunityTypeAppend,
-			ExtendedCommunityValue: "append value",
-		}},
-		{"v1 community append", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeAppend,
-			CommunityValue:         AppendNoExport,
-			ExtendedCommunityType:  CommunityTypeOverwrite,
-			ExtendedCommunityValue: "overwrite value",
-		}},
-		{"v1 community overwrite", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeOverwrite,
-			CommunityValue:         "overwrite value",
-			ExtendedCommunityType:  CommunityTypeRemoveRegex,
-			ExtendedCommunityValue: "remove regex",
-		}},
-		{"v1 as path type prepend", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "foo",
-			Enable:      false,
-			Action:      ActionAllow,
-			AsPathType:  AsPathTypePrepend,
-			AsPathValue: "2",
-		}},
-		{"v1 as path type remove-and-prepend", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "foo",
-			Enable:      false,
-			Action:      ActionAllow,
-			AsPathType:  AsPathTypeRemoveAndPrepend,
-			AsPathValue: "2",
-		}},
-		{"v2 minimal with deny", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-			Action: ActionDeny,
-		}},
-		{"v2 community none", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      true,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableUnicast,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			NextHop:               "nexthop",
-			Origin:                OriginIgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeRemove,
-			CommunityType:         CommunityTypeNone,
-			ExtendedCommunityType: CommunityTypeRemoveAll,
-		}},
-		{"v2 community remove all", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableMulticast,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			NextHop:               "nexthop",
-			Origin:                OriginEgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeNone,
-			CommunityType:         CommunityTypeRemoveAll,
-			ExtendedCommunityType: CommunityTypeNone,
-		}},
-		{"v2 community remove regex", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableBoth,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeRemoveRegex,
-			CommunityValue:         "my allow community regex",
-			ExtendedCommunityType:  CommunityTypeAppend,
-			ExtendedCommunityValue: "append value",
-		}},
-		{"v2 community append", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeAppend,
-			CommunityValue:         AppendNoExport,
-			ExtendedCommunityType:  CommunityTypeOverwrite,
-			ExtendedCommunityValue: "overwrite value",
-		}},
-		{"v2 community overwrite", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeOverwrite,
-			CommunityValue:         "overwrite value",
-			ExtendedCommunityType:  CommunityTypeRemoveRegex,
-			ExtendedCommunityValue: "remove regex",
-		}},
-		{"v2 as path type prepend", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "foo",
-			Enable:      false,
-			Action:      ActionAllow,
-			AsPathType:  AsPathTypePrepend,
-			AsPathValue: "2",
-		}},
-		{"v2 as path type remove-and-prepend", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "foo",
-			Enable:      false,
-			Action:      ActionAllow,
-			AsPathType:  AsPathTypeRemoveAndPrepend,
-			AsPathValue: "2",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/funcs.go b/netw/routing/protocol/bgp/funcs.go
deleted file mode 100644
index 48844757..00000000
--- a/netw/routing/protocol/bgp/funcs.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package bgp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/fw.go b/netw/routing/protocol/bgp/fw.go
deleted file mode 100644
index 334f4e71..00000000
--- a/netw/routing/protocol/bgp/fw.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package bgp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpConfig namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e Config) error {
-	return c.ns.Set(c.pather(vr), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Config) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete(vr string) error {
-	return c.ns.Delete(c.pather(vr), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr)
-	}
-}
-
-func (c *Firewall) xpath(vr string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/fw_test.go b/netw/routing/protocol/bgp/fw_test.go
deleted file mode 100644
index 3626f1e0..00000000
--- a/netw/routing/protocol/bgp/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package bgp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("mockVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("mockVr")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/imp/const.go b/netw/routing/protocol/bgp/imp/const.go
deleted file mode 100644
index 5e698d23..00000000
--- a/netw/routing/protocol/bgp/imp/const.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package imp
-
-// Valid values for MatchRouteTable.
-const (
-	MatchRouteTableUnicast   = "unicast"
-	MatchRouteTableMulticast = "multicast"
-	MatchRouteTableBoth      = "both"
-)
-
-// Valid values for Action.
-const (
-	ActionAllow = "allow"
-	ActionDeny  = "deny"
-)
-
-// Valid values for Origin.
-const (
-	OriginIgp        = "igp"
-	OriginEgp        = "egp"
-	OriginIncomplete = "incomplete"
-)
-
-// Valid values for CommunityType.
-const (
-	CommunityTypeNone        = "none"
-	CommunityTypeRemoveAll   = "remove-all"
-	CommunityTypeRemoveRegex = "remove-regex"
-	CommunityTypeAppend      = "append"
-	CommunityTypeOverwrite   = "overwrite"
-)
-
-// Valid values for CommunityValue when CommunityType is "append" or
-// "overwrite".
-const (
-	AppendNoExport    = "no-export"
-	AppendNoAdvertise = "no-advertise"
-	AppendLocalAs     = "local-as"
-	AppendNoPeer      = "nopeer"
-)
-
-// Valid values for AsPathType.
-const (
-	AsPathTypeNone   = "none"
-	AsPathTypeRemove = "remove"
-)
-
-const (
-	singular = "bgp import rule"
-	plural   = "bgp import rules"
-)
diff --git a/netw/routing/protocol/bgp/imp/doc.go b/netw/routing/protocol/bgp/imp/doc.go
deleted file mode 100644
index 34b95d72..00000000
--- a/netw/routing/protocol/bgp/imp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package imp is the client.Network.BgpImport namespace.
-
-Normalized object:  Entry
-*/
-package imp
diff --git a/netw/routing/protocol/bgp/imp/entry.go b/netw/routing/protocol/bgp/imp/entry.go
deleted file mode 100644
index 1434096d..00000000
--- a/netw/routing/protocol/bgp/imp/entry.go
+++ /dev/null
@@ -1,664 +0,0 @@
-package imp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// import rule.
-type Entry struct {
-	Name                        string
-	Enable                      bool
-	UsedBy                      []string
-	MatchAsPathRegex            string
-	MatchCommunityRegex         string
-	MatchExtendedCommunityRegex string
-	MatchMed                    string
-	MatchRouteTable             string // 8.0+
-	MatchAddressPrefix          map[string]bool
-	MatchNextHop                []string
-	MatchFromPeer               []string
-	Action                      string
-	Dampening                   string
-	LocalPreference             string
-	Med                         string
-	Weight                      int
-	NextHop                     string
-	Origin                      string
-	AsPathLimit                 int
-	AsPathType                  string
-	CommunityType               string
-	CommunityValue              string
-	ExtendedCommunityType       string
-	ExtendedCommunityValue      string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.UsedBy = s.UsedBy
-	o.MatchAsPathRegex = s.MatchAsPathRegex
-	o.MatchCommunityRegex = s.MatchCommunityRegex
-	o.MatchExtendedCommunityRegex = s.MatchExtendedCommunityRegex
-	s.MatchMed = o.MatchMed
-	o.MatchRouteTable = s.MatchRouteTable
-	o.MatchAddressPrefix = s.MatchAddressPrefix
-	o.MatchNextHop = s.MatchNextHop
-	o.MatchFromPeer = s.MatchFromPeer
-	o.Action = s.Action
-	o.Dampening = s.Dampening
-	o.LocalPreference = s.LocalPreference
-	o.Med = s.Med
-	o.Weight = s.Weight
-	o.NextHop = s.NextHop
-	o.Origin = s.Origin
-	o.AsPathLimit = s.AsPathLimit
-	o.AsPathType = s.AsPathType
-	o.CommunityType = s.CommunityType
-	o.CommunityValue = s.CommunityValue
-	o.ExtendedCommunityType = s.ExtendedCommunityType
-	o.ExtendedCommunityValue = s.ExtendedCommunityValue
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-		UsedBy: util.MemToStr(o.UsedBy),
-	}
-
-	if o.Match != nil {
-		ans.MatchMed = o.Match.MatchMed
-		ans.MatchNextHop = util.MemToStr(o.Match.MatchNextHop)
-		ans.MatchFromPeer = util.MemToStr(o.Match.MatchFromPeer)
-
-		if o.Match.MatchAsPathRegex != nil {
-			ans.MatchAsPathRegex = o.Match.MatchAsPathRegex.Regex
-		}
-
-		if o.Match.MatchCommunityRegex != nil {
-			ans.MatchCommunityRegex = o.Match.MatchCommunityRegex.Regex
-		}
-
-		if o.Match.MatchExtendedCommunityRegex != nil {
-			ans.MatchExtendedCommunityRegex = o.Match.MatchExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.MatchAddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.MatchAddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.MatchAddressPrefix = m
-		}
-	}
-
-	if o.Action != nil {
-		if o.Action.Deny != nil {
-			ans.Action = ActionDeny
-		} else if o.Action.Allow != nil {
-			ans.Action = ActionAllow
-			ans.Dampening = o.Action.Allow.Dampening
-
-			if o.Action.Allow.Update != nil {
-				ans.LocalPreference = o.Action.Allow.Update.LocalPreference
-				ans.Med = o.Action.Allow.Update.Med
-				ans.Weight = o.Action.Allow.Update.Weight
-				ans.NextHop = o.Action.Allow.Update.NextHop
-				ans.Origin = o.Action.Allow.Update.Origin
-				ans.AsPathLimit = o.Action.Allow.Update.AsPathLimit
-
-				if o.Action.Allow.Update.AsPath != nil {
-					if o.Action.Allow.Update.AsPath.None != nil {
-						ans.AsPathType = AsPathTypeNone
-					} else if o.Action.Allow.Update.AsPath.Remove != nil {
-						ans.AsPathType = AsPathTypeRemove
-					}
-				}
-
-				if o.Action.Allow.Update.Community != nil {
-					if o.Action.Allow.Update.Community.None != nil {
-						ans.CommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.Community.RemoveAll != nil {
-						ans.CommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.Community.RemoveRegex != "" {
-						ans.CommunityType = CommunityTypeRemoveRegex
-						ans.CommunityValue = o.Action.Allow.Update.Community.RemoveRegex
-					} else if o.Action.Allow.Update.Community.Append != nil {
-						ans.CommunityType = CommunityTypeAppend
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Append)
-					} else if o.Action.Allow.Update.Community.Overwrite != nil {
-						ans.CommunityType = CommunityTypeOverwrite
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Overwrite)
-					}
-				}
-
-				if o.Action.Allow.Update.ExtendedCommunity != nil {
-					if o.Action.Allow.Update.ExtendedCommunity.None != nil {
-						ans.ExtendedCommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveAll != nil {
-						ans.ExtendedCommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveRegex != "" {
-						ans.ExtendedCommunityType = CommunityTypeRemoveRegex
-						ans.ExtendedCommunityValue = o.Action.Allow.Update.ExtendedCommunity.RemoveRegex
-					} else if o.Action.Allow.Update.ExtendedCommunity.Append != nil {
-						ans.ExtendedCommunityType = CommunityTypeAppend
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Append)
-					} else if o.Action.Allow.Update.ExtendedCommunity.Overwrite != nil {
-						ans.ExtendedCommunityType = CommunityTypeOverwrite
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Overwrite)
-					}
-				}
-			}
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Enable: util.AsBool(o.Enable),
-		UsedBy: util.MemToStr(o.UsedBy),
-	}
-
-	if o.Match != nil {
-		ans.MatchMed = o.Match.MatchMed
-		ans.MatchRouteTable = o.Match.MatchRouteTable
-		ans.MatchNextHop = util.MemToStr(o.Match.MatchNextHop)
-		ans.MatchFromPeer = util.MemToStr(o.Match.MatchFromPeer)
-
-		if o.Match.MatchAsPathRegex != nil {
-			ans.MatchAsPathRegex = o.Match.MatchAsPathRegex.Regex
-		}
-
-		if o.Match.MatchCommunityRegex != nil {
-			ans.MatchCommunityRegex = o.Match.MatchCommunityRegex.Regex
-		}
-
-		if o.Match.MatchExtendedCommunityRegex != nil {
-			ans.MatchExtendedCommunityRegex = o.Match.MatchExtendedCommunityRegex.Regex
-		}
-
-		if o.Match.MatchAddressPrefix != nil {
-			m := make(map[string]bool)
-			for _, v := range o.Match.MatchAddressPrefix.Entry {
-				m[v.Name] = util.AsBool(v.Exact)
-			}
-			ans.MatchAddressPrefix = m
-		}
-	}
-
-	if o.Action != nil {
-		if o.Action.Deny != nil {
-			ans.Action = ActionDeny
-		} else if o.Action.Allow != nil {
-			ans.Action = ActionAllow
-			ans.Dampening = o.Action.Allow.Dampening
-
-			if o.Action.Allow.Update != nil {
-				ans.LocalPreference = o.Action.Allow.Update.LocalPreference
-				ans.Med = o.Action.Allow.Update.Med
-				ans.Weight = o.Action.Allow.Update.Weight
-				ans.NextHop = o.Action.Allow.Update.NextHop
-				ans.Origin = o.Action.Allow.Update.Origin
-				ans.AsPathLimit = o.Action.Allow.Update.AsPathLimit
-
-				if o.Action.Allow.Update.AsPath != nil {
-					if o.Action.Allow.Update.AsPath.None != nil {
-						ans.AsPathType = AsPathTypeNone
-					} else if o.Action.Allow.Update.AsPath.Remove != nil {
-						ans.AsPathType = AsPathTypeRemove
-					}
-				}
-
-				if o.Action.Allow.Update.Community != nil {
-					if o.Action.Allow.Update.Community.None != nil {
-						ans.CommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.Community.RemoveAll != nil {
-						ans.CommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.Community.RemoveRegex != "" {
-						ans.CommunityType = CommunityTypeRemoveRegex
-						ans.CommunityValue = o.Action.Allow.Update.Community.RemoveRegex
-					} else if o.Action.Allow.Update.Community.Append != nil {
-						ans.CommunityType = CommunityTypeAppend
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Append)
-					} else if o.Action.Allow.Update.Community.Overwrite != nil {
-						ans.CommunityType = CommunityTypeOverwrite
-						ans.CommunityValue = util.MemToOneStr(o.Action.Allow.Update.Community.Overwrite)
-					}
-				}
-
-				if o.Action.Allow.Update.ExtendedCommunity != nil {
-					if o.Action.Allow.Update.ExtendedCommunity.None != nil {
-						ans.ExtendedCommunityType = CommunityTypeNone
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveAll != nil {
-						ans.ExtendedCommunityType = CommunityTypeRemoveAll
-					} else if o.Action.Allow.Update.ExtendedCommunity.RemoveRegex != "" {
-						ans.ExtendedCommunityType = CommunityTypeRemoveRegex
-						ans.ExtendedCommunityValue = o.Action.Allow.Update.ExtendedCommunity.RemoveRegex
-					} else if o.Action.Allow.Update.ExtendedCommunity.Append != nil {
-						ans.ExtendedCommunityType = CommunityTypeAppend
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Append)
-					} else if o.Action.Allow.Update.ExtendedCommunity.Overwrite != nil {
-						ans.ExtendedCommunityType = CommunityTypeOverwrite
-						ans.ExtendedCommunityValue = util.MemToOneStr(o.Action.Allow.Update.ExtendedCommunity.Overwrite)
-					}
-				}
-			}
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name         `xml:"entry"`
-	Name    string           `xml:"name,attr"`
-	Enable  string           `xml:"enable"`
-	UsedBy  *util.MemberType `xml:"used-by"`
-	Match   *match_v1        `xml:"match"`
-	Action  *action          `xml:"action"`
-}
-
-type match_v1 struct {
-	MatchAsPathRegex            *regex           `xml:"as-path"`
-	MatchCommunityRegex         *regex           `xml:"community"`
-	MatchExtendedCommunityRegex *regex           `xml:"extended-community"`
-	MatchMed                    string           `xml:"med,omitempty"`
-	MatchAddressPrefix          *addPre          `xml:"address-prefix"`
-	MatchNextHop                *util.MemberType `xml:"nexthop"`
-	MatchFromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-type addPre struct {
-	Entry []apEntry `xml:"entry"`
-}
-
-type apEntry struct {
-	Name  string `xml:"name,attr"`
-	Exact string `xml:"exact"`
-}
-
-type regex struct {
-	Regex string `xml:"regex,omitempty"`
-}
-
-type action struct {
-	Deny  *string `xml:"deny"`
-	Allow *allow  `xml:"allow"`
-}
-
-type allow struct {
-	Dampening string  `xml:"dampening,omitempty"`
-	Update    *update `xml:"update"`
-}
-
-type update struct {
-	LocalPreference   string    `xml:"local-preference,omitempty"`
-	Med               string    `xml:"med,omitempty"`
-	Weight            int       `xml:"weight,omitempty"`
-	NextHop           string    `xml:"nexthop,omitempty"`
-	Origin            string    `xml:"origin,omitempty"`
-	AsPathLimit       int       `xml:"as-path-limit,omitempty"`
-	AsPath            *asPath   `xml:"as-path"`
-	Community         *allowCom `xml:"community"`
-	ExtendedCommunity *allowCom `xml:"extended-community"`
-}
-
-type asPath struct {
-	None   *string `xml:"none"`
-	Remove *string `xml:"remove"`
-}
-
-type allowCom struct {
-	None        *string          `xml:"none"`
-	RemoveAll   *string          `xml:"remove-all"`
-	RemoveRegex string           `xml:"remove-regex,omitempty"`
-	Append      *util.MemberType `xml:"append"`
-	Overwrite   *util.MemberType `xml:"overwrite"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-		UsedBy: util.StrToMem(e.UsedBy),
-	}
-	s := ""
-
-	if e.MatchAsPathRegex != "" || e.MatchCommunityRegex != "" || e.MatchExtendedCommunityRegex != "" || e.MatchMed != "" || len(e.MatchAddressPrefix) > 0 || len(e.MatchNextHop) > 0 || len(e.MatchFromPeer) > 0 {
-		ans.Match = &match_v1{
-			MatchMed:      e.MatchMed,
-			MatchNextHop:  util.StrToMem(e.MatchNextHop),
-			MatchFromPeer: util.StrToMem(e.MatchFromPeer),
-		}
-
-		if e.MatchAsPathRegex != "" {
-			ans.Match.MatchAsPathRegex = &regex{
-				Regex: e.MatchAsPathRegex,
-			}
-		}
-
-		if e.MatchCommunityRegex != "" {
-			ans.Match.MatchCommunityRegex = &regex{
-				Regex: e.MatchCommunityRegex,
-			}
-		}
-
-		if e.MatchExtendedCommunityRegex != "" {
-			ans.Match.MatchExtendedCommunityRegex = &regex{
-				Regex: e.MatchExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.MatchAddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.MatchAddressPrefix))
-			for k, v := range e.MatchAddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.MatchAddressPrefix = &addPre{apList}
-		}
-	}
-
-	switch e.Action {
-	case ActionDeny:
-		ans.Action = &action{
-			Deny: &s,
-		}
-	case ActionAllow:
-		ans.Action = &action{
-			Allow: &allow{
-				Dampening: e.Dampening,
-			},
-		}
-
-		if e.LocalPreference != "" || e.Med != "" || e.Weight > 0 || e.NextHop != "" || e.Origin != "" || e.AsPathLimit != 0 || e.AsPathType != "" || e.CommunityType != "" || e.ExtendedCommunityType != "" {
-			u := update{
-				LocalPreference: e.LocalPreference,
-				Med:             e.Med,
-				Weight:          e.Weight,
-				NextHop:         e.NextHop,
-				Origin:          e.Origin,
-				AsPathLimit:     e.AsPathLimit,
-			}
-
-			switch e.AsPathType {
-			case AsPathTypeNone:
-				u.AsPath = &asPath{
-					None: &s,
-				}
-			case AsPathTypeRemove:
-				u.AsPath = &asPath{
-					Remove: &s,
-				}
-			}
-
-			switch e.CommunityType {
-			case CommunityTypeNone:
-				u.Community = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.Community = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.Community = &allowCom{
-					RemoveRegex: e.CommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.Community = &allowCom{
-					Append: util.OneStrToMem(e.CommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.Community = &allowCom{
-					Overwrite: util.OneStrToMem(e.CommunityValue),
-				}
-			}
-
-			switch e.ExtendedCommunityType {
-			case CommunityTypeNone:
-				u.ExtendedCommunity = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.ExtendedCommunity = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.ExtendedCommunity = &allowCom{
-					RemoveRegex: e.ExtendedCommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.ExtendedCommunity = &allowCom{
-					Append: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.ExtendedCommunity = &allowCom{
-					Overwrite: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			}
-
-			ans.Action.Allow.Update = &u
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name         `xml:"entry"`
-	Name    string           `xml:"name,attr"`
-	Enable  string           `xml:"enable"`
-	UsedBy  *util.MemberType `xml:"used-by"`
-	Match   *match_v2        `xml:"match"`
-	Action  *action          `xml:"action"`
-}
-
-type match_v2 struct {
-	MatchAsPathRegex            *regex           `xml:"as-path"`
-	MatchCommunityRegex         *regex           `xml:"community"`
-	MatchExtendedCommunityRegex *regex           `xml:"extended-community"`
-	MatchMed                    string           `xml:"med,omitempty"`
-	MatchRouteTable             string           `xml:"route-table,omitempty"`
-	MatchAddressPrefix          *addPre          `xml:"address-prefix"`
-	MatchNextHop                *util.MemberType `xml:"nexthop"`
-	MatchFromPeer               *util.MemberType `xml:"from-peer"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:   e.Name,
-		Enable: util.YesNo(e.Enable),
-		UsedBy: util.StrToMem(e.UsedBy),
-	}
-	s := ""
-
-	if e.MatchAsPathRegex != "" || e.MatchCommunityRegex != "" || e.MatchExtendedCommunityRegex != "" || e.MatchMed != "" || e.MatchRouteTable != "" || len(e.MatchAddressPrefix) > 0 || len(e.MatchNextHop) > 0 || len(e.MatchFromPeer) > 0 {
-		ans.Match = &match_v2{
-			MatchMed:        e.MatchMed,
-			MatchRouteTable: e.MatchRouteTable,
-			MatchNextHop:    util.StrToMem(e.MatchNextHop),
-			MatchFromPeer:   util.StrToMem(e.MatchFromPeer),
-		}
-
-		if e.MatchAsPathRegex != "" {
-			ans.Match.MatchAsPathRegex = &regex{
-				Regex: e.MatchAsPathRegex,
-			}
-		}
-
-		if e.MatchCommunityRegex != "" {
-			ans.Match.MatchCommunityRegex = &regex{
-				Regex: e.MatchCommunityRegex,
-			}
-		}
-
-		if e.MatchExtendedCommunityRegex != "" {
-			ans.Match.MatchExtendedCommunityRegex = &regex{
-				Regex: e.MatchExtendedCommunityRegex,
-			}
-		}
-
-		if len(e.MatchAddressPrefix) > 0 {
-			apList := make([]apEntry, 0, len(e.MatchAddressPrefix))
-			for k, v := range e.MatchAddressPrefix {
-				apList = append(apList, apEntry{
-					Name:  k,
-					Exact: util.YesNo(v),
-				})
-			}
-			ans.Match.MatchAddressPrefix = &addPre{apList}
-		}
-	}
-
-	switch e.Action {
-	case ActionDeny:
-		ans.Action = &action{
-			Deny: &s,
-		}
-	case ActionAllow:
-		ans.Action = &action{
-			Allow: &allow{
-				Dampening: e.Dampening,
-			},
-		}
-
-		if e.LocalPreference != "" || e.Med != "" || e.Weight > 0 || e.NextHop != "" || e.Origin != "" || e.AsPathLimit != 0 || e.AsPathType != "" || e.CommunityType != "" || e.ExtendedCommunityType != "" {
-			u := update{
-				LocalPreference: e.LocalPreference,
-				Med:             e.Med,
-				Weight:          e.Weight,
-				NextHop:         e.NextHop,
-				Origin:          e.Origin,
-				AsPathLimit:     e.AsPathLimit,
-			}
-
-			switch e.AsPathType {
-			case AsPathTypeNone:
-				u.AsPath = &asPath{
-					None: &s,
-				}
-			case AsPathTypeRemove:
-				u.AsPath = &asPath{
-					Remove: &s,
-				}
-			}
-
-			switch e.CommunityType {
-			case CommunityTypeNone:
-				u.Community = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.Community = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.Community = &allowCom{
-					RemoveRegex: e.CommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.Community = &allowCom{
-					Append: util.OneStrToMem(e.CommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.Community = &allowCom{
-					Overwrite: util.OneStrToMem(e.CommunityValue),
-				}
-			}
-
-			switch e.ExtendedCommunityType {
-			case CommunityTypeNone:
-				u.ExtendedCommunity = &allowCom{
-					None: &s,
-				}
-			case CommunityTypeRemoveAll:
-				u.ExtendedCommunity = &allowCom{
-					RemoveAll: &s,
-				}
-			case CommunityTypeRemoveRegex:
-				u.ExtendedCommunity = &allowCom{
-					RemoveRegex: e.ExtendedCommunityValue,
-				}
-			case CommunityTypeAppend:
-				u.ExtendedCommunity = &allowCom{
-					Append: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			case CommunityTypeOverwrite:
-				u.ExtendedCommunity = &allowCom{
-					Overwrite: util.OneStrToMem(e.ExtendedCommunityValue),
-				}
-			}
-
-			ans.Action.Allow.Update = &u
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/imp/funcs.go b/netw/routing/protocol/bgp/imp/funcs.go
deleted file mode 100644
index f64b31f1..00000000
--- a/netw/routing/protocol/bgp/imp/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package imp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/imp/fw.go b/netw/routing/protocol/bgp/imp/fw.go
deleted file mode 100644
index 4983a892..00000000
--- a/netw/routing/protocol/bgp/imp/fw.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package imp
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpImport namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vr), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vr, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vr, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of bgp import rules somewhere in relation
-// to another security policy.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vr string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vr)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vr), lister, movement, rule, names)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"import",
-		"rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/imp/fw_test.go b/netw/routing/protocol/bgp/imp/fw_test.go
deleted file mode 100644
index 4482618d..00000000
--- a/netw/routing/protocol/bgp/imp/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package imp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/imp/pano.go b/netw/routing/protocol/bgp/imp/pano.go
deleted file mode 100644
index 84239b51..00000000
--- a/netw/routing/protocol/bgp/imp/pano.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package imp
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpImport namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	err := c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(tmpl, ts, vr, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(tmpl, ts, vr, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of bgp import rules somewhere in relation
-// to another security policy.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(tmpl, ts, vr string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(tmpl, ts, vr)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(tmpl, ts, vr), lister, movement, rule, names)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"policy",
-		"import",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/imp/pano_test.go b/netw/routing/protocol/bgp/imp/pano_test.go
deleted file mode 100644
index f617c305..00000000
--- a/netw/routing/protocol/bgp/imp/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package imp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/imp/testdata_test.go b/netw/routing/protocol/bgp/imp/testdata_test.go
deleted file mode 100644
index 2ebb3dce..00000000
--- a/netw/routing/protocol/bgp/imp/testdata_test.go
+++ /dev/null
@@ -1,303 +0,0 @@
-package imp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 minimal with deny", version.Number{7, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-			Action: ActionDeny,
-		}},
-		{"v1 community none", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      true,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			Weight:                25,
-			NextHop:               "nexthop",
-			Origin:                OriginIgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeRemove,
-			CommunityType:         CommunityTypeNone,
-			ExtendedCommunityType: CommunityTypeRemoveAll,
-		}},
-		{"v1 community remove all", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			Dampening:             "dampening",
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			Weight:                25,
-			NextHop:               "nexthop",
-			Origin:                OriginEgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeNone,
-			CommunityType:         CommunityTypeRemoveAll,
-			ExtendedCommunityType: CommunityTypeNone,
-		}},
-		{"v1 community remove regex", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeRemoveRegex,
-			CommunityValue:         "my allow community regex",
-			ExtendedCommunityType:  CommunityTypeAppend,
-			ExtendedCommunityValue: "append value",
-		}},
-		{"v1 community append", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeAppend,
-			CommunityValue:         AppendNoExport,
-			ExtendedCommunityType:  CommunityTypeOverwrite,
-			ExtendedCommunityValue: "overwrite value",
-		}},
-		{"v1 community overwrite", version.Number{7, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeOverwrite,
-			CommunityValue:         "overwrite value",
-			ExtendedCommunityType:  CommunityTypeRemoveRegex,
-			ExtendedCommunityValue: "remove regex",
-		}},
-		{"v2 minimal with deny", version.Number{8, 0, 0, ""}, Entry{
-			Name:   "minimal",
-			Enable: false,
-			Action: ActionDeny,
-		}},
-		{"v2 community none", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      true,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableUnicast,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-				"7.7.0.0": true,
-				"8.8.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			Weight:                25,
-			NextHop:               "nexthop",
-			Origin:                OriginIgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeRemove,
-			CommunityType:         CommunityTypeNone,
-			ExtendedCommunityType: CommunityTypeRemoveAll,
-		}},
-		{"v2 community remove all", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableMulticast,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:          []string{"nh1", "nh2"},
-			MatchFromPeer:         []string{"fp1", "fp2"},
-			Action:                ActionAllow,
-			Dampening:             "dampening",
-			LocalPreference:       "local pref",
-			Med:                   "1234",
-			Weight:                25,
-			NextHop:               "nexthop",
-			Origin:                OriginEgp,
-			AsPathLimit:           26,
-			AsPathType:            AsPathTypeNone,
-			CommunityType:         CommunityTypeRemoveAll,
-			ExtendedCommunityType: CommunityTypeNone,
-		}},
-		{"v2 community remove regex", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchRouteTable:             MatchRouteTableBoth,
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeRemoveRegex,
-			CommunityValue:         "my allow community regex",
-			ExtendedCommunityType:  CommunityTypeAppend,
-			ExtendedCommunityValue: "append value",
-		}},
-		{"v2 community append", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeAppend,
-			CommunityValue:         AppendNoExport,
-			ExtendedCommunityType:  CommunityTypeOverwrite,
-			ExtendedCommunityValue: "overwrite value",
-		}},
-		{"v2 community overwrite", version.Number{8, 0, 0, ""}, Entry{
-			Name:                        "foo",
-			Enable:                      false,
-			UsedBy:                      []string{"one", "two"},
-			MatchAsPathRegex:            "as path regex",
-			MatchCommunityRegex:         "community regex",
-			MatchExtendedCommunityRegex: "extended community regex",
-			MatchMed:                    "match med",
-			MatchAddressPrefix: map[string]bool{
-				"5.5.0.0": true,
-				"6.6.0.0": false,
-			},
-			MatchNextHop:           []string{"nh1", "nh2"},
-			MatchFromPeer:          []string{"fp1", "fp2"},
-			Action:                 ActionAllow,
-			Dampening:              "dampening",
-			LocalPreference:        "local pref",
-			Med:                    "1234",
-			Weight:                 25,
-			NextHop:                "nexthop",
-			Origin:                 OriginEgp,
-			AsPathLimit:            26,
-			AsPathType:             AsPathTypeNone,
-			CommunityType:          CommunityTypeOverwrite,
-			CommunityValue:         "overwrite value",
-			ExtendedCommunityType:  CommunityTypeRemoveRegex,
-			ExtendedCommunityValue: "remove regex",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/pano.go b/netw/routing/protocol/bgp/pano.go
deleted file mode 100644
index 8128e259..00000000
--- a/netw/routing/protocol/bgp/pano.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package bgp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpConfig namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e Config) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Config) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Panorama) Delete(tmpl, ts, vr string) error {
-	return c.ns.Delete(c.pather(tmpl, ts, vr), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/pano_test.go b/netw/routing/protocol/bgp/pano_test.go
deleted file mode 100644
index 08f915e9..00000000
--- a/netw/routing/protocol/bgp/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package bgp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", "mockVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", "mockVr")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/const.go b/netw/routing/protocol/bgp/peer/const.go
deleted file mode 100644
index 44274aed..00000000
--- a/netw/routing/protocol/bgp/peer/const.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package peer
-
-// Valid values for ReflectorClient.
-const (
-	ReflectorClientNonClient    = "non-client"
-	ReflectorClientClient       = "client"
-	ReflectorClientMeshedClient = "meshed-client"
-)
-
-// Valid values for PeeringType.
-const (
-	PeeringTypeBilateral   = "bilateral"
-	PeeringTypeUnspecified = "unspecified"
-)
-
-// Valid values for BfdProfile, besides an actual BFD profile's name.
-const (
-	BfdProfileInherit = "Inherit-vr-global-setting"
-	BfdProfileNone    = "None"
-)
-
-// Valid values for AddressFamilyType.
-const (
-	AddressFamilyTypeIpv4 = "ipv4"
-	AddressFamilyTypeIpv6 = "ipv6"
-)
-
-// Valid non-int value for MaxPrefixes.
-const MaxPrefixesUnlimited = "unlimited"
-
-const (
-	singular = "bgp peer group peer"
-	plural   = "bgp peer group peers"
-)
diff --git a/netw/routing/protocol/bgp/peer/doc.go b/netw/routing/protocol/bgp/peer/doc.go
deleted file mode 100644
index ec5baf3c..00000000
--- a/netw/routing/protocol/bgp/peer/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package peer is the client.Network.BgpPeer namespace.
-
-The "pg" param in the function signatures in this page is the peer group name.
-
-Normalized object:  Entry
-*/
-package peer
diff --git a/netw/routing/protocol/bgp/peer/entry.go b/netw/routing/protocol/bgp/peer/entry.go
deleted file mode 100644
index d9f32e78..00000000
--- a/netw/routing/protocol/bgp/peer/entry.go
+++ /dev/null
@@ -1,662 +0,0 @@
-package peer
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// peer group peer.
-type Entry struct {
-	Name                             string
-	Enable                           bool
-	PeerAs                           string
-	LocalAddressInterface            string
-	LocalAddressIp                   string
-	PeerAddressIp                    string
-	ReflectorClient                  string
-	PeeringType                      string
-	MaxPrefixes                      string
-	AuthProfile                      string
-	KeepAliveInterval                int
-	MultiHop                         int
-	OpenDelayTime                    int
-	HoldTime                         int
-	IdleHoldTime                     int
-	AllowIncomingConnections         bool
-	IncomingConnectionsRemotePort    int
-	AllowOutgoingConnections         bool
-	OutgoingConnectionsLocalPort     int
-	BfdProfile                       string // 7.1+
-	EnableMpBgp                      bool   // 8.0+
-	AddressFamilyType                string // 8.0+
-	SubsequentAddressFamilyUnicast   bool   // 8.0+
-	SubsequentAddressFamilyMulticast bool   // 8.0+
-	EnableSenderSideLoopDetection    bool   // 8.0+
-	MinRouteAdvertisementInterval    int    // 8.1+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.PeerAs = s.PeerAs
-	o.LocalAddressInterface = s.LocalAddressInterface
-	o.LocalAddressIp = s.LocalAddressIp
-	o.PeerAddressIp = s.PeerAddressIp
-	o.ReflectorClient = s.ReflectorClient
-	o.PeeringType = s.PeeringType
-	o.MaxPrefixes = s.MaxPrefixes
-	o.AuthProfile = s.AuthProfile
-	o.KeepAliveInterval = s.KeepAliveInterval
-	o.MultiHop = s.MultiHop
-	o.OpenDelayTime = s.OpenDelayTime
-	o.HoldTime = s.HoldTime
-	o.IdleHoldTime = s.IdleHoldTime
-	o.AllowIncomingConnections = s.AllowIncomingConnections
-	o.IncomingConnectionsRemotePort = s.IncomingConnectionsRemotePort
-	o.AllowOutgoingConnections = s.AllowOutgoingConnections
-	o.OutgoingConnectionsLocalPort = s.OutgoingConnectionsLocalPort
-	o.BfdProfile = s.BfdProfile
-	o.EnableMpBgp = s.EnableMpBgp
-	o.AddressFamilyType = s.AddressFamilyType
-	o.SubsequentAddressFamilyUnicast = s.SubsequentAddressFamilyUnicast
-	o.SubsequentAddressFamilyMulticast = s.SubsequentAddressFamilyMulticast
-	o.EnableSenderSideLoopDetection = s.EnableSenderSideLoopDetection
-	o.MinRouteAdvertisementInterval = s.MinRouteAdvertisementInterval
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                  o.Name,
-		Enable:                util.AsBool(o.Enable),
-		PeerAs:                o.PeerAs,
-		LocalAddressInterface: o.LocalAddressInterface,
-		LocalAddressIp:        o.LocalAddressIp,
-		PeerAddressIp:         o.PeerAddressIp,
-		ReflectorClient:       o.ReflectorClient,
-		PeeringType:           o.PeeringType,
-		MaxPrefixes:           o.MaxPrefixes,
-	}
-
-	if o.Options != nil {
-		ans.AuthProfile = o.Options.AuthProfile
-		ans.KeepAliveInterval = o.Options.KeepAliveInterval
-		ans.MultiHop = o.Options.MultiHop
-		ans.OpenDelayTime = o.Options.OpenDelayTime
-		ans.HoldTime = o.Options.HoldTime
-		ans.IdleHoldTime = o.Options.IdleHoldTime
-
-		if o.Options.BgpIn != nil {
-			ans.AllowIncomingConnections = util.AsBool(o.Options.BgpIn.AllowIncomingConnections)
-			ans.IncomingConnectionsRemotePort = o.Options.BgpIn.IncomingConnectionsRemotePort
-		}
-
-		if o.Options.BgpOut != nil {
-			ans.AllowOutgoingConnections = util.AsBool(o.Options.BgpOut.AllowOutgoingConnections)
-			ans.OutgoingConnectionsLocalPort = o.Options.BgpOut.OutgoingConnectionsLocalPort
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                  o.Name,
-		Enable:                util.AsBool(o.Enable),
-		PeerAs:                o.PeerAs,
-		LocalAddressInterface: o.LocalAddressInterface,
-		LocalAddressIp:        o.LocalAddressIp,
-		PeerAddressIp:         o.PeerAddressIp,
-		ReflectorClient:       o.ReflectorClient,
-		PeeringType:           o.PeeringType,
-		MaxPrefixes:           o.MaxPrefixes,
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Options != nil {
-		ans.AuthProfile = o.Options.AuthProfile
-		ans.KeepAliveInterval = o.Options.KeepAliveInterval
-		ans.MultiHop = o.Options.MultiHop
-		ans.OpenDelayTime = o.Options.OpenDelayTime
-		ans.HoldTime = o.Options.HoldTime
-		ans.IdleHoldTime = o.Options.IdleHoldTime
-
-		if o.Options.BgpIn != nil {
-			ans.AllowIncomingConnections = util.AsBool(o.Options.BgpIn.AllowIncomingConnections)
-			ans.IncomingConnectionsRemotePort = o.Options.BgpIn.IncomingConnectionsRemotePort
-		}
-
-		if o.Options.BgpOut != nil {
-			ans.AllowOutgoingConnections = util.AsBool(o.Options.BgpOut.AllowOutgoingConnections)
-			ans.OutgoingConnectionsLocalPort = o.Options.BgpOut.OutgoingConnectionsLocalPort
-		}
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                          o.Name,
-		Enable:                        util.AsBool(o.Enable),
-		PeerAs:                        o.PeerAs,
-		EnableMpBgp:                   util.AsBool(o.EnableMpBgp),
-		AddressFamilyType:             o.AddressFamilyType,
-		EnableSenderSideLoopDetection: util.AsBool(o.EnableSenderSideLoopDetection),
-		LocalAddressInterface:         o.LocalAddressInterface,
-		LocalAddressIp:                o.LocalAddressIp,
-		PeerAddressIp:                 o.PeerAddressIp,
-		ReflectorClient:               o.ReflectorClient,
-		PeeringType:                   o.PeeringType,
-		MaxPrefixes:                   o.MaxPrefixes,
-	}
-
-	if o.Safi != nil {
-		ans.SubsequentAddressFamilyUnicast = util.AsBool(o.Safi.SubsequentAddressFamilyUnicast)
-		ans.SubsequentAddressFamilyMulticast = util.AsBool(o.Safi.SubsequentAddressFamilyMulticast)
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Options != nil {
-		ans.AuthProfile = o.Options.AuthProfile
-		ans.KeepAliveInterval = o.Options.KeepAliveInterval
-		ans.MultiHop = o.Options.MultiHop
-		ans.OpenDelayTime = o.Options.OpenDelayTime
-		ans.HoldTime = o.Options.HoldTime
-		ans.IdleHoldTime = o.Options.IdleHoldTime
-
-		if o.Options.BgpIn != nil {
-			ans.AllowIncomingConnections = util.AsBool(o.Options.BgpIn.AllowIncomingConnections)
-			ans.IncomingConnectionsRemotePort = o.Options.BgpIn.IncomingConnectionsRemotePort
-		}
-
-		if o.Options.BgpOut != nil {
-			ans.AllowOutgoingConnections = util.AsBool(o.Options.BgpOut.AllowOutgoingConnections)
-			ans.OutgoingConnectionsLocalPort = o.Options.BgpOut.OutgoingConnectionsLocalPort
-		}
-	}
-
-	return ans
-}
-
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                          o.Name,
-		Enable:                        util.AsBool(o.Enable),
-		PeerAs:                        o.PeerAs,
-		EnableMpBgp:                   util.AsBool(o.EnableMpBgp),
-		AddressFamilyType:             o.AddressFamilyType,
-		EnableSenderSideLoopDetection: util.AsBool(o.EnableSenderSideLoopDetection),
-		LocalAddressInterface:         o.LocalAddressInterface,
-		LocalAddressIp:                o.LocalAddressIp,
-		PeerAddressIp:                 o.PeerAddressIp,
-		ReflectorClient:               o.ReflectorClient,
-		PeeringType:                   o.PeeringType,
-		MaxPrefixes:                   o.MaxPrefixes,
-	}
-
-	if o.Safi != nil {
-		ans.SubsequentAddressFamilyUnicast = util.AsBool(o.Safi.SubsequentAddressFamilyUnicast)
-		ans.SubsequentAddressFamilyMulticast = util.AsBool(o.Safi.SubsequentAddressFamilyMulticast)
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Options != nil {
-		ans.AuthProfile = o.Options.AuthProfile
-		ans.KeepAliveInterval = o.Options.KeepAliveInterval
-		ans.MultiHop = o.Options.MultiHop
-		ans.OpenDelayTime = o.Options.OpenDelayTime
-		ans.HoldTime = o.Options.HoldTime
-		ans.IdleHoldTime = o.Options.IdleHoldTime
-		ans.MinRouteAdvertisementInterval = o.Options.MinRouteAdvertisementInterval
-
-		if o.Options.BgpIn != nil {
-			ans.AllowIncomingConnections = util.AsBool(o.Options.BgpIn.AllowIncomingConnections)
-			ans.IncomingConnectionsRemotePort = o.Options.BgpIn.IncomingConnectionsRemotePort
-		}
-
-		if o.Options.BgpOut != nil {
-			ans.AllowOutgoingConnections = util.AsBool(o.Options.BgpOut.AllowOutgoingConnections)
-			ans.OutgoingConnectionsLocalPort = o.Options.BgpOut.OutgoingConnectionsLocalPort
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName               xml.Name `xml:"entry"`
-	Name                  string   `xml:"name,attr"`
-	Enable                string   `xml:"enable"`
-	PeerAs                string   `xml:"peer-as,omitempty"`
-	LocalAddressInterface string   `xml:"local-address>interface"`
-	LocalAddressIp        string   `xml:"local-address>ip,omitempty"`
-	PeerAddressIp         string   `xml:"peer-address>ip"`
-	ReflectorClient       string   `xml:"reflector-client,omitempty"`
-	PeeringType           string   `xml:"peering-type,omitempty"`
-	MaxPrefixes           string   `xml:"max-prefixes,omitempty"`
-	Options               *opts_v1 `xml:"connection-options"`
-}
-
-type opts_v1 struct {
-	AuthProfile       string  `xml:"authentication,omitempty"`
-	KeepAliveInterval int     `xml:"keep-alive-interval,omitempty"`
-	MultiHop          int     `xml:"multihop,omitempty"`
-	OpenDelayTime     int     `xml:"open-delay-time,omitempty"`
-	HoldTime          int     `xml:"hold-time,omitempty"`
-	IdleHoldTime      int     `xml:"idle-hold-time,omitempty"`
-	BgpIn             *bgpIn  `xml:"incoming-bgp-connection"`
-	BgpOut            *bgpOut `xml:"outgoing-bgp-connection"`
-}
-
-type bgpIn struct {
-	AllowIncomingConnections      string `xml:"allow"`
-	IncomingConnectionsRemotePort int    `xml:"remote-port,omitempty"`
-}
-
-type bgpOut struct {
-	AllowOutgoingConnections     string `xml:"allow"`
-	OutgoingConnectionsLocalPort int    `xml:"local-port,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                  e.Name,
-		Enable:                util.YesNo(e.Enable),
-		PeerAs:                e.PeerAs,
-		LocalAddressInterface: e.LocalAddressInterface,
-		LocalAddressIp:        e.LocalAddressIp,
-		PeerAddressIp:         e.PeerAddressIp,
-		ReflectorClient:       e.ReflectorClient,
-		PeeringType:           e.PeeringType,
-		MaxPrefixes:           e.MaxPrefixes,
-	}
-
-	hasIn := e.AllowIncomingConnections || e.IncomingConnectionsRemotePort != 0
-	hasOut := e.AllowOutgoingConnections || e.OutgoingConnectionsLocalPort != 0
-
-	if hasIn || hasOut || e.AuthProfile != "" || e.KeepAliveInterval != 0 || e.MultiHop != 0 || e.OpenDelayTime != 0 || e.HoldTime != 0 || e.IdleHoldTime != 0 {
-		ans.Options = &opts_v1{
-			AuthProfile:       e.AuthProfile,
-			KeepAliveInterval: e.KeepAliveInterval,
-			MultiHop:          e.MultiHop,
-			OpenDelayTime:     e.OpenDelayTime,
-			HoldTime:          e.HoldTime,
-			IdleHoldTime:      e.IdleHoldTime,
-		}
-
-		if hasIn {
-			ans.Options.BgpIn = &bgpIn{
-				AllowIncomingConnections:      util.YesNo(e.AllowIncomingConnections),
-				IncomingConnectionsRemotePort: e.IncomingConnectionsRemotePort,
-			}
-		}
-
-		if hasOut {
-			ans.Options.BgpOut = &bgpOut{
-				AllowOutgoingConnections:     util.YesNo(e.AllowOutgoingConnections),
-				OutgoingConnectionsLocalPort: e.OutgoingConnectionsLocalPort,
-			}
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName               xml.Name `xml:"entry"`
-	Name                  string   `xml:"name,attr"`
-	Enable                string   `xml:"enable"`
-	PeerAs                string   `xml:"peer-as,omitempty"`
-	LocalAddressInterface string   `xml:"local-address>interface"`
-	LocalAddressIp        string   `xml:"local-address>ip,omitempty"`
-	PeerAddressIp         string   `xml:"peer-address>ip"`
-	ReflectorClient       string   `xml:"reflector-client,omitempty"`
-	PeeringType           string   `xml:"peering-type,omitempty"`
-	MaxPrefixes           string   `xml:"max-prefixes,omitempty"`
-	Bfd                   *bfd     `xml:"bfd"`
-	Options               *opts_v1 `xml:"connection-options"`
-}
-
-type bfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                  e.Name,
-		Enable:                util.YesNo(e.Enable),
-		PeerAs:                e.PeerAs,
-		LocalAddressInterface: e.LocalAddressInterface,
-		LocalAddressIp:        e.LocalAddressIp,
-		PeerAddressIp:         e.PeerAddressIp,
-		ReflectorClient:       e.ReflectorClient,
-		PeeringType:           e.PeeringType,
-		MaxPrefixes:           e.MaxPrefixes,
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	hasIn := e.AllowIncomingConnections || e.IncomingConnectionsRemotePort != 0
-	hasOut := e.AllowOutgoingConnections || e.OutgoingConnectionsLocalPort != 0
-
-	if hasIn || hasOut || e.AuthProfile != "" || e.KeepAliveInterval != 0 || e.MultiHop != 0 || e.OpenDelayTime != 0 || e.HoldTime != 0 || e.IdleHoldTime != 0 {
-		ans.Options = &opts_v1{
-			AuthProfile:       e.AuthProfile,
-			KeepAliveInterval: e.KeepAliveInterval,
-			MultiHop:          e.MultiHop,
-			OpenDelayTime:     e.OpenDelayTime,
-			HoldTime:          e.HoldTime,
-			IdleHoldTime:      e.IdleHoldTime,
-		}
-
-		if hasIn {
-			ans.Options.BgpIn = &bgpIn{
-				AllowIncomingConnections:      util.YesNo(e.AllowIncomingConnections),
-				IncomingConnectionsRemotePort: e.IncomingConnectionsRemotePort,
-			}
-		}
-
-		if hasOut {
-			ans.Options.BgpOut = &bgpOut{
-				AllowOutgoingConnections:     util.YesNo(e.AllowOutgoingConnections),
-				OutgoingConnectionsLocalPort: e.OutgoingConnectionsLocalPort,
-			}
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                       xml.Name `xml:"entry"`
-	Name                          string   `xml:"name,attr"`
-	Enable                        string   `xml:"enable"`
-	PeerAs                        string   `xml:"peer-as,omitempty"`
-	EnableMpBgp                   string   `xml:"enable-mp-bgp"`
-	AddressFamilyType             string   `xml:"address-family-identifier,omitempty"`
-	Safi                          *safi    `xml:"subsequent-address-family-identifier"`
-	EnableSenderSideLoopDetection string   `xml:"enable-sender-side-loop-detection"`
-	LocalAddressInterface         string   `xml:"local-address>interface"`
-	LocalAddressIp                string   `xml:"local-address>ip,omitempty"`
-	PeerAddressIp                 string   `xml:"peer-address>ip"`
-	ReflectorClient               string   `xml:"reflector-client,omitempty"`
-	PeeringType                   string   `xml:"peering-type,omitempty"`
-	MaxPrefixes                   string   `xml:"max-prefixes,omitempty"`
-	Bfd                           *bfd     `xml:"bfd"`
-	Options                       *opts_v1 `xml:"connection-options"`
-}
-
-type safi struct {
-	SubsequentAddressFamilyUnicast   string `xml:"unicast"`
-	SubsequentAddressFamilyMulticast string `xml:"multicast"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                          e.Name,
-		EnableMpBgp:                   util.YesNo(e.EnableMpBgp),
-		AddressFamilyType:             e.AddressFamilyType,
-		EnableSenderSideLoopDetection: util.YesNo(e.EnableSenderSideLoopDetection),
-		Enable:                        util.YesNo(e.Enable),
-		PeerAs:                        e.PeerAs,
-		LocalAddressInterface:         e.LocalAddressInterface,
-		LocalAddressIp:                e.LocalAddressIp,
-		PeerAddressIp:                 e.PeerAddressIp,
-		ReflectorClient:               e.ReflectorClient,
-		PeeringType:                   e.PeeringType,
-		MaxPrefixes:                   e.MaxPrefixes,
-	}
-
-	if e.SubsequentAddressFamilyUnicast || e.SubsequentAddressFamilyMulticast {
-		ans.Safi = &safi{
-			SubsequentAddressFamilyUnicast:   util.YesNo(e.SubsequentAddressFamilyUnicast),
-			SubsequentAddressFamilyMulticast: util.YesNo(e.SubsequentAddressFamilyMulticast),
-		}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	hasIn := e.AllowIncomingConnections || e.IncomingConnectionsRemotePort != 0
-	hasOut := e.AllowOutgoingConnections || e.OutgoingConnectionsLocalPort != 0
-
-	if hasIn || hasOut || e.AuthProfile != "" || e.KeepAliveInterval != 0 || e.MultiHop != 0 || e.OpenDelayTime != 0 || e.HoldTime != 0 || e.IdleHoldTime != 0 {
-		ans.Options = &opts_v1{
-			AuthProfile:       e.AuthProfile,
-			KeepAliveInterval: e.KeepAliveInterval,
-			MultiHop:          e.MultiHop,
-			OpenDelayTime:     e.OpenDelayTime,
-			HoldTime:          e.HoldTime,
-			IdleHoldTime:      e.IdleHoldTime,
-		}
-
-		if hasIn {
-			ans.Options.BgpIn = &bgpIn{
-				AllowIncomingConnections:      util.YesNo(e.AllowIncomingConnections),
-				IncomingConnectionsRemotePort: e.IncomingConnectionsRemotePort,
-			}
-		}
-
-		if hasOut {
-			ans.Options.BgpOut = &bgpOut{
-				AllowOutgoingConnections:     util.YesNo(e.AllowOutgoingConnections),
-				OutgoingConnectionsLocalPort: e.OutgoingConnectionsLocalPort,
-			}
-		}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                       xml.Name `xml:"entry"`
-	Name                          string   `xml:"name,attr"`
-	Enable                        string   `xml:"enable"`
-	PeerAs                        string   `xml:"peer-as,omitempty"`
-	EnableMpBgp                   string   `xml:"enable-mp-bgp"`
-	AddressFamilyType             string   `xml:"address-family-identifier,omitempty"`
-	Safi                          *safi    `xml:"subsequent-address-family-identifier"`
-	EnableSenderSideLoopDetection string   `xml:"enable-sender-side-loop-detection"`
-	LocalAddressInterface         string   `xml:"local-address>interface"`
-	LocalAddressIp                string   `xml:"local-address>ip,omitempty"`
-	PeerAddressIp                 string   `xml:"peer-address>ip"`
-	ReflectorClient               string   `xml:"reflector-client,omitempty"`
-	PeeringType                   string   `xml:"peering-type,omitempty"`
-	MaxPrefixes                   string   `xml:"max-prefixes,omitempty"`
-	Bfd                           *bfd     `xml:"bfd"`
-	Options                       *opts_v2 `xml:"connection-options"`
-}
-
-type opts_v2 struct {
-	AuthProfile                   string  `xml:"authentication,omitempty"`
-	KeepAliveInterval             int     `xml:"keep-alive-interval,omitempty"`
-	MultiHop                      int     `xml:"multihop,omitempty"`
-	OpenDelayTime                 int     `xml:"open-delay-time,omitempty"`
-	HoldTime                      int     `xml:"hold-time,omitempty"`
-	IdleHoldTime                  int     `xml:"idle-hold-time,omitempty"`
-	MinRouteAdvertisementInterval int     `xml:"min-route-adv-interval,omitempty"`
-	BgpIn                         *bgpIn  `xml:"incoming-bgp-connection"`
-	BgpOut                        *bgpOut `xml:"outgoing-bgp-connection"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                          e.Name,
-		EnableMpBgp:                   util.YesNo(e.EnableMpBgp),
-		AddressFamilyType:             e.AddressFamilyType,
-		EnableSenderSideLoopDetection: util.YesNo(e.EnableSenderSideLoopDetection),
-		Enable:                        util.YesNo(e.Enable),
-		PeerAs:                        e.PeerAs,
-		LocalAddressInterface:         e.LocalAddressInterface,
-		LocalAddressIp:                e.LocalAddressIp,
-		PeerAddressIp:                 e.PeerAddressIp,
-		ReflectorClient:               e.ReflectorClient,
-		PeeringType:                   e.PeeringType,
-		MaxPrefixes:                   e.MaxPrefixes,
-	}
-
-	if e.SubsequentAddressFamilyUnicast || e.SubsequentAddressFamilyMulticast {
-		ans.Safi = &safi{
-			SubsequentAddressFamilyUnicast:   util.YesNo(e.SubsequentAddressFamilyUnicast),
-			SubsequentAddressFamilyMulticast: util.YesNo(e.SubsequentAddressFamilyMulticast),
-		}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	hasIn := e.AllowIncomingConnections || e.IncomingConnectionsRemotePort != 0
-	hasOut := e.AllowOutgoingConnections || e.OutgoingConnectionsLocalPort != 0
-
-	if hasIn || hasOut || e.AuthProfile != "" || e.KeepAliveInterval != 0 || e.MultiHop != 0 || e.OpenDelayTime != 0 || e.HoldTime != 0 || e.IdleHoldTime != 0 || e.MinRouteAdvertisementInterval != 0 {
-		ans.Options = &opts_v2{
-			AuthProfile:                   e.AuthProfile,
-			KeepAliveInterval:             e.KeepAliveInterval,
-			MultiHop:                      e.MultiHop,
-			OpenDelayTime:                 e.OpenDelayTime,
-			HoldTime:                      e.HoldTime,
-			IdleHoldTime:                  e.IdleHoldTime,
-			MinRouteAdvertisementInterval: e.MinRouteAdvertisementInterval,
-		}
-
-		if hasIn {
-			ans.Options.BgpIn = &bgpIn{
-				AllowIncomingConnections:      util.YesNo(e.AllowIncomingConnections),
-				IncomingConnectionsRemotePort: e.IncomingConnectionsRemotePort,
-			}
-		}
-
-		if hasOut {
-			ans.Options.BgpOut = &bgpOut{
-				AllowOutgoingConnections:     util.YesNo(e.AllowOutgoingConnections),
-				OutgoingConnectionsLocalPort: e.OutgoingConnectionsLocalPort,
-			}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/peer/funcs.go b/netw/routing/protocol/bgp/peer/funcs.go
deleted file mode 100644
index 61ea8e1b..00000000
--- a/netw/routing/protocol/bgp/peer/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package peer
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/fw.go b/netw/routing/protocol/bgp/peer/fw.go
deleted file mode 100644
index f0f1061d..00000000
--- a/netw/routing/protocol/bgp/peer/fw.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package peer
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpPeer namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, pg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, pg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, pg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, pg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, pg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, pg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, pg string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, pg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, pg string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, pg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, pg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, pg), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, pg), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, pg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, pg, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, pg string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if pg == "" {
-		return nil, fmt.Errorf("pg must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"peer-group",
-		util.AsEntryXpath([]string{pg}),
-		"peer",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/peer/fw_test.go b/netw/routing/protocol/bgp/peer/fw_test.go
deleted file mode 100644
index 238e8fb7..00000000
--- a/netw/routing/protocol/bgp/peer/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package peer
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", "pg", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", "pg", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/group/const.go b/netw/routing/protocol/bgp/peer/group/const.go
deleted file mode 100644
index c98f3dcb..00000000
--- a/netw/routing/protocol/bgp/peer/group/const.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package group
-
-// Valid values for Type.
-const (
-	TypeEbgp       = "ebgp"
-	TypeEbgpConfed = "ebgp-confed"
-	TypeIbgp       = "ibgp"
-	TypeIbgpConfed = "ibgp-confed"
-)
-
-// Valid values for ExportNextHop and ImportNextHop.
-// NextHopResolve is valid only for ExportNextHop for TypeEbgp.
-// NextHopUsePeer is valid only for ImportNextHop for TypeEbgp.
-const (
-	NextHopOriginal = "original"
-	NextHopUseSelf  = "use-self"
-	NextHopResolve  = "resolve"
-	NextHopUsePeer  = "use-peer"
-)
-
-const (
-	singular = "bgp peer group"
-	plural   = "bgp peer groups"
-)
diff --git a/netw/routing/protocol/bgp/peer/group/doc.go b/netw/routing/protocol/bgp/peer/group/doc.go
deleted file mode 100644
index 0ac535df..00000000
--- a/netw/routing/protocol/bgp/peer/group/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package group is the client.Network.BgpPeerGroup namespace.
-
-Normalized object:  Entry
-*/
-package group
diff --git a/netw/routing/protocol/bgp/peer/group/entry.go b/netw/routing/protocol/bgp/peer/group/entry.go
deleted file mode 100644
index 7cb3cc17..00000000
--- a/netw/routing/protocol/bgp/peer/group/entry.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a BGP
-// peer group.
-type Entry struct {
-	Name                    string
-	Enable                  bool
-	AggregatedConfedAsPath  bool
-	SoftResetWithStoredInfo bool
-	Type                    string
-	ExportNextHop           string
-	ImportNextHop           string
-	RemovePrivateAs         bool
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AggregatedConfedAsPath = s.AggregatedConfedAsPath
-	o.SoftResetWithStoredInfo = s.SoftResetWithStoredInfo
-	o.Type = s.Type
-	o.ExportNextHop = s.ExportNextHop
-	o.ImportNextHop = s.ImportNextHop
-	o.RemovePrivateAs = s.RemovePrivateAs
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		Enable:                  util.AsBool(o.Enable),
-		AggregatedConfedAsPath:  util.AsBool(o.AggregatedConfedAsPath),
-		SoftResetWithStoredInfo: util.AsBool(o.SoftResetWithStoredInfo),
-	}
-
-	if o.Type == nil {
-		ans.Type = TypeEbgp
-	} else if o.Type.Ebgp != nil {
-		ans.Type = TypeEbgp
-		ans.ExportNextHop = o.Type.Ebgp.ExportNextHop
-		ans.ImportNextHop = o.Type.Ebgp.ImportNextHop
-		ans.RemovePrivateAs = util.AsBool(o.Type.Ebgp.RemovePrivateAs)
-	} else if o.Type.EbgpConfed != nil {
-		ans.Type = TypeEbgpConfed
-		ans.ExportNextHop = o.Type.EbgpConfed.ExportNextHop
-	} else if o.Type.Ibgp != nil {
-		ans.Type = TypeIbgp
-		ans.ExportNextHop = o.Type.Ibgp.ExportNextHop
-	} else if o.Type.IbgpConfed != nil {
-		ans.Type = TypeIbgpConfed
-		ans.ExportNextHop = o.Type.IbgpConfed.ExportNextHop
-	}
-
-	if o.Peer != nil {
-		ans.raw = map[string]string{
-			"peer": util.CleanRawXml(o.Peer.Text),
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                 xml.Name     `xml:"entry"`
-	Name                    string       `xml:"name,attr"`
-	Enable                  string       `xml:"enable"`
-	AggregatedConfedAsPath  string       `xml:"aggregated-confed-as-path"`
-	SoftResetWithStoredInfo string       `xml:"soft-reset-with-stored-info"`
-	Type                    *gType       `xml:"type"`
-	Peer                    *util.RawXml `xml:"peer"`
-}
-
-type gType struct {
-	Ebgp       *ebgpOptions  `xml:"ebgp"`
-	EbgpConfed *basicOptions `xml:"ebgp-confed"`
-	Ibgp       *basicOptions `xml:"ibgp"`
-	IbgpConfed *basicOptions `xml:"ibgp-confed"`
-}
-
-type ebgpOptions struct {
-	ExportNextHop   string `xml:"export-nexthop,omitempty"`
-	ImportNextHop   string `xml:"import-nexthop,omitempty"`
-	RemovePrivateAs string `xml:"remove-private-as"`
-}
-
-type basicOptions struct {
-	ExportNextHop string `xml:"export-nexthop,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                    e.Name,
-		Enable:                  util.YesNo(e.Enable),
-		AggregatedConfedAsPath:  util.YesNo(e.AggregatedConfedAsPath),
-		SoftResetWithStoredInfo: util.YesNo(e.SoftResetWithStoredInfo),
-	}
-
-	switch e.Type {
-	case TypeEbgp:
-		ans.Type = &gType{
-			Ebgp: &ebgpOptions{
-				ExportNextHop:   e.ExportNextHop,
-				ImportNextHop:   e.ImportNextHop,
-				RemovePrivateAs: util.YesNo(e.RemovePrivateAs),
-			},
-		}
-	case TypeEbgpConfed:
-		ans.Type = &gType{
-			EbgpConfed: &basicOptions{
-				ExportNextHop: e.ExportNextHop,
-			},
-		}
-	case TypeIbgp:
-		ans.Type = &gType{
-			Ibgp: &basicOptions{
-				ExportNextHop: e.ExportNextHop,
-			},
-		}
-	case TypeIbgpConfed:
-		ans.Type = &gType{
-			IbgpConfed: &basicOptions{
-				ExportNextHop: e.ExportNextHop,
-			},
-		}
-	}
-
-	if text, present := e.raw["peer"]; present {
-		ans.Peer = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/peer/group/funcs.go b/netw/routing/protocol/bgp/peer/group/funcs.go
deleted file mode 100644
index ed7ed4e2..00000000
--- a/netw/routing/protocol/bgp/peer/group/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/group/fw.go b/netw/routing/protocol/bgp/peer/group/fw.go
deleted file mode 100644
index 4f230b6f..00000000
--- a/netw/routing/protocol/bgp/peer/group/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpPeerGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"peer-group",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/peer/group/fw_test.go b/netw/routing/protocol/bgp/peer/group/fw_test.go
deleted file mode 100644
index 1035d867..00000000
--- a/netw/routing/protocol/bgp/peer/group/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/group/pano.go b/netw/routing/protocol/bgp/peer/group/pano.go
deleted file mode 100644
index 778a1f8d..00000000
--- a/netw/routing/protocol/bgp/peer/group/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpPeerGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"peer-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/peer/group/pano_test.go b/netw/routing/protocol/bgp/peer/group/pano_test.go
deleted file mode 100644
index f680d711..00000000
--- a/netw/routing/protocol/bgp/peer/group/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/group/testdata_test.go b/netw/routing/protocol/bgp/peer/group/testdata_test.go
deleted file mode 100644
index 178ec218..00000000
--- a/netw/routing/protocol/bgp/peer/group/testdata_test.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package group
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"ebgp check one", Entry{
-			Name:                    "ebgpOne",
-			Enable:                  true,
-			AggregatedConfedAsPath:  false,
-			SoftResetWithStoredInfo: true,
-			Type:                    TypeEbgp,
-			ExportNextHop:           NextHopResolve,
-			ImportNextHop:           NextHopUsePeer,
-			RemovePrivateAs:         false,
-		}},
-		{"ebgp check two with raw info", Entry{
-			Name:                    "ebgpTwo",
-			Enable:                  false,
-			AggregatedConfedAsPath:  true,
-			SoftResetWithStoredInfo: false,
-			Type:                    TypeEbgp,
-			ExportNextHop:           NextHopUseSelf,
-			ImportNextHop:           NextHopOriginal,
-			RemovePrivateAs:         true,
-			raw: map[string]string{
-				"peer": "peer info",
-			},
-		}},
-		{"ebgp confed", Entry{
-			Name:                    "ebgpConfed",
-			Enable:                  true,
-			AggregatedConfedAsPath:  true,
-			SoftResetWithStoredInfo: true,
-			Type:                    TypeEbgpConfed,
-			ExportNextHop:           NextHopOriginal,
-		}},
-		{"ibgp", Entry{
-			Name:                    "ibgp",
-			Enable:                  true,
-			AggregatedConfedAsPath:  true,
-			SoftResetWithStoredInfo: true,
-			Type:                    TypeIbgp,
-			ExportNextHop:           NextHopOriginal,
-		}},
-		{"ibgp confed", Entry{
-			Name:                    "ibgpConfed",
-			Enable:                  true,
-			AggregatedConfedAsPath:  true,
-			SoftResetWithStoredInfo: true,
-			Type:                    TypeIbgpConfed,
-			ExportNextHop:           NextHopOriginal,
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/pano.go b/netw/routing/protocol/bgp/peer/pano.go
deleted file mode 100644
index 12678102..00000000
--- a/netw/routing/protocol/bgp/peer/pano.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package peer
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpPeer namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, pg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, pg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, pg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, pg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, pg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, pg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, pg string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, pg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, pg string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, pg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, pg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, pg), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, pg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, pg), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, pg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, pg), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, pg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, pg, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, pg string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if pg == "" {
-		return nil, fmt.Errorf("pg must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"peer-group",
-		util.AsEntryXpath([]string{pg}),
-		"peer",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/peer/pano_test.go b/netw/routing/protocol/bgp/peer/pano_test.go
deleted file mode 100644
index 8809996b..00000000
--- a/netw/routing/protocol/bgp/peer/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package peer
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", "pg", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", "pg", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/peer/testdata_test.go b/netw/routing/protocol/bgp/peer/testdata_test.go
deleted file mode 100644
index 81048365..00000000
--- a/netw/routing/protocol/bgp/peer/testdata_test.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package peer
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1", version.Number{6, 1, 0, ""}, Entry{
-			Name:                          "v1",
-			Enable:                        true,
-			PeerAs:                        "peer as",
-			LocalAddressInterface:         "ethernet1/1",
-			LocalAddressIp:                "2.2.2.2",
-			PeerAddressIp:                 "3.3.3.3",
-			ReflectorClient:               ReflectorClientNonClient,
-			PeeringType:                   PeeringTypeBilateral,
-			MaxPrefixes:                   MaxPrefixesUnlimited,
-			AuthProfile:                   "my auth profile",
-			KeepAliveInterval:             30,
-			MultiHop:                      2,
-			OpenDelayTime:                 3,
-			HoldTime:                      4,
-			IdleHoldTime:                  5,
-			AllowIncomingConnections:      true,
-			IncomingConnectionsRemotePort: 1010,
-			AllowOutgoingConnections:      true,
-			OutgoingConnectionsLocalPort:  2020,
-		}},
-		{"v2", version.Number{7, 1, 0, ""}, Entry{
-			Name:                          "v2",
-			Enable:                        false,
-			PeerAs:                        "peer as",
-			LocalAddressInterface:         "ethernet1/2",
-			LocalAddressIp:                "2.2.2.2",
-			PeerAddressIp:                 "3.3.3.3",
-			ReflectorClient:               ReflectorClientClient,
-			PeeringType:                   PeeringTypeBilateral,
-			MaxPrefixes:                   MaxPrefixesUnlimited,
-			AuthProfile:                   "my auth profile",
-			KeepAliveInterval:             30,
-			MultiHop:                      2,
-			OpenDelayTime:                 3,
-			HoldTime:                      4,
-			IdleHoldTime:                  5,
-			AllowIncomingConnections:      true,
-			IncomingConnectionsRemotePort: 1010,
-			AllowOutgoingConnections:      true,
-			OutgoingConnectionsLocalPort:  2020,
-			BfdProfile:                    BfdProfileInherit,
-		}},
-		{"v3", version.Number{8, 0, 0, ""}, Entry{
-			Name:                           "v3",
-			Enable:                         true,
-			PeerAs:                         "peer as",
-			LocalAddressInterface:          "ethernet1/2",
-			LocalAddressIp:                 "2.2.2.2",
-			PeerAddressIp:                  "3.3.3.3",
-			ReflectorClient:                ReflectorClientMeshedClient,
-			PeeringType:                    PeeringTypeUnspecified,
-			MaxPrefixes:                    MaxPrefixesUnlimited,
-			AuthProfile:                    "my auth profile",
-			KeepAliveInterval:              30,
-			MultiHop:                       2,
-			OpenDelayTime:                  3,
-			HoldTime:                       4,
-			IdleHoldTime:                   5,
-			AllowIncomingConnections:       true,
-			IncomingConnectionsRemotePort:  1010,
-			AllowOutgoingConnections:       true,
-			OutgoingConnectionsLocalPort:   2020,
-			BfdProfile:                     BfdProfileNone,
-			EnableMpBgp:                    true,
-			AddressFamilyType:              AddressFamilyTypeIpv4,
-			SubsequentAddressFamilyUnicast: true,
-			EnableSenderSideLoopDetection:  true,
-		}},
-		{"v4", version.Number{8, 1, 0, ""}, Entry{
-			Name:                             "v4",
-			Enable:                           false,
-			PeerAs:                           "peer as",
-			LocalAddressInterface:            "ethernet1/3",
-			LocalAddressIp:                   "2.2.2.2",
-			PeerAddressIp:                    "3.3.3.3",
-			ReflectorClient:                  ReflectorClientMeshedClient,
-			PeeringType:                      PeeringTypeUnspecified,
-			MaxPrefixes:                      "42",
-			AuthProfile:                      "my auth profile",
-			KeepAliveInterval:                30,
-			MultiHop:                         2,
-			OpenDelayTime:                    3,
-			HoldTime:                         4,
-			IdleHoldTime:                     5,
-			AllowIncomingConnections:         false,
-			IncomingConnectionsRemotePort:    1010,
-			AllowOutgoingConnections:         false,
-			OutgoingConnectionsLocalPort:     2020,
-			BfdProfile:                       "my bfd profile",
-			EnableMpBgp:                      false,
-			AddressFamilyType:                AddressFamilyTypeIpv6,
-			SubsequentAddressFamilyMulticast: true,
-			EnableSenderSideLoopDetection:    false,
-			MinRouteAdvertisementInterval:    77,
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/const.go b/netw/routing/protocol/bgp/profile/auth/const.go
deleted file mode 100644
index aa3548a8..00000000
--- a/netw/routing/protocol/bgp/profile/auth/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package auth
-
-const (
-	singular = "auth profile"
-	plural   = "auth profiles"
-)
diff --git a/netw/routing/protocol/bgp/profile/auth/doc.go b/netw/routing/protocol/bgp/profile/auth/doc.go
deleted file mode 100644
index e001a97b..00000000
--- a/netw/routing/protocol/bgp/profile/auth/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package auth is the client.Network.BgpAuthProfile namespace.
-
-Normalized object:  Entry
-*/
-package auth
diff --git a/netw/routing/protocol/bgp/profile/auth/entry.go b/netw/routing/protocol/bgp/profile/auth/entry.go
deleted file mode 100644
index ed56ceb6..00000000
--- a/netw/routing/protocol/bgp/profile/auth/entry.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package auth
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an auth profile.
-type Entry struct {
-	Name   string
-	Secret string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Secret = s.Secret
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:   o.Name,
-		Secret: o.Secret,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Secret  string   `xml:"secret,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:   e.Name,
-		Secret: e.Secret,
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/funcs.go b/netw/routing/protocol/bgp/profile/auth/funcs.go
deleted file mode 100644
index 940043d7..00000000
--- a/netw/routing/protocol/bgp/profile/auth/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/fw.go b/netw/routing/protocol/bgp/profile/auth/fw.go
deleted file mode 100644
index 3dcaf0ef..00000000
--- a/netw/routing/protocol/bgp/profile/auth/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpAuthProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"auth-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/fw_test.go b/netw/routing/protocol/bgp/profile/auth/fw_test.go
deleted file mode 100644
index 1e7af5b1..00000000
--- a/netw/routing/protocol/bgp/profile/auth/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package auth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/pano.go b/netw/routing/protocol/bgp/profile/auth/pano.go
deleted file mode 100644
index 595f748e..00000000
--- a/netw/routing/protocol/bgp/profile/auth/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpAuthProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"auth-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/pano_test.go b/netw/routing/protocol/bgp/profile/auth/pano_test.go
deleted file mode 100644
index 8d4c0f00..00000000
--- a/netw/routing/protocol/bgp/profile/auth/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package auth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/auth/testdata_test.go b/netw/routing/protocol/bgp/profile/auth/testdata_test.go
deleted file mode 100644
index 8050b8e8..00000000
--- a/netw/routing/protocol/bgp/profile/auth/testdata_test.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package auth
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"no secret", Entry{
-			Name: "one",
-		}},
-		{"with secret", Entry{
-			Name:   "two",
-			Secret: "secret",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/const.go b/netw/routing/protocol/bgp/profile/dampening/const.go
deleted file mode 100644
index 5f863b90..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package dampening
-
-const (
-	singular = "dampening profile"
-	plural   = "dampening profiles"
-)
diff --git a/netw/routing/protocol/bgp/profile/dampening/doc.go b/netw/routing/protocol/bgp/profile/dampening/doc.go
deleted file mode 100644
index 0d07fa5e..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package dampening is the client.Network.BgpDampeningProfile namespace.
-
-Normalized object:  Entry
-*/
-package dampening
diff --git a/netw/routing/protocol/bgp/profile/dampening/entry.go b/netw/routing/protocol/bgp/profile/dampening/entry.go
deleted file mode 100644
index 41942f21..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/entry.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package dampening
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a dampening
-// profile.
-type Entry struct {
-	Name                     string
-	Enable                   bool
-	Cutoff                   float64
-	Reuse                    float64
-	MaxHoldTime              int
-	DecayHalfLifeReachable   int
-	DecayHalfLifeUnreachable int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.Cutoff = s.Cutoff
-	o.Reuse = s.Reuse
-	o.MaxHoldTime = s.MaxHoldTime
-	o.DecayHalfLifeReachable = s.DecayHalfLifeReachable
-	o.DecayHalfLifeUnreachable = s.DecayHalfLifeUnreachable
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                     o.Name,
-		Enable:                   util.AsBool(o.Enable),
-		Cutoff:                   o.Cutoff,
-		Reuse:                    o.Reuse,
-		MaxHoldTime:              o.MaxHoldTime,
-		DecayHalfLifeReachable:   o.DecayHalfLifeReachable,
-		DecayHalfLifeUnreachable: o.DecayHalfLifeUnreachable,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                  xml.Name `xml:"entry"`
-	Name                     string   `xml:"name,attr"`
-	Enable                   string   `xml:"enable"`
-	Cutoff                   float64  `xml:"cutoff,omitempty"`
-	Reuse                    float64  `xml:"reuse,omitempty"`
-	MaxHoldTime              int      `xml:"max-hold-time,omitempty"`
-	DecayHalfLifeReachable   int      `xml:"decay-half-life-reachable,omitempty"`
-	DecayHalfLifeUnreachable int      `xml:"decay-half-life-unreachable,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                     e.Name,
-		Enable:                   util.YesNo(e.Enable),
-		Cutoff:                   e.Cutoff,
-		Reuse:                    e.Reuse,
-		MaxHoldTime:              e.MaxHoldTime,
-		DecayHalfLifeReachable:   e.DecayHalfLifeReachable,
-		DecayHalfLifeUnreachable: e.DecayHalfLifeUnreachable,
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/funcs.go b/netw/routing/protocol/bgp/profile/dampening/funcs.go
deleted file mode 100644
index f9877ef1..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package dampening
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/fw.go b/netw/routing/protocol/bgp/profile/dampening/fw.go
deleted file mode 100644
index 7a4e0915..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package dampening
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpDampeningProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"dampening-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/fw_test.go b/netw/routing/protocol/bgp/profile/dampening/fw_test.go
deleted file mode 100644
index b5e53dfd..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dampening
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/pano.go b/netw/routing/protocol/bgp/profile/dampening/pano.go
deleted file mode 100644
index dd24977a..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package dampening
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpDampeningProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"dampening-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/pano_test.go b/netw/routing/protocol/bgp/profile/dampening/pano_test.go
deleted file mode 100644
index a21e7487..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dampening
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/profile/dampening/testdata_test.go b/netw/routing/protocol/bgp/profile/dampening/testdata_test.go
deleted file mode 100644
index 916932f3..00000000
--- a/netw/routing/protocol/bgp/profile/dampening/testdata_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package dampening
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"with enable", Entry{
-			Name:                     "with enable",
-			Enable:                   true,
-			Cutoff:                   1.25,
-			Reuse:                    0.5,
-			MaxHoldTime:              900,
-			DecayHalfLifeReachable:   300,
-			DecayHalfLifeUnreachable: 900,
-		}},
-		{"without enable", Entry{
-			Name:                     "without enable",
-			Enable:                   false,
-			Cutoff:                   2,
-			Reuse:                    500,
-			MaxHoldTime:              600,
-			DecayHalfLifeReachable:   700,
-			DecayHalfLifeUnreachable: 800,
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/redist/const.go b/netw/routing/protocol/bgp/redist/const.go
deleted file mode 100644
index 6cde49a0..00000000
--- a/netw/routing/protocol/bgp/redist/const.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package redist
-
-// Valid values for AddressFamily (PAN-OS 8.0+).
-const (
-	AddressFamilyIpv4 = "ipv4"
-	AddressFamilyIpv6 = "ipv6"
-)
-
-// Valid values for RouteTable (PAN-OS 8.0+).
-const (
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-// Valid values for Origin.
-const (
-	SetOriginIgp        = "igp"
-	SetOriginEgp        = "egp"
-	SetOriginIncomplete = "incomplete"
-)
-
-const (
-	singular = "bgp redistribution rule"
-	plural   = "bgp redistribution rules"
-)
diff --git a/netw/routing/protocol/bgp/redist/doc.go b/netw/routing/protocol/bgp/redist/doc.go
deleted file mode 100644
index e31705cf..00000000
--- a/netw/routing/protocol/bgp/redist/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package redist is the client.Network.BgpRedistRule namespace.
-
-Normalized object:  Entry
-*/
-package redist
diff --git a/netw/routing/protocol/bgp/redist/entry.go b/netw/routing/protocol/bgp/redist/entry.go
deleted file mode 100644
index 62393887..00000000
--- a/netw/routing/protocol/bgp/redist/entry.go
+++ /dev/null
@@ -1,191 +0,0 @@
-package redist
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// BGP redistribution rule.
-type Entry struct {
-	Name                 string
-	Enable               bool
-	AddressFamily        string
-	RouteTable           string // 8.0+
-	Metric               int
-	SetOrigin            string
-	SetMed               string
-	SetLocalPreference   string
-	SetAsPathLimit       int
-	SetCommunity         []string
-	SetExtendedCommunity []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.AddressFamily = s.AddressFamily
-	o.RouteTable = s.RouteTable
-	o.Metric = s.Metric
-	o.SetOrigin = s.SetOrigin
-	o.SetMed = s.SetMed
-	o.SetLocalPreference = s.SetLocalPreference
-	o.SetAsPathLimit = s.SetAsPathLimit
-	o.SetCommunity = s.SetCommunity
-	o.SetExtendedCommunity = s.SetExtendedCommunity
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Enable:               util.AsBool(o.Enable),
-		Metric:               o.Metric,
-		SetOrigin:            o.SetOrigin,
-		SetMed:               o.SetMed,
-		SetLocalPreference:   o.SetLocalPreference,
-		SetAsPathLimit:       o.SetAsPathLimit,
-		SetCommunity:         util.MemToStr(o.SetCommunity),
-		SetExtendedCommunity: util.MemToStr(o.SetExtendedCommunity),
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Enable:               util.AsBool(o.Enable),
-		AddressFamily:        o.AddressFamily,
-		RouteTable:           o.RouteTable,
-		Metric:               o.Metric,
-		SetOrigin:            o.SetOrigin,
-		SetMed:               o.SetMed,
-		SetLocalPreference:   o.SetLocalPreference,
-		SetAsPathLimit:       o.SetAsPathLimit,
-		SetCommunity:         util.MemToStr(o.SetCommunity),
-		SetExtendedCommunity: util.MemToStr(o.SetExtendedCommunity),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Enable               string           `xml:"enable"`
-	Metric               int              `xml:"metric,omitempty"`
-	SetOrigin            string           `xml:"set-origin,omitempty"`
-	SetMed               string           `xml:"set-med,omitempty"`
-	SetLocalPreference   string           `xml:"set-local-preference,omitempty"`
-	SetAsPathLimit       int              `xml:"set-as-path-limit,omitempty"`
-	SetCommunity         *util.MemberType `xml:"set-community"`
-	SetExtendedCommunity *util.MemberType `xml:"set-extended-community"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		Enable:               util.YesNo(e.Enable),
-		Metric:               e.Metric,
-		SetOrigin:            e.SetOrigin,
-		SetMed:               e.SetMed,
-		SetLocalPreference:   e.SetLocalPreference,
-		SetAsPathLimit:       e.SetAsPathLimit,
-		SetCommunity:         util.StrToMem(e.SetCommunity),
-		SetExtendedCommunity: util.StrToMem(e.SetExtendedCommunity),
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Enable               string           `xml:"enable"`
-	AddressFamily        string           `xml:"address-family-identifier"`
-	RouteTable           string           `xml:"route-table,omitempty"`
-	Metric               int              `xml:"metric,omitempty"`
-	SetOrigin            string           `xml:"set-origin,omitempty"`
-	SetMed               string           `xml:"set-med,omitempty"`
-	SetLocalPreference   string           `xml:"set-local-preference,omitempty"`
-	SetAsPathLimit       int              `xml:"set-as-path-limit,omitempty"`
-	SetCommunity         *util.MemberType `xml:"set-community"`
-	SetExtendedCommunity *util.MemberType `xml:"set-extended-community"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                 e.Name,
-		Enable:               util.YesNo(e.Enable),
-		AddressFamily:        e.AddressFamily,
-		RouteTable:           e.RouteTable,
-		Metric:               e.Metric,
-		SetOrigin:            e.SetOrigin,
-		SetMed:               e.SetMed,
-		SetLocalPreference:   e.SetLocalPreference,
-		SetAsPathLimit:       e.SetAsPathLimit,
-		SetCommunity:         util.StrToMem(e.SetCommunity),
-		SetExtendedCommunity: util.StrToMem(e.SetExtendedCommunity),
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/bgp/redist/funcs.go b/netw/routing/protocol/bgp/redist/funcs.go
deleted file mode 100644
index 88f74446..00000000
--- a/netw/routing/protocol/bgp/redist/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package redist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/bgp/redist/fw.go b/netw/routing/protocol/bgp/redist/fw.go
deleted file mode 100644
index 71b42877..00000000
--- a/netw/routing/protocol/bgp/redist/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package redist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpRedistRule namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"redist-rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/redist/fw_test.go b/netw/routing/protocol/bgp/redist/fw_test.go
deleted file mode 100644
index 25b2c092..00000000
--- a/netw/routing/protocol/bgp/redist/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package redist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/redist/pano.go b/netw/routing/protocol/bgp/redist/pano.go
deleted file mode 100644
index 8db15dcd..00000000
--- a/netw/routing/protocol/bgp/redist/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package redist
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.BgpRedistRule namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"bgp",
-		"redist-rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/bgp/redist/pano_test.go b/netw/routing/protocol/bgp/redist/pano_test.go
deleted file mode 100644
index 27c8e511..00000000
--- a/netw/routing/protocol/bgp/redist/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package redist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", "vr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", "vr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/bgp/redist/testdata_test.go b/netw/routing/protocol/bgp/redist/testdata_test.go
deleted file mode 100644
index 7e605fd6..00000000
--- a/netw/routing/protocol/bgp/redist/testdata_test.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package redist
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 disable", version.Number{7, 0, 0, ""}, Entry{
-			Name:                 "one",
-			Enable:               false,
-			Metric:               42,
-			SetOrigin:            "origin",
-			SetMed:               "med",
-			SetLocalPreference:   "localpref",
-			SetAsPathLimit:       1,
-			SetCommunity:         []string{"com1", "com2"},
-			SetExtendedCommunity: []string{"ec1", "ec2"},
-		}},
-		{"v1 enable", version.Number{7, 0, 0, ""}, Entry{
-			Name:                 "two",
-			Enable:               true,
-			Metric:               42,
-			SetOrigin:            "origin",
-			SetMed:               "med",
-			SetLocalPreference:   "localpref",
-			SetAsPathLimit:       2,
-			SetCommunity:         []string{"com1", "com2"},
-			SetExtendedCommunity: []string{"ec1", "ec2"},
-		}},
-		{"v2 disable", version.Number{8, 0, 0, ""}, Entry{
-			Name:                 "three",
-			Enable:               false,
-			AddressFamily:        AddressFamilyIpv4,
-			Metric:               42,
-			SetOrigin:            "origin",
-			SetMed:               "med",
-			SetLocalPreference:   "localpref",
-			SetAsPathLimit:       3,
-			SetCommunity:         []string{"com1", "com2"},
-			SetExtendedCommunity: []string{"ec1", "ec2"},
-		}},
-		{"v2 enable", version.Number{8, 0, 0, ""}, Entry{
-			Name:                 "four",
-			Enable:               true,
-			AddressFamily:        AddressFamilyIpv6,
-			RouteTable:           RouteTableBoth,
-			Metric:               42,
-			SetOrigin:            "origin",
-			SetMed:               "med",
-			SetLocalPreference:   "localpref",
-			SetAsPathLimit:       4,
-			SetCommunity:         []string{"com1", "com2"},
-			SetExtendedCommunity: []string{"ec1", "ec2"},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/bgp/testdata_test.go b/netw/routing/protocol/bgp/testdata_test.go
deleted file mode 100644
index 0b5bed3d..00000000
--- a/netw/routing/protocol/bgp/testdata_test.go
+++ /dev/null
@@ -1,212 +0,0 @@
-package bgp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 bgp no raw", version.Number{6, 1, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat2Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-		}},
-		{"v1 bgp with raw", version.Number{6, 1, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat4Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-			raw: map[string]string{
-				"orf":  "outbound route filter",
-				"ap":   "auth profile",
-				"dp":   "dampening profile",
-				"pg":   "peer group",
-				"poli": "policy",
-				"rr":   "redist rules",
-			},
-		}},
-		{"v2 bgp no raw", version.Number{7, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat2Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-		}},
-		{"v2 bgp with raw", version.Number{7, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat4Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-			raw: map[string]string{
-				"orf":  "outbound route filter",
-				"ap":   "auth profile",
-				"dp":   "dampening profile",
-				"pg":   "peer group",
-				"poli": "policy",
-				"rr":   "redist rules",
-			},
-		}},
-		{"v3 bgp no raw", version.Number{7, 1, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			BfdProfile:                    "None",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat2Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-		}},
-		{"v3 bgp with raw", version.Number{7, 1, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			BfdProfile:                    "bfd profile",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat4Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-			raw: map[string]string{
-				"orf":  "outbound route filter",
-				"ap":   "auth profile",
-				"dp":   "dampening profile",
-				"pg":   "peer group",
-				"poli": "policy",
-				"rr":   "redist rules",
-			},
-		}},
-		{"v4 bgp no raw", version.Number{8, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			BfdProfile:                    "None",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat2Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnforceFirstAs:                true,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-		}},
-		{"v4 bgp with raw", version.Number{8, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			AsNumber:                      "as number",
-			BfdProfile:                    "bfd profile",
-			RejectDefaultRoute:            false,
-			InstallRoute:                  true,
-			AggregateMed:                  false,
-			DefaultLocalPreference:        "def local pref",
-			AsFormat:                      AsFormat4Byte,
-			AlwaysCompareMed:              true,
-			DeterministicMedComparison:    false,
-			EcmpMultiAs:                   true,
-			EnforceFirstAs:                false,
-			EnableGracefulRestart:         true,
-			StaleRouteTime:                2,
-			LocalRestartTime:              3,
-			MaxPeerRestartTime:            4,
-			ReflectorClusterId:            "reflector cluster id",
-			ConfederationMemberAs:         "conf mem as",
-			AllowRedistributeDefaultRoute: false,
-			raw: map[string]string{
-				"orf":  "outbound route filter",
-				"ap":   "auth profile",
-				"dp":   "dampening profile",
-				"pg":   "peer group",
-				"poli": "policy",
-				"rr":   "redist rules",
-			},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/const.go b/netw/routing/protocol/ospf/area/const.go
deleted file mode 100644
index 488e9ceb..00000000
--- a/netw/routing/protocol/ospf/area/const.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package area
-
-const (
-	// Type Values
-	TypeNormal = "normal"
-	TypeStub   = "stub"
-	TypeNssa   = "nssa"
-
-	// Range Action Values
-	ActionAdvertise = "advertise"
-	ActionSuppress  = "suppress"
-
-	// AdvertiseType Values
-	AdvertiseTypeExt1 = "ext-1"
-	AdvertiseTypeExt2 = "ext-2"
-)
-
-const (
-	singular = "ospf area"
-	plural   = "ospf areas"
-)
diff --git a/netw/routing/protocol/ospf/area/doc.go b/netw/routing/protocol/ospf/area/doc.go
deleted file mode 100644
index 16d12bf3..00000000
--- a/netw/routing/protocol/ospf/area/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package area is the client.Network.OspfArea namespace.
-
-Normalized object:  Entry
-*/
-package area
diff --git a/netw/routing/protocol/ospf/area/entry.go b/netw/routing/protocol/ospf/area/entry.go
deleted file mode 100644
index f6d8af1e..00000000
--- a/netw/routing/protocol/ospf/area/entry.go
+++ /dev/null
@@ -1,285 +0,0 @@
-package area
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an OSPF
-// area.
-type Entry struct {
-	Name                  string
-	Type                  string  // normal, stub, nssa
-	AcceptSummary         bool    // stub, nssa
-	DefaultRouteAdvertise bool    // stub, nssa
-	AdvertiseMetric       int     // stub, nssa
-	AdvertiseType         string  // nssa
-	ExtRanges             []Range // nssa
-	Ranges                []Range // area
-
-	raw map[string]string
-}
-
-type Range struct {
-	Network string
-	Action  string
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Type = s.Type
-	o.AcceptSummary = s.AcceptSummary
-	o.DefaultRouteAdvertise = s.DefaultRouteAdvertise
-	o.AdvertiseMetric = s.AdvertiseMetric
-	o.AdvertiseType = s.AdvertiseType
-	if s.ExtRanges == nil {
-		o.ExtRanges = nil
-	} else {
-		o.ExtRanges = make([]Range, len(s.ExtRanges))
-		copy(o.ExtRanges, s.ExtRanges)
-	}
-	if s.Ranges == nil {
-		o.Ranges = nil
-	} else {
-		o.Ranges = make([]Range, len(s.Ranges))
-		copy(o.Ranges, s.Ranges)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Ranges != nil && len(o.Ranges.Entry) > 0 {
-		ans.Ranges = make([]Range, 0, len(o.Ranges.Entry))
-		for i := range o.Ranges.Entry {
-			entry := Range{
-				Network: o.Ranges.Entry[i].Name,
-			}
-			switch {
-			case o.Ranges.Entry[i].Advertise != nil:
-				entry.Action = ActionAdvertise
-			case o.Ranges.Entry[i].Suppress != nil:
-				entry.Action = ActionSuppress
-			}
-			ans.Ranges = append(ans.Ranges, entry)
-		}
-	}
-
-	switch {
-	case o.Type.Normal != nil:
-		ans.Type = TypeNormal
-	case o.Type.Stub != nil:
-		ans.Type = TypeStub
-		ans.AcceptSummary = util.AsBool(o.Type.Stub.AcceptSummary)
-		if o.Type.Stub.DefaultRoute != nil {
-			if o.Type.Stub.DefaultRoute.Disable != nil {
-				ans.DefaultRouteAdvertise = false
-			}
-			if o.Type.Stub.DefaultRoute.Advertise != nil {
-				ans.DefaultRouteAdvertise = true
-				ans.AdvertiseMetric = o.Type.Stub.DefaultRoute.Advertise.Metric
-			}
-		}
-	case o.Type.Nssa != nil:
-		ans.Type = TypeNssa
-		ans.AcceptSummary = util.AsBool(o.Type.Nssa.AcceptSummary)
-		if o.Type.Nssa.DefaultRoute != nil {
-			if o.Type.Nssa.DefaultRoute.Disable != nil {
-				ans.DefaultRouteAdvertise = false
-			}
-			if o.Type.Nssa.DefaultRoute.Advertise != nil {
-				ans.DefaultRouteAdvertise = true
-				ans.AdvertiseMetric = o.Type.Nssa.DefaultRoute.Advertise.Metric
-				ans.AdvertiseType = o.Type.Nssa.DefaultRoute.Advertise.Type
-			}
-		}
-		if o.Type.Nssa.Ranges != nil && len(o.Type.Nssa.Ranges.Entry) > 0 {
-			ans.ExtRanges = make([]Range, 0, len(o.Type.Nssa.Ranges.Entry))
-			for i := range o.Type.Nssa.Ranges.Entry {
-				entry := Range{
-					Network: o.Type.Nssa.Ranges.Entry[i].Name,
-				}
-				switch {
-				case o.Type.Nssa.Ranges.Entry[i].Advertise != nil:
-					entry.Action = ActionAdvertise
-				case o.Type.Nssa.Ranges.Entry[i].Suppress != nil:
-					entry.Action = ActionSuppress
-				}
-				ans.ExtRanges = append(ans.ExtRanges, entry)
-			}
-		}
-	}
-
-	raw := make(map[string]string)
-	if o.Interface != nil {
-		raw["int"] = util.CleanRawXml(o.Interface.Text)
-	}
-	if o.VirtualLink != nil {
-		raw["link"] = util.CleanRawXml(o.VirtualLink.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name       `xml:"entry"`
-	Name    string         `xml:"name,attr"`
-	Type    areaType       `xml:"type"`
-	Ranges  *advrangeEntry `xml:"range"`
-
-	Interface   *util.RawXml `xml:"interface"`
-	VirtualLink *util.RawXml `xml:"virtual-link"`
-}
-
-type areaType struct {
-	Normal *string `xml:"normal"`
-	Stub   *stub   `xml:"stub"`
-	Nssa   *nssa   `xml:"nssa"`
-}
-
-type stub struct {
-	DefaultRoute  *defroute `xml:"default-route"`
-	AcceptSummary string    `xml:"accept-summary"`
-}
-
-type defroute struct {
-	Advertise *advertise `xml:"advertise"`
-	Disable   *string    `xml:"disable"`
-}
-
-type advertise struct {
-	Metric int    `xml:"metric,omitempty"`
-	Type   string `xml:"type,omitempty"`
-}
-
-type nssa struct {
-	DefaultRoute  *defroute      `xml:"default-route"`
-	AcceptSummary string         `xml:"accept-summary"`
-	Ranges        *advrangeEntry `xml:"nssa-ext-range"`
-}
-
-type advrangeEntry struct {
-	Entry []advrange `xml:"entry"`
-}
-
-type advrange struct {
-	Name      string  `xml:"name,attr"`
-	Advertise *string `xml:"advertise"`
-	Suppress  *string `xml:"suppress"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	s := ""
-
-	if len(e.Ranges) > 0 {
-		ans.Ranges = &advrangeEntry{}
-		ans.Ranges.Entry = make([]advrange, 0, len(e.Ranges))
-		for i := range e.Ranges {
-			entry := advrange{
-				Name: e.Ranges[i].Network,
-			}
-			switch e.Ranges[i].Action {
-			case ActionAdvertise:
-				entry.Advertise = &s
-			case ActionSuppress:
-				entry.Suppress = &s
-			}
-			ans.Ranges.Entry = append(ans.Ranges.Entry, entry)
-		}
-	}
-
-	switch e.Type {
-	case TypeNormal:
-		ans.Type = areaType{Normal: &s}
-	case TypeStub:
-		ans.Type = areaType{}
-		ans.Type.Stub = &stub{
-			DefaultRoute:  &defroute{},
-			AcceptSummary: util.YesNo(e.AcceptSummary),
-		}
-		if e.DefaultRouteAdvertise {
-			ans.Type.Stub.DefaultRoute.Advertise = &advertise{
-				Metric: e.AdvertiseMetric,
-			}
-		} else {
-			ans.Type.Stub.DefaultRoute.Disable = &s
-		}
-	case TypeNssa:
-		ans.Type = areaType{}
-		ans.Type.Nssa = &nssa{
-			DefaultRoute:  &defroute{},
-			AcceptSummary: util.YesNo(e.AcceptSummary),
-		}
-		if e.DefaultRouteAdvertise {
-			ans.Type.Nssa.DefaultRoute.Advertise = &advertise{
-				Metric: e.AdvertiseMetric,
-				Type:   e.AdvertiseType,
-			}
-		} else {
-			ans.Type.Nssa.DefaultRoute.Disable = &s
-		}
-		if len(e.ExtRanges) > 0 {
-			ans.Type.Nssa.Ranges = &advrangeEntry{}
-			ans.Type.Nssa.Ranges.Entry = make([]advrange, 0, len(e.ExtRanges))
-			for i := range e.ExtRanges {
-				entry := advrange{
-					Name: e.ExtRanges[i].Network,
-				}
-				switch e.ExtRanges[i].Action {
-				case ActionAdvertise:
-					entry.Advertise = &s
-				case ActionSuppress:
-					entry.Suppress = &s
-				}
-				ans.Type.Nssa.Ranges.Entry = append(ans.Type.Nssa.Ranges.Entry, entry)
-			}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/area/funcs.go b/netw/routing/protocol/ospf/area/funcs.go
deleted file mode 100644
index 90058dc9..00000000
--- a/netw/routing/protocol/ospf/area/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package area
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/fw.go b/netw/routing/protocol/ospf/area/fw.go
deleted file mode 100644
index 4ea1f39a..00000000
--- a/netw/routing/protocol/ospf/area/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package area
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.OspfArea namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/fw_test.go b/netw/routing/protocol/ospf/area/fw_test.go
deleted file mode 100644
index f7cc029b..00000000
--- a/netw/routing/protocol/ospf/area/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package area
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/iface/const.go b/netw/routing/protocol/ospf/area/iface/const.go
deleted file mode 100644
index d3357d01..00000000
--- a/netw/routing/protocol/ospf/area/iface/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package iface
-
-const (
-	// LinkType Values
-	LinkTypeBroadcast         = "broadcast"
-	LinkTypePointToPoint      = "p2p"
-	LinkTypePointToMultiPoint = "p2mp"
-)
-
-const (
-	singular = "ospf area interface"
-	plural   = "ospf area interfaces"
-)
diff --git a/netw/routing/protocol/ospf/area/iface/doc.go b/netw/routing/protocol/ospf/area/iface/doc.go
deleted file mode 100644
index 26055935..00000000
--- a/netw/routing/protocol/ospf/area/iface/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package iface is the client.Network.OspfAreaInterface namespace.
-
-Normalized object:  Entry
-*/
-package iface
diff --git a/netw/routing/protocol/ospf/area/iface/entry.go b/netw/routing/protocol/ospf/area/iface/entry.go
deleted file mode 100644
index 712d4e65..00000000
--- a/netw/routing/protocol/ospf/area/iface/entry.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package iface
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an OSPF
-// area interface.
-type Entry struct {
-	Name               string
-	Enable             bool
-	Passive            bool
-	LinkType           string
-	Metric             int
-	Priority           int
-	HelloInterval      int
-	DeadCounts         int
-	RetransmitInterval int
-	TransitDelay       int
-	GraceRestartDelay  int
-	AuthProfile        string
-	Neighbors          []string // unordered; p2mp link type only
-	BfdProfile         string
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.Passive = s.Passive
-	o.LinkType = s.LinkType
-	o.Metric = s.Metric
-	o.Priority = s.Priority
-	o.HelloInterval = s.HelloInterval
-	o.DeadCounts = s.DeadCounts
-	o.RetransmitInterval = s.RetransmitInterval
-	o.TransitDelay = s.TransitDelay
-	o.AuthProfile = s.AuthProfile
-	o.GraceRestartDelay = s.GraceRestartDelay
-	if s.Neighbors == nil {
-		o.Neighbors = nil
-	} else {
-		o.Neighbors = make([]string, len(s.Neighbors))
-		copy(o.Neighbors, s.Neighbors)
-	}
-	o.BfdProfile = s.BfdProfile
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:               o.Name,
-		Enable:             util.AsBool(o.Enable),
-		Passive:            util.AsBool(o.Passive),
-		Metric:             o.Metric,
-		Priority:           o.Priority,
-		HelloInterval:      o.HelloInterval,
-		DeadCounts:         o.DeadCounts,
-		RetransmitInterval: o.RetransmitInterval,
-		TransitDelay:       o.TransitDelay,
-		GraceRestartDelay:  o.GraceRestartDelay,
-		AuthProfile:        o.AuthProfile,
-		Neighbors:          util.EntToStr(o.Neighbors),
-	}
-
-	if o.LinkType != nil {
-		if o.LinkType.Broadcast != nil {
-			ans.LinkType = LinkTypeBroadcast
-		} else if o.LinkType.PointToPoint != nil {
-			ans.LinkType = LinkTypePointToPoint
-		} else if o.LinkType.PointToMultiPoint != nil {
-			ans.LinkType = LinkTypePointToMultiPoint
-		}
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName            xml.Name        `xml:"entry"`
-	Name               string          `xml:"name,attr"`
-	Enable             string          `xml:"enable"`
-	Passive            string          `xml:"passive"`
-	LinkType           *linktype       `xml:"link-type"`
-	Metric             int             `xml:"metric,omitempty"`
-	Priority           int             `xml:"priority"`
-	HelloInterval      int             `xml:"hello-interval"`
-	DeadCounts         int             `xml:"dead-counts,omitempty"`
-	RetransmitInterval int             `xml:"retransmit-interval,omitempty"`
-	TransitDelay       int             `xml:"transit-delay,omitempty"`
-	GraceRestartDelay  int             `xml:"gr-delay,omitempty"`
-	AuthProfile        string          `xml:"authentication,omitempty"`
-	Neighbors          *util.EntryType `xml:"neighbor"`
-	Bfd                *bfd            `xml:"bfd"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type localEntry_v1 entry_v1
-	ans := localEntry_v1{
-		Priority:           1,
-		Metric:             10,
-		HelloInterval:      10,
-		DeadCounts:         4,
-		RetransmitInterval: 5,
-		TransitDelay:       1,
-		GraceRestartDelay:  10,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-type linktype struct {
-	Broadcast         *string `xml:"broadcast"`
-	PointToPoint      *string `xml:"p2p"`
-	PointToMultiPoint *string `xml:"p2mp"`
-}
-
-type bfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:               e.Name,
-		Enable:             util.YesNo(e.Enable),
-		Passive:            util.YesNo(e.Passive),
-		Metric:             e.Metric,
-		Priority:           e.Priority,
-		HelloInterval:      e.HelloInterval,
-		DeadCounts:         e.DeadCounts,
-		RetransmitInterval: e.RetransmitInterval,
-		TransitDelay:       e.TransitDelay,
-		GraceRestartDelay:  e.GraceRestartDelay,
-		AuthProfile:        e.AuthProfile,
-		Neighbors:          util.StrToEnt(e.Neighbors),
-	}
-
-	s := ""
-
-	switch e.LinkType {
-	case LinkTypeBroadcast:
-		ans.LinkType = &linktype{Broadcast: &s}
-	case LinkTypePointToPoint:
-		ans.LinkType = &linktype{PointToPoint: &s}
-	case LinkTypePointToMultiPoint:
-		ans.LinkType = &linktype{PointToMultiPoint: &s}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{BfdProfile: e.BfdProfile}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/area/iface/funcs.go b/netw/routing/protocol/ospf/area/iface/funcs.go
deleted file mode 100644
index 1a10557a..00000000
--- a/netw/routing/protocol/ospf/area/iface/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package iface
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/iface/fw.go b/netw/routing/protocol/ospf/area/iface/fw.go
deleted file mode 100644
index 823ad1de..00000000
--- a/netw/routing/protocol/ospf/area/iface/fw.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package iface
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.OspfAreaInterface namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, area), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, area), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, area string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, area), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, area string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, area), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, area string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, area), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, area string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, area, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, area string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if area == "" {
-		return nil, fmt.Errorf("area must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath([]string{area}),
-		"interface",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/iface/fw_test.go b/netw/routing/protocol/ospf/area/iface/fw_test.go
deleted file mode 100644
index c14f8ae3..00000000
--- a/netw/routing/protocol/ospf/area/iface/fw_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package iface
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	area := "area 0"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, area, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr, area, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="myinterface">
-    <enable>yes</enable>
-</entry>
-`)
-	ans, err := ns.Get("vr", "area", "myinterface")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	}
-	if !ans.Enable {
-		t.Errorf("Not enabled")
-	}
-	if ans.Metric != 10 {
-		t.Errorf("Metric is not 10")
-	}
-	if ans.Priority != 1 {
-		t.Errorf("Priority is not 1")
-	}
-	if ans.HelloInterval != 10 {
-		t.Errorf("Hello interval is not 10")
-	}
-	if ans.DeadCounts != 4 {
-		t.Errorf("Dead counts is not 4")
-	}
-	if ans.RetransmitInterval != 5 {
-		t.Errorf("Retransmit interval is not 5")
-	}
-	if ans.TransitDelay != 1 {
-		t.Errorf("Transit delay is not 1")
-	}
-	if ans.GraceRestartDelay != 10 {
-		t.Errorf("Grace restart delay is not 10")
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/iface/pano.go b/netw/routing/protocol/ospf/area/iface/pano.go
deleted file mode 100644
index 45bdae2c..00000000
--- a/netw/routing/protocol/ospf/area/iface/pano.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package iface
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfAreaInterface namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, area), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, area), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, area string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, area), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, area string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, area), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, area string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, area), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, area string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, area, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, area string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if area == "" {
-		return nil, fmt.Errorf("area must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath([]string{area}),
-		"interface",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/iface/pano_test.go b/netw/routing/protocol/ospf/area/iface/pano_test.go
deleted file mode 100644
index ec961c00..00000000
--- a/netw/routing/protocol/ospf/area/iface/pano_test.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package iface
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	vr := "mockVr"
-	area := "area 0"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", vr, area, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", vr, area, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestPanoramaDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := PanoramaNamespace(mc)
-	mc.AddResp(`
-<entry name="myinterface">
-    <enable>yes</enable>
-</entry>
-`)
-	ans, err := ns.Get("tmpl", "", "vr", "area", "myinterface")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	}
-	if !ans.Enable {
-		t.Errorf("Not enabled")
-	}
-	if ans.Metric != 10 {
-		t.Errorf("Metric is not 10")
-	}
-	if ans.Priority != 1 {
-		t.Errorf("Priority is not 1")
-	}
-	if ans.HelloInterval != 10 {
-		t.Errorf("Hello interval is not 10")
-	}
-	if ans.DeadCounts != 4 {
-		t.Errorf("Dead counts is not 4")
-	}
-	if ans.RetransmitInterval != 5 {
-		t.Errorf("Retransmit interval is not 5")
-	}
-	if ans.TransitDelay != 1 {
-		t.Errorf("Transit delay is not 1")
-	}
-	if ans.GraceRestartDelay != 10 {
-		t.Errorf("Grace restart delay is not 10")
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/iface/testdata_test.go b/netw/routing/protocol/ospf/area/iface/testdata_test.go
deleted file mode 100644
index d8ef1c1e..00000000
--- a/netw/routing/protocol/ospf/area/iface/testdata_test.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package iface
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 area interface broadcast", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Enable:             true,
-			Passive:            true,
-			LinkType:           LinkTypeBroadcast,
-			Metric:             10,
-			Priority:           1,
-			HelloInterval:      10,
-			DeadCounts:         5,
-			RetransmitInterval: 10,
-			TransitDelay:       1,
-			GraceRestartDelay:  1,
-			AuthProfile:        "auth profile",
-			BfdProfile:         "bfd profile",
-		}},
-		{"v1 area interface p2p", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t2",
-			Enable:             true,
-			Passive:            true,
-			LinkType:           LinkTypePointToPoint,
-			Metric:             10,
-			Priority:           1,
-			HelloInterval:      10,
-			DeadCounts:         5,
-			RetransmitInterval: 10,
-			TransitDelay:       1,
-			GraceRestartDelay:  1,
-			AuthProfile:        "auth profile",
-			BfdProfile:         "bfd profile",
-		}},
-		{"v1 area interface p2mp", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t3",
-			Enable:             true,
-			Passive:            true,
-			LinkType:           LinkTypePointToMultiPoint,
-			Metric:             10,
-			Priority:           1,
-			HelloInterval:      10,
-			DeadCounts:         5,
-			RetransmitInterval: 10,
-			TransitDelay:       1,
-			GraceRestartDelay:  1,
-			AuthProfile:        "auth profile",
-			Neighbors: []string{
-				"10.1.1.1",
-				"192.1.1.1",
-			},
-			BfdProfile: "bfd profile",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/pano.go b/netw/routing/protocol/ospf/area/pano.go
deleted file mode 100644
index a90d6e21..00000000
--- a/netw/routing/protocol/ospf/area/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package area
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfArea namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/pano_test.go b/netw/routing/protocol/ospf/area/pano_test.go
deleted file mode 100644
index 8c3ad799..00000000
--- a/netw/routing/protocol/ospf/area/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package area
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/testdata_test.go b/netw/routing/protocol/ospf/area/testdata_test.go
deleted file mode 100644
index 7c6fd1be..00000000
--- a/netw/routing/protocol/ospf/area/testdata_test.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package area
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 area normal", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t1",
-			Type: TypeNormal,
-		}},
-		{"v1 area normal ranges", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t2",
-			Type: TypeNormal,
-			Ranges: []Range{
-				Range{
-					Network: "10.0.1.0/24",
-					Action:  ActionAdvertise,
-				},
-				Range{
-					Network: "10.0.2.0/24",
-					Action:  ActionSuppress,
-				},
-			},
-		}},
-		{"v1 area stub", version.Number{10, 0, 0, ""}, Entry{
-			Name:                  "t3",
-			Type:                  TypeStub,
-			AcceptSummary:         true,
-			DefaultRouteAdvertise: true,
-			AdvertiseMetric:       10,
-		}},
-		{"v1 area nssa", version.Number{10, 0, 0, ""}, Entry{
-			Name:                  "t4",
-			Type:                  TypeNssa,
-			AcceptSummary:         true,
-			DefaultRouteAdvertise: true,
-			AdvertiseMetric:       10,
-			AdvertiseType:         "advertise type",
-		}},
-		{"v1 area nssa ext ranges", version.Number{10, 0, 0, ""}, Entry{
-			Name:                  "t5",
-			Type:                  TypeNssa,
-			AcceptSummary:         true,
-			DefaultRouteAdvertise: true,
-			AdvertiseMetric:       10,
-			AdvertiseType:         "advertise type",
-			ExtRanges: []Range{
-				Range{
-					Network: "10.0.1.0/24",
-					Action:  ActionAdvertise,
-				},
-				Range{
-					Network: "10.0.2.0/24",
-					Action:  ActionSuppress,
-				},
-			},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/const.go b/netw/routing/protocol/ospf/area/vlink/const.go
deleted file mode 100644
index 3dff7a33..00000000
--- a/netw/routing/protocol/ospf/area/vlink/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package vlink
-
-const (
-	singular = "ospf area virtual link"
-	plural   = "ospf area virtual links"
-)
diff --git a/netw/routing/protocol/ospf/area/vlink/doc.go b/netw/routing/protocol/ospf/area/vlink/doc.go
deleted file mode 100644
index b0fa1f5a..00000000
--- a/netw/routing/protocol/ospf/area/vlink/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package vlink is the client.Network.OspfAreaVirtualLink namespace.
-
-Normalized object:  Entry
-*/
-package vlink
diff --git a/netw/routing/protocol/ospf/area/vlink/entry.go b/netw/routing/protocol/ospf/area/vlink/entry.go
deleted file mode 100644
index 5feec008..00000000
--- a/netw/routing/protocol/ospf/area/vlink/entry.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package vlink
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an OSPF
-// area virtual link.
-type Entry struct {
-	Name               string
-	Enable             bool
-	NeighborId         string
-	TransitAreaId      string
-	HelloInterval      int
-	DeadCounts         int
-	RetransmitInterval int
-	TransitDelay       int
-	AuthProfile        string
-	BfdProfile         string
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Enable = s.Enable
-	o.NeighborId = s.NeighborId
-	o.TransitAreaId = s.TransitAreaId
-	o.HelloInterval = s.HelloInterval
-	o.DeadCounts = s.DeadCounts
-	o.RetransmitInterval = s.RetransmitInterval
-	o.TransitDelay = s.TransitDelay
-	o.AuthProfile = s.AuthProfile
-	o.BfdProfile = s.BfdProfile
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:               o.Name,
-		Enable:             util.AsBool(o.Enable),
-		NeighborId:         o.NeighborId,
-		TransitAreaId:      o.TransitAreaId,
-		HelloInterval:      o.HelloInterval,
-		DeadCounts:         o.DeadCounts,
-		RetransmitInterval: o.RetransmitInterval,
-		TransitDelay:       o.TransitDelay,
-		AuthProfile:        o.AuthProfile,
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName            xml.Name `xml:"entry"`
-	Name               string   `xml:"name,attr"`
-	Enable             string   `xml:"enable"`
-	NeighborId         string   `xml:"neighbor-id"`
-	TransitAreaId      string   `xml:"transit-area-id"`
-	HelloInterval      int      `xml:"hello-interval,omitempty"`
-	DeadCounts         int      `xml:"dead-counts,omitempty"`
-	RetransmitInterval int      `xml:"retransmit-interval,omitempty"`
-	TransitDelay       int      `xml:"transit-delay,omitempty"`
-	AuthProfile        string   `xml:"authentication,omitempty"`
-	Bfd                *bfd     `xml:"bfd"`
-}
-
-type bfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:               e.Name,
-		Enable:             util.YesNo(e.Enable),
-		NeighborId:         e.NeighborId,
-		TransitAreaId:      e.TransitAreaId,
-		HelloInterval:      e.HelloInterval,
-		DeadCounts:         e.DeadCounts,
-		RetransmitInterval: e.RetransmitInterval,
-		TransitDelay:       e.TransitDelay,
-		AuthProfile:        e.AuthProfile,
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{BfdProfile: e.BfdProfile}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/funcs.go b/netw/routing/protocol/ospf/area/vlink/funcs.go
deleted file mode 100644
index f4e47e0d..00000000
--- a/netw/routing/protocol/ospf/area/vlink/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package vlink
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/fw.go b/netw/routing/protocol/ospf/area/vlink/fw.go
deleted file mode 100644
index a30f5bfe..00000000
--- a/netw/routing/protocol/ospf/area/vlink/fw.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package vlink
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.OspfAreaVirtualLink namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr, area), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr, area), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr, area string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr, area), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr, area string, e Entry) error {
-	return c.ns.Edit(c.pather(vr, area), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr, area string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr, area), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr, area), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr, area), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr, area string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, area, v)
-	}
-}
-
-func (c *Firewall) xpath(vr, area string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if area == "" {
-		return nil, fmt.Errorf("area must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath([]string{area}),
-		"virtual-link",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/fw_test.go b/netw/routing/protocol/ospf/area/vlink/fw_test.go
deleted file mode 100644
index f9bdec1b..00000000
--- a/netw/routing/protocol/ospf/area/vlink/fw_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package vlink
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	area := "area 0"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, area, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr, area, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/pano.go b/netw/routing/protocol/ospf/area/vlink/pano.go
deleted file mode 100644
index 96fc8a66..00000000
--- a/netw/routing/protocol/ospf/area/vlink/pano.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package vlink
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfAreaVirtualLink namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr, area), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr, area string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr, area), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr, area string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr, area), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr, area string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr, area), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr, area string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr, area), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, area, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr, area), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr, area string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr, area), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr, area string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, area, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr, area string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-	if area == "" {
-		return nil, fmt.Errorf("area must be specified")
-	}
-
-	ans := make([]string, 0, 17)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"area",
-		util.AsEntryXpath([]string{area}),
-		"virtual-link",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/pano_test.go b/netw/routing/protocol/ospf/area/vlink/pano_test.go
deleted file mode 100644
index 6b37a4fa..00000000
--- a/netw/routing/protocol/ospf/area/vlink/pano_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package vlink
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	vr := "mockVr"
-	area := "area 0"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("template1", "", vr, area, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("template1", "", vr, area, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/area/vlink/testdata_test.go b/netw/routing/protocol/ospf/area/vlink/testdata_test.go
deleted file mode 100644
index c227c047..00000000
--- a/netw/routing/protocol/ospf/area/vlink/testdata_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package vlink
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 area virtual link", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Enable:             true,
-			NeighborId:         "neighbor id",
-			TransitAreaId:      "transit area id",
-			HelloInterval:      2600,
-			DeadCounts:         20,
-			RetransmitInterval: 2600,
-			TransitDelay:       2600,
-			AuthProfile:        "auth profile",
-			BfdProfile:         "bfd profile",
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/config.go b/netw/routing/protocol/ospf/config.go
deleted file mode 100644
index 7c0a8864..00000000
--- a/netw/routing/protocol/ospf/config.go
+++ /dev/null
@@ -1,201 +0,0 @@
-package ospf
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Config is a normalized, version independent representation of a virtual
-// router's OSPF configuration.
-type Config struct {
-	Enable                        bool
-	RouterId                      string
-	RejectDefaultRoute            bool
-	AllowRedistributeDefaultRoute bool
-	Rfc1583                       bool
-	SpfCalculationDelay           float64
-	LsaInterval                   float64
-	EnableGracefulRestart         bool
-	GracePeriod                   int
-	HelperEnable                  bool
-	StrictLsaChecking             bool
-	MaxNeighborRestartTime        int
-	BfdProfile                    string // BFD profile or "None" to disable BFD
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.Enable = s.Enable
-	o.RouterId = s.RouterId
-	o.RejectDefaultRoute = s.RejectDefaultRoute
-	o.AllowRedistributeDefaultRoute = s.AllowRedistributeDefaultRoute
-	o.Rfc1583 = s.Rfc1583
-	o.SpfCalculationDelay = s.SpfCalculationDelay
-	o.LsaInterval = s.LsaInterval
-	o.EnableGracefulRestart = s.EnableGracefulRestart
-	o.GracePeriod = s.GracePeriod
-	o.HelperEnable = s.HelperEnable
-	o.StrictLsaChecking = s.StrictLsaChecking
-	o.MaxNeighborRestartTime = s.MaxNeighborRestartTime
-	o.BfdProfile = s.BfdProfile
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return "", fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Config
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"ospf"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for _ = range o.Answer {
-		ans = append(ans, "")
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Config {
-	ans := Config{
-		Enable:                        util.AsBool(o.Enable),
-		RouterId:                      o.RouterId,
-		RejectDefaultRoute:            util.AsBool(o.RejectDefaultRoute),
-		AllowRedistributeDefaultRoute: util.AsBool(o.AllowRedistributeDefaultRoute),
-		Rfc1583:                       util.AsBool(o.Rfc1583),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Timers != nil {
-		ans.SpfCalculationDelay = o.Timers.SpfCalculationDelay
-		ans.LsaInterval = o.Timers.LsaInterval
-	}
-	if o.GracefulRestart != nil {
-		ans.EnableGracefulRestart = util.AsBool(o.GracefulRestart.EnableGracefulRestart)
-		ans.GracePeriod = o.GracefulRestart.GracePeriod
-		ans.HelperEnable = util.AsBool(o.GracefulRestart.HelperEnable)
-		ans.StrictLsaChecking = util.AsBool(o.GracefulRestart.StrictLsaChecking)
-		ans.MaxNeighborRestartTime = o.GracefulRestart.MaxNeighborRestartTime
-	}
-	if o.GlobalBfd != nil {
-		ans.BfdProfile = o.GlobalBfd.BfdProfile
-	}
-
-	if o.AuthProfile != nil {
-		raw["ap"] = util.CleanRawXml(o.AuthProfile.Text)
-	}
-	if o.Area != nil {
-		raw["area"] = util.CleanRawXml(o.Area.Text)
-	}
-	if o.ExportRules != nil {
-		raw["exp"] = util.CleanRawXml(o.ExportRules.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                       xml.Name         `xml:"ospf"`
-	Enable                        string           `xml:"enable"`
-	RouterId                      string           `xml:"router-id,omitempty"`
-	RejectDefaultRoute            string           `xml:"reject-default-route"`
-	AllowRedistributeDefaultRoute string           `xml:"allow-redist-default-route"`
-	Rfc1583                       string           `xml:"rfc1583"`
-	Timers                        *timers          `xml:"timers"`
-	GracefulRestart               *gracefulRestart `xml:"graceful-restart"`
-	GlobalBfd                     *globalBfd       `xml:"global-bfd"`
-
-	AuthProfile *util.RawXml `xml:"auth-profile"`
-	Area        *util.RawXml `xml:"area"`
-	ExportRules *util.RawXml `xml:"export-rules"`
-}
-
-type timers struct {
-	SpfCalculationDelay float64 `xml:"spf-calculation-delay,omitempty"`
-	LsaInterval         float64 `xml:"lsa-interval,omitempty"`
-}
-
-type gracefulRestart struct {
-	EnableGracefulRestart  string `xml:"enable"`
-	GracePeriod            int    `xml:"grace-period,omitempty"`
-	HelperEnable           string `xml:"helper-enable"`
-	StrictLsaChecking      string `xml:"strict-LSA-checking"`
-	MaxNeighborRestartTime int    `xml:"max-neighbor-restart-time,omitempty"`
-}
-
-type globalBfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-func specify_v1(e Config) interface{} {
-	ans := entry_v1{
-		Enable:                        util.YesNo(e.Enable),
-		RouterId:                      e.RouterId,
-		RejectDefaultRoute:            util.YesNo(e.RejectDefaultRoute),
-		AllowRedistributeDefaultRoute: util.YesNo(e.AllowRedistributeDefaultRoute),
-		Rfc1583:                       util.YesNo(e.Rfc1583),
-	}
-
-	if e.SpfCalculationDelay != 0 || e.LsaInterval != 0 {
-		ans.Timers = &timers{
-			SpfCalculationDelay: e.SpfCalculationDelay,
-			LsaInterval:         e.LsaInterval,
-		}
-	}
-
-	// EnableGracefulRestart, HelperEnable, StrictLsaChecking schema elements
-	// are default="yes"
-	if !e.EnableGracefulRestart || !e.HelperEnable || !e.StrictLsaChecking ||
-		e.GracePeriod != 0 || e.MaxNeighborRestartTime != 0 {
-		ans.GracefulRestart = &gracefulRestart{
-			EnableGracefulRestart:  util.YesNo(e.EnableGracefulRestart),
-			GracePeriod:            e.GracePeriod,
-			HelperEnable:           util.YesNo(e.HelperEnable),
-			StrictLsaChecking:      util.YesNo(e.StrictLsaChecking),
-			MaxNeighborRestartTime: e.MaxNeighborRestartTime,
-		}
-	}
-
-	if e.BfdProfile != "" {
-		ans.GlobalBfd = &globalBfd{BfdProfile: e.BfdProfile}
-	}
-
-	if text, present := e.raw["ap"]; present {
-		ans.AuthProfile = &util.RawXml{text}
-	}
-	if text, present := e.raw["area"]; present {
-		ans.Area = &util.RawXml{text}
-	}
-	if text, present := e.raw["exp"]; present {
-		ans.ExportRules = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/const.go b/netw/routing/protocol/ospf/const.go
deleted file mode 100644
index ba1badd0..00000000
--- a/netw/routing/protocol/ospf/const.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package ospf
-
-const (
-	singular = "ospf config"
-)
diff --git a/netw/routing/protocol/ospf/doc.go b/netw/routing/protocol/ospf/doc.go
deleted file mode 100644
index 833f440d..00000000
--- a/netw/routing/protocol/ospf/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package ospf is the client.Network.OspfConfig namespace.
-
-Normalized object:  Config
-*/
-package ospf
diff --git a/netw/routing/protocol/ospf/exp/const.go b/netw/routing/protocol/ospf/exp/const.go
deleted file mode 100644
index 71d06191..00000000
--- a/netw/routing/protocol/ospf/exp/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package exp
-
-const (
-	// PathType Values
-	PathTypeExt1 = "ext-1"
-	PathTypeExt2 = "ext-2"
-)
-
-const (
-	singular = "ospf export rule"
-	plural   = "ospf export rules"
-)
diff --git a/netw/routing/protocol/ospf/exp/doc.go b/netw/routing/protocol/ospf/exp/doc.go
deleted file mode 100644
index 80a95d20..00000000
--- a/netw/routing/protocol/ospf/exp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package exp is the client.Network.OspfExport namespace.
-
-Normalized object:  Entry
-*/
-package exp
diff --git a/netw/routing/protocol/ospf/exp/entry.go b/netw/routing/protocol/ospf/exp/entry.go
deleted file mode 100644
index 8d00a27f..00000000
--- a/netw/routing/protocol/ospf/exp/entry.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package exp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an OSPF
-// export rule.
-type Entry struct {
-	Name     string
-	PathType string
-	Tag      string
-	Metric   int
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.PathType = s.PathType
-	o.Tag = s.Tag
-	o.Metric = s.Metric
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:     o.Name,
-		PathType: o.PathType,
-		Tag:      o.Tag,
-		Metric:   o.Metric,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	PathType string   `xml:"new-path-type,omitempty"`
-	Tag      string   `xml:"new-tag,omitempty"`
-	Metric   int      `xml:"metric,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:     e.Name,
-		PathType: e.PathType,
-		Tag:      e.Tag,
-		Metric:   e.Metric,
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/exp/funcs.go b/netw/routing/protocol/ospf/exp/funcs.go
deleted file mode 100644
index de8084d0..00000000
--- a/netw/routing/protocol/ospf/exp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package exp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/exp/fw.go b/netw/routing/protocol/ospf/exp/fw.go
deleted file mode 100644
index 78850475..00000000
--- a/netw/routing/protocol/ospf/exp/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package exp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.OspfExport namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"export-rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/exp/fw_test.go b/netw/routing/protocol/ospf/exp/fw_test.go
deleted file mode 100644
index 62457ac0..00000000
--- a/netw/routing/protocol/ospf/exp/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package exp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/exp/pano.go b/netw/routing/protocol/ospf/exp/pano.go
deleted file mode 100644
index e5fee3b5..00000000
--- a/netw/routing/protocol/ospf/exp/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package exp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfExport namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"export-rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/exp/pano_test.go b/netw/routing/protocol/ospf/exp/pano_test.go
deleted file mode 100644
index 960416dc..00000000
--- a/netw/routing/protocol/ospf/exp/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package exp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/exp/testdata_test.go b/netw/routing/protocol/ospf/exp/testdata_test.go
deleted file mode 100644
index 5a94c6c1..00000000
--- a/netw/routing/protocol/ospf/exp/testdata_test.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package exp
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 export rule", version.Number{10, 0, 0, ""}, Entry{
-			Name:     "t1",
-			PathType: "path type",
-			Tag:      "tag",
-			Metric:   100,
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/funcs.go b/netw/routing/protocol/ospf/funcs.go
deleted file mode 100644
index b071548a..00000000
--- a/netw/routing/protocol/ospf/funcs.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package ospf
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Config) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e Config) []namespace.Specifier {
-	return []namespace.Specifier{e}
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/fw.go b/netw/routing/protocol/ospf/fw.go
deleted file mode 100644
index 8af1c103..00000000
--- a/netw/routing/protocol/ospf/fw.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package ospf
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.BgpConfig namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e Config) error {
-	return c.ns.Set(c.pather(vr), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Config) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete(vr string) error {
-	return c.ns.Delete(c.pather(vr), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), "", ans)
-	return first(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr)
-	}
-}
-
-func (c *Firewall) xpath(vr string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/fw_test.go b/netw/routing/protocol/ospf/fw_test.go
deleted file mode 100644
index a80ec990..00000000
--- a/netw/routing/protocol/ospf/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package ospf
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/pano.go b/netw/routing/protocol/ospf/pano.go
deleted file mode 100644
index f8a1877d..00000000
--- a/netw/routing/protocol/ospf/pano.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package ospf
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfConfig namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e Config) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Config) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Panorama) Delete(tmpl, ts, vr string) error {
-	return c.ns.Delete(c.pather(tmpl, ts, vr), nil, nil)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr string) (Config, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), "", ans)
-	return first(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/pano_test.go b/netw/routing/protocol/ospf/pano_test.go
deleted file mode 100644
index 08c62b64..00000000
--- a/netw/routing/protocol/ospf/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ospf
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", "mockVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", "mockVr")
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/const.go b/netw/routing/protocol/ospf/profile/auth/const.go
deleted file mode 100644
index dcfd9a0c..00000000
--- a/netw/routing/protocol/ospf/profile/auth/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package auth
-
-const (
-	// AuthType Values
-	AuthTypePassword = "password"
-	AuthTypeMd5      = "md5"
-)
-
-const (
-	singular = "ospf auth profile"
-	plural   = "ospf auth profiles"
-)
diff --git a/netw/routing/protocol/ospf/profile/auth/doc.go b/netw/routing/protocol/ospf/profile/auth/doc.go
deleted file mode 100644
index 80594ba9..00000000
--- a/netw/routing/protocol/ospf/profile/auth/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package auth is the client.Network.OspfAuthProfile namespace.
-
-Normalized object:  Entry
-*/
-package auth
diff --git a/netw/routing/protocol/ospf/profile/auth/entry.go b/netw/routing/protocol/ospf/profile/auth/entry.go
deleted file mode 100644
index 2c44b8c5..00000000
--- a/netw/routing/protocol/ospf/profile/auth/entry.go
+++ /dev/null
@@ -1,133 +0,0 @@
-package auth
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an OSPF
-// auth profile.
-type Entry struct {
-	Name     string
-	AuthType string
-	Password string
-	Md5Keys  []Md5Key
-}
-
-type Md5Key struct {
-	KeyId     int
-	Key       string
-	Preferred bool
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.AuthType = s.AuthType
-	o.Password = s.Password
-	if s.Md5Keys == nil {
-		o.Md5Keys = nil
-	} else {
-		o.Md5Keys = make([]Md5Key, len(s.Md5Keys))
-		copy(o.Md5Keys, s.Md5Keys)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.Password != "" {
-		ans.AuthType = AuthTypePassword
-		ans.Password = o.Password
-	} else if len(o.Md5.Md5Keys) > 0 {
-		ans.AuthType = AuthTypeMd5
-		ans.Md5Keys = make([]Md5Key, 0, len(o.Md5.Md5Keys))
-		for i := range o.Md5.Md5Keys {
-			key := Md5Key{
-				KeyId:     o.Md5.Md5Keys[i].Name,
-				Key:       o.Md5.Md5Keys[i].Key,
-				Preferred: util.AsBool(o.Md5.Md5Keys[i].Preferred),
-			}
-			ans.Md5Keys = append(ans.Md5Keys, key)
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	Password string   `xml:"password,omitempty"`
-	Md5      *md5     `xml:"md5"`
-}
-
-type md5 struct {
-	Md5Keys []md5Key `xml:"entry"`
-}
-
-type md5Key struct {
-	Name      int    `xml:"name,attr"`
-	Key       string `xml:"key"`
-	Preferred string `xml:"preferred"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	switch e.AuthType {
-	case AuthTypePassword:
-		ans.Password = e.Password
-	case AuthTypeMd5:
-		ans.Md5 = &md5{}
-		ans.Md5.Md5Keys = make([]md5Key, 0, len(e.Md5Keys))
-		for i := range e.Md5Keys {
-			key := md5Key{
-				Name:      e.Md5Keys[i].KeyId,
-				Key:       e.Md5Keys[i].Key,
-				Preferred: util.YesNo(e.Md5Keys[i].Preferred),
-			}
-			ans.Md5.Md5Keys = append(ans.Md5.Md5Keys, key)
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/funcs.go b/netw/routing/protocol/ospf/profile/auth/funcs.go
deleted file mode 100644
index 940043d7..00000000
--- a/netw/routing/protocol/ospf/profile/auth/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/fw.go b/netw/routing/protocol/ospf/profile/auth/fw.go
deleted file mode 100644
index 68e14706..00000000
--- a/netw/routing/protocol/ospf/profile/auth/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.OspfExport namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"auth-profile",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/fw_test.go b/netw/routing/protocol/ospf/profile/auth/fw_test.go
deleted file mode 100644
index cd7d5926..00000000
--- a/netw/routing/protocol/ospf/profile/auth/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package auth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/pano.go b/netw/routing/protocol/ospf/profile/auth/pano.go
deleted file mode 100644
index e5e8954b..00000000
--- a/netw/routing/protocol/ospf/profile/auth/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package auth
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.OspfExport namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"protocol",
-		"ospf",
-		"auth-profile",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/pano_test.go b/netw/routing/protocol/ospf/profile/auth/pano_test.go
deleted file mode 100644
index dea75d86..00000000
--- a/netw/routing/protocol/ospf/profile/auth/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package auth
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	vr := "mockVr"
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("tmpl", "", vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("tmpl", "", vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/protocol/ospf/profile/auth/testdata_test.go b/netw/routing/protocol/ospf/profile/auth/testdata_test.go
deleted file mode 100644
index b8d35f9a..00000000
--- a/netw/routing/protocol/ospf/profile/auth/testdata_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package auth
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 auth profile password", version.Number{10, 0, 0, ""}, Entry{
-			Name:     "t1",
-			AuthType: AuthTypePassword,
-			Password: "password",
-		}},
-		{"v1 auth profile md5", version.Number{10, 0, 0, ""}, Entry{
-			Name:     "t2",
-			AuthType: AuthTypeMd5,
-			Md5Keys: []Md5Key{
-				Md5Key{
-					KeyId:     10,
-					Key:       "key 10",
-					Preferred: true,
-				},
-				Md5Key{
-					KeyId:     20,
-					Key:       "key 20",
-					Preferred: false,
-				},
-			},
-		}},
-	}
-}
diff --git a/netw/routing/protocol/ospf/testdata_test.go b/netw/routing/protocol/ospf/testdata_test.go
deleted file mode 100644
index 8c037f5f..00000000
--- a/netw/routing/protocol/ospf/testdata_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package ospf
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Config
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 ospf no raw", version.Number{10, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			RejectDefaultRoute:            true,
-			AllowRedistributeDefaultRoute: true,
-			Rfc1583:                       true,
-			SpfCalculationDelay:           1.5,
-			LsaInterval:                   2.5,
-			EnableGracefulRestart:         true,
-			GracePeriod:                   1000,
-			HelperEnable:                  true,
-			StrictLsaChecking:             true,
-			MaxNeighborRestartTime:        500,
-			BfdProfile:                    "bfd profile",
-		}},
-		{"v1 ospf with raw", version.Number{10, 0, 0, ""}, Config{
-			Enable:                        true,
-			RouterId:                      "router id",
-			RejectDefaultRoute:            true,
-			AllowRedistributeDefaultRoute: true,
-			Rfc1583:                       true,
-			SpfCalculationDelay:           1.5,
-			LsaInterval:                   2.5,
-			EnableGracefulRestart:         true,
-			GracePeriod:                   1000,
-			HelperEnable:                  true,
-			StrictLsaChecking:             true,
-			MaxNeighborRestartTime:        500,
-			BfdProfile:                    "bfd profile",
-			raw: map[string]string{
-				"ap":   "auth profile",
-				"area": "area",
-				"exp":  "export rules",
-			},
-		}},
-	}
-}
diff --git a/netw/routing/route/static/ipv4/const.go b/netw/routing/route/static/ipv4/const.go
deleted file mode 100644
index 9dfa13f5..00000000
--- a/netw/routing/route/static/ipv4/const.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package ipv4
-
-// Valid NextHop values.
-const (
-	NextHopDiscard   = "discard"
-	NextHopIpAddress = "ip-address"
-	NextHopNextVr    = "next-vr"
-)
-
-// Valid RouteTable values.
-const (
-	RouteTableNoInstall = "no install"
-	RouteTableUnicast   = "unicast"
-	RouteTableMulticast = "multicast"
-	RouteTableBoth      = "both"
-)
-
-const (
-	singular = "ipv4 static route"
-	plural   = "ipv4 static routes"
-)
diff --git a/netw/routing/route/static/ipv4/doc.go b/netw/routing/route/static/ipv4/doc.go
deleted file mode 100644
index 79364793..00000000
--- a/netw/routing/route/static/ipv4/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package ipv4 is the client.Network.StaticRoute namespace.
-
-Normalized object:  Entry
-*/
-package ipv4
diff --git a/netw/routing/route/static/ipv4/entry.go b/netw/routing/route/static/ipv4/entry.go
deleted file mode 100644
index 9f09e776..00000000
--- a/netw/routing/route/static/ipv4/entry.go
+++ /dev/null
@@ -1,373 +0,0 @@
-package ipv4
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an IPv4
-// static route.
-type Entry struct {
-	Name          string
-	Destination   string
-	Interface     string
-	Type          string
-	NextHop       string
-	AdminDistance int
-	Metric        int
-	RouteTable    string
-	BfdProfile    string
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Destination = s.Destination
-	o.Interface = s.Interface
-	o.Type = s.Type
-	o.NextHop = s.NextHop
-	o.AdminDistance = s.AdminDistance
-	o.Metric = s.Metric
-	o.RouteTable = s.RouteTable
-	o.BfdProfile = s.BfdProfile
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop == nil {
-		ans.Type = ""
-	} else if o.NextHop.Discard != nil {
-		ans.Type = NextHopDiscard
-	} else if o.NextHop.IpAddress != nil {
-		ans.Type = NextHopIpAddress
-		ans.NextHop = *o.NextHop.IpAddress
-	} else if o.NextHop.NextVr != nil {
-		ans.Type = NextHopNextVr
-		ans.NextHop = *o.NextHop.NextVr
-	}
-
-	if o.Option != nil && o.Option.NoInstall != nil {
-		ans.RouteTable = RouteTableNoInstall
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName       xml.Name     `xml:"entry"`
-	Name          string       `xml:"name,attr"`
-	Destination   string       `xml:"destination"`
-	Interface     string       `xml:"interface,omitempty"`
-	NextHop       *nextHop     `xml:"nexthop"`
-	AdminDistance int          `xml:"admin-dist,omitempty"`
-	Metric        int          `xml:"metric,omitempty"`
-	Option        *rtOption_v1 `xml:"option"`
-}
-
-type nextHop struct {
-	Discard   *string `xml:"discard"`
-	IpAddress *string `xml:"ip-address"`
-	NextVr    *string `xml:"next-vr"`
-}
-
-type rtOption_v1 struct {
-	NoInstall *string `xml:"no-install"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	switch e.Type {
-	case NextHopDiscard:
-		var sp string
-		ans.NextHop = &nextHop{Discard: &sp}
-	case NextHopIpAddress:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{IpAddress: &sp}
-	case NextHopNextVr:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{NextVr: &sp}
-	}
-
-	if e.RouteTable == RouteTableNoInstall {
-		sp := ""
-		ans.Option = &rtOption_v1{NoInstall: &sp}
-	}
-
-	return ans
-}
-
-// PAN-OS 7.1, adds BfdProfile
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop == nil {
-		ans.Type = ""
-	} else if o.NextHop.Discard != nil {
-		ans.Type = NextHopDiscard
-	} else if o.NextHop.IpAddress != nil {
-		ans.Type = NextHopIpAddress
-		ans.NextHop = *o.NextHop.IpAddress
-	} else if o.NextHop.NextVr != nil {
-		ans.Type = NextHopNextVr
-		ans.NextHop = *o.NextHop.NextVr
-	}
-
-	if o.Option != nil && o.Option.NoInstall != nil {
-		ans.RouteTable = RouteTableNoInstall
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.Profile
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName       xml.Name     `xml:"entry"`
-	Name          string       `xml:"name,attr"`
-	Destination   string       `xml:"destination"`
-	Interface     string       `xml:"interface,omitempty"`
-	NextHop       *nextHop     `xml:"nexthop"`
-	AdminDistance int          `xml:"admin-dist,omitempty"`
-	Metric        int          `xml:"metric,omitempty"`
-	Option        *rtOption_v1 `xml:"option"`
-	Bfd           *bfd         `xml:"bfd"`
-}
-
-type bfd struct {
-	Profile string `xml:"profile"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	switch e.Type {
-	case NextHopDiscard:
-		var sp string
-		ans.NextHop = &nextHop{Discard: &sp}
-	case NextHopIpAddress:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{IpAddress: &sp}
-	case NextHopNextVr:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{NextVr: &sp}
-	}
-
-	if e.RouteTable == RouteTableNoInstall {
-		sp := ""
-		ans.Option = &rtOption_v1{NoInstall: &sp}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{Profile: e.BfdProfile}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0, new routing table options
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop == nil {
-		ans.Type = ""
-	} else if o.NextHop.Discard != nil {
-		ans.Type = NextHopDiscard
-	} else if o.NextHop.IpAddress != nil {
-		ans.Type = NextHopIpAddress
-		ans.NextHop = *o.NextHop.IpAddress
-	} else if o.NextHop.NextVr != nil {
-		ans.Type = NextHopNextVr
-		ans.NextHop = *o.NextHop.NextVr
-	}
-
-	if o.Option != nil {
-		if o.Option.Unicast != nil {
-			ans.RouteTable = RouteTableUnicast
-		} else if o.Option.Multicast != nil {
-			ans.RouteTable = RouteTableMulticast
-		} else if o.Option.Both != nil {
-			ans.RouteTable = RouteTableBoth
-		} else if o.Option.NoInstall != nil {
-			ans.RouteTable = RouteTableNoInstall
-		}
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.Profile
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName       xml.Name     `xml:"entry"`
-	Name          string       `xml:"name,attr"`
-	Destination   string       `xml:"destination"`
-	Interface     string       `xml:"interface,omitempty"`
-	NextHop       *nextHop     `xml:"nexthop"`
-	AdminDistance int          `xml:"admin-dist,omitempty"`
-	Metric        int          `xml:"metric,omitempty"`
-	Option        *rtOption_v2 `xml:"route-table"`
-	Bfd           *bfd         `xml:"bfd"`
-}
-
-type rtOption_v2 struct {
-	Unicast   *string `xml:"unicast"`
-	Multicast *string `xml:"multicast"`
-	Both      *string `xml:"both"`
-	NoInstall *string `xml:"no-install"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	switch e.Type {
-	case NextHopDiscard:
-		var sp string
-		ans.NextHop = &nextHop{Discard: &sp}
-	case NextHopIpAddress:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{IpAddress: &sp}
-	case NextHopNextVr:
-		sp := e.NextHop
-		ans.NextHop = &nextHop{NextVr: &sp}
-	}
-
-	switch e.RouteTable {
-	case RouteTableUnicast:
-		sp := ""
-		ans.Option = &rtOption_v2{Unicast: &sp}
-	case RouteTableMulticast:
-		sp := ""
-		ans.Option = &rtOption_v2{Multicast: &sp}
-	case RouteTableBoth:
-		sp := ""
-		ans.Option = &rtOption_v2{Both: &sp}
-	case RouteTableNoInstall:
-		sp := ""
-		ans.Option = &rtOption_v2{NoInstall: &sp}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{Profile: e.BfdProfile}
-	}
-
-	return ans
-}
diff --git a/netw/routing/route/static/ipv4/funcs.go b/netw/routing/route/static/ipv4/funcs.go
deleted file mode 100644
index 8c5fd0b7..00000000
--- a/netw/routing/route/static/ipv4/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/route/static/ipv4/fw.go b/netw/routing/route/static/ipv4/fw.go
deleted file mode 100644
index 975ce9cc..00000000
--- a/netw/routing/route/static/ipv4/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.StaticRoute namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"routing-table",
-		"ip",
-		"static-route",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/route/static/ipv4/fw_test.go b/netw/routing/route/static/ipv4/fw_test.go
deleted file mode 100644
index 88d568d6..00000000
--- a/netw/routing/route/static/ipv4/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/route/static/ipv4/pano.go b/netw/routing/route/static/ipv4/pano.go
deleted file mode 100644
index 8e1f2135..00000000
--- a/netw/routing/route/static/ipv4/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package ipv4
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.StaticRoute namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"routing-table",
-		"ip",
-		"static-route",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/route/static/ipv4/pano_test.go b/netw/routing/route/static/ipv4/pano_test.go
deleted file mode 100644
index 3560179c..00000000
--- a/netw/routing/route/static/ipv4/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ipv4
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("some template", "", tc.vr, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("some template", "", tc.vr, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/route/static/ipv4/testdata_test.go b/netw/routing/route/static/ipv4/testdata_test.go
deleted file mode 100644
index efdeb1b8..00000000
--- a/netw/routing/route/static/ipv4/testdata_test.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package ipv4
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	vr      string
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 route no nexthop", version.Number{5, 0, 0, ""}, "v1", Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v1 route discard nexthop", version.Number{5, 0, 0, ""}, "v1", Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-			Metric:        111,
-		}},
-		{"v1 route ip address nexthop", version.Number{5, 0, 0, ""}, "v1", Entry{
-			Name:          "three",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopIpAddress,
-			NextHop:       "10.2.3.4",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v1 route next vr nexthop", version.Number{5, 0, 0, ""}, "v1", Entry{
-			Name:          "four",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopNextVr,
-			NextHop:       "default",
-			AdminDistance: 101,
-			Metric:        111,
-		}},
-		{"v2 route no nexthop", version.Number{7, 1, 0, ""}, "v1", Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v2 route discard nexthop", version.Number{7, 1, 0, ""}, "v1", Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-			Metric:        111,
-			BfdProfile:    "bfd two",
-		}},
-		{"v2 route ip address nexthop", version.Number{7, 1, 0, ""}, "v1", Entry{
-			Name:          "three",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopIpAddress,
-			NextHop:       "10.2.3.4",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-			BfdProfile:    "bfd three",
-		}},
-		{"v2 route next vr nexthop", version.Number{7, 1, 0, ""}, "v1", Entry{
-			Name:          "four",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopNextVr,
-			NextHop:       "default",
-			AdminDistance: 101,
-			Metric:        111,
-		}},
-		{"v3 route no nexthop", version.Number{8, 0, 0, ""}, "v1", Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v3 route discard nexthop", version.Number{8, 0, 0, ""}, "v1", Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-			Metric:        111,
-			BfdProfile:    "bfd two",
-			RouteTable:    RouteTableUnicast,
-		}},
-		{"v3 route ip address nexthop", version.Number{8, 0, 0, ""}, "v1", Entry{
-			Name:          "three",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopIpAddress,
-			NextHop:       "10.2.3.4",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableMulticast,
-			BfdProfile:    "bfd three",
-		}},
-		{"v3 route next vr nexthop", version.Number{8, 0, 0, ""}, "v1", Entry{
-			Name:          "four",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopNextVr,
-			NextHop:       "default",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableBoth,
-		}},
-	}
-}
diff --git a/netw/routing/route/static/ipv6/const.go b/netw/routing/route/static/ipv6/const.go
deleted file mode 100644
index e2e8aeed..00000000
--- a/netw/routing/route/static/ipv6/const.go
+++ /dev/null
@@ -1,20 +0,0 @@
-package ipv6
-
-// Valid NextHop values.
-const (
-	NextHopDiscard     = "discard"
-	NextHopIpv6Address = "ipv6-address"
-	NextHopNextVr      = "next-vr"
-	NextHopFqdn        = "fqdn" // 9.0+
-)
-
-// Valid RouteTable values.
-const (
-	RouteTableNoInstall = "no install"
-	RouteTableUnicast   = "unicast"
-)
-
-const (
-	singular = "ipv6 static route"
-	plural   = "ipv6 static routes"
-)
diff --git a/netw/routing/route/static/ipv6/doc.go b/netw/routing/route/static/ipv6/doc.go
deleted file mode 100644
index b4bfe60f..00000000
--- a/netw/routing/route/static/ipv6/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package ipv6 is the client.Network.Ipv6StaticRoute namespace.
-
-Normalized object:  Entry
-*/
-package ipv6
diff --git a/netw/routing/route/static/ipv6/entry.go b/netw/routing/route/static/ipv6/entry.go
deleted file mode 100644
index b786c041..00000000
--- a/netw/routing/route/static/ipv6/entry.go
+++ /dev/null
@@ -1,526 +0,0 @@
-package ipv6
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an
-// IPv6 static route.
-type Entry struct {
-	Name                string
-	Destination         string
-	Interface           string
-	Type                string
-	NextHop             string
-	AdminDistance       int
-	Metric              int
-	RouteTable          string
-	BfdProfile          string
-	EnablePathMonitor   bool                 // 8.0
-	PmFailureCondition  string               // 8.0
-	PmHoldTime          int                  // 8.0
-	MonitorDestinations []MonitorDestination // 8.0
-}
-
-type MonitorDestination struct {
-	Name          string
-	Enable        bool
-	SourceIp      string
-	DestinationIp string
-	PingInterval  int
-	PingCount     int
-}
-
-func (o *Entry) Copy(s Entry) {
-	o.Destination = s.Destination
-	o.Interface = s.Interface
-	o.Type = s.Type
-	o.NextHop = s.NextHop
-	o.AdminDistance = s.AdminDistance
-	o.Metric = s.Metric
-	o.RouteTable = s.RouteTable
-	o.BfdProfile = s.BfdProfile
-	o.EnablePathMonitor = s.EnablePathMonitor
-	o.PmFailureCondition = s.PmFailureCondition
-	o.PmHoldTime = s.PmHoldTime
-	o.MonitorDestinations = s.MonitorDestinations
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop != nil {
-		switch {
-		case o.NextHop.Discard != nil:
-			ans.Type = NextHopDiscard
-		case o.NextHop.Ipv6Address != "":
-			ans.Type = NextHopIpv6Address
-			ans.NextHop = o.NextHop.Ipv6Address
-		case o.NextHop.NextVr != "":
-			ans.Type = NextHopNextVr
-			ans.NextHop = o.NextHop.NextVr
-		}
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Option != nil && o.Option.NoInstall != nil {
-		ans.RouteTable = RouteTableNoInstall
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName       xml.Name    `xml:"entry"`
-	Name          string      `xml:"name,attr"`
-	Destination   string      `xml:"destination"`
-	Interface     string      `xml:"interface,omitempty"`
-	NextHop       *nextHop_v1 `xml:"nexthop"`
-	AdminDistance int         `xml:"admin-dist,omitempty"`
-	Metric        int         `xml:"metric,omitempty"`
-	Bfd           *bfd        `xml:"bfd"`
-	Option        *option_v1  `xml:"option"`
-}
-
-type nextHop_v1 struct {
-	Discard     *string `xml:"discard"`
-	Ipv6Address string  `xml:"ipv6-address,omitempty"`
-	NextVr      string  `xml:"next-vr,omitempty"`
-}
-
-type bfd struct {
-	BfdProfile string `xml:"profile,omitempty"`
-}
-
-type option_v1 struct {
-	NoInstall *string `xml:"no-install"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	s := ""
-	switch e.Type {
-	case NextHopDiscard:
-		ans.NextHop = &nextHop_v1{Discard: &s}
-	case NextHopIpv6Address:
-		ans.NextHop = &nextHop_v1{Ipv6Address: e.NextHop}
-	case NextHopNextVr:
-		ans.NextHop = &nextHop_v1{NextVr: e.NextHop}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	if e.RouteTable == RouteTableNoInstall {
-		ans.Option = &option_v1{
-			NoInstall: &s,
-		}
-	}
-
-	return ans
-}
-
-// 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop != nil {
-		switch {
-		case o.NextHop.Discard != nil:
-			ans.Type = NextHopDiscard
-		case o.NextHop.Ipv6Address != "":
-			ans.Type = NextHopIpv6Address
-			ans.NextHop = o.NextHop.Ipv6Address
-		case o.NextHop.NextVr != "":
-			ans.Type = NextHopNextVr
-			ans.NextHop = o.NextHop.NextVr
-		}
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Rt != nil {
-		switch {
-		case o.Rt.NoInstall != nil:
-			ans.RouteTable = RouteTableNoInstall
-		case o.Rt.Unicast != nil:
-			ans.RouteTable = RouteTableUnicast
-		}
-	}
-
-	if o.Monitor != nil {
-		ans.EnablePathMonitor = util.AsBool(o.Monitor.EnablePathMonitor)
-		ans.PmFailureCondition = o.Monitor.PmFailureCondition
-		ans.PmHoldTime = o.Monitor.PmHoldTime
-
-		if o.Monitor.Destinations != nil {
-			list := make([]MonitorDestination, 0, len(o.Monitor.Destinations.Entries))
-			for _, v := range o.Monitor.Destinations.Entries {
-				list = append(list, MonitorDestination{
-					Name:          v.Name,
-					Enable:        util.AsBool(v.Enable),
-					SourceIp:      v.SourceIp,
-					DestinationIp: v.DestinationIp,
-					PingInterval:  v.PingInterval,
-					PingCount:     v.PingCount,
-				})
-			}
-
-			ans.MonitorDestinations = list
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName       xml.Name    `xml:"entry"`
-	Name          string      `xml:"name,attr"`
-	Destination   string      `xml:"destination"`
-	Interface     string      `xml:"interface,omitempty"`
-	NextHop       *nextHop_v1 `xml:"nexthop"`
-	AdminDistance int         `xml:"admin-dist,omitempty"`
-	Metric        int         `xml:"metric,omitempty"`
-	Bfd           *bfd        `xml:"bfd"`
-	Rt            *rt_v1      `xml:"route-table"`
-	Monitor       *pm         `xml:"path-monitor"`
-}
-
-type rt_v1 struct {
-	NoInstall *string `xml:"no-install"`
-	Unicast   *string `xml:"unicast"`
-}
-
-type pm struct {
-	EnablePathMonitor  string   `xml:"enable"`
-	PmFailureCondition string   `xml:"failure-condition,omitempty"`
-	PmHoldTime         int      `xml:"hold-time"`
-	Destinations       *monitor `xml:"monitor-destinations"`
-}
-
-type monitor struct {
-	Entries []pmEntry `xml:"entry"`
-}
-
-type pmEntry struct {
-	Name          string `xml:"name,attr"`
-	Enable        string `xml:"enable"`
-	SourceIp      string `xml:"source"`
-	DestinationIp string `xml:"destination"`
-	PingInterval  int    `xml:"interval,omitempty"`
-	PingCount     int    `xml:"count,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	s := ""
-
-	switch e.Type {
-	case NextHopDiscard:
-		ans.NextHop = &nextHop_v1{Discard: &s}
-	case NextHopIpv6Address:
-		ans.NextHop = &nextHop_v1{Ipv6Address: e.NextHop}
-	case NextHopNextVr:
-		ans.NextHop = &nextHop_v1{NextVr: e.NextHop}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	switch e.RouteTable {
-	case RouteTableNoInstall:
-		ans.Rt = &rt_v1{NoInstall: &s}
-	case RouteTableUnicast:
-		ans.Rt = &rt_v1{Unicast: &s}
-	}
-
-	if e.EnablePathMonitor || e.PmFailureCondition != "" || e.PmHoldTime != 2 || len(e.MonitorDestinations) > 0 {
-		ans.Monitor = &pm{
-			EnablePathMonitor:  util.YesNo(e.EnablePathMonitor),
-			PmFailureCondition: e.PmFailureCondition,
-			PmHoldTime:         e.PmHoldTime,
-		}
-
-		if len(e.MonitorDestinations) > 0 {
-			list := make([]pmEntry, 0, len(e.MonitorDestinations))
-			for _, v := range e.MonitorDestinations {
-				list = append(list, pmEntry{
-					Name:          v.Name,
-					Enable:        util.YesNo(v.Enable),
-					SourceIp:      v.SourceIp,
-					DestinationIp: v.DestinationIp,
-					PingInterval:  v.PingInterval,
-					PingCount:     v.PingCount,
-				})
-			}
-
-			ans.Monitor.Destinations = &monitor{Entries: list}
-		}
-	}
-
-	return ans
-}
-
-// 9.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:          o.Name,
-		Destination:   o.Destination,
-		Interface:     o.Interface,
-		AdminDistance: o.AdminDistance,
-		Metric:        o.Metric,
-	}
-
-	if o.NextHop != nil {
-		switch {
-		case o.NextHop.Discard != nil:
-			ans.Type = NextHopDiscard
-		case o.NextHop.Ipv6Address != "":
-			ans.Type = NextHopIpv6Address
-			ans.NextHop = o.NextHop.Ipv6Address
-		case o.NextHop.Fqdn != "":
-			ans.Type = NextHopFqdn
-			ans.NextHop = o.NextHop.Fqdn
-		case o.NextHop.NextVr != "":
-			ans.Type = NextHopNextVr
-			ans.NextHop = o.NextHop.NextVr
-		}
-	}
-
-	if o.Bfd != nil {
-		ans.BfdProfile = o.Bfd.BfdProfile
-	}
-
-	if o.Rt != nil {
-		switch {
-		case o.Rt.NoInstall != nil:
-			ans.RouteTable = RouteTableNoInstall
-		case o.Rt.Unicast != nil:
-			ans.RouteTable = RouteTableUnicast
-		}
-	}
-
-	if o.Monitor != nil {
-		ans.EnablePathMonitor = util.AsBool(o.Monitor.EnablePathMonitor)
-		ans.PmFailureCondition = o.Monitor.PmFailureCondition
-		ans.PmHoldTime = o.Monitor.PmHoldTime
-
-		if o.Monitor.Destinations != nil {
-			list := make([]MonitorDestination, 0, len(o.Monitor.Destinations.Entries))
-			for _, v := range o.Monitor.Destinations.Entries {
-				list = append(list, MonitorDestination{
-					Name:          v.Name,
-					Enable:        util.AsBool(v.Enable),
-					SourceIp:      v.SourceIp,
-					DestinationIp: v.DestinationIp,
-					PingInterval:  v.PingInterval,
-					PingCount:     v.PingCount,
-				})
-			}
-
-			ans.MonitorDestinations = list
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName       xml.Name    `xml:"entry"`
-	Name          string      `xml:"name,attr"`
-	Destination   string      `xml:"destination"`
-	Interface     string      `xml:"interface,omitempty"`
-	NextHop       *nextHop_v2 `xml:"nexthop"`
-	AdminDistance int         `xml:"admin-dist,omitempty"`
-	Metric        int         `xml:"metric,omitempty"`
-	Bfd           *bfd        `xml:"bfd"`
-	Rt            *rt_v1      `xml:"route-table"`
-	Monitor       *pm         `xml:"path-monitor"`
-}
-
-type nextHop_v2 struct {
-	Discard     *string `xml:"discard"`
-	Ipv6Address string  `xml:"ipv6-address,omitempty"`
-	Fqdn        string  `xml:"fqdn,omitempty"`
-	NextVr      string  `xml:"next-vr,omitempty"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:          e.Name,
-		Destination:   e.Destination,
-		Interface:     e.Interface,
-		AdminDistance: e.AdminDistance,
-		Metric:        e.Metric,
-	}
-
-	s := ""
-
-	switch e.Type {
-	case NextHopDiscard:
-		ans.NextHop = &nextHop_v2{Discard: &s}
-	case NextHopIpv6Address:
-		ans.NextHop = &nextHop_v2{Ipv6Address: e.NextHop}
-	case NextHopFqdn:
-		ans.NextHop = &nextHop_v2{Fqdn: e.NextHop}
-	case NextHopNextVr:
-		ans.NextHop = &nextHop_v2{NextVr: e.NextHop}
-	}
-
-	if e.BfdProfile != "" {
-		ans.Bfd = &bfd{
-			BfdProfile: e.BfdProfile,
-		}
-	}
-
-	switch e.RouteTable {
-	case RouteTableNoInstall:
-		ans.Rt = &rt_v1{NoInstall: &s}
-	case RouteTableUnicast:
-		ans.Rt = &rt_v1{Unicast: &s}
-	}
-
-	if e.EnablePathMonitor || e.PmFailureCondition != "" || e.PmHoldTime != 2 || len(e.MonitorDestinations) > 0 {
-		ans.Monitor = &pm{
-			EnablePathMonitor:  util.YesNo(e.EnablePathMonitor),
-			PmFailureCondition: e.PmFailureCondition,
-			PmHoldTime:         e.PmHoldTime,
-		}
-
-		if len(e.MonitorDestinations) > 0 {
-			list := make([]pmEntry, 0, len(e.MonitorDestinations))
-			for _, v := range e.MonitorDestinations {
-				list = append(list, pmEntry{
-					Name:          v.Name,
-					Enable:        util.YesNo(v.Enable),
-					SourceIp:      v.SourceIp,
-					DestinationIp: v.DestinationIp,
-					PingInterval:  v.PingInterval,
-					PingCount:     v.PingCount,
-				})
-			}
-
-			ans.Monitor.Destinations = &monitor{Entries: list}
-		}
-	}
-
-	return ans
-}
diff --git a/netw/routing/route/static/ipv6/funcs.go b/netw/routing/route/static/ipv6/funcs.go
deleted file mode 100644
index 713988ac..00000000
--- a/netw/routing/route/static/ipv6/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package ipv6
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/route/static/ipv6/fw.go b/netw/routing/route/static/ipv6/fw.go
deleted file mode 100644
index 3850ea74..00000000
--- a/netw/routing/route/static/ipv6/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package ipv6
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Ipv6StaticRoute namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vr string, e Entry) error {
-	return c.ns.Edit(c.pather(vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vr), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vr, v)
-	}
-}
-
-func (c *Firewall) xpath(vr string, vals []string) ([]string, error) {
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"routing-table",
-		"ipv6",
-		"static-route",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/route/static/ipv6/fw_test.go b/netw/routing/route/static/ipv6/fw_test.go
deleted file mode 100644
index add37c8c..00000000
--- a/netw/routing/route/static/ipv6/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ipv6
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("myVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("myVr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/route/static/ipv6/pano.go b/netw/routing/route/static/ipv6/pano.go
deleted file mode 100644
index e81cbd1d..00000000
--- a/netw/routing/route/static/ipv6/pano.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package ipv6
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Ipv6StaticRoute namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vr), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vr string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vr), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vr string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vr), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vr string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vr), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vr string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vr), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vr, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vr), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vr string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vr), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vr string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vr, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vr string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vr == "" {
-		return nil, fmt.Errorf("vr must be specified")
-	}
-
-	ans := make([]string, 0, 15)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath([]string{vr}),
-		"routing-table",
-		"ipv6",
-		"static-route",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/route/static/ipv6/pano_test.go b/netw/routing/route/static/ipv6/pano_test.go
deleted file mode 100644
index 8c6f6411..00000000
--- a/netw/routing/route/static/ipv6/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package ipv6
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("some template", "", "myVr", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("some template", "", "myVr", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/routing/route/static/ipv6/testdata_test.go b/netw/routing/route/static/ipv6/testdata_test.go
deleted file mode 100644
index 4c2f8dff..00000000
--- a/netw/routing/route/static/ipv6/testdata_test.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package ipv6
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 route no nexthop", version.Number{5, 0, 0, ""}, Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			BfdProfile:    "myBfdProfile",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v1 route discard nexthop", version.Number{5, 0, 0, ""}, Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-		}},
-		{"v1 route ip address nexthop", version.Number{5, 0, 0, ""}, Entry{
-			Name:        "three",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			BfdProfile:  "myBfdProfile",
-			Type:        NextHopIpv6Address,
-			NextHop:     "ipv6 address",
-			Metric:      111,
-		}},
-		{"v1 route next vr nexthop", version.Number{5, 0, 0, ""}, Entry{
-			Name:        "four",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			Type:        NextHopNextVr,
-			NextHop:     "default",
-		}},
-		{"v2 route no nexthop", version.Number{8, 0, 0, ""}, Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			BfdProfile:    "myBfdProfile",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v2 route discard nexthop", version.Number{8, 0, 0, ""}, Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-			RouteTable:    RouteTableUnicast,
-		}},
-		{"v2 route ip address nexthop", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "three",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			BfdProfile:  "myBfdProfile",
-			Type:        NextHopIpv6Address,
-			NextHop:     "ipv6 address",
-			Metric:      111,
-		}},
-		{"v2 route next vr nexthop", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "four",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			Type:        NextHopNextVr,
-			NextHop:     "default",
-		}},
-		{"v2 next vr with monitor", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "five",
-			Destination:        "0.0.0.0/0",
-			BfdProfile:         "myBfdProfile",
-			Type:               NextHopNextVr,
-			NextHop:            "default",
-			EnablePathMonitor:  true,
-			PmFailureCondition: "any",
-			PmHoldTime:         5,
-		}},
-		{"v2 discard with dest monitor", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "six",
-			Destination: "0.0.0.0/0",
-			Type:        NextHopIpv6Address,
-			NextHop:     "ipv6 address",
-			MonitorDestinations: []MonitorDestination{
-				MonitorDestination{
-					Name:          "first",
-					Enable:        true,
-					SourceIp:      "1.2.3.4",
-					DestinationIp: "5.6.7.8",
-					PingInterval:  5,
-					PingCount:     6,
-				},
-				MonitorDestination{
-					Name:          "second",
-					SourceIp:      "10.1.1.1",
-					DestinationIp: "10.2.2.2",
-				},
-			},
-		}},
-		{"v3 route no nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:          "one",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			BfdProfile:    "myBfdProfile",
-			AdminDistance: 101,
-			Metric:        111,
-			RouteTable:    RouteTableNoInstall,
-		}},
-		{"v3 route discard nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:          "two",
-			Destination:   "0.0.0.0/0",
-			Interface:     "ethernet1/1",
-			Type:          NextHopDiscard,
-			AdminDistance: 101,
-			RouteTable:    RouteTableUnicast,
-		}},
-		{"v3 route ip address nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "three",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			BfdProfile:  "myBfdProfile",
-			Type:        NextHopIpv6Address,
-			NextHop:     "ipv6 address",
-			Metric:      111,
-		}},
-		{"v3 route next vr nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "four",
-			Destination: "0.0.0.0/0",
-			Interface:   "ethernet1/1",
-			Type:        NextHopNextVr,
-			NextHop:     "default",
-		}},
-		{"v3 next vr with monitor", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "five",
-			Destination:        "0.0.0.0/0",
-			BfdProfile:         "myBfdProfile",
-			Type:               NextHopNextVr,
-			NextHop:            "default",
-			EnablePathMonitor:  true,
-			PmFailureCondition: "any",
-			PmHoldTime:         5,
-		}},
-		{"v3 discard with dest monitor", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "six",
-			Destination: "0.0.0.0/0",
-			Type:        NextHopIpv6Address,
-			NextHop:     "ipv6 address",
-			MonitorDestinations: []MonitorDestination{
-				MonitorDestination{
-					Name:          "first",
-					Enable:        true,
-					SourceIp:      "1.2.3.4",
-					DestinationIp: "5.6.7.8",
-					PingInterval:  5,
-					PingCount:     6,
-				},
-				MonitorDestination{
-					Name:          "second",
-					SourceIp:      "10.1.1.1",
-					DestinationIp: "10.2.2.2",
-				},
-			},
-		}},
-		{"v3 fqdn", version.Number{9, 0, 0, ""}, Entry{
-			Name:       "seven",
-			Type:       NextHopFqdn,
-			NextHop:    "example.com",
-			BfdProfile: "myBfdProfile",
-		}},
-	}
-}
diff --git a/netw/routing/router/const.go b/netw/routing/router/const.go
deleted file mode 100644
index 262c9961..00000000
--- a/netw/routing/router/const.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package router
-
-// Valid values for EcmpLoadBalanceMethod.
-const (
-	EcmpLoadBalanceMethodIpModulo           = "ip-modulo"
-	EcmpLoadBalanceMethodIpHash             = "ip-hash"
-	EcmpLoadBalanceMethodWeightedRoundRobin = "weighted-round-robin"
-	EcmpLoadBalanceMethodBalancedRoundRobin = "balanced-round-robin"
-)
-
-const (
-	singular = "virtual router"
-	plural   = "virtual routers"
-)
diff --git a/netw/routing/router/doc.go b/netw/routing/router/doc.go
deleted file mode 100644
index dc00be9c..00000000
--- a/netw/routing/router/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package router is the client.Network.VirtualRouter namespace.
-
-Virtual routers can be imported into a vsys.
-
-Normalized object:  Entry
-*/
-package router
diff --git a/netw/routing/router/entry.go b/netw/routing/router/entry.go
deleted file mode 100644
index e0de41eb..00000000
--- a/netw/routing/router/entry.go
+++ /dev/null
@@ -1,367 +0,0 @@
-package router
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a virtual
-// router.
-type Entry struct {
-	Name                             string
-	Interfaces                       []string
-	StaticDist                       int
-	StaticIpv6Dist                   int
-	OspfIntDist                      int
-	OspfExtDist                      int
-	Ospfv3IntDist                    int
-	Ospfv3ExtDist                    int
-	IbgpDist                         int
-	EbgpDist                         int
-	RipDist                          int
-	EnableEcmp                       bool
-	EcmpSymmetricReturn              bool
-	EcmpStrictSourcePath             bool
-	EcmpMaxPath                      int
-	EcmpLoadBalanceMethod            string
-	EcmpHashSourceOnly               bool
-	EcmpHashUsePort                  bool
-	EcmpHashSeed                     int
-	EcmpWeightedRoundRobinInterfaces map[string]int
-
-	raw map[string]string
-}
-
-// Defaults sets params with uninitialized values to their GUI default setting.
-//
-// The defaults are as follows:
-//      * StaticDist: 10
-//      * StaticIpv6Dist: 10
-//      * OspfIntDist: 30
-//      * OspfExtDist: 110
-//      * Ospfv3IntDist: 30
-//      * Ospfv3ExtDist: 110
-//      * IbgpDist: 200
-//      * EbgpDist: 20
-//      * RipDist: 120
-func (o *Entry) Defaults() {
-	if o.StaticDist == 0 {
-		o.StaticDist = 10
-	}
-
-	if o.StaticIpv6Dist == 0 {
-		o.StaticIpv6Dist = 10
-	}
-
-	if o.OspfIntDist == 0 {
-		o.OspfIntDist = 30
-	}
-
-	if o.OspfExtDist == 0 {
-		o.OspfExtDist = 110
-	}
-
-	if o.Ospfv3IntDist == 0 {
-		o.Ospfv3IntDist = 30
-	}
-
-	if o.Ospfv3ExtDist == 0 {
-		o.Ospfv3ExtDist = 110
-	}
-
-	if o.IbgpDist == 0 {
-		o.IbgpDist = 200
-	}
-
-	if o.EbgpDist == 0 {
-		o.EbgpDist = 20
-	}
-
-	if o.RipDist == 0 {
-		o.RipDist = 120
-	}
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Interfaces = make([]string, len(s.Interfaces))
-	copy(o.Interfaces, s.Interfaces)
-	o.StaticDist = s.StaticDist
-	o.StaticIpv6Dist = s.StaticIpv6Dist
-	o.OspfIntDist = s.OspfIntDist
-	o.OspfExtDist = s.OspfExtDist
-	o.Ospfv3IntDist = s.Ospfv3IntDist
-	o.Ospfv3ExtDist = s.Ospfv3ExtDist
-	o.IbgpDist = s.IbgpDist
-	o.EbgpDist = s.EbgpDist
-	o.RipDist = s.RipDist
-	o.EnableEcmp = s.EnableEcmp
-	o.EcmpSymmetricReturn = s.EcmpSymmetricReturn
-	o.EcmpStrictSourcePath = s.EcmpStrictSourcePath
-	o.EcmpMaxPath = s.EcmpMaxPath
-	o.EcmpLoadBalanceMethod = s.EcmpLoadBalanceMethod
-	o.EcmpHashSourceOnly = s.EcmpHashSourceOnly
-	o.EcmpHashUsePort = s.EcmpHashUsePort
-	o.EcmpHashSeed = s.EcmpHashSeed
-	o.EcmpWeightedRoundRobinInterfaces = s.EcmpWeightedRoundRobinInterfaces
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		Interfaces: util.MemToStr(o.Interfaces),
-	}
-
-	if o.Dist != nil {
-		ans.StaticDist = o.Dist.StaticDist
-		ans.StaticIpv6Dist = o.Dist.StaticIpv6Dist
-		ans.OspfIntDist = o.Dist.OspfIntDist
-		ans.OspfExtDist = o.Dist.OspfExtDist
-		ans.Ospfv3IntDist = o.Dist.Ospfv3IntDist
-		ans.Ospfv3ExtDist = o.Dist.Ospfv3ExtDist
-		ans.IbgpDist = o.Dist.IbgpDist
-		ans.EbgpDist = o.Dist.EbgpDist
-		ans.RipDist = o.Dist.RipDist
-	}
-
-	if o.Ecmp != nil {
-		ans.EnableEcmp = util.AsBool(o.Ecmp.EnableEcmp)
-		ans.EcmpSymmetricReturn = util.AsBool(o.Ecmp.EcmpSymmetricReturn)
-		ans.EcmpStrictSourcePath = util.AsBool(o.Ecmp.EcmpStrictSourcePath)
-		ans.EcmpMaxPath = o.Ecmp.EcmpMaxPath
-
-		if o.Ecmp.Algorithm != nil {
-			if o.Ecmp.Algorithm.IpModulo != nil {
-				ans.EcmpLoadBalanceMethod = EcmpLoadBalanceMethodIpModulo
-			} else if o.Ecmp.Algorithm.IpHash != nil {
-				ans.EcmpLoadBalanceMethod = EcmpLoadBalanceMethodIpHash
-				ans.EcmpHashSourceOnly = util.AsBool(o.Ecmp.Algorithm.IpHash.EcmpHashSourceOnly)
-				ans.EcmpHashUsePort = util.AsBool(o.Ecmp.Algorithm.IpHash.EcmpHashUsePort)
-				ans.EcmpHashSeed = o.Ecmp.Algorithm.IpHash.EcmpHashSeed
-			} else if o.Ecmp.Algorithm.Wrr != nil {
-				ans.EcmpLoadBalanceMethod = EcmpLoadBalanceMethodWeightedRoundRobin
-				if o.Ecmp.Algorithm.Wrr.Interfaces != nil {
-					ans.EcmpWeightedRoundRobinInterfaces = make(map[string]int)
-					for _, v := range o.Ecmp.Algorithm.Wrr.Interfaces.Entries {
-						ans.EcmpWeightedRoundRobinInterfaces[v.Interface] = v.Weight
-					}
-				}
-			} else if o.Ecmp.Algorithm.Brr != nil {
-				ans.EcmpLoadBalanceMethod = EcmpLoadBalanceMethodBalancedRoundRobin
-			}
-		}
-	}
-
-	ans.raw = make(map[string]string)
-	if o.Multicast != nil {
-		ans.raw["multicast"] = util.CleanRawXml(o.Multicast.Text)
-	}
-	if o.Protocol != nil {
-		ans.raw["protocol"] = util.CleanRawXml(o.Protocol.Text)
-	}
-	if o.Routing != nil {
-		ans.raw["routing"] = util.CleanRawXml(o.Routing.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName    xml.Name         `xml:"entry"`
-	Name       string           `xml:"name,attr"`
-	Interfaces *util.MemberType `xml:"interface"`
-	Dist       *dist            `xml:"admin-dists"`
-	Ecmp       *ecmp            `xml:"ecmp"`
-	Multicast  *util.RawXml     `xml:"multicast"`
-	Protocol   *util.RawXml     `xml:"protocol"`
-	Routing    *util.RawXml     `xml:"routing-table"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		Dist: &dist{
-			StaticDist:     10,
-			StaticIpv6Dist: 10,
-			OspfIntDist:    30,
-			OspfExtDist:    110,
-			Ospfv3IntDist:  30,
-			Ospfv3ExtDist:  110,
-			IbgpDist:       200,
-			EbgpDist:       20,
-			RipDist:        120,
-		},
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-type dist struct {
-	StaticDist     int `xml:"static,omitempty"`
-	StaticIpv6Dist int `xml:"static-ipv6,omitempty"`
-	OspfIntDist    int `xml:"ospf-int,omitempty"`
-	OspfExtDist    int `xml:"ospf-ext,omitempty"`
-	Ospfv3IntDist  int `xml:"ospfv3-int,omitempty"`
-	Ospfv3ExtDist  int `xml:"ospfv3-ext,omitempty"`
-	IbgpDist       int `xml:"ibgp,omitempty"`
-	EbgpDist       int `xml:"ebgp,omitempty"`
-	RipDist        int `xml:"rip,omitempty"`
-}
-
-type ecmp struct {
-	EnableEcmp           string     `xml:"enable"`
-	EcmpSymmetricReturn  string     `xml:"symmetric-return"`
-	EcmpStrictSourcePath string     `xml:"strict-source-path"`
-	EcmpMaxPath          int        `xml:"max-path,omitempty"`
-	Algorithm            *algorithm `xml:"algorithm"`
-}
-
-type algorithm struct {
-	IpModulo *string `xml:"ip-modulo"`
-	IpHash   *ipHash `xml:"ip-hash"`
-	Wrr      *wrr    `xml:"weighted-round-robin"`
-	Brr      *string `xml:"balanced-round-robin"`
-}
-
-type ipHash struct {
-	EcmpHashSourceOnly string `xml:"src-only"`
-	EcmpHashUsePort    string `xml:"use-port"`
-	EcmpHashSeed       int    `xml:"hash-seed,omitempty"`
-}
-
-type wrr struct {
-	Interfaces *wrrInterfaces `xml:"interface"`
-}
-
-type wrrInterfaces struct {
-	Entries []wrrInterface `xml:"entry"`
-}
-
-type wrrInterface struct {
-	XMLName   xml.Name `xml:"entry"`
-	Interface string   `xml:"name,attr"`
-	Weight    int      `xml:"weight,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:       e.Name,
-		Interfaces: util.StrToMem(e.Interfaces),
-	}
-
-	if e.StaticDist != 0 || e.StaticIpv6Dist != 0 || e.OspfIntDist != 0 || e.OspfExtDist != 0 || e.Ospfv3IntDist != 0 || e.Ospfv3ExtDist != 0 || e.IbgpDist != 0 || e.EbgpDist != 0 || e.RipDist != 0 {
-		ans.Dist = &dist{
-			StaticDist:     e.StaticDist,
-			StaticIpv6Dist: e.StaticIpv6Dist,
-			OspfIntDist:    e.OspfIntDist,
-			OspfExtDist:    e.OspfExtDist,
-			Ospfv3IntDist:  e.Ospfv3IntDist,
-			Ospfv3ExtDist:  e.Ospfv3ExtDist,
-			IbgpDist:       e.IbgpDist,
-			EbgpDist:       e.EbgpDist,
-			RipDist:        e.RipDist,
-		}
-	}
-
-	if e.EnableEcmp || e.EcmpSymmetricReturn || e.EcmpStrictSourcePath || e.EcmpMaxPath != 0 || e.EcmpLoadBalanceMethod != "" {
-		s := ""
-		ans.Ecmp = &ecmp{
-			EnableEcmp:           util.YesNo(e.EnableEcmp),
-			EcmpSymmetricReturn:  util.YesNo(e.EcmpSymmetricReturn),
-			EcmpStrictSourcePath: util.YesNo(e.EcmpStrictSourcePath),
-			EcmpMaxPath:          e.EcmpMaxPath,
-		}
-
-		switch e.EcmpLoadBalanceMethod {
-		case EcmpLoadBalanceMethodIpModulo:
-			ans.Ecmp.Algorithm = &algorithm{
-				IpModulo: &s,
-			}
-		case EcmpLoadBalanceMethodIpHash:
-			ans.Ecmp.Algorithm = &algorithm{
-				IpHash: &ipHash{
-					EcmpHashSourceOnly: util.YesNo(e.EcmpHashSourceOnly),
-					EcmpHashUsePort:    util.YesNo(e.EcmpHashUsePort),
-					EcmpHashSeed:       e.EcmpHashSeed,
-				},
-			}
-		case EcmpLoadBalanceMethodWeightedRoundRobin:
-			ans.Ecmp.Algorithm = &algorithm{
-				Wrr: &wrr{},
-			}
-			if len(e.EcmpWeightedRoundRobinInterfaces) > 0 {
-				list := make([]wrrInterface, 0, len(e.EcmpWeightedRoundRobinInterfaces))
-				for name, weight := range e.EcmpWeightedRoundRobinInterfaces {
-					list = append(list, wrrInterface{
-						Interface: name,
-						Weight:    weight,
-					})
-				}
-				ans.Ecmp.Algorithm.Wrr.Interfaces = &wrrInterfaces{
-					Entries: list,
-				}
-			}
-		case EcmpLoadBalanceMethodBalancedRoundRobin:
-			ans.Ecmp.Algorithm = &algorithm{
-				Brr: &s,
-			}
-		}
-	}
-
-	if text, present := e.raw["multicast"]; present {
-		ans.Multicast = &util.RawXml{text}
-	}
-	if text, present := e.raw["protocol"]; present {
-		ans.Protocol = &util.RawXml{text}
-	}
-	if text, present := e.raw["routing"]; present {
-		ans.Routing = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/netw/routing/router/funcs.go b/netw/routing/router/funcs.go
deleted file mode 100644
index dab3d158..00000000
--- a/netw/routing/router/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package router
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.VirtualRouterImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.VirtualRouterImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/routing/router/fw.go b/netw/routing/router/fw.go
deleted file mode 100644
index a3a81786..00000000
--- a/netw/routing/router/fw.go
+++ /dev/null
@@ -1,157 +0,0 @@
-package router
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.VirtualRouter namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-/*
-SetInterface performs a SET to add an interface to a virtual router.
-
-The virtual router can be either a string or an Entry object.
-*/
-func (c *Firewall) SetInterface(vr interface{}, iface string) error {
-	names, err := toNames([]interface{}{vr})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	c.ns.Client.LogAction("(set) interface for %s %q: %s", singular, name, iface)
-
-	path, _ := c.xpath([]string{name})
-	path = append(path, "interface")
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: iface}, nil, nil)
-	return err
-}
-
-/*
-DeleteInterface performs a DELETE to remove an interface from a virtual router.
-
-The virtual router can be either a string or an Entry object.
-*/
-func (c *Firewall) DeleteInterface(vr interface{}, iface string) error {
-	names, err := toNames([]interface{}{vr})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	c.ns.Client.LogAction("(delete) interface for %s %q: %s", singular, name, iface)
-
-	path, _ := c.xpath([]string{name})
-	path = append(path, "interface", util.AsMemberXpath([]string{iface}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// CleanupDefault clears the `default` route configuration instead of deleting
-// it outright.  This involves unimporting the route "default" from the given
-// vsys, then performing an `EDIT` with an empty router.Entry object.
-func (c *Firewall) CleanupDefault() error {
-	c.ns.Client.LogAction("(action) cleaning up %s: default", c.ns.Singular)
-
-	// Cleanup the interfaces the virtual router refers to.
-	info := Entry{Name: "default"}
-	return c.Edit("", info)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/router/fw_test.go b/netw/routing/router/fw_test.go
deleted file mode 100644
index 337e04b5..00000000
--- a/netw/routing/router/fw_test.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package router
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			if tc.doDefaults {
-				tc.conf.Defaults()
-			}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.vsys != mc.Vsys {
-					t.Errorf("vsys: %s != %s", tc.vsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
-
-func TestAllDistancesDefault(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="foo">
-    <interface>
-        <member>ethernet1/1</member>
-    </interface>
-</entry>
-`)
-	ans, err := ns.Get("foo")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if len(ans.Interfaces) != 1 {
-		t.Errorf("Interfaces is len %d, not 1", len(ans.Interfaces))
-	} else if ans.Interfaces[0] != "ethernet1/1" {
-		t.Errorf("entry.Interfaces[0] = %q, not \"ethernet1/1\"", ans.Interfaces[0])
-	} else {
-		if ans.StaticDist != 10 || ans.StaticIpv6Dist != 10 || ans.OspfIntDist != 30 || ans.OspfExtDist != 110 || ans.Ospfv3IntDist != 30 || ans.Ospfv3ExtDist != 110 || ans.IbgpDist != 200 || ans.EbgpDist != 20 || ans.RipDist != 120 {
-			t.Errorf("ans defaults are wrong: %#v", ans)
-		}
-	}
-}
-
-func TestPartialDistancesWithDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := FirewallNamespace(mc)
-	mc.AddResp(`
-<entry name="foo">
-    <interface>
-        <member>ethernet1/1</member>
-    </interface>
-    <admin-dists>
-        <static>1</static>
-        <ospf-int>2</ospf-int>
-        <ospfv3-int>3</ospfv3-int>
-        <ibgp>4</ibgp>
-        <rip>5</rip>
-    </admin-dists>
-</entry>
-`)
-	ans, err := ns.Get("foo")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if len(ans.Interfaces) != 1 {
-		t.Errorf("Interfaces is len %d, not 1", len(ans.Interfaces))
-	} else if ans.Interfaces[0] != "ethernet1/1" {
-		t.Errorf("entry.Interfaces[0] = %q, not \"ethernet1/1\"", ans.Interfaces[0])
-	} else {
-		if ans.StaticDist != 1 || ans.StaticIpv6Dist != 10 || ans.OspfIntDist != 2 || ans.OspfExtDist != 110 || ans.Ospfv3IntDist != 3 || ans.Ospfv3ExtDist != 110 || ans.IbgpDist != 4 || ans.EbgpDist != 20 || ans.RipDist != 5 {
-			t.Errorf("ans defaults are wrong: %#v", ans)
-		}
-	}
-}
diff --git a/netw/routing/router/pano.go b/netw/routing/router/pano.go
deleted file mode 100644
index 41427687..00000000
--- a/netw/routing/router/pano.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package router
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.VirtualRouter namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-/*
-SetInterface performs a SET to add an interface to a virtual router.
-
-The virtual router can be either a string or an Entry object.
-*/
-func (c *Panorama) SetInterface(tmpl, ts string, vr interface{}, iface string) error {
-	names, err := toNames([]interface{}{vr})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	c.ns.Client.LogAction("(set) interface for %s %q: %s", singular, name, iface)
-
-	path, err := c.xpath(tmpl, ts, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "interface")
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: iface}, nil, nil)
-	return err
-}
-
-/*
-DeleteInterface performs a DELETE to remove an interface from a virtual router.
-
-The virtual router can be either a string or an Entry object.
-*/
-func (c *Panorama) DeleteInterface(tmpl, ts string, vr interface{}, iface string) error {
-	names, err := toNames([]interface{}{vr})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	c.ns.Client.LogAction("(delete) interface for %s %q: %s", singular, name, iface)
-
-	path, err := c.xpath(tmpl, ts, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "interface", util.AsMemberXpath([]string{iface}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// CleanupDefault clears the `default` route configuration instead of deleting
-// it outright.  This involves unimporting the route "default" from the given
-// vsys, then performing an `EDIT` with an empty router.Entry object.
-func (c *Panorama) CleanupDefault(tmpl, ts string) error {
-	c.ns.Client.LogAction("(action) cleaning up %s: default", c.ns.Singular)
-
-	// Cleanup the interfaces the virtual router refers to.
-	info := Entry{Name: "default"}
-	return c.Edit(tmpl, ts, "", info)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 11)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"virtual-router",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/routing/router/pano_test.go b/netw/routing/router/pano_test.go
deleted file mode 100644
index 50574fa8..00000000
--- a/netw/routing/router/pano_test.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package router
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			if tc.tmpl == "" {
-				t.Skip()
-			}
-			if tc.doDefaults {
-				tc.conf.Defaults()
-			}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.tmpl, "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.tmpl != mc.Template {
-					t.Errorf("template: %s != %s", tc.tmpl, mc.Template)
-				}
-				if tc.vsys != mc.Vsys {
-					t.Errorf("vsys: %s != %s", tc.vsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
-
-func TestPanoAllDistancesDefault(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := PanoramaNamespace(mc)
-	mc.AddResp(`
-<entry name="foo">
-    <interface>
-        <member>ethernet1/1</member>
-    </interface>
-</entry>
-`)
-	ans, err := ns.Get("myTmpl", "", "foo")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if len(ans.Interfaces) != 1 {
-		t.Errorf("Interfaces is len %d, not 1", len(ans.Interfaces))
-	} else if ans.Interfaces[0] != "ethernet1/1" {
-		t.Errorf("entry.Interfaces[0] = %q, not \"ethernet1/1\"", ans.Interfaces[0])
-	} else {
-		if ans.StaticDist != 10 || ans.StaticIpv6Dist != 10 || ans.OspfIntDist != 30 || ans.OspfExtDist != 110 || ans.Ospfv3IntDist != 30 || ans.Ospfv3ExtDist != 110 || ans.IbgpDist != 200 || ans.EbgpDist != 20 || ans.RipDist != 120 {
-			t.Errorf("ans defaults are wrong: %#v", ans)
-		}
-	}
-}
-
-func TestPanoPartialDistancesWithDefaults(t *testing.T) {
-	mc := &testdata.MockClient{
-		Version: version.Number{6, 1, 0, ""},
-	}
-	ns := PanoramaNamespace(mc)
-	mc.AddResp(`
-<entry name="foo">
-    <interface>
-        <member>ethernet1/1</member>
-    </interface>
-    <admin-dists>
-        <static>1</static>
-        <ospf-int>2</ospf-int>
-        <ospfv3-int>3</ospfv3-int>
-        <ibgp>4</ibgp>
-        <rip>5</rip>
-    </admin-dists>
-</entry>
-`)
-	ans, err := ns.Get("myTmpl", "", "foo")
-	if err != nil {
-		t.Errorf("Error in get: %s", err)
-	} else if len(ans.Interfaces) != 1 {
-		t.Errorf("Interfaces is len %d, not 1", len(ans.Interfaces))
-	} else if ans.Interfaces[0] != "ethernet1/1" {
-		t.Errorf("entry.Interfaces[0] = %q, not \"ethernet1/1\"", ans.Interfaces[0])
-	} else {
-		if ans.StaticDist != 1 || ans.StaticIpv6Dist != 10 || ans.OspfIntDist != 2 || ans.OspfExtDist != 110 || ans.Ospfv3IntDist != 3 || ans.Ospfv3ExtDist != 110 || ans.IbgpDist != 4 || ans.EbgpDist != 20 || ans.RipDist != 5 {
-			t.Errorf("ans defaults are wrong: %#v", ans)
-		}
-	}
-}
diff --git a/netw/routing/router/testdata_test.go b/netw/routing/router/testdata_test.go
deleted file mode 100644
index 7a188bbd..00000000
--- a/netw/routing/router/testdata_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package router
-
-type testCase struct {
-	desc       string
-	tmpl       string
-	vsys       string
-	doDefaults bool
-	imports    []string
-	conf       Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"with defaults and import", "x", "vsys2", true, []string{"one"}, Entry{
-			Name:       "one",
-			Interfaces: []string{"ethernet1/1", "ethernet1/2"},
-		}},
-		{"no defaults or import", "", "", false, []string{"two"}, Entry{
-			Name:           "two",
-			Interfaces:     []string{"ethernet1/3", "ethernet1/4"},
-			StaticDist:     1,
-			StaticIpv6Dist: 2,
-			OspfIntDist:    3,
-			OspfExtDist:    4,
-			Ospfv3IntDist:  5,
-			Ospfv3ExtDist:  6,
-			IbgpDist:       7,
-			EbgpDist:       8,
-			RipDist:        9,
-		}},
-		{"with raw fields", "y", "vsys3", true, []string{"foo"}, Entry{
-			Name: "foo",
-			raw: map[string]string{
-				"multicast": "<multicast><raw>multicast</raw></multicast>",
-				"protocol":  "<protocol><some><proto>field</proto></some></protocol>",
-				"routing":   "<routing-table><route1>something</route1><route2>b</route2></routing-table>",
-			},
-		}},
-		{"ecmp ip modulo", "x", "vsys1", false, []string{"ecmp1"}, Entry{
-			Name:                  "ecmp1",
-			EnableEcmp:            true,
-			EcmpMaxPath:           7,
-			EcmpLoadBalanceMethod: EcmpLoadBalanceMethodIpModulo,
-			StaticDist:            1,
-			StaticIpv6Dist:        2,
-			OspfIntDist:           3,
-			OspfExtDist:           4,
-			Ospfv3IntDist:         5,
-			Ospfv3ExtDist:         6,
-			IbgpDist:              7,
-			EbgpDist:              8,
-			RipDist:               9,
-			raw: map[string]string{
-				"multicast": "<multicast><raw>multicast</raw></multicast>",
-			},
-		}},
-		{"ecmp ip hash", "x", "vsys1", false, []string{"ecmp2"}, Entry{
-			Name:                  "ecmp2",
-			EcmpSymmetricReturn:   true,
-			EcmpMaxPath:           8,
-			EcmpLoadBalanceMethod: EcmpLoadBalanceMethodIpHash,
-			EcmpHashSourceOnly:    true,
-			EcmpHashUsePort:       true,
-			EcmpHashSeed:          3,
-			StaticDist:            1,
-			StaticIpv6Dist:        2,
-			OspfIntDist:           3,
-			OspfExtDist:           4,
-			Ospfv3IntDist:         5,
-			Ospfv3ExtDist:         6,
-			IbgpDist:              7,
-			EbgpDist:              8,
-			RipDist:               9,
-			raw: map[string]string{
-				"protocol": "<protocol><some><proto>field</proto></some></protocol>",
-			},
-		}},
-		{"ecmp wrr", "x", "vsys1", false, []string{"ecmp3"}, Entry{
-			Name:                  "ecmp3",
-			EcmpStrictSourcePath:  true,
-			EcmpMaxPath:           9,
-			EcmpLoadBalanceMethod: EcmpLoadBalanceMethodWeightedRoundRobin,
-			EcmpWeightedRoundRobinInterfaces: map[string]int{
-				"ethernet1/1": 1,
-				"ethernet1/2": 3,
-				"ethernet1/5": 8,
-			},
-			StaticDist:     1,
-			StaticIpv6Dist: 2,
-			OspfIntDist:    3,
-			OspfExtDist:    4,
-			Ospfv3IntDist:  5,
-			Ospfv3ExtDist:  6,
-			IbgpDist:       7,
-			EbgpDist:       8,
-			RipDist:        9,
-			raw: map[string]string{
-				"routing": "<routing-table><route1>something</route1><route2>b</route2></routing-table>",
-			},
-		}},
-		{"ecmp brr", "x", "vsys1", false, []string{"ecmp4"}, Entry{
-			Name:                  "ecmp4",
-			EnableEcmp:            true,
-			EcmpSymmetricReturn:   true,
-			EcmpStrictSourcePath:  true,
-			EcmpMaxPath:           7,
-			EcmpLoadBalanceMethod: EcmpLoadBalanceMethodBalancedRoundRobin,
-			StaticDist:            1,
-			StaticIpv6Dist:        2,
-			OspfIntDist:           3,
-			OspfExtDist:           4,
-			Ospfv3IntDist:         5,
-			Ospfv3ExtDist:         6,
-			IbgpDist:              7,
-			EbgpDist:              8,
-			RipDist:               9,
-			raw: map[string]string{
-				"multicast": "<multicast><raw>multicast</raw></multicast>",
-				"protocol":  "<protocol><some><proto>field</proto></some></protocol>",
-				"routing":   "<routing-table><route1>something</route1><route2>b</route2></routing-table>",
-			},
-		}},
-	}
-}
diff --git a/netw/tunnel/gre/const.go b/netw/tunnel/gre/const.go
deleted file mode 100644
index 15bfebb5..00000000
--- a/netw/tunnel/gre/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package gre
-
-// Valid LocalAddressType values.
-const (
-	LocalAddressTypeIp         = "ip"
-	LocalAddressTypeFloatingIp = "floating-ip"
-)
-
-const (
-	singular = "gre tunnel"
-	plural   = "gre tunnels"
-)
diff --git a/netw/tunnel/gre/doc.go b/netw/tunnel/gre/doc.go
deleted file mode 100644
index 89584d53..00000000
--- a/netw/tunnel/gre/doc.go
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
-Package gre is the client.Network.GreTunnel namespace.
-
-Only valid for PAN-OS 9.0+.
-
-GRE tunnels are not imported into the vsys.
-
-Panorama seems to have GRE tunnels in templates only, not template stacks.
-
-Normalized object:  Entry
-*/
-package gre
diff --git a/netw/tunnel/gre/entry.go b/netw/tunnel/gre/entry.go
deleted file mode 100644
index 0a7715a3..00000000
--- a/netw/tunnel/gre/entry.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package gre
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a peer.
-type Entry struct {
-	Name               string
-	Interface          string
-	LocalAddressType   string
-	LocalAddressValue  string
-	PeerAddress        string
-	TunnelInterface    string
-	Ttl                int
-	CopyTos            bool
-	EnableKeepAlive    bool
-	KeepAliveInterval  int
-	KeepAliveRetry     int
-	KeepAliveHoldTimer int
-	Disabled           bool
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Interface = s.Interface
-	o.LocalAddressType = s.LocalAddressType
-	o.LocalAddressValue = s.LocalAddressValue
-	o.PeerAddress = s.PeerAddress
-	o.TunnelInterface = s.TunnelInterface
-	o.Ttl = s.Ttl
-	o.CopyTos = s.CopyTos
-	o.EnableKeepAlive = s.EnableKeepAlive
-	o.KeepAliveInterval = s.KeepAliveInterval
-	o.KeepAliveRetry = s.KeepAliveRetry
-	o.KeepAliveHoldTimer = s.KeepAliveHoldTimer
-	o.Disabled = s.Disabled
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		Interface:       o.Local.Interface,
-		PeerAddress:     o.Peer.PeerAddress,
-		TunnelInterface: o.TunnelInterface,
-		Ttl:             o.Ttl,
-		CopyTos:         util.AsBool(o.CopyTos),
-		Disabled:        util.AsBool(o.Disabled),
-	}
-
-	if o.Local.Ip != "" {
-		ans.LocalAddressType = LocalAddressTypeIp
-		ans.LocalAddressValue = o.Local.Ip
-	} else if o.Local.FloatingIp != "" {
-		ans.LocalAddressType = LocalAddressTypeFloatingIp
-		ans.LocalAddressValue = o.Local.FloatingIp
-	}
-
-	if o.KeepAlive != nil {
-		ans.EnableKeepAlive = util.AsBool(o.KeepAlive.EnableKeepAlive)
-		ans.KeepAliveInterval = o.KeepAlive.KeepAliveInterval
-		ans.KeepAliveRetry = o.KeepAlive.KeepAliveRetry
-		ans.KeepAliveHoldTimer = o.KeepAlive.KeepAliveHoldTimer
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name     `xml:"entry"`
-	Name            string       `xml:"name,attr"`
-	Local           localAddress `xml:"local-address"`
-	Peer            peerAddress  `xml:"peer-address"`
-	TunnelInterface string       `xml:"tunnel-interface"`
-	Ttl             int          `xml:"ttl,omitempty"`
-	CopyTos         string       `xml:"copy-tos"`
-	KeepAlive       *ka          `xml:"keep-alive"`
-	Disabled        string       `xml:"disabled"`
-}
-
-type localAddress struct {
-	Interface  string `xml:"interface"`
-	Ip         string `xml:"ip,omitempty"`
-	FloatingIp string `xml:"floating-ip,omitempty"`
-}
-
-type peerAddress struct {
-	PeerAddress string `xml:"ip"`
-}
-
-type ka struct {
-	EnableKeepAlive    string `xml:"enable"`
-	KeepAliveInterval  int    `xml:"interval,omitempty"`
-	KeepAliveRetry     int    `xml:"retry,omitempty"`
-	KeepAliveHoldTimer int    `xml:"hold-timer,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-		Local: localAddress{
-			Interface: e.Interface,
-		},
-		Peer: peerAddress{
-			PeerAddress: e.PeerAddress,
-		},
-		TunnelInterface: e.TunnelInterface,
-		Ttl:             e.Ttl,
-		CopyTos:         util.YesNo(e.CopyTos),
-		Disabled:        util.YesNo(e.Disabled),
-	}
-
-	switch e.LocalAddressType {
-	case LocalAddressTypeIp:
-		ans.Local.Ip = e.LocalAddressValue
-	case LocalAddressTypeFloatingIp:
-		ans.Local.FloatingIp = e.LocalAddressValue
-	}
-
-	if e.EnableKeepAlive || e.KeepAliveInterval != 0 || e.KeepAliveRetry != 0 || e.KeepAliveHoldTimer != 0 {
-		ans.KeepAlive = &ka{
-			EnableKeepAlive:    util.YesNo(e.EnableKeepAlive),
-			KeepAliveInterval:  e.KeepAliveInterval,
-			KeepAliveRetry:     e.KeepAliveRetry,
-			KeepAliveHoldTimer: e.KeepAliveHoldTimer,
-		}
-	}
-
-	return ans
-}
diff --git a/netw/tunnel/gre/funcs.go b/netw/tunnel/gre/funcs.go
deleted file mode 100644
index 805ce782..00000000
--- a/netw/tunnel/gre/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package gre
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/tunnel/gre/fw.go b/netw/tunnel/gre/fw.go
deleted file mode 100644
index 85bf0bfa..00000000
--- a/netw/tunnel/gre/fw.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package gre
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.GreTunnel namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"gre",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/tunnel/gre/fw_test.go b/netw/tunnel/gre/fw_test.go
deleted file mode 100644
index f263d941..00000000
--- a/netw/tunnel/gre/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package gre
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/tunnel/gre/pano.go b/netw/tunnel/gre/pano.go
deleted file mode 100644
index 2b70822a..00000000
--- a/netw/tunnel/gre/pano.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package gre
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.GreTunnel namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"tunnel",
-		"gre",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/tunnel/gre/pano_test.go b/netw/tunnel/gre/pano_test.go
deleted file mode 100644
index 6945e985..00000000
--- a/netw/tunnel/gre/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package gre
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/tunnel/gre/testdata_test.go b/netw/tunnel/gre/testdata_test.go
deleted file mode 100644
index 5c6ba22c..00000000
--- a/netw/tunnel/gre/testdata_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package gre
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 ip no keep alive", version.Number{9, 0, 0, ""}, Entry{
-			Name:              "v1",
-			Interface:         "ethernet1/1",
-			LocalAddressType:  LocalAddressTypeIp,
-			LocalAddressValue: "192.168.1.1",
-			PeerAddress:       "10.1.1.1",
-			TunnelInterface:   "tunnel.1",
-			Ttl:               50,
-			CopyTos:           true,
-			Disabled:          false,
-		}},
-		{"v1 floating ip no keep alive", version.Number{9, 0, 0, ""}, Entry{
-			Name:              "v1",
-			Interface:         "ethernet1/1",
-			LocalAddressType:  LocalAddressTypeFloatingIp,
-			LocalAddressValue: "192.168.1.1",
-			PeerAddress:       "10.1.1.1",
-			TunnelInterface:   "tunnel.1",
-			Ttl:               60,
-			CopyTos:           false,
-			Disabled:          true,
-		}},
-		{"v1 ip with keep alive", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "v1",
-			Interface:          "ethernet1/1",
-			LocalAddressType:   LocalAddressTypeIp,
-			LocalAddressValue:  "192.168.1.1",
-			PeerAddress:        "10.1.1.1",
-			TunnelInterface:    "tunnel.1",
-			Ttl:                70,
-			EnableKeepAlive:    true,
-			KeepAliveInterval:  2,
-			KeepAliveRetry:     3,
-			KeepAliveHoldTimer: 4,
-		}},
-	}
-}
diff --git a/netw/vlan/const.go b/netw/vlan/const.go
deleted file mode 100644
index dafea81b..00000000
--- a/netw/vlan/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package vlan
-
-const (
-	singular = "vlan"
-	plural   = "vlans"
-)
diff --git a/netw/vlan/doc.go b/netw/vlan/doc.go
deleted file mode 100644
index d43eeded..00000000
--- a/netw/vlan/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package vlan is the client.Network.Vlan namespace.
-//
-// Normalized object:  Entry
-package vlan
diff --git a/netw/vlan/entry.go b/netw/vlan/entry.go
deleted file mode 100644
index f0f6f583..00000000
--- a/netw/vlan/entry.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package vlan
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a VLAN.
-//
-// Static MAC addresses are given as a map[string] string, where the key is
-// the MAC address and the value is the interface it should be associated with.
-type Entry struct {
-	Name          string
-	VlanInterface string
-	Interfaces    []string // unordered
-	StaticMacs    map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry, copyMacs bool) {
-	o.VlanInterface = s.VlanInterface
-	o.Interfaces = s.Interfaces
-
-	if copyMacs {
-		o.StaticMacs = s.StaticMacs
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		Interfaces: util.MemToStr(o.Interfaces),
-	}
-
-	if o.Vi != nil {
-		ans.VlanInterface = o.Vi.VlanInterface
-	}
-
-	if len(o.Mac.Entry) > 0 {
-		ans.StaticMacs = make(map[string]string, len(o.Mac.Entry))
-		for i := range o.Mac.Entry {
-			ans.StaticMacs[o.Mac.Entry[i].Mac] = o.Mac.Entry[i].Interface
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName    xml.Name         `xml:"entry"`
-	Name       string           `xml:"name,attr"`
-	Vi         *vi              `xml:"virtual-interface"`
-	Interfaces *util.MemberType `xml:"interface"`
-	Mac        mac              `xml:"mac"`
-}
-
-type vi struct {
-	VlanInterface string `xml:"interface,omitempty"`
-}
-
-type mac struct {
-	Entry []macList `xml:"entry"`
-}
-
-type macList struct {
-	XMLName   xml.Name `xml:"entry"`
-	Mac       string   `xml:"name,attr"`
-	Interface string   `xml:"interface"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:       e.Name,
-		Interfaces: util.StrToMem(e.Interfaces),
-	}
-
-	if e.VlanInterface != "" {
-		ans.Vi = &vi{
-			VlanInterface: e.VlanInterface,
-		}
-	}
-
-	i := 0
-	ans.Mac.Entry = make([]macList, len(e.StaticMacs))
-	for key := range e.StaticMacs {
-		ans.Mac.Entry[i] = macList{Mac: key, Interface: e.StaticMacs[key]}
-		i = i + 1
-	}
-
-	return ans
-}
diff --git a/netw/vlan/funcs.go b/netw/vlan/funcs.go
deleted file mode 100644
index a12c1875..00000000
--- a/netw/vlan/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package vlan
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.ImportSpecifier {
-	ans := make([]namespace.ImportSpecifier, 0, len(e))
-
-	var val namespace.ImportSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Importable{
-			ImportPath: util.VlanImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Importable{
-			ImportPath: util.VlanImport,
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/vlan/fw.go b/netw/vlan/fw.go
deleted file mode 100644
index 4dc97d40..00000000
--- a/netw/vlan/fw.go
+++ /dev/null
@@ -1,215 +0,0 @@
-package vlan
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Vlan namespace.
-type Firewall struct {
-	ns *namespace.Importable
-}
-
-/*
-SetInterface performs a SET to add an interface to a VLAN.
-
-The VLAN can be either a string or an Entry object.
-The iface variable is the interface.
-The rmMacs and addMacs params are MAC addresses to remove/add that
-will reference the iface interface.
-*/
-func (c *Firewall) SetInterface(vlan interface{}, iface string, rmMacs, addMacs []string) error {
-	var (
-		name string
-		err  error
-	)
-
-	names, err := toNames([]interface{}{vlan})
-	if err != nil {
-		return err
-	}
-	name = names[0]
-
-	c.ns.Client.LogAction("(set) interface for %s %q: %s", singular, name, iface)
-
-	basePath, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	iPath := append(basePath, "interface")
-
-	if _, err = c.ns.Client.Set(iPath, util.Member{Value: iface}, nil, nil); err != nil {
-		return err
-	}
-
-	if len(rmMacs) > 0 {
-		c.ns.Client.LogAction("(delete) removing %q mac addresses: %#v", name, rmMacs)
-		rPath := append(basePath, "mac", util.AsEntryXpath(rmMacs))
-		if _, err = c.ns.Client.Delete(rPath, nil, nil); err != nil {
-			return err
-		}
-	}
-
-	if len(addMacs) > 0 {
-		c.ns.Client.LogAction("(set) adding %q mac addresses: %#v", name, addMacs)
-		d := util.BulkElement{XMLName: xml.Name{Local: "mac"}}
-		for i := range addMacs {
-			d.Data = append(d.Data, macList{Mac: addMacs[i], Interface: iface})
-		}
-		aPath := make([]string, 0, len(basePath)+1)
-		aPath = append(aPath, basePath...)
-		if len(addMacs) == 1 {
-			aPath = append(aPath, "mac")
-		}
-		if _, err = c.ns.Client.Set(aPath, d.Config(), nil, nil); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-/*
-DeleteInterface performs a DELETE to remove an interface from a VLAN.
-
-The VLAN can be either a string or an Entry object.
-
-All MAC addresses referencing this interface are deleted.
-*/
-func (c *Firewall) DeleteInterface(vlan interface{}, iface string) error {
-	var (
-		name string
-		err  error
-	)
-
-	names, err := toNames([]interface{}{vlan})
-	if err != nil {
-		return err
-	}
-	name = names[0]
-
-	o, err := c.Get(name)
-	if err != nil {
-		return err
-	}
-	rmMacs := make([]string, 0, len(o.StaticMacs))
-	for k, v := range o.StaticMacs {
-		if v == iface {
-			rmMacs = append(rmMacs, k)
-		}
-	}
-
-	c.ns.Client.LogAction("(delete) interface for %s %q: %s", singular, name, iface)
-
-	basePath, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	mPath := append(basePath, "mac", util.AsEntryXpath(rmMacs))
-	iPath := append(basePath, "interface", util.AsMemberXpath([]string{iface}))
-
-	if len(rmMacs) > 0 {
-		c.ns.Client.LogAction("(delete) removing %q mac addresses: %#v", iface, rmMacs)
-		if _, err = c.ns.Client.Delete(mPath, nil, nil); err != nil {
-			return err
-		}
-	}
-
-	_, err = c.ns.Client.Delete(iPath, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set("", "", vsys, c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit("", "", vsys, c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete("", "", c.pather(), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"vlan",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/vlan/fw_test.go b/netw/vlan/fw_test.go
deleted file mode 100644
index fe267582..00000000
--- a/netw/vlan/fw_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package vlan
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.vsys != mc.Vsys {
-					t.Errorf("vsys: %s != %s", tc.vsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/vlan/pano.go b/netw/vlan/pano.go
deleted file mode 100644
index 3398bdf9..00000000
--- a/netw/vlan/pano.go
+++ /dev/null
@@ -1,224 +0,0 @@
-package vlan
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Vlan namespace.
-type Panorama struct {
-	ns *namespace.Importable
-}
-
-/*
-SetInterface performs a SET to add an interface to a VLAN.
-
-The VLAN can be either a string or an Entry object.
-The iface variable is the interface.
-The rmMacs and addMacs params are MAC addresses to remove/add that
-will reference the iface interface.
-*/
-func (c *Panorama) SetInterface(tmpl, ts string, vlan interface{}, iface string, rmMacs, addMacs []string) error {
-	var (
-		name string
-		err  error
-	)
-
-	names, err := toNames([]interface{}{vlan})
-	if err != nil {
-		return err
-	}
-	name = names[0]
-
-	c.ns.Client.LogAction("(set) interface for %s %q: %s", singular, name, iface)
-
-	basePath, err := c.xpath(tmpl, ts, []string{name})
-	if err != nil {
-		return err
-	}
-	iPath := append(basePath, "interface")
-
-	if _, err = c.ns.Client.Set(iPath, util.Member{Value: iface}, nil, nil); err != nil {
-		return err
-	}
-
-	if len(rmMacs) > 0 {
-		c.ns.Client.LogAction("(delete) removing %q mac addresses: %#v", name, rmMacs)
-		rPath := append(basePath, "mac", util.AsEntryXpath(rmMacs))
-		if _, err = c.ns.Client.Delete(rPath, nil, nil); err != nil {
-			return err
-		}
-	}
-
-	if len(addMacs) > 0 {
-		c.ns.Client.LogAction("(set) adding %q mac addresses: %#v", name, addMacs)
-		d := util.BulkElement{XMLName: xml.Name{Local: "mac"}}
-		for i := range addMacs {
-			d.Data = append(d.Data, macList{Mac: addMacs[i], Interface: iface})
-		}
-		aPath := make([]string, 0, len(basePath)+1)
-		aPath = append(aPath, basePath...)
-		if len(addMacs) == 1 {
-			aPath = append(aPath, "mac")
-		}
-		if _, err = c.ns.Client.Set(aPath, d.Config(), nil, nil); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-/*
-DeleteInterface performs a DELETE to remove an interface from a VLAN.
-
-The VLAN can be either a string or an Entry object.
-
-All MAC addresses referencing this interface are deleted.
-*/
-func (c *Panorama) DeleteInterface(tmpl, ts string, vlan interface{}, iface string) error {
-	var (
-		name string
-		err  error
-	)
-
-	names, err := toNames([]interface{}{vlan})
-	if err != nil {
-		return err
-	}
-	name = names[0]
-
-	o, err := c.Get(tmpl, ts, name)
-	if err != nil {
-		return err
-	}
-	rmMacs := make([]string, 0, len(o.StaticMacs))
-	for k, v := range o.StaticMacs {
-		if v == iface {
-			rmMacs = append(rmMacs, k)
-		}
-	}
-
-	c.ns.Client.LogAction("(delete) interface for %s %q: %s", singular, name, iface)
-
-	basePath, err := c.xpath(tmpl, ts, []string{name})
-	if err != nil {
-		return err
-	}
-	mPath := append(basePath, "mac", util.AsEntryXpath(rmMacs))
-	iPath := append(basePath, "interface", util.AsMemberXpath([]string{iface}))
-
-	if len(rmMacs) > 0 {
-		c.ns.Client.LogAction("(delete) removing %q mac addresses: %#v", iface, rmMacs)
-		if _, err = c.ns.Client.Delete(mPath, nil, nil); err != nil {
-			return err
-		}
-	}
-
-	_, err = c.ns.Client.Delete(iPath, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(tmpl, ts, vsys, c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(tmpl, ts, vsys, c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(tmpl, ts, c.pather(tmpl, ts), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 11)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"network",
-		"vlan",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/vlan/pano_test.go b/netw/vlan/pano_test.go
deleted file mode 100644
index 9aba5019..00000000
--- a/netw/vlan/pano_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package vlan
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			if tc.tmpl == "" {
-				t.Skip()
-			}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.tmpl, "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tmpl, "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-				if tc.tmpl != mc.Template {
-					t.Errorf("template: %s != %s", tc.tmpl, mc.Template)
-				}
-				if tc.vsys != mc.Vsys {
-					t.Errorf("vsys: %s != %s", tc.vsys, mc.Vsys)
-				}
-				if !reflect.DeepEqual(tc.imports, mc.Imports) {
-					t.Errorf("imports: %#v != %#v", tc.imports, mc.Imports)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/vlan/testdata_test.go b/netw/vlan/testdata_test.go
deleted file mode 100644
index 1c0fac82..00000000
--- a/netw/vlan/testdata_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package vlan
-
-type testCase struct {
-	desc    string
-	tmpl    string
-	vsys    string
-	imports []string
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"empty vlan", "", "", []string{"one"}, Entry{
-			Name: "one",
-		}},
-		{"full vlan spec", "x", "vsys2", []string{"two"}, Entry{
-			Name:          "two",
-			VlanInterface: "ethernet1/3",
-			Interfaces:    []string{"ethernet1/1", "ethernet1/2"},
-			StaticMacs: map[string]string{
-				"00:30:48:52:ab:cd": "ethernet1/1",
-				"00:30:48:52:11:22": "ethernet1/2",
-			},
-		}},
-	}
-}
diff --git a/netw/zone/const.go b/netw/zone/const.go
deleted file mode 100644
index 4407a8d7..00000000
--- a/netw/zone/const.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package zone
-
-// These are valid values for the Mode.
-const (
-	ModeL2          = "layer2"
-	ModeL3          = "layer3"
-	ModeVirtualWire = "virtual-wire"
-	ModeTap         = "tap"
-	ModeExternal    = "external"
-	ModeTunnel      = "tunnel" // 8.0+
-)
-
-const (
-	singular = "zone"
-	plural   = "zones"
-)
diff --git a/netw/zone/doc.go b/netw/zone/doc.go
deleted file mode 100644
index 2ee78d12..00000000
--- a/netw/zone/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package zone is the client.Network.Zone namespace.
-//
-// Normalized object:  Entry
-package zone
diff --git a/netw/zone/entry.go b/netw/zone/entry.go
deleted file mode 100644
index bda1efcf..00000000
--- a/netw/zone/entry.go
+++ /dev/null
@@ -1,448 +0,0 @@
-package zone
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a zone.
-type Entry struct {
-	Name                         string
-	Mode                         string
-	Interfaces                   []string // unordered
-	ZoneProfile                  string
-	LogSetting                   string
-	EnableUserId                 bool
-	IncludeAcls                  []string // unordered
-	ExcludeAcls                  []string // unordered
-	EnablePacketBufferProtection bool     // 8.0+
-	EnableDeviceIdentification   bool     // 10.0+
-	DeviceIncludeAcls            []string // 10.0+, unordered?
-	DeviceExcludeAcls            []string // 10.0+, unordered?
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Mode = s.Mode
-	o.Interfaces = util.CopyStringSlice(s.Interfaces)
-	o.ZoneProfile = s.ZoneProfile
-	o.LogSetting = s.LogSetting
-	o.EnableUserId = s.EnableUserId
-	o.IncludeAcls = util.CopyStringSlice(s.IncludeAcls)
-	o.ExcludeAcls = util.CopyStringSlice(s.ExcludeAcls)
-	o.EnablePacketBufferProtection = s.EnablePacketBufferProtection
-	o.EnableDeviceIdentification = s.EnableDeviceIdentification
-	o.DeviceIncludeAcls = util.CopyStringSlice(s.DeviceIncludeAcls)
-	o.DeviceExcludeAcls = util.CopyStringSlice(s.DeviceExcludeAcls)
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-// 6.1
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		EnableUserId: util.AsBool(o.EnableUserId),
-	}
-
-	if o.Network != nil {
-		ans.ZoneProfile = o.Network.ZoneProfile
-		ans.LogSetting = o.Network.LogSetting
-
-		var ilist []string
-		if o.Network.Tap != nil {
-			ans.Mode = ModeTap
-			ilist = util.MemToStr(o.Network.Tap)
-		} else if o.Network.VWire != nil {
-			ans.Mode = ModeVirtualWire
-			ilist = util.MemToStr(o.Network.VWire)
-		} else if o.Network.L2 != nil {
-			ans.Mode = ModeL2
-			ilist = util.MemToStr(o.Network.L2)
-		} else if o.Network.L3 != nil {
-			ans.Mode = ModeL3
-			ilist = util.MemToStr(o.Network.L3)
-		} else if o.Network.External != nil {
-			ans.Mode = ModeExternal
-			ilist = util.MemToStr(o.Network.External)
-		}
-
-		if len(ilist) > 0 {
-			ans.Interfaces = ilist
-		}
-	}
-
-	if o.UserAcls != nil {
-		ans.IncludeAcls = util.MemToStr(o.UserAcls.IncludeAcls)
-		ans.ExcludeAcls = util.MemToStr(o.UserAcls.ExcludeAcls)
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName      xml.Name    `xml:"entry"`
-	Name         string      `xml:"name,attr"`
-	EnableUserId string      `xml:"enable-user-identification"`
-	Network      *network_v1 `xml:"network"`
-	UserAcls     *acls       `xml:"user-acl"`
-}
-
-type network_v1 struct {
-	ZoneProfile string           `xml:"zone-protection-profile,omitempty"`
-	LogSetting  string           `xml:"log-setting,omitempty"`
-	Tap         *util.MemberType `xml:"tap"`
-	VWire       *util.MemberType `xml:"virtual-wire"`
-	L2          *util.MemberType `xml:"layer2"`
-	L3          *util.MemberType `xml:"layer3"`
-	External    *util.MemberType `xml:"external"`
-}
-
-type acls struct {
-	IncludeAcls *util.MemberType `xml:"include-list"`
-	ExcludeAcls *util.MemberType `xml:"exclude-list"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:         e.Name,
-		EnableUserId: util.YesNo(e.EnableUserId),
-	}
-
-	if e.Mode != "" || e.ZoneProfile != "" || e.LogSetting != "" {
-		ans.Network = &network_v1{
-			ZoneProfile: e.ZoneProfile,
-			LogSetting:  e.LogSetting,
-		}
-
-		ilist := &util.MemberType{}
-		if len(e.Interfaces) > 0 {
-			ilist = util.StrToMem(e.Interfaces)
-		}
-
-		switch e.Mode {
-		case ModeTap:
-			ans.Network.Tap = ilist
-		case ModeVirtualWire:
-			ans.Network.VWire = ilist
-		case ModeL2:
-			ans.Network.L2 = ilist
-		case ModeL3:
-			ans.Network.L3 = ilist
-		case ModeExternal:
-			ans.Network.External = ilist
-		}
-	}
-
-	if len(e.IncludeAcls) > 0 || len(e.ExcludeAcls) > 0 {
-		ans.UserAcls = &acls{
-			IncludeAcls: util.StrToMem(e.IncludeAcls),
-			ExcludeAcls: util.StrToMem(e.ExcludeAcls),
-		}
-	}
-
-	return ans
-}
-
-// 8.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:         o.Name,
-		EnableUserId: util.AsBool(o.EnableUserId),
-	}
-
-	if o.Network != nil {
-		ans.ZoneProfile = o.Network.ZoneProfile
-		ans.EnablePacketBufferProtection = util.AsBool(o.Network.EnablePacketBufferProtection)
-		ans.LogSetting = o.Network.LogSetting
-
-		var ilist []string
-		if o.Network.Tap != nil {
-			ans.Mode = ModeTap
-			ilist = util.MemToStr(o.Network.Tap)
-		} else if o.Network.VWire != nil {
-			ans.Mode = ModeVirtualWire
-			ilist = util.MemToStr(o.Network.VWire)
-		} else if o.Network.L2 != nil {
-			ans.Mode = ModeL2
-			ilist = util.MemToStr(o.Network.L2)
-		} else if o.Network.L3 != nil {
-			ans.Mode = ModeL3
-			ilist = util.MemToStr(o.Network.L3)
-		} else if o.Network.External != nil {
-			ans.Mode = ModeExternal
-			ilist = util.MemToStr(o.Network.External)
-		} else if o.Network.Tunnel != nil {
-			ans.Mode = ModeTunnel
-		}
-
-		if len(ilist) > 0 {
-			ans.Interfaces = ilist
-		}
-	}
-
-	if o.UserAcls != nil {
-		ans.IncludeAcls = util.MemToStr(o.UserAcls.IncludeAcls)
-		ans.ExcludeAcls = util.MemToStr(o.UserAcls.ExcludeAcls)
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName      xml.Name    `xml:"entry"`
-	Name         string      `xml:"name,attr"`
-	EnableUserId string      `xml:"enable-user-identification"`
-	Network      *network_v2 `xml:"network"`
-	UserAcls     *acls       `xml:"user-acl"`
-}
-
-type network_v2 struct {
-	ZoneProfile                  string           `xml:"zone-protection-profile,omitempty"`
-	EnablePacketBufferProtection string           `xml:"enable-packet-buffer-protection"`
-	LogSetting                   string           `xml:"log-setting,omitempty"`
-	Tap                          *util.MemberType `xml:"tap"`
-	VWire                        *util.MemberType `xml:"virtual-wire"`
-	L2                           *util.MemberType `xml:"layer2"`
-	L3                           *util.MemberType `xml:"layer3"`
-	External                     *util.MemberType `xml:"external"`
-	Tunnel                       *string          `xml:"tunnel"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:         e.Name,
-		EnableUserId: util.YesNo(e.EnableUserId),
-	}
-
-	if e.Mode != "" || e.ZoneProfile != "" || e.EnablePacketBufferProtection || e.LogSetting != "" {
-		ans.Network = &network_v2{
-			ZoneProfile:                  e.ZoneProfile,
-			EnablePacketBufferProtection: util.YesNo(e.EnablePacketBufferProtection),
-			LogSetting:                   e.LogSetting,
-		}
-
-		ilist := &util.MemberType{}
-		if len(e.Interfaces) > 0 {
-			ilist = util.StrToMem(e.Interfaces)
-		}
-
-		switch e.Mode {
-		case ModeTap:
-			ans.Network.Tap = ilist
-		case ModeVirtualWire:
-			ans.Network.VWire = ilist
-		case ModeL2:
-			ans.Network.L2 = ilist
-		case ModeL3:
-			ans.Network.L3 = ilist
-		case ModeExternal:
-			ans.Network.External = ilist
-		case ModeTunnel:
-			s := ""
-			ans.Network.Tunnel = &s
-		}
-	}
-
-	if len(e.IncludeAcls) > 0 || len(e.ExcludeAcls) > 0 {
-		ans.UserAcls = &acls{
-			IncludeAcls: util.StrToMem(e.IncludeAcls),
-			ExcludeAcls: util.StrToMem(e.ExcludeAcls),
-		}
-	}
-
-	return ans
-}
-
-// 10.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                       o.Name,
-		EnableUserId:               util.AsBool(o.EnableUserId),
-		EnableDeviceIdentification: util.AsBool(o.EnableDeviceIdentification),
-	}
-
-	if o.Network != nil {
-		ans.ZoneProfile = o.Network.ZoneProfile
-		ans.EnablePacketBufferProtection = util.AsBool(o.Network.EnablePacketBufferProtection)
-		ans.LogSetting = o.Network.LogSetting
-
-		var ilist []string
-		if o.Network.Tap != nil {
-			ans.Mode = ModeTap
-			ilist = util.MemToStr(o.Network.Tap)
-		} else if o.Network.VWire != nil {
-			ans.Mode = ModeVirtualWire
-			ilist = util.MemToStr(o.Network.VWire)
-		} else if o.Network.L2 != nil {
-			ans.Mode = ModeL2
-			ilist = util.MemToStr(o.Network.L2)
-		} else if o.Network.L3 != nil {
-			ans.Mode = ModeL3
-			ilist = util.MemToStr(o.Network.L3)
-		} else if o.Network.External != nil {
-			ans.Mode = ModeExternal
-			ilist = util.MemToStr(o.Network.External)
-		} else if o.Network.Tunnel != nil {
-			ans.Mode = ModeTunnel
-		}
-
-		if len(ilist) > 0 {
-			ans.Interfaces = ilist
-		}
-	}
-
-	if o.UserAcls != nil {
-		ans.IncludeAcls = util.MemToStr(o.UserAcls.IncludeAcls)
-		ans.ExcludeAcls = util.MemToStr(o.UserAcls.ExcludeAcls)
-	}
-
-	if o.DeviceAcls != nil {
-		ans.DeviceIncludeAcls = util.MemToStr(o.DeviceAcls.IncludeAcls)
-		ans.DeviceExcludeAcls = util.MemToStr(o.DeviceAcls.ExcludeAcls)
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                    xml.Name    `xml:"entry"`
-	Name                       string      `xml:"name,attr"`
-	EnableUserId               string      `xml:"enable-user-identification"`
-	EnableDeviceIdentification string      `xml:"enable-device-identification"`
-	Network                    *network_v2 `xml:"network"`
-	UserAcls                   *acls       `xml:"user-acl"`
-	DeviceAcls                 *acls       `xml:"device-acl"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                       e.Name,
-		EnableUserId:               util.YesNo(e.EnableUserId),
-		EnableDeviceIdentification: util.YesNo(e.EnableDeviceIdentification),
-	}
-
-	if e.Mode != "" || e.ZoneProfile != "" || e.EnablePacketBufferProtection || e.LogSetting != "" {
-		ans.Network = &network_v2{
-			ZoneProfile:                  e.ZoneProfile,
-			EnablePacketBufferProtection: util.YesNo(e.EnablePacketBufferProtection),
-			LogSetting:                   e.LogSetting,
-		}
-
-		ilist := &util.MemberType{}
-		if len(e.Interfaces) > 0 {
-			ilist = util.StrToMem(e.Interfaces)
-		}
-
-		switch e.Mode {
-		case ModeTap:
-			ans.Network.Tap = ilist
-		case ModeVirtualWire:
-			ans.Network.VWire = ilist
-		case ModeL2:
-			ans.Network.L2 = ilist
-		case ModeL3:
-			ans.Network.L3 = ilist
-		case ModeExternal:
-			ans.Network.External = ilist
-		case ModeTunnel:
-			s := ""
-			ans.Network.Tunnel = &s
-		}
-	}
-
-	if len(e.IncludeAcls) > 0 || len(e.ExcludeAcls) > 0 {
-		ans.UserAcls = &acls{
-			IncludeAcls: util.StrToMem(e.IncludeAcls),
-			ExcludeAcls: util.StrToMem(e.ExcludeAcls),
-		}
-	}
-
-	if len(e.DeviceIncludeAcls) > 0 || len(e.DeviceExcludeAcls) > 0 {
-		ans.DeviceAcls = &acls{
-			IncludeAcls: util.StrToMem(e.DeviceIncludeAcls),
-			ExcludeAcls: util.StrToMem(e.DeviceExcludeAcls),
-		}
-	}
-
-	return ans
-}
diff --git a/netw/zone/funcs.go b/netw/zone/funcs.go
deleted file mode 100644
index 00e73001..00000000
--- a/netw/zone/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package zone
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/netw/zone/fw.go b/netw/zone/fw.go
deleted file mode 100644
index 5fcb4eee..00000000
--- a/netw/zone/fw.go
+++ /dev/null
@@ -1,170 +0,0 @@
-package zone
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Network.Zone namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-/*
-SetInterface performs a SET to add an interface to a zone.
-
-The zone can be either a string or an Entry object.
-*/
-func (c *Firewall) SetInterface(vsys string, zone interface{}, mode, iface string) error {
-	names, err := toNames([]interface{}{zone})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	switch mode {
-	case ModeL2, ModeL3, ModeVirtualWire, ModeTap, ModeExternal:
-	default:
-		return fmt.Errorf("unknown mode value: %s", mode)
-	}
-
-	c.ns.Client.LogAction("(set) %s interface: %s", singular, name)
-
-	path, err := c.xpath(vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "network", mode)
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: iface}, nil, nil)
-	return err
-}
-
-/*
-DeleteInterface performs a DELETE to remove the interface from the zone.
-
-The zone can be either a string or an Entry object.
-*/
-func (c *Firewall) DeleteInterface(vsys string, zone interface{}, mode, iface string) error {
-	names, err := toNames([]interface{}{zone})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	switch mode {
-	case ModeL2, ModeL3, ModeVirtualWire, ModeTap, ModeExternal:
-	default:
-		return fmt.Errorf("unknown mode value: %s", mode)
-	}
-
-	c.ns.Client.LogAction("(delete) %s interface: %s", singular, name)
-
-	path, err := c.xpath(vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "network", mode, util.AsMemberXpath([]string{iface}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "shared" {
-		return nil, fmt.Errorf("vsys cannot be 'shared'")
-	}
-
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"zone",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/zone/fw_test.go b/netw/zone/fw_test.go
deleted file mode 100644
index 15e2c974..00000000
--- a/netw/zone/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package zone
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/zone/pano.go b/netw/zone/pano.go
deleted file mode 100644
index 6adbd8ed..00000000
--- a/netw/zone/pano.go
+++ /dev/null
@@ -1,174 +0,0 @@
-package zone
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Network.Zone namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-/*
-SetInterface performs a SET to add an interface to a zone.
-
-The zone can be either a string or an Entry object.
-*/
-func (c *Panorama) SetInterface(tmpl, ts, vsys string, zone interface{}, mode, iface string) error {
-	names, err := toNames([]interface{}{zone})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	switch mode {
-	case ModeL2, ModeL3, ModeVirtualWire, ModeTap, ModeExternal:
-	default:
-		return fmt.Errorf("unknown mode value: %s", mode)
-	}
-
-	c.ns.Client.LogAction("(set) %s interface: %s", singular, name)
-
-	path, err := c.xpath(tmpl, ts, vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "network", mode)
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: iface}, nil, nil)
-	return err
-}
-
-/*
-DeleteInterface performs a DELETE to remove the interface from the zone.
-
-The zone can be either a string or an Entry object.
-*/
-func (c *Panorama) DeleteInterface(tmpl, ts, vsys string, zone interface{}, mode, iface string) error {
-	names, err := toNames([]interface{}{zone})
-	if err != nil {
-		return err
-	}
-	name := names[0]
-
-	switch mode {
-	case ModeL2, ModeL3, ModeVirtualWire, ModeTap, ModeExternal:
-	default:
-		return fmt.Errorf("unknown mode value: %s", mode)
-	}
-
-	c.ns.Client.LogAction("(delete) %s interface: %s", singular, name)
-
-	path, err := c.xpath(tmpl, ts, vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "network", mode, util.AsMemberXpath([]string{iface}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts, vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts, vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts, vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts, vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts, vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts, vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts, vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts, vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts, vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(tmpl, ts, vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(tmpl, ts, vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(tmpl, ts, vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(tmpl, ts, vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(tmpl, ts, vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, vsys, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts, vsys string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-	if vsys == "shared" {
-		return nil, fmt.Errorf("vsys cannot be 'shared'")
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"zone",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/netw/zone/pano_test.go b/netw/zone/pano_test.go
deleted file mode 100644
index 965ac7f8..00000000
--- a/netw/zone/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package zone
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/netw/zone/testdata_test.go b/netw/zone/testdata_test.go
deleted file mode 100644
index b9253087..00000000
--- a/netw/zone/testdata_test.go
+++ /dev/null
@@ -1,170 +0,0 @@
-package zone
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	vsys    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 empty zone", "", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			Mode: ModeL3,
-		}},
-		{"v1 layer3 zone", "vsys1", version.Number{6, 1, 0, ""}, Entry{
-			Name:         "two",
-			Mode:         ModeL3,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/1", "ethernet1/2"},
-			ZoneProfile:  "profile1",
-			LogSetting:   "setting1",
-			IncludeAcls:  []string{"10.1.2.0/24"},
-		}},
-		{"v1 layer2 zone", "vsys2", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "three",
-			Mode:        ModeL2,
-			Interfaces:  []string{"ethernet1/3", "ethernet1/4"},
-			ExcludeAcls: []string{"10.100.1.0/24"},
-		}},
-		{"v1 vwire zone", "vsys3", version.Number{6, 1, 0, ""}, Entry{
-			Name:         "four",
-			Mode:         ModeVirtualWire,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/5", "ethernet1/6"},
-			IncludeAcls:  []string{"10.1.3.0/24"},
-		}},
-		{"v1 external zone", "vsys4", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "five",
-			Mode:        ModeExternal,
-			Interfaces:  []string{"ext1", "ext2"},
-			ExcludeAcls: []string{"10.100.2.0/24"},
-		}},
-		{"v1 tap zone", "vsys1", version.Number{6, 1, 0, ""}, Entry{
-			Name:         "six",
-			Mode:         ModeTap,
-			EnableUserId: true,
-			Interfaces:   []string{"int1", "int2"},
-		}},
-		{"v2 empty zone", "", version.Number{8, 0, 0, ""}, Entry{
-			Name:                         "one",
-			Mode:                         ModeL3,
-			EnablePacketBufferProtection: true,
-		}},
-		{"v2 layer3 zone", "vsys1", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "two",
-			Mode:         ModeL3,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/1", "ethernet1/2"},
-			ZoneProfile:  "profile1",
-			LogSetting:   "setting1",
-			IncludeAcls:  []string{"10.1.2.0/24"},
-		}},
-		{"v2 layer2 zone", "vsys2", version.Number{8, 0, 0, ""}, Entry{
-			Name:                         "three",
-			Mode:                         ModeL2,
-			EnablePacketBufferProtection: true,
-			Interfaces:                   []string{"ethernet1/3", "ethernet1/4"},
-			ExcludeAcls:                  []string{"10.100.1.0/24"},
-		}},
-		{"v2 vwire zone", "vsys3", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "four",
-			Mode:         ModeVirtualWire,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/5", "ethernet1/6"},
-			IncludeAcls:  []string{"10.1.3.0/24"},
-		}},
-		{"v2 external zone", "vsys4", version.Number{8, 0, 0, ""}, Entry{
-			Name:                         "five",
-			Mode:                         ModeExternal,
-			EnablePacketBufferProtection: true,
-			Interfaces:                   []string{"ext1", "ext2"},
-			ExcludeAcls:                  []string{"10.100.2.0/24"},
-		}},
-		{"v2 tap zone", "vsys1", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "six",
-			Mode:         ModeTap,
-			EnableUserId: true,
-			Interfaces:   []string{"int1", "int2"},
-		}},
-		{"v2 tunnel zone", "", version.Number{8, 0, 0, ""}, Entry{
-			Name:                         "seven",
-			Mode:                         ModeTunnel,
-			EnablePacketBufferProtection: true,
-		}},
-		{"v3 empty zone", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:                         "one",
-			Mode:                         ModeL3,
-			EnablePacketBufferProtection: true,
-		}},
-		{"v3 layer3 zone", "vsys1", version.Number{10, 0, 0, ""}, Entry{
-			Name:         "two",
-			Mode:         ModeL3,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/1", "ethernet1/2"},
-			ZoneProfile:  "profile1",
-			LogSetting:   "setting1",
-			IncludeAcls:  []string{"10.1.2.0/24"},
-		}},
-		{"v3 layer2 zone", "vsys2", version.Number{10, 0, 0, ""}, Entry{
-			Name:                         "three",
-			Mode:                         ModeL2,
-			EnablePacketBufferProtection: true,
-			Interfaces:                   []string{"ethernet1/3", "ethernet1/4"},
-			ExcludeAcls:                  []string{"10.100.1.0/24"},
-		}},
-		{"v3 vwire zone", "vsys3", version.Number{10, 0, 0, ""}, Entry{
-			Name:         "four",
-			Mode:         ModeVirtualWire,
-			EnableUserId: true,
-			Interfaces:   []string{"ethernet1/5", "ethernet1/6"},
-			IncludeAcls:  []string{"10.1.3.0/24"},
-		}},
-		{"v3 external zone", "vsys4", version.Number{10, 0, 0, ""}, Entry{
-			Name:                         "five",
-			Mode:                         ModeExternal,
-			EnablePacketBufferProtection: true,
-			Interfaces:                   []string{"ext1", "ext2"},
-			ExcludeAcls:                  []string{"10.100.2.0/24"},
-		}},
-		{"v3 tap zone", "vsys1", version.Number{10, 0, 0, ""}, Entry{
-			Name:         "six",
-			Mode:         ModeTap,
-			EnableUserId: true,
-			Interfaces:   []string{"int1", "int2"},
-		}},
-		{"v3 tunnel zone", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:                         "seven",
-			Mode:                         ModeTunnel,
-			EnablePacketBufferProtection: true,
-		}},
-		{"v3 device id enabled no acls", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:                       "eight",
-			Mode:                       ModeL3,
-			EnableDeviceIdentification: true,
-		}},
-		{"v3 device id enabled include acls", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:                       "eight",
-			Mode:                       ModeL3,
-			EnableDeviceIdentification: true,
-			DeviceIncludeAcls:          []string{"inc1", "inc2"},
-		}},
-		{"v3 device id enabled exclude acls", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:                       "eight",
-			Mode:                       ModeL3,
-			EnableDeviceIdentification: true,
-			DeviceExcludeAcls:          []string{"exc1", "exc2"},
-		}},
-		{"v3 device id disabled all acls", "", version.Number{10, 0, 0, ""}, Entry{
-			Name:              "eight",
-			Mode:              ModeL3,
-			DeviceIncludeAcls: []string{"inc1", "inc2"},
-			DeviceExcludeAcls: []string{"exc1", "exc2"},
-		}},
-	}
-}
diff --git a/objs/addr/const.go b/objs/addr/const.go
deleted file mode 100644
index 389fcc95..00000000
--- a/objs/addr/const.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package addr
-
-// Valid Type values.
-const (
-	IpNetmask  = "ip-netmask"
-	IpRange    = "ip-range"
-	Fqdn       = "fqdn"
-	IpWildcard = "ip-wildcard" // 9.0+
-)
-
-const (
-	singular = "address object"
-	plural   = "address objects"
-)
diff --git a/objs/addr/doc.go b/objs/addr/doc.go
deleted file mode 100644
index d6a2f76f..00000000
--- a/objs/addr/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package addr is the ngfw.Objects.Address namespace.
-
-Normalized object:  Entry
-*/
-package addr
diff --git a/objs/addr/entry.go b/objs/addr/entry.go
deleted file mode 100644
index 0f85a747..00000000
--- a/objs/addr/entry.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package addr
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an address
-// object.
-type Entry struct {
-	Name        string
-	Value       string
-	Type        string
-	Description string
-	Tags        []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Value = s.Value
-	o.Type = s.Type
-	o.Description = s.Description
-	o.Tags = s.Tags
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	IpNetmask   *valType         `xml:"ip-netmask"`
-	IpRange     *valType         `xml:"ip-range"`
-	Fqdn        *valType         `xml:"fqdn"`
-	Description string           `xml:"description"`
-	Tags        *util.MemberType `xml:"tag"`
-}
-
-type valType struct {
-	Value string `xml:",chardata"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.StrToMem(e.Tags),
-	}
-	vt := &valType{e.Value}
-	switch e.Type {
-	case IpNetmask:
-		ans.IpNetmask = vt
-	case IpRange:
-		ans.IpRange = vt
-	case Fqdn:
-		ans.Fqdn = vt
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.MemToStr(e.Tags),
-	}
-
-	switch {
-	case e.IpNetmask != nil:
-		ans.Type = IpNetmask
-		ans.Value = e.IpNetmask.Value
-	case e.IpRange != nil:
-		ans.Type = IpRange
-		ans.Value = e.IpRange.Value
-	case e.Fqdn != nil:
-		ans.Type = Fqdn
-		ans.Value = e.Fqdn.Value
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	IpNetmask   *valType         `xml:"ip-netmask"`
-	IpRange     *valType         `xml:"ip-range"`
-	Fqdn        *valType         `xml:"fqdn"`
-	IpWildcard  *valType         `xml:"ip-wildcard"`
-	Description string           `xml:"description"`
-	Tags        *util.MemberType `xml:"tag"`
-}
-
-func (e *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.MemToStr(e.Tags),
-	}
-
-	switch {
-	case e.IpNetmask != nil:
-		ans.Type = IpNetmask
-		ans.Value = e.IpNetmask.Value
-	case e.IpRange != nil:
-		ans.Type = IpRange
-		ans.Value = e.IpRange.Value
-	case e.Fqdn != nil:
-		ans.Type = Fqdn
-		ans.Value = e.Fqdn.Value
-	case e.IpWildcard != nil:
-		ans.Type = IpWildcard
-		ans.Value = e.IpWildcard.Value
-	}
-
-	return ans
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.StrToMem(e.Tags),
-	}
-	vt := &valType{e.Value}
-	switch e.Type {
-	case IpNetmask:
-		ans.IpNetmask = vt
-	case IpRange:
-		ans.IpRange = vt
-	case Fqdn:
-		ans.Fqdn = vt
-	case IpWildcard:
-		ans.IpWildcard = vt
-	}
-
-	return ans
-}
diff --git a/objs/addr/funcs.go b/objs/addr/funcs.go
deleted file mode 100644
index 48e7d788..00000000
--- a/objs/addr/funcs.go
+++ /dev/null
@@ -1,100 +0,0 @@
-package addr
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-func ObjectsMatch(a, b Entry) bool {
-	return a.Name == b.Name &&
-		a.Type == b.Type &&
-		a.Value == b.Value &&
-		a.Description == b.Description &&
-		util.OrderedListsMatch(a.Tags, b.Tags)
-}
diff --git a/objs/addr/fw.go b/objs/addr/fw.go
deleted file mode 100644
index 20bf4d6c..00000000
--- a/objs/addr/fw.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package addr
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.Address namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-/*
-ConfigureGroup configures the given address objects on PAN-OS.
-
-Due to caching in the GUI, objects configured via a bulk SET will not show
-up in the dropdowns in the GUI (aka - Security Rules).  Restarting the
-management plane will force the cache to refresh.
-*/
-func (c *Firewall) ConfigureGroup(vsys string, objs []Entry, prevNames []string) error {
-	var err error
-	setList := make([]Entry, 0, len(objs))
-	editList := make([]Entry, 0, len(objs))
-
-	curObjs, err := c.GetAll(vsys)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which must be edited.
-	for _, x := range objs {
-		var found bool
-		for _, live := range curObjs {
-			if x.Name == live.Name {
-				found = true
-				if !ObjectsMatch(x, live) {
-					editList = append(editList, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setList = append(setList, x)
-		}
-	}
-
-	// Set all objects.
-	if len(setList) > 0 {
-		if err = c.Set(vsys, setList...); err != nil {
-			return err
-		}
-	}
-
-	// Edit each object one by one.
-	for _, x := range editList {
-		if err = c.Edit(vsys, x); err != nil {
-			return err
-		}
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range objs {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if err = c.Delete(vsys, rmList...); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"address",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/addr/fw_test.go b/objs/addr/fw_test.go
deleted file mode 100644
index 33461558..00000000
--- a/objs/addr/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package addr
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/addr/pano.go b/objs/addr/pano.go
deleted file mode 100644
index 59767eb4..00000000
--- a/objs/addr/pano.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package addr
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Address namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-/*
-ConfigureGroup configures the given address objects on PAN-OS.
-
-Due to caching in the GUI, objects configured via a bulk SET will not show
-up in the dropdowns in the GUI (aka - Security Rules).  Restarting the
-management plane will force the cache to refresh.
-*/
-func (c *Panorama) ConfigureGroup(dg string, objs []Entry, prevNames []string) error {
-	var err error
-	setList := make([]Entry, 0, len(objs))
-	editList := make([]Entry, 0, len(objs))
-
-	curObjs, err := c.GetAll(dg)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which must be edited.
-	for _, x := range objs {
-		var found bool
-		for _, live := range curObjs {
-			if x.Name == live.Name {
-				found = true
-				if !ObjectsMatch(x, live) {
-					editList = append(editList, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setList = append(setList, x)
-		}
-	}
-
-	// Set all objects.
-	if len(setList) > 0 {
-		if err = c.Set(dg, setList...); err != nil {
-			return err
-		}
-	}
-
-	// Edit each object one by one.
-	for _, x := range editList {
-		if err = c.Edit(dg, x); err != nil {
-			return err
-		}
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range objs {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if err = c.Delete(dg, rmList...); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"address",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/addr/pano_test.go b/objs/addr/pano_test.go
deleted file mode 100644
index a88d47be..00000000
--- a/objs/addr/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package addr
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.dg, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.dg, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/addr/testdata_test.go b/objs/addr/testdata_test.go
deleted file mode 100644
index 38686d35..00000000
--- a/objs/addr/testdata_test.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package addr
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	vsys    string
-	dg      string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 test ip netmask", "", "", version.Number{7, 1, 0, ""}, Entry{
-			Name:        "one",
-			Value:       "10.1.1.0/24",
-			Type:        IpNetmask,
-			Description: "my description",
-			Tags:        []string{"tag1", "tag2"},
-		}},
-		{"v1 test ip range", "vsys2", "dg1", version.Number{7, 1, 0, ""}, Entry{
-			Name:        "two",
-			Value:       "10.1.1.1-10.1.1.254",
-			Type:        IpRange,
-			Description: "my description",
-			Tags:        []string{"tag3", "tag4"},
-		}},
-		{"v1 test fqdn", "vsys3", "my device group", version.Number{7, 1, 0, ""}, Entry{
-			Name:        "three",
-			Value:       "example.com",
-			Type:        Fqdn,
-			Description: "my description",
-		}},
-		{"v2 test ip netmask", "", "", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "one",
-			Value:       "10.1.1.0/24",
-			Type:        IpNetmask,
-			Description: "my description",
-			Tags:        []string{"tag1", "tag2"},
-		}},
-		{"v2 test ip range", "vsys2", "dg2", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "two",
-			Value:       "10.1.1.1-10.1.1.254",
-			Type:        IpRange,
-			Description: "my description",
-			Tags:        []string{"tag3", "tag4"},
-		}},
-		{"v2 test fqdn", "vsys3", "my device group", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "three",
-			Value:       "example.com",
-			Type:        Fqdn,
-			Description: "my description",
-		}},
-		{"v2 test ip wildcard", "vsys4", "dg4", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "four",
-			Value:       "10.20.1.0/0.0.248.255",
-			Type:        IpWildcard,
-			Description: "my description",
-		}},
-	}
-}
diff --git a/objs/addrgrp/const.go b/objs/addrgrp/const.go
deleted file mode 100644
index 5114a0da..00000000
--- a/objs/addrgrp/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package addrgrp
-
-const (
-	singular = "address group"
-	plural   = "address groups"
-)
diff --git a/objs/addrgrp/doc.go b/objs/addrgrp/doc.go
deleted file mode 100644
index 17b78f3e..00000000
--- a/objs/addrgrp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package addrgrp is the client.Objects.AddressGroup namespace.
-
-Normalized object:  Entry
-*/
-package addrgrp
diff --git a/objs/addrgrp/entry.go b/objs/addrgrp/entry.go
deleted file mode 100644
index 572b2906..00000000
--- a/objs/addrgrp/entry.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package addrgrp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an address
-// group.  The value set in DynamicMatch should be something like the following:
-//
-//  * 'tag1'
-//  * 'tag1' or 'tag2' and 'tag3'
-//
-// The Tags param is for administrative tags for this address object
-// group itself.
-type Entry struct {
-	Name            string
-	Description     string
-	StaticAddresses []string // unordered
-	DynamicMatch    string
-	Tags            []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	if s.StaticAddresses == nil {
-		o.StaticAddresses = nil
-	} else {
-		o.StaticAddresses = make([]string, len(s.StaticAddresses))
-		copy(o.StaticAddresses, s.StaticAddresses)
-	}
-	o.DynamicMatch = s.DynamicMatch
-	if s.Tags == nil {
-		o.Tags = nil
-	} else {
-		o.Tags = make([]string, len(s.Tags))
-		copy(o.Tags, s.Tags)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		Description:     o.Description,
-		StaticAddresses: util.MemToStr(o.StaticAddresses),
-		Tags:            util.MemToStr(o.Tags),
-	}
-	if o.DynamicMatch != nil {
-		ans.DynamicMatch = *o.DynamicMatch
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName         xml.Name         `xml:"entry"`
-	Name            string           `xml:"name,attr"`
-	Description     string           `xml:"description,omitempty"`
-	StaticAddresses *util.MemberType `xml:"static"`
-	DynamicMatch    *string          `xml:"dynamic>filter"`
-	Tags            *util.MemberType `xml:"tag"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:            e.Name,
-		Description:     e.Description,
-		StaticAddresses: util.StrToMem(e.StaticAddresses),
-		Tags:            util.StrToMem(e.Tags),
-	}
-	if e.DynamicMatch != "" {
-		ans.DynamicMatch = &e.DynamicMatch
-	}
-
-	return ans
-}
diff --git a/objs/addrgrp/funcs.go b/objs/addrgrp/funcs.go
deleted file mode 100644
index a8a91d47..00000000
--- a/objs/addrgrp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package addrgrp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/addrgrp/fw.go b/objs/addrgrp/fw.go
deleted file mode 100644
index 203498ff..00000000
--- a/objs/addrgrp/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package addrgrp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.AddressGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"address-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/addrgrp/fw_test.go b/objs/addrgrp/fw_test.go
deleted file mode 100644
index f5fbca09..00000000
--- a/objs/addrgrp/fw_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package addrgrp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := []struct {
-		desc string
-		vsys string
-		conf Entry
-	}{
-		{"test static no tags", "", Entry{
-			Name:            "one",
-			Description:     "my description",
-			StaticAddresses: []string{"adr1", "adr2"},
-		}},
-		{"test static with tags", "", Entry{
-			Name:            "one",
-			Description:     "my description",
-			StaticAddresses: []string{"adr1", "adr2"},
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"test dynamic no tags", "", Entry{
-			Name:         "one",
-			Description:  "my description",
-			DynamicMatch: "'tag1' or 'tag2' and 'tag3'",
-		}},
-		{"test dynamic with tags", "", Entry{
-			Name:         "one",
-			Description:  "my description",
-			DynamicMatch: "'tag1' or 'tag2' and 'tag3'",
-			Tags:         []string{"tag1", "tag2"},
-		}},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/addrgrp/pano.go b/objs/addrgrp/pano.go
deleted file mode 100644
index 2253459b..00000000
--- a/objs/addrgrp/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package addrgrp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.AddressGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"address-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/addrgrp/pano_test.go b/objs/addrgrp/pano_test.go
deleted file mode 100644
index 7756acbd..00000000
--- a/objs/addrgrp/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package addrgrp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/addrgrp/testdata_test.go b/objs/addrgrp/testdata_test.go
deleted file mode 100644
index 28a0ed18..00000000
--- a/objs/addrgrp/testdata_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package addrgrp
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test static no tags", Entry{
-			Name:            "one",
-			Description:     "my description",
-			StaticAddresses: []string{"adr1", "adr2"},
-		}},
-		{"test static with tags", Entry{
-			Name:            "one",
-			Description:     "my description",
-			StaticAddresses: []string{"adr1", "adr2"},
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"test dynamic no tags", Entry{
-			Name:         "one",
-			Description:  "my description",
-			DynamicMatch: "'tag1' or 'tag2' and 'tag3'",
-		}},
-		{"test dynamic with tags", Entry{
-			Name:         "one",
-			Description:  "my description",
-			DynamicMatch: "'tag1' or 'tag2' and 'tag3'",
-			Tags:         []string{"tag1", "tag2"},
-		}},
-	}
-}
diff --git a/objs/app/const.go b/objs/app/const.go
deleted file mode 100644
index ba9a69ac..00000000
--- a/objs/app/const.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package app
-
-// Valid DefaultType values.
-const (
-	DefaultTypeNone       = "none"
-	DefaultTypePort       = "port"
-	DefaultTypeIpProtocol = "ip-protocol"
-	DefaultTypeIcmp       = "icmp"
-	DefaultTypeIcmp6      = "icmp6"
-)
-
-const (
-	singular = "application"
-	plural   = "applications"
-)
diff --git a/objs/app/doc.go b/objs/app/doc.go
deleted file mode 100644
index 4afaa607..00000000
--- a/objs/app/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package app is the client.Objects.Application namespace.
-
-Normalized object:  Entry
-*/
-package app
diff --git a/objs/app/entry.go b/objs/app/entry.go
deleted file mode 100644
index 7d38c316..00000000
--- a/objs/app/entry.go
+++ /dev/null
@@ -1,461 +0,0 @@
-package app
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an application.
-type Entry struct {
-	Name                                 string
-	DefaultType                          string
-	DefaultPorts                         []string // ordered
-	DefaultIpProtocol                    string
-	DefaultIcmpType                      int
-	DefaultIcmpCode                      int
-	Category                             string
-	Subcategory                          string
-	Technology                           string
-	Description                          string
-	Timeout                              int
-	TcpTimeout                           int
-	UdpTimeout                           int
-	TcpHalfClosedTimeout                 int
-	TcpTimeWaitTimeout                   int
-	Risk                                 int
-	AbleToFileTransfer                   bool
-	ExcessiveBandwidth                   bool
-	TunnelsOtherApplications             bool
-	HasKnownVulnerability                bool
-	UsedByMalware                        bool
-	EvasiveBehavior                      bool
-	PervasiveUse                         bool
-	ProneToMisuse                        bool
-	ContinueScanningForOtherApplications bool
-	FileTypeIdent                        bool
-	VirusIdent                           bool
-	DataIdent                            bool
-	AlgDisableCapability                 string
-	ParentApp                            string
-	NoAppIdCaching                       bool // 8.1+
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.DefaultType = s.DefaultType
-	if s.DefaultPorts == nil {
-		o.DefaultPorts = nil
-	} else {
-		o.DefaultPorts = make([]string, len(s.DefaultPorts))
-		copy(o.DefaultPorts, s.DefaultPorts)
-	}
-	o.DefaultIpProtocol = s.DefaultIpProtocol
-	o.DefaultIcmpType = s.DefaultIcmpType
-	o.DefaultIcmpCode = s.DefaultIcmpCode
-	o.Category = s.Category
-	o.Subcategory = s.Subcategory
-	o.Technology = s.Technology
-	o.Description = s.Description
-	o.Timeout = s.Timeout
-	o.TcpTimeout = s.TcpTimeout
-	o.UdpTimeout = s.UdpTimeout
-	o.TcpHalfClosedTimeout = s.TcpHalfClosedTimeout
-	o.TcpTimeWaitTimeout = s.TcpTimeWaitTimeout
-	o.Risk = s.Risk
-	o.AbleToFileTransfer = s.AbleToFileTransfer
-	o.ExcessiveBandwidth = s.ExcessiveBandwidth
-	o.TunnelsOtherApplications = s.TunnelsOtherApplications
-	o.HasKnownVulnerability = s.HasKnownVulnerability
-	o.UsedByMalware = s.UsedByMalware
-	o.EvasiveBehavior = s.EvasiveBehavior
-	o.PervasiveUse = s.PervasiveUse
-	o.ProneToMisuse = s.ProneToMisuse
-	o.ContinueScanningForOtherApplications = s.ContinueScanningForOtherApplications
-	o.FileTypeIdent = s.FileTypeIdent
-	o.VirusIdent = s.VirusIdent
-	o.DataIdent = s.DataIdent
-	o.AlgDisableCapability = s.AlgDisableCapability
-	o.ParentApp = s.ParentApp
-	o.NoAppIdCaching = s.NoAppIdCaching
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                                 o.Name,
-		Category:                             o.Category,
-		Subcategory:                          o.Subcategory,
-		Technology:                           o.Technology,
-		Description:                          o.Description,
-		Timeout:                              o.Timeout,
-		TcpTimeout:                           o.TcpTimeout,
-		UdpTimeout:                           o.UdpTimeout,
-		TcpHalfClosedTimeout:                 o.TcpHalfClosedTimeout,
-		TcpTimeWaitTimeout:                   o.TcpTimeWaitTimeout,
-		Risk:                                 o.Risk,
-		AbleToFileTransfer:                   util.AsBool(o.AbleToFileTransfer),
-		ExcessiveBandwidth:                   util.AsBool(o.ExcessiveBandwidth),
-		TunnelsOtherApplications:             util.AsBool(o.TunnelsOtherApplications),
-		HasKnownVulnerability:                util.AsBool(o.HasKnownVulnerability),
-		UsedByMalware:                        util.AsBool(o.UsedByMalware),
-		EvasiveBehavior:                      util.AsBool(o.EvasiveBehavior),
-		PervasiveUse:                         util.AsBool(o.PervasiveUse),
-		ProneToMisuse:                        util.AsBool(o.ProneToMisuse),
-		ContinueScanningForOtherApplications: util.AsBool(o.ContinueScanningForOtherApplications),
-		FileTypeIdent:                        util.AsBool(o.FileTypeIdent),
-		VirusIdent:                           util.AsBool(o.VirusIdent),
-		DataIdent:                            util.AsBool(o.DataIdent),
-		AlgDisableCapability:                 o.AlgDisableCapability,
-		ParentApp:                            o.ParentApp,
-	}
-
-	raw := make(map[string]string)
-
-	if o.Default == nil {
-		ans.DefaultType = DefaultTypeNone
-	} else if o.Default.DefaultPorts != nil {
-		ans.DefaultType = DefaultTypePort
-		ans.DefaultPorts = util.MemToStr(o.Default.DefaultPorts)
-	} else if o.Default.DefaultIpProtocol != "" {
-		ans.DefaultType = DefaultTypeIpProtocol
-		ans.DefaultIpProtocol = o.Default.DefaultIpProtocol
-	} else if o.Default.Icmp != nil {
-		ans.DefaultType = DefaultTypeIcmp
-		ans.DefaultIcmpType = o.Default.Icmp.Type
-		ans.DefaultIcmpCode = o.Default.Icmp.Code
-	} else if o.Default.Icmp6 != nil {
-		ans.DefaultType = DefaultTypeIcmp6
-		ans.DefaultIcmpType = o.Default.Icmp6.Type
-		ans.DefaultIcmpCode = o.Default.Icmp6.Code
-	}
-
-	if o.Sigs != nil {
-		raw["sigs"] = util.CleanRawXml(o.Sigs.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                              xml.Name     `xml:"entry"`
-	Name                                 string       `xml:"name,attr"`
-	Default                              *theDefault  `xml:"default"`
-	Category                             string       `xml:"category"`
-	Subcategory                          string       `xml:"subcategory"`
-	Technology                           string       `xml:"technology"`
-	Description                          string       `xml:"description,omitempty"`
-	Timeout                              int          `xml:"timeout,omitempty"`
-	TcpTimeout                           int          `xml:"tcp-timeout,omitempty"`
-	UdpTimeout                           int          `xml:"udp-timeout,omitempty"`
-	TcpHalfClosedTimeout                 int          `xml:"tcp-half-closed-timeout,omitempty"`
-	TcpTimeWaitTimeout                   int          `xml:"tcp-time-wait-timeout,omitempty"`
-	Risk                                 int          `xml:"risk"`
-	AbleToFileTransfer                   string       `xml:"able-to-transfer-file"`
-	ExcessiveBandwidth                   string       `xml:"consume-big-bandwidth"`
-	TunnelsOtherApplications             string       `xml:"tunnel-other-application"`
-	HasKnownVulnerability                string       `xml:"has-known-vulnerability"`
-	UsedByMalware                        string       `xml:"used-by-malware"`
-	EvasiveBehavior                      string       `xml:"evasive-behavior"`
-	PervasiveUse                         string       `xml:"pervasive-use"`
-	ProneToMisuse                        string       `xml:"prone-to-misuse"`
-	ContinueScanningForOtherApplications string       `xml:"tunnel-applications"`
-	FileTypeIdent                        string       `xml:"file-type-ident"`
-	VirusIdent                           string       `xml:"virus-ident"`
-	DataIdent                            string       `xml:"data-ident"`
-	AlgDisableCapability                 string       `xml:"alg-disable-capability,omitempty"`
-	ParentApp                            string       `xml:"parent-app,omitempty"`
-	Sigs                                 *util.RawXml `xml:"signature"`
-}
-
-type theDefault struct {
-	DefaultPorts      *util.MemberType `xml:"port"`
-	DefaultIpProtocol string           `xml:"ident-by-ip-protocol,omitempty"`
-	Icmp              *icmp            `xml:"ident-by-icmp-type"`
-	Icmp6             *icmp            `xml:"ident-by-icmp6-type"`
-}
-
-type icmp struct {
-	Type int `xml:"type"`
-	Code int `xml:"code"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                                 e.Name,
-		Category:                             e.Category,
-		Subcategory:                          e.Subcategory,
-		Technology:                           e.Technology,
-		Description:                          e.Description,
-		Timeout:                              e.Timeout,
-		TcpTimeout:                           e.TcpTimeout,
-		UdpTimeout:                           e.UdpTimeout,
-		TcpHalfClosedTimeout:                 e.TcpHalfClosedTimeout,
-		TcpTimeWaitTimeout:                   e.TcpTimeWaitTimeout,
-		Risk:                                 e.Risk,
-		AbleToFileTransfer:                   util.YesNo(e.AbleToFileTransfer),
-		ExcessiveBandwidth:                   util.YesNo(e.ExcessiveBandwidth),
-		TunnelsOtherApplications:             util.YesNo(e.TunnelsOtherApplications),
-		HasKnownVulnerability:                util.YesNo(e.HasKnownVulnerability),
-		UsedByMalware:                        util.YesNo(e.UsedByMalware),
-		EvasiveBehavior:                      util.YesNo(e.EvasiveBehavior),
-		PervasiveUse:                         util.YesNo(e.PervasiveUse),
-		ProneToMisuse:                        util.YesNo(e.ProneToMisuse),
-		ContinueScanningForOtherApplications: util.YesNo(e.ContinueScanningForOtherApplications),
-		FileTypeIdent:                        util.YesNo(e.FileTypeIdent),
-		VirusIdent:                           util.YesNo(e.VirusIdent),
-		DataIdent:                            util.YesNo(e.DataIdent),
-		AlgDisableCapability:                 e.AlgDisableCapability,
-		ParentApp:                            e.ParentApp,
-	}
-
-	switch e.DefaultType {
-	case DefaultTypePort:
-		ans.Default = &theDefault{
-			DefaultPorts: util.StrToMem(e.DefaultPorts),
-		}
-	case DefaultTypeIpProtocol:
-		ans.Default = &theDefault{
-			DefaultIpProtocol: e.DefaultIpProtocol,
-		}
-	case DefaultTypeIcmp:
-		ans.Default = &theDefault{
-			Icmp: &icmp{
-				Type: e.DefaultIcmpType,
-				Code: e.DefaultIcmpCode,
-			},
-		}
-	case DefaultTypeIcmp6:
-		ans.Default = &theDefault{
-			Icmp6: &icmp{
-				Type: e.DefaultIcmpType,
-				Code: e.DefaultIcmpCode,
-			},
-		}
-	}
-
-	if text := e.raw["sigs"]; text != "" {
-		ans.Sigs = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                                 o.Name,
-		Category:                             o.Category,
-		Subcategory:                          o.Subcategory,
-		Technology:                           o.Technology,
-		Description:                          o.Description,
-		Timeout:                              o.Timeout,
-		TcpTimeout:                           o.TcpTimeout,
-		UdpTimeout:                           o.UdpTimeout,
-		TcpHalfClosedTimeout:                 o.TcpHalfClosedTimeout,
-		TcpTimeWaitTimeout:                   o.TcpTimeWaitTimeout,
-		Risk:                                 o.Risk,
-		AbleToFileTransfer:                   util.AsBool(o.AbleToFileTransfer),
-		ExcessiveBandwidth:                   util.AsBool(o.ExcessiveBandwidth),
-		TunnelsOtherApplications:             util.AsBool(o.TunnelsOtherApplications),
-		HasKnownVulnerability:                util.AsBool(o.HasKnownVulnerability),
-		UsedByMalware:                        util.AsBool(o.UsedByMalware),
-		EvasiveBehavior:                      util.AsBool(o.EvasiveBehavior),
-		PervasiveUse:                         util.AsBool(o.PervasiveUse),
-		ProneToMisuse:                        util.AsBool(o.ProneToMisuse),
-		ContinueScanningForOtherApplications: util.AsBool(o.ContinueScanningForOtherApplications),
-		FileTypeIdent:                        util.AsBool(o.FileTypeIdent),
-		VirusIdent:                           util.AsBool(o.VirusIdent),
-		DataIdent:                            util.AsBool(o.DataIdent),
-		AlgDisableCapability:                 o.AlgDisableCapability,
-		ParentApp:                            o.ParentApp,
-		NoAppIdCaching:                       util.AsBool(o.NoAppIdCaching),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Default == nil {
-		ans.DefaultType = DefaultTypeNone
-	} else if o.Default.DefaultPorts != nil {
-		ans.DefaultType = DefaultTypePort
-		ans.DefaultPorts = util.MemToStr(o.Default.DefaultPorts)
-	} else if o.Default.DefaultIpProtocol != "" {
-		ans.DefaultType = DefaultTypeIpProtocol
-		ans.DefaultIpProtocol = o.Default.DefaultIpProtocol
-	} else if o.Default.Icmp != nil {
-		ans.DefaultType = DefaultTypeIcmp
-		ans.DefaultIcmpType = o.Default.Icmp.Type
-		ans.DefaultIcmpCode = o.Default.Icmp.Code
-	} else if o.Default.Icmp6 != nil {
-		ans.DefaultType = DefaultTypeIcmp6
-		ans.DefaultIcmpType = o.Default.Icmp6.Type
-		ans.DefaultIcmpCode = o.Default.Icmp6.Code
-	}
-
-	if o.Sigs != nil {
-		raw["sigs"] = util.CleanRawXml(o.Sigs.Text)
-	}
-
-	if len(raw) != 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                              xml.Name     `xml:"entry"`
-	Name                                 string       `xml:"name,attr"`
-	Default                              *theDefault  `xml:"default"`
-	Category                             string       `xml:"category"`
-	Subcategory                          string       `xml:"subcategory"`
-	Technology                           string       `xml:"technology"`
-	Description                          string       `xml:"description,omitempty"`
-	Timeout                              int          `xml:"timeout,omitempty"`
-	TcpTimeout                           int          `xml:"tcp-timeout,omitempty"`
-	UdpTimeout                           int          `xml:"udp-timeout,omitempty"`
-	TcpHalfClosedTimeout                 int          `xml:"tcp-half-closed-timeout,omitempty"`
-	TcpTimeWaitTimeout                   int          `xml:"tcp-time-wait-timeout,omitempty"`
-	Risk                                 int          `xml:"risk"`
-	AbleToFileTransfer                   string       `xml:"able-to-transfer-file"`
-	ExcessiveBandwidth                   string       `xml:"consume-big-bandwidth"`
-	TunnelsOtherApplications             string       `xml:"tunnel-other-application"`
-	HasKnownVulnerability                string       `xml:"has-known-vulnerability"`
-	UsedByMalware                        string       `xml:"used-by-malware"`
-	EvasiveBehavior                      string       `xml:"evasive-behavior"`
-	PervasiveUse                         string       `xml:"pervasive-use"`
-	ProneToMisuse                        string       `xml:"prone-to-misuse"`
-	ContinueScanningForOtherApplications string       `xml:"tunnel-applications"`
-	FileTypeIdent                        string       `xml:"file-type-ident"`
-	VirusIdent                           string       `xml:"virus-ident"`
-	DataIdent                            string       `xml:"data-ident"`
-	AlgDisableCapability                 string       `xml:"alg-disable-capability,omitempty"`
-	ParentApp                            string       `xml:"parent-app,omitempty"`
-	NoAppIdCaching                       string       `xml:"no-appid-caching"`
-	Sigs                                 *util.RawXml `xml:"signature"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                                 e.Name,
-		Category:                             e.Category,
-		Subcategory:                          e.Subcategory,
-		Technology:                           e.Technology,
-		Description:                          e.Description,
-		Timeout:                              e.Timeout,
-		TcpTimeout:                           e.TcpTimeout,
-		UdpTimeout:                           e.UdpTimeout,
-		TcpHalfClosedTimeout:                 e.TcpHalfClosedTimeout,
-		TcpTimeWaitTimeout:                   e.TcpTimeWaitTimeout,
-		Risk:                                 e.Risk,
-		AbleToFileTransfer:                   util.YesNo(e.AbleToFileTransfer),
-		ExcessiveBandwidth:                   util.YesNo(e.ExcessiveBandwidth),
-		TunnelsOtherApplications:             util.YesNo(e.TunnelsOtherApplications),
-		HasKnownVulnerability:                util.YesNo(e.HasKnownVulnerability),
-		UsedByMalware:                        util.YesNo(e.UsedByMalware),
-		EvasiveBehavior:                      util.YesNo(e.EvasiveBehavior),
-		PervasiveUse:                         util.YesNo(e.PervasiveUse),
-		ProneToMisuse:                        util.YesNo(e.ProneToMisuse),
-		ContinueScanningForOtherApplications: util.YesNo(e.ContinueScanningForOtherApplications),
-		FileTypeIdent:                        util.YesNo(e.FileTypeIdent),
-		VirusIdent:                           util.YesNo(e.VirusIdent),
-		DataIdent:                            util.YesNo(e.DataIdent),
-		AlgDisableCapability:                 e.AlgDisableCapability,
-		ParentApp:                            e.ParentApp,
-		NoAppIdCaching:                       util.YesNo(e.NoAppIdCaching),
-	}
-
-	switch e.DefaultType {
-	case DefaultTypePort:
-		ans.Default = &theDefault{
-			DefaultPorts: util.StrToMem(e.DefaultPorts),
-		}
-	case DefaultTypeIpProtocol:
-		ans.Default = &theDefault{
-			DefaultIpProtocol: e.DefaultIpProtocol,
-		}
-	case DefaultTypeIcmp:
-		ans.Default = &theDefault{
-			Icmp: &icmp{
-				Type: e.DefaultIcmpType,
-				Code: e.DefaultIcmpCode,
-			},
-		}
-	case DefaultTypeIcmp6:
-		ans.Default = &theDefault{
-			Icmp6: &icmp{
-				Type: e.DefaultIcmpType,
-				Code: e.DefaultIcmpCode,
-			},
-		}
-	}
-
-	if text := e.raw["sigs"]; text != "" {
-		ans.Sigs = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/objs/app/funcs.go b/objs/app/funcs.go
deleted file mode 100644
index f5a47452..00000000
--- a/objs/app/funcs.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package app
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PredefinedNamespace returns an initialized namespace.
-func PredefinedNamespace(client util.XapiClient) *Predefined {
-	return &Predefined{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular:   singular,
-				Plural:     plural,
-				Client:     client,
-				Predefined: true,
-			},
-		},
-	}
-}
diff --git a/objs/app/fw.go b/objs/app/fw.go
deleted file mode 100644
index 1c1c86b6..00000000
--- a/objs/app/fw.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package app
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.Application namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// Load takes a chunk of raw XML and returns normalized objects back.
-/*
-func (c *Firewall) Load(xml string) ([]Entry, error) {
-    ans := c.container()
-    err := xml.Unmarshal([]byte(xml), ans)
-    return all(ans, err)
-}
-*/
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/app/fw_test.go b/objs/app/fw_test.go
deleted file mode 100644
index 7d9f8380..00000000
--- a/objs/app/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package app
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/group/const.go b/objs/app/group/const.go
deleted file mode 100644
index 01a07dba..00000000
--- a/objs/app/group/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package group
-
-const (
-	singular = "application group"
-	plural   = "application groups"
-)
diff --git a/objs/app/group/doc.go b/objs/app/group/doc.go
deleted file mode 100644
index e05a0db6..00000000
--- a/objs/app/group/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package group is the client.Objects.AppGroup namespace.
-
-Normalized object:  Entry
-*/
-package group
diff --git a/objs/app/group/entry.go b/objs/app/group/entry.go
deleted file mode 100644
index 01b71d7f..00000000
--- a/objs/app/group/entry.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Entry is a normalized, version independent representation of an application group.
-type Entry struct {
-	Name         string
-	Applications []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Applications = s.Applications
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name:         o.Answer.Name,
-		Applications: util.MemToStr(o.Answer.Applications),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName      xml.Name         `xml:"entry"`
-	Name         string           `xml:"name,attr"`
-	Applications *util.MemberType `xml:"members"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:         e.Name,
-		Applications: util.StrToMem(e.Applications),
-	}
-
-	return ans
-}
diff --git a/objs/app/group/fw.go b/objs/app/group/fw.go
deleted file mode 100644
index 3eaf35df..00000000
--- a/objs/app/group/fw.go
+++ /dev/null
@@ -1,150 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwGroup is the client.Objects.AppGroup namespace.
-type FwGroup struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwGroup) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwGroup) ShowList(vsys string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwGroup) GetList(vsys string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwGroup) Get(vsys, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwGroup) Show(vsys, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwGroup) Set(vsys string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwGroup) Edit(vsys string, e Entry) error {
-	var err error
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwGroup) Delete(vsys string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwGroup) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwGroup) details(fn util.Retriever, vsys, name string) (Entry, error) {
-	path := c.xpath(vsys, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwGroup) xpath(vsys string, vals []string) []string {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"application-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/group/fw_test.go b/objs/app/group/fw_test.go
deleted file mode 100644
index 2c15cdbe..00000000
--- a/objs/app/group/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwGroup{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/group/pano.go b/objs/app/group/pano.go
deleted file mode 100644
index 8ffe540d..00000000
--- a/objs/app/group/pano.go
+++ /dev/null
@@ -1,154 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoGroup is the client.Objects.AppGroup namespace.
-type PanoGroup struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoGroup) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoGroup) ShowList(dg string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoGroup) GetList(dg string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoGroup) Get(dg, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoGroup) Show(dg, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoGroup) Set(dg string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoGroup) Edit(dg string, e Entry) error {
-	var err error
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoGroup) Delete(dg string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoGroup) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *PanoGroup) details(fn util.Retriever, dg, name string) (Entry, error) {
-	path := c.xpath(dg, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoGroup) xpath(dg string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"application-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/group/pano_test.go b/objs/app/group/pano_test.go
deleted file mode 100644
index 96fbba01..00000000
--- a/objs/app/group/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoGroup{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/group/testdata_test.go b/objs/app/group/testdata_test.go
deleted file mode 100644
index b0c52749..00000000
--- a/objs/app/group/testdata_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 basic", version.Number{7, 1, 0, ""}, Entry{
-			Name:         "group",
-			Applications: []string{"app1", "app2"},
-		}},
-		{"v1 no apps", version.Number{7, 1, 0, ""}, Entry{
-			Name: "group",
-		}},
-	}
-}
diff --git a/objs/app/pano.go b/objs/app/pano.go
deleted file mode 100644
index fcfd04a8..00000000
--- a/objs/app/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package app
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Application namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/app/pano_test.go b/objs/app/pano_test.go
deleted file mode 100644
index f56c6fb8..00000000
--- a/objs/app/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package app
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/predefined.go b/objs/app/predefined.go
deleted file mode 100644
index 8b488bb9..00000000
--- a/objs/app/predefined.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package app
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Predefined is the client.Predefined.Application namespace.
-type Predefined struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Predefined) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Predefined) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Predefined) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Predefined) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Predefined) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Predefined) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Predefined) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Predefined) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"application",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Predefined) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/app/signature/andcond/const.go b/objs/app/signature/andcond/const.go
deleted file mode 100644
index 64dd9b66..00000000
--- a/objs/app/signature/andcond/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package andcond
-
-const (
-	singular = "application signature and-condition"
-	plural   = "application signature and-conditions"
-)
diff --git a/objs/app/signature/andcond/doc.go b/objs/app/signature/andcond/doc.go
deleted file mode 100644
index 2e099668..00000000
--- a/objs/app/signature/andcond/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package andcond is the client.Objects.AppSigAndCond namespace.
-
-Normalized object:  Entry
-*/
-package andcond
diff --git a/objs/app/signature/andcond/entry.go b/objs/app/signature/andcond/entry.go
deleted file mode 100644
index 114cfe38..00000000
--- a/objs/app/signature/andcond/entry.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package andcond
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Entry is a normalized, version independent representation of an application signature and-condition.
-type Entry struct {
-	Name string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name: o.Answer.Name,
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Answer.Sigs != nil {
-		ans.raw["sigs"] = util.CleanRawXml(o.Answer.Sigs.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name     `xml:"entry"`
-	Name    string       `xml:"name,attr"`
-	Sigs    *util.RawXml `xml:"or-condition"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if text := e.raw["sigs"]; text != "" {
-		ans.Sigs = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/objs/app/signature/andcond/fw.go b/objs/app/signature/andcond/fw.go
deleted file mode 100644
index 1cb64486..00000000
--- a/objs/app/signature/andcond/fw.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package andcond
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwAndCond is the client.Objects.AppSigAndCond namespace.
-type FwAndCond struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwAndCond) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwAndCond) ShowList(vsys, app, sig string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, app, sig, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwAndCond) GetList(vsys, app, sig string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, app, sig, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwAndCond) Get(vsys, app, sig, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, app, sig, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwAndCond) Show(vsys, app, sig, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, app, sig, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwAndCond) Set(vsys, app, sig string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, sig, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwAndCond) Edit(vsys, app, sig string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, sig, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwAndCond) Delete(vsys, app, sig string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, app, sig, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwAndCond) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwAndCond) details(fn util.Retriever, vsys, app, sig, name string) (Entry, error) {
-	path := c.xpath(vsys, app, sig, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwAndCond) xpath(vsys, app, sig string, vals []string) []string {
-	ans := make([]string, 0, 11)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath([]string{sig}),
-		"and-condition",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/andcond/fw_test.go b/objs/app/signature/andcond/fw_test.go
deleted file mode 100644
index cdba724c..00000000
--- a/objs/app/signature/andcond/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package andcond
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwAndCond{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", "my app", "sig", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", "my app", "sig", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/andcond/pano.go b/objs/app/signature/andcond/pano.go
deleted file mode 100644
index 10d2bb3c..00000000
--- a/objs/app/signature/andcond/pano.go
+++ /dev/null
@@ -1,172 +0,0 @@
-package andcond
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoAndCond is the client.Objects.AppSigAndCond namespace.
-type PanoAndCond struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoAndCond) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoAndCond) ShowList(dg, app, sig string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, app, sig, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoAndCond) GetList(dg, app, sig string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, app, sig, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoAndCond) Get(dg, app, sig, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, app, sig, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoAndCond) Show(dg, app, sig, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, app, sig, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoAndCond) Set(dg, app, sig string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, app, sig, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoAndCond) Edit(dg, app, sig string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, app, sig, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoAndCond) Delete(dg, app, sig string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, app, sig, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoAndCond) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *PanoAndCond) details(fn util.Retriever, dg, app, sig, name string) (Entry, error) {
-	path := c.xpath(dg, app, sig, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoAndCond) xpath(dg, app, sig string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 11)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath([]string{sig}),
-		"and-condition",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/andcond/pano_test.go b/objs/app/signature/andcond/pano_test.go
deleted file mode 100644
index 5b04c13f..00000000
--- a/objs/app/signature/andcond/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package andcond
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoAndCond{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", "my app", "sig", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", "my app", "sig", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/andcond/testdata_test.go b/objs/app/signature/andcond/testdata_test.go
deleted file mode 100644
index df7b1e18..00000000
--- a/objs/app/signature/andcond/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package andcond
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no raw", version.Number{7, 1, 0, ""}, Entry{
-			Name: "v1",
-		}},
-		{"v1 with raw", version.Number{7, 1, 0, ""}, Entry{
-			Name: "v1",
-			raw: map[string]string{
-				"sigs": "or sig config",
-			},
-		}},
-	}
-}
diff --git a/objs/app/signature/const.go b/objs/app/signature/const.go
deleted file mode 100644
index 0e7e6be8..00000000
--- a/objs/app/signature/const.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package signature
-
-// Valid Scope values.
-const (
-	ScopeTransaction = "transaction"
-	ScopeSession     = "session"
-)
-
-const transactionRaw = "protocol-data-unit"
-
-const (
-	singular = "application signature"
-	plural   = "application signatures"
-)
diff --git a/objs/app/signature/doc.go b/objs/app/signature/doc.go
deleted file mode 100644
index cdcbf622..00000000
--- a/objs/app/signature/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package signature is the client.Objects.AppSignature namespace.
-
-Normalized object:  Entry
-*/
-package signature
diff --git a/objs/app/signature/entry.go b/objs/app/signature/entry.go
deleted file mode 100644
index 919d4d1b..00000000
--- a/objs/app/signature/entry.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package signature
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Entry is a normalized, version independent representation of an application signature.
-type Entry struct {
-	Name      string
-	Comment   string
-	Scope     string
-	OrderFree bool
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Comment = s.Comment
-	o.Scope = s.Scope
-	o.OrderFree = s.OrderFree
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name:      o.Answer.Name,
-		Comment:   o.Answer.Comment,
-		OrderFree: util.AsBool(o.Answer.OrderFree),
-	}
-
-	switch o.Answer.Scope {
-	case transactionRaw:
-		ans.Scope = ScopeTransaction
-	default:
-		ans.Scope = o.Answer.Scope
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Answer.Sigs != nil {
-		ans.raw["sigs"] = util.CleanRawXml(o.Answer.Sigs.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName   xml.Name     `xml:"entry"`
-	Name      string       `xml:"name,attr"`
-	Comment   string       `xml:"comment,omitempty"`
-	Scope     string       `xml:"scope,omitempty"`
-	OrderFree string       `xml:"order-free"`
-	Sigs      *util.RawXml `xml:"and-condition"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:      e.Name,
-		Comment:   e.Comment,
-		OrderFree: util.YesNo(e.OrderFree),
-	}
-
-	switch e.Scope {
-	case ScopeTransaction:
-		ans.Scope = transactionRaw
-	default:
-		ans.Scope = e.Scope
-	}
-
-	if text := e.raw["sigs"]; text != "" {
-		ans.Sigs = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/objs/app/signature/fw.go b/objs/app/signature/fw.go
deleted file mode 100644
index 9eff8483..00000000
--- a/objs/app/signature/fw.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package signature
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwSignature is the client.Objects.AppSignature namespace.
-type FwSignature struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwSignature) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwSignature) ShowList(vsys, app string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, app, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwSignature) GetList(vsys, app string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, app, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwSignature) Get(vsys, app, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, app, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwSignature) Show(vsys, app, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, app, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwSignature) Set(vsys, app string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwSignature) Edit(vsys, app string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwSignature) Delete(vsys, app string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, app, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwSignature) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwSignature) details(fn util.Retriever, vsys, app, name string) (Entry, error) {
-	path := c.xpath(vsys, app, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwSignature) xpath(vsys, app string, vals []string) []string {
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/fw_test.go b/objs/app/signature/fw_test.go
deleted file mode 100644
index 3e10b062..00000000
--- a/objs/app/signature/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package signature
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwSignature{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", "my app", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", "my app", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/orcond/const.go b/objs/app/signature/orcond/const.go
deleted file mode 100644
index d5f67511..00000000
--- a/objs/app/signature/orcond/const.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package orcond
-
-// Valid Operator values.
-const (
-	OperatorPatternMatch = "pattern-match"
-	OperatorGreaterThan  = "greater-than"
-	OperatorLessThan     = "less-than"
-	OperatorEqualTo      = "equal-to"
-)
-
-const (
-	singular = "application signature and-condition or-condition"
-	plural   = "application signature and-condition or-conditions"
-)
diff --git a/objs/app/signature/orcond/doc.go b/objs/app/signature/orcond/doc.go
deleted file mode 100644
index 95833c92..00000000
--- a/objs/app/signature/orcond/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package orcond is the client.Objects.AppSigAndCondOrCond namespace.
-
-Normalized object:  Entry
-*/
-package orcond
diff --git a/objs/app/signature/orcond/entry.go b/objs/app/signature/orcond/entry.go
deleted file mode 100644
index 116f77a6..00000000
--- a/objs/app/signature/orcond/entry.go
+++ /dev/null
@@ -1,169 +0,0 @@
-package orcond
-
-import (
-	"encoding/xml"
-)
-
-// Entry is a normalized, version independent representation of an application signature and-condition.
-type Entry struct {
-	Name       string
-	Operator   string
-	Context    string
-	Pattern    string
-	Value      string
-	Position   string
-	Mask       string
-	Qualifiers map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Operator = s.Operator
-	o.Context = s.Context
-	o.Pattern = s.Pattern
-	o.Value = s.Value
-	o.Position = s.Position
-	o.Mask = s.Mask
-	o.Qualifiers = s.Qualifiers
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name: o.Answer.Name,
-	}
-
-	var q *qual
-	if o.Answer.Operator.Pm != nil {
-		ans.Operator = OperatorPatternMatch
-		ans.Context = o.Answer.Operator.Pm.Context
-		ans.Pattern = o.Answer.Operator.Pm.Pattern
-		q = o.Answer.Operator.Pm.Qualifier
-	} else if o.Answer.Operator.Gt != nil {
-		ans.Operator = OperatorGreaterThan
-		ans.Context = o.Answer.Operator.Gt.Context
-		ans.Value = o.Answer.Operator.Gt.Value
-		q = o.Answer.Operator.Gt.Qualifier
-	} else if o.Answer.Operator.Lt != nil {
-		ans.Operator = OperatorLessThan
-		ans.Context = o.Answer.Operator.Lt.Context
-		ans.Value = o.Answer.Operator.Lt.Value
-		q = o.Answer.Operator.Lt.Qualifier
-	} else if o.Answer.Operator.Eq != nil {
-		ans.Operator = OperatorEqualTo
-		ans.Context = o.Answer.Operator.Eq.Context
-		ans.Position = o.Answer.Operator.Eq.Position
-		ans.Mask = o.Answer.Operator.Eq.Mask
-		ans.Value = o.Answer.Operator.Eq.Value
-	}
-
-	if q != nil {
-		ans.Qualifiers = make(map[string]string)
-		for i := range q.Entry {
-			ans.Qualifiers[q.Entry[i].Name] = q.Entry[i].Value
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	Operator op       `xml:"operator"`
-}
-
-type op struct {
-	Pm *pm `xml:"pattern-match"`
-	Gt *gt `xml:"greater-than"`
-	Lt *lt `xml:"less-than"`
-	Eq *eq `xml:"equal-to"`
-}
-
-type pm struct {
-	Context   string `xml:"context"`
-	Pattern   string `xml:"pattern"`
-	Qualifier *qual  `xml:"qualifier"`
-}
-
-type qual struct {
-	Entry []qe `xml:"entry"`
-}
-
-type qe struct {
-	Name  string `xml:"name,attr"`
-	Value string `xml:"value"`
-}
-
-type gt struct {
-	Context   string `xml:"context"`
-	Value     string `xml:"value"`
-	Qualifier *qual  `xml:"qualifier"`
-}
-
-type lt struct {
-	Context   string `xml:"context"`
-	Value     string `xml:"value"`
-	Qualifier *qual  `xml:"qualifier"`
-}
-
-type eq struct {
-	Context  string `xml:"context"`
-	Position string `xml:"position,omitempty"`
-	Mask     string `xml:"mask,omitempty"`
-	Value    string `xml:"value"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	var q *qual
-	if len(e.Qualifiers) > 0 {
-		q = &qual{Entry: make([]qe, 0, len(e.Qualifiers))}
-		for k, v := range e.Qualifiers {
-			q.Entry = append(q.Entry, qe{k, v})
-		}
-	}
-
-	switch e.Operator {
-	case OperatorPatternMatch:
-		ans.Operator.Pm = &pm{
-			Context:   e.Context,
-			Pattern:   e.Pattern,
-			Qualifier: q,
-		}
-	case OperatorGreaterThan:
-		ans.Operator.Gt = &gt{
-			Context:   e.Context,
-			Value:     e.Value,
-			Qualifier: q,
-		}
-	case OperatorLessThan:
-		ans.Operator.Lt = &lt{
-			Context:   e.Context,
-			Value:     e.Value,
-			Qualifier: q,
-		}
-	case OperatorEqualTo:
-		ans.Operator.Eq = &eq{
-			Context:  e.Context,
-			Position: e.Position,
-			Mask:     e.Mask,
-			Value:    e.Value,
-		}
-	}
-
-	return ans
-}
diff --git a/objs/app/signature/orcond/fw.go b/objs/app/signature/orcond/fw.go
deleted file mode 100644
index 7f653539..00000000
--- a/objs/app/signature/orcond/fw.go
+++ /dev/null
@@ -1,176 +0,0 @@
-package orcond
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwOrCond is the client.Objects.AppSigAndCondOrCond namespace.
-type FwOrCond struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwOrCond) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwOrCond) ShowList(vsys, app, sig, andcond string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, app, sig, andcond, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwOrCond) GetList(vsys, app, sig, andcond string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, app, sig, andcond, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwOrCond) Get(vsys, app, sig, andcond, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, app, sig, andcond, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwOrCond) Show(vsys, app, sig, andcond, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, app, sig, andcond, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwOrCond) Set(vsys, app, sig, andcond string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	} else if andcond == "" {
-		return fmt.Errorf("andcond must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, sig, andcond, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwOrCond) Edit(vsys, app, sig, andcond string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	} else if andcond == "" {
-		return fmt.Errorf("andcond must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, app, sig, andcond, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwOrCond) Delete(vsys, app, sig, andcond string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	} else if andcond == "" {
-		return fmt.Errorf("andcond must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, app, sig, andcond, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwOrCond) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwOrCond) details(fn util.Retriever, vsys, app, sig, andcond, name string) (Entry, error) {
-	path := c.xpath(vsys, app, sig, andcond, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwOrCond) xpath(vsys, app, sig, andcond string, vals []string) []string {
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath([]string{sig}),
-		"and-condition",
-		util.AsEntryXpath([]string{andcond}),
-		"or-condition",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/orcond/fw_test.go b/objs/app/signature/orcond/fw_test.go
deleted file mode 100644
index 7cf30c66..00000000
--- a/objs/app/signature/orcond/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package orcond
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwOrCond{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", "my app", "sig", "And Condition 1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", "my app", "sig", "And Condition 1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/orcond/pano.go b/objs/app/signature/orcond/pano.go
deleted file mode 100644
index cbca2e96..00000000
--- a/objs/app/signature/orcond/pano.go
+++ /dev/null
@@ -1,174 +0,0 @@
-package orcond
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoOrCond is the client.Objects.AppSigAndCondOrCond namespace.
-type PanoOrCond struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoOrCond) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoOrCond) ShowList(dg, app, sig, andcond string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, app, sig, andcond, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoOrCond) GetList(dg, app, sig, andcond string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, app, sig, andcond, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoOrCond) Get(dg, app, sig, andcond, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, app, sig, andcond, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoOrCond) Show(dg, app, sig, andcond, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, app, sig, andcond, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoOrCond) Set(dg, app, sig, andcond string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, app, sig, andcond, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoOrCond) Edit(dg, app, sig, andcond string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, app, sig, andcond, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoOrCond) Delete(dg, app, sig, andcond string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	} else if sig == "" {
-		return fmt.Errorf("sig must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, app, sig, andcond, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoOrCond) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *PanoOrCond) details(fn util.Retriever, dg, app, sig, andcond, name string) (Entry, error) {
-	path := c.xpath(dg, app, sig, andcond, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoOrCond) xpath(dg, app, sig, andcond string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 13)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath([]string{sig}),
-		"and-condition",
-		util.AsEntryXpath([]string{andcond}),
-		"or-condition",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/orcond/pano_test.go b/objs/app/signature/orcond/pano_test.go
deleted file mode 100644
index 49aa03d8..00000000
--- a/objs/app/signature/orcond/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package orcond
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoOrCond{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", "my app", "sig", "And Condition 1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", "my app", "sig", "And Condition 1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/orcond/testdata_test.go b/objs/app/signature/orcond/testdata_test.go
deleted file mode 100644
index 9f8716d0..00000000
--- a/objs/app/signature/orcond/testdata_test.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package orcond
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 pattern match no qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorPatternMatch,
-			Context:  "context",
-			Pattern:  "myregexhere",
-		}},
-		{"v1 pattern match with qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorPatternMatch,
-			Context:  "context",
-			Pattern:  "myregexhere",
-			Qualifiers: map[string]string{
-				"qual1": "value1",
-				"qual2": "value2",
-			},
-		}},
-		{"v1 greater than no qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorGreaterThan,
-			Context:  "context",
-			Value:    "gt value",
-		}},
-		{"v1 greater than with qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorGreaterThan,
-			Context:  "context",
-			Value:    "gt value",
-			Qualifiers: map[string]string{
-				"qual1": "value1",
-				"qual2": "value2",
-			},
-		}},
-		{"v1 less than no qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorLessThan,
-			Context:  "context",
-			Value:    "lt value",
-		}},
-		{"v1 less than with qual", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorLessThan,
-			Context:  "context",
-			Value:    "lt value",
-			Qualifiers: map[string]string{
-				"qual1": "value1",
-				"qual2": "value2",
-			},
-		}},
-		{"v1 equal to no extras", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorEqualTo,
-			Context:  "context",
-			Value:    "my value",
-		}},
-		{"v1 equal to with extras", version.Number{7, 1, 0, ""}, Entry{
-			Name:     "v1",
-			Operator: OperatorEqualTo,
-			Context:  "context",
-			Value:    "my value",
-			Position: "position",
-			Mask:     "0a0b",
-		}},
-	}
-}
diff --git a/objs/app/signature/pano.go b/objs/app/signature/pano.go
deleted file mode 100644
index 8cd96114..00000000
--- a/objs/app/signature/pano.go
+++ /dev/null
@@ -1,164 +0,0 @@
-package signature
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoSignature is the client.Objects.AppSignature namespace.
-type PanoSignature struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoSignature) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoSignature) ShowList(dg, app string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, app, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoSignature) GetList(dg, app string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, app, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoSignature) Get(dg, app, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, app, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoSignature) Show(dg, app, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, app, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoSignature) Set(dg, app string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, app, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoSignature) Edit(dg, app string, e Entry) error {
-	var err error
-
-	if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, app, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoSignature) Delete(dg, app string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if app == "" {
-		return fmt.Errorf("app must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, app, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoSignature) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *PanoSignature) details(fn util.Retriever, dg, app, name string) (Entry, error) {
-	path := c.xpath(dg, app, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoSignature) xpath(dg, app string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"application",
-		util.AsEntryXpath([]string{app}),
-		"signature",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/app/signature/pano_test.go b/objs/app/signature/pano_test.go
deleted file mode 100644
index 397e8101..00000000
--- a/objs/app/signature/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package signature
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoSignature{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", "my app", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", "my app", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/app/signature/testdata_test.go b/objs/app/signature/testdata_test.go
deleted file mode 100644
index 740a216f..00000000
--- a/objs/app/signature/testdata_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package signature
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no raw no order", version.Number{7, 1, 0, ""}, Entry{
-			Name:      "v1",
-			Comment:   "my comment",
-			Scope:     ScopeSession,
-			OrderFree: false,
-		}},
-		{"v1 raw no order", version.Number{7, 1, 0, ""}, Entry{
-			Name:      "v1",
-			Comment:   "my comment",
-			Scope:     ScopeSession,
-			OrderFree: false,
-			raw: map[string]string{
-				"sigs": "and sig config",
-			},
-		}},
-		{"v1 no raw ordered", version.Number{7, 1, 0, ""}, Entry{
-			Name:      "v1",
-			Scope:     ScopeTransaction,
-			OrderFree: true,
-		}},
-	}
-}
diff --git a/objs/app/testdata_test.go b/objs/app/testdata_test.go
deleted file mode 100644
index d144d49c..00000000
--- a/objs/app/testdata_test.go
+++ /dev/null
@@ -1,269 +0,0 @@
-package app
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no default", version.Number{7, 1, 0, ""}, Entry{
-			Name:                                 "v1",
-			DefaultType:                          DefaultTypeNone,
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			ExcessiveBandwidth:                   true,
-			TunnelsOtherApplications:             true,
-			HasKnownVulnerability:                true,
-			UsedByMalware:                        true,
-			EvasiveBehavior:                      true,
-			PervasiveUse:                         true,
-			ProneToMisuse:                        true,
-			ContinueScanningForOtherApplications: true,
-			FileTypeIdent:                        true,
-			VirusIdent:                           true,
-			DataIdent:                            true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-			raw: map[string]string{
-				"sigs": "a bunch of sig data",
-			},
-		}},
-		{"v1 default ports", version.Number{7, 1, 0, ""}, Entry{
-			Name:                 "v1",
-			DefaultType:          DefaultTypePort,
-			DefaultPorts:         []string{"tcp/dynamic", "udp/32"},
-			Category:             "category",
-			Subcategory:          "subcat",
-			Technology:           "tech",
-			Description:          "my desc",
-			Timeout:              5,
-			TcpTimeout:           6,
-			UdpTimeout:           7,
-			TcpHalfClosedTimeout: 8,
-			TcpTimeWaitTimeout:   9,
-			Risk:                 2,
-			FileTypeIdent:        true,
-			VirusIdent:           true,
-			DataIdent:            true,
-			AlgDisableCapability: "alg disable",
-			ParentApp:            "parent app",
-		}},
-		{"v1 default ip protocol", version.Number{7, 1, 0, ""}, Entry{
-			Name:                                 "v1",
-			DefaultType:                          DefaultTypeIpProtocol,
-			DefaultIpProtocol:                    "101",
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			ExcessiveBandwidth:                   true,
-			TunnelsOtherApplications:             true,
-			HasKnownVulnerability:                true,
-			UsedByMalware:                        true,
-			EvasiveBehavior:                      true,
-			PervasiveUse:                         true,
-			ProneToMisuse:                        true,
-			ContinueScanningForOtherApplications: true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-		}},
-		{"v1 default icmp", version.Number{7, 1, 0, ""}, Entry{
-			Name:                  "v1",
-			DefaultType:           DefaultTypeIcmp,
-			DefaultIcmpType:       55,
-			DefaultIcmpCode:       44,
-			Category:              "category",
-			Subcategory:           "subcat",
-			Technology:            "tech",
-			Description:           "my desc",
-			Timeout:               5,
-			TcpTimeout:            6,
-			UdpTimeout:            7,
-			TcpHalfClosedTimeout:  8,
-			TcpTimeWaitTimeout:    9,
-			Risk:                  2,
-			ExcessiveBandwidth:    true,
-			HasKnownVulnerability: true,
-			EvasiveBehavior:       true,
-			ProneToMisuse:         true,
-			FileTypeIdent:         true,
-			DataIdent:             true,
-			AlgDisableCapability:  "alg disable",
-			ParentApp:             "parent app",
-		}},
-		{"v1 no default", version.Number{7, 1, 0, ""}, Entry{
-			Name:                                 "v1",
-			DefaultType:                          DefaultTypeIcmp6,
-			DefaultIcmpType:                      33,
-			DefaultIcmpCode:                      22,
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			TunnelsOtherApplications:             true,
-			UsedByMalware:                        true,
-			PervasiveUse:                         true,
-			ContinueScanningForOtherApplications: true,
-			VirusIdent:                           true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-		}},
-		{"v2 no default", version.Number{8, 1, 0, ""}, Entry{
-			Name:                                 "v2",
-			DefaultType:                          DefaultTypeNone,
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			ExcessiveBandwidth:                   true,
-			TunnelsOtherApplications:             true,
-			HasKnownVulnerability:                true,
-			UsedByMalware:                        true,
-			EvasiveBehavior:                      true,
-			PervasiveUse:                         true,
-			ProneToMisuse:                        true,
-			ContinueScanningForOtherApplications: true,
-			FileTypeIdent:                        true,
-			VirusIdent:                           true,
-			DataIdent:                            true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-			NoAppIdCaching:                       true,
-			raw: map[string]string{
-				"sigs": "a bunch of sig data",
-			},
-		}},
-		{"v2 default ports", version.Number{8, 1, 0, ""}, Entry{
-			Name:                 "v2",
-			DefaultType:          DefaultTypePort,
-			DefaultPorts:         []string{"tcp/dynamic", "udp/32"},
-			Category:             "category",
-			Subcategory:          "subcat",
-			Technology:           "tech",
-			Description:          "my desc",
-			Timeout:              5,
-			TcpTimeout:           6,
-			UdpTimeout:           7,
-			TcpHalfClosedTimeout: 8,
-			TcpTimeWaitTimeout:   9,
-			Risk:                 2,
-			FileTypeIdent:        true,
-			VirusIdent:           true,
-			DataIdent:            true,
-			AlgDisableCapability: "alg disable",
-			ParentApp:            "parent app",
-			NoAppIdCaching:       true,
-		}},
-		{"v2 default ip protocol", version.Number{8, 1, 0, ""}, Entry{
-			Name:                                 "v2",
-			DefaultType:                          DefaultTypeIpProtocol,
-			DefaultIpProtocol:                    "101",
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			ExcessiveBandwidth:                   true,
-			TunnelsOtherApplications:             true,
-			HasKnownVulnerability:                true,
-			UsedByMalware:                        true,
-			EvasiveBehavior:                      true,
-			PervasiveUse:                         true,
-			ProneToMisuse:                        true,
-			ContinueScanningForOtherApplications: true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-		}},
-		{"v2 default icmp", version.Number{8, 1, 0, ""}, Entry{
-			Name:                  "v2",
-			DefaultType:           DefaultTypeIcmp,
-			DefaultIcmpType:       55,
-			DefaultIcmpCode:       44,
-			Category:              "category",
-			Subcategory:           "subcat",
-			Technology:            "tech",
-			Description:           "my desc",
-			Timeout:               5,
-			TcpTimeout:            6,
-			UdpTimeout:            7,
-			TcpHalfClosedTimeout:  8,
-			TcpTimeWaitTimeout:    9,
-			Risk:                  2,
-			ExcessiveBandwidth:    true,
-			HasKnownVulnerability: true,
-			EvasiveBehavior:       true,
-			ProneToMisuse:         true,
-			FileTypeIdent:         true,
-			DataIdent:             true,
-			AlgDisableCapability:  "alg disable",
-			ParentApp:             "parent app",
-			NoAppIdCaching:        true,
-		}},
-		{"v2 no default", version.Number{8, 1, 0, ""}, Entry{
-			Name:                                 "v2",
-			DefaultType:                          DefaultTypeIcmp6,
-			DefaultIcmpType:                      33,
-			DefaultIcmpCode:                      22,
-			Category:                             "category",
-			Subcategory:                          "subcat",
-			Technology:                           "tech",
-			Description:                          "my desc",
-			Timeout:                              5,
-			TcpTimeout:                           6,
-			UdpTimeout:                           7,
-			TcpHalfClosedTimeout:                 8,
-			TcpTimeWaitTimeout:                   9,
-			Risk:                                 2,
-			AbleToFileTransfer:                   true,
-			TunnelsOtherApplications:             true,
-			UsedByMalware:                        true,
-			PervasiveUse:                         true,
-			ContinueScanningForOtherApplications: true,
-			VirusIdent:                           true,
-			AlgDisableCapability:                 "alg disable",
-			ParentApp:                            "parent app",
-		}},
-	}
-}
diff --git a/objs/custom/data/const.go b/objs/custom/data/const.go
deleted file mode 100644
index d5154fb9..00000000
--- a/objs/custom/data/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package data
-
-// Valid values for Entry.Type.
-const (
-	TypePredefined     = "predefined"
-	TypeRegex          = "regex"
-	TypeFileProperties = "file-properties"
-)
-
-const (
-	singular = "custom data pattern"
-	plural   = "custom data patterns"
-)
diff --git a/objs/custom/data/doc.go b/objs/custom/data/doc.go
deleted file mode 100644
index 8ce338d8..00000000
--- a/objs/custom/data/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package data is the client.Object.DataPattern namespace.
-
-Due to significant changes in the XML schema, this normalization
-is for PAN-OS 8.0+.
-
-Normalized object:  Entry
-*/
-package data
diff --git a/objs/custom/data/entry.go b/objs/custom/data/entry.go
deleted file mode 100644
index 7101f969..00000000
--- a/objs/custom/data/entry.go
+++ /dev/null
@@ -1,284 +0,0 @@
-package data
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// custom data pattern object.
-type Entry struct {
-	Name               string
-	Description        string
-	Type               string
-	PredefinedPatterns []PredefinedPattern
-	Regexes            []Regex
-	FileProperties     []FileProperty
-}
-
-type PredefinedPattern struct {
-	Name      string
-	FileTypes []string // ordered
-}
-
-type Regex struct {
-	Name      string
-	FileTypes []string // ordered
-	Regex     string
-}
-
-type FileProperty struct {
-	Name          string
-	FileType      string
-	FileProperty  string
-	PropertyValue string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Type = s.Type
-	if s.PredefinedPatterns == nil {
-		o.PredefinedPatterns = nil
-	} else {
-		o.PredefinedPatterns = make([]PredefinedPattern, 0, len(s.PredefinedPatterns))
-		for _, x := range s.PredefinedPatterns {
-			item := PredefinedPattern{
-				Name: x.Name,
-			}
-			if len(x.FileTypes) != 0 {
-				item.FileTypes = make([]string, len(x.FileTypes))
-				copy(item.FileTypes, x.FileTypes)
-			}
-			o.PredefinedPatterns = append(o.PredefinedPatterns, item)
-		}
-	}
-	if s.Regexes == nil {
-		o.Regexes = nil
-	} else {
-		o.Regexes = make([]Regex, 0, len(s.Regexes))
-		for _, x := range s.Regexes {
-			item := Regex{
-				Name:  x.Name,
-				Regex: x.Regex,
-			}
-			if len(x.FileTypes) != 0 {
-				item.FileTypes = make([]string, len(x.FileTypes))
-				copy(item.FileTypes, x.FileTypes)
-			}
-			o.Regexes = append(o.Regexes, item)
-		}
-	}
-	if s.FileProperties == nil {
-		o.FileProperties = nil
-	} else {
-		o.FileProperties = make([]FileProperty, 0, len(s.FileProperties))
-		for _, x := range s.FileProperties {
-			o.FileProperties = append(o.FileProperties, FileProperty{
-				Name:          x.Name,
-				FileType:      x.FileType,
-				FileProperty:  x.FileProperty,
-				PropertyValue: x.PropertyValue,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	switch {
-	case o.Type.Predefined != nil:
-		ans.Type = TypePredefined
-		if o.Type.Predefined.Pattern != nil {
-			data := make([]PredefinedPattern, 0, len(o.Type.Predefined.Pattern.Entries))
-			for _, d := range o.Type.Predefined.Pattern.Entries {
-				data = append(data, PredefinedPattern{
-					Name:      d.Name,
-					FileTypes: util.MemToStr(d.FileTypes),
-				})
-			}
-
-			ans.PredefinedPatterns = data
-		}
-	case o.Type.Regex != nil:
-		ans.Type = TypeRegex
-		if o.Type.Regex.Pattern != nil {
-			data := make([]Regex, 0, len(o.Type.Regex.Pattern.Entries))
-			for _, d := range o.Type.Regex.Pattern.Entries {
-				data = append(data, Regex{
-					Name:      d.Name,
-					FileTypes: util.MemToStr(d.FileTypes),
-					Regex:     d.Regex,
-				})
-			}
-
-			ans.Regexes = data
-		}
-	case o.Type.FileProperties != nil:
-		ans.Type = TypeFileProperties
-		if o.Type.FileProperties.Pattern != nil {
-			data := make([]FileProperty, 0, len(o.Type.FileProperties.Pattern.Entries))
-			for _, d := range o.Type.FileProperties.Pattern.Entries {
-				data = append(data, FileProperty{
-					Name:          d.Name,
-					FileType:      d.FileType,
-					FileProperty:  d.FileProperty,
-					PropertyValue: d.PropertyValue,
-				})
-			}
-
-			ans.FileProperties = data
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Description string   `xml:"description,omitempty"`
-	Type        dpType   `xml:"pattern-type"`
-}
-
-type dpType struct {
-	Predefined     *predefined `xml:"predefined"`
-	Regex          *regex      `xml:"regex"`
-	FileProperties *fp         `xml:"file-properties"`
-}
-
-type predefined struct {
-	Pattern *predefPat `xml:"pattern"`
-}
-
-type predefPat struct {
-	Entries []predefEntry `xml:"entry"`
-}
-
-type predefEntry struct {
-	Name      string           `xml:"name,attr"`
-	FileTypes *util.MemberType `xml:"file-type"`
-}
-
-type regex struct {
-	Pattern *regexPat `xml:"pattern"`
-}
-
-type regexPat struct {
-	Entries []regexEntry `xml:"entry"`
-}
-
-type regexEntry struct {
-	Name      string           `xml:"name,attr"`
-	FileTypes *util.MemberType `xml:"file-type"`
-	Regex     string           `xml:"regex"`
-}
-
-type fp struct {
-	Pattern *fpPat `xml:"pattern"`
-}
-
-type fpPat struct {
-	Entries []fpEntry `xml:"entry"`
-}
-
-type fpEntry struct {
-	Name          string `xml:"name,attr"`
-	FileType      string `xml:"file-type"`
-	FileProperty  string `xml:"file-property"`
-	PropertyValue string `xml:"property-value"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	switch e.Type {
-	case TypePredefined:
-		ans.Type.Predefined = &predefined{}
-		if len(e.PredefinedPatterns) > 0 {
-			data := make([]predefEntry, 0, len(e.PredefinedPatterns))
-			for _, d := range e.PredefinedPatterns {
-				data = append(data, predefEntry{
-					Name:      d.Name,
-					FileTypes: util.StrToMem(d.FileTypes),
-				})
-			}
-
-			ans.Type.Predefined.Pattern = &predefPat{Entries: data}
-		}
-	case TypeRegex:
-		ans.Type.Regex = &regex{}
-		if len(e.Regexes) > 0 {
-			data := make([]regexEntry, 0, len(e.Regexes))
-			for _, d := range e.Regexes {
-				data = append(data, regexEntry{
-					Name:      d.Name,
-					FileTypes: util.StrToMem(d.FileTypes),
-					Regex:     d.Regex,
-				})
-			}
-
-			ans.Type.Regex.Pattern = &regexPat{Entries: data}
-		}
-	case TypeFileProperties:
-		ans.Type.FileProperties = &fp{}
-		if len(e.FileProperties) > 0 {
-			data := make([]fpEntry, 0, len(e.FileProperties))
-			for _, d := range e.FileProperties {
-				data = append(data, fpEntry{
-					Name:          d.Name,
-					FileType:      d.FileType,
-					FileProperty:  d.FileProperty,
-					PropertyValue: d.PropertyValue,
-				})
-			}
-
-			ans.Type.FileProperties.Pattern = &fpPat{Entries: data}
-		}
-	}
-
-	return ans
-}
diff --git a/objs/custom/data/funcs.go b/objs/custom/data/funcs.go
deleted file mode 100644
index d07e1d7e..00000000
--- a/objs/custom/data/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package data
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	// PAN-OS 9.0+ seems to have added new values for predefined names, but the
-	// structure of the XML hasn't changed, so no new version handling is needed.
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/custom/data/fw.go b/objs/custom/data/fw.go
deleted file mode 100644
index acc67fd7..00000000
--- a/objs/custom/data/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.DataPattern namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"data-objects",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/data/fw_test.go b/objs/custom/data/fw_test.go
deleted file mode 100644
index 26f9c8e3..00000000
--- a/objs/custom/data/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package data
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/data/pano.go b/objs/custom/data/pano.go
deleted file mode 100644
index 7450a17f..00000000
--- a/objs/custom/data/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.DataPattern namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"data-objects",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/data/pano_test.go b/objs/custom/data/pano_test.go
deleted file mode 100644
index 1bf6ccce..00000000
--- a/objs/custom/data/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package data
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/data/testdata_test.go b/objs/custom/data/testdata_test.go
deleted file mode 100644
index 9fb10fb0..00000000
--- a/objs/custom/data/testdata_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 predefined", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			Type:        TypePredefined,
-			PredefinedPatterns: []PredefinedPattern{
-				PredefinedPattern{
-					Name:      "social-security-numbers",
-					FileTypes: []string{"any"},
-				},
-			},
-		}},
-		{"v1 regex", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			Type:        TypeRegex,
-			Regexes: []Regex{
-				Regex{
-					Name:      "pat1",
-					FileTypes: []string{"any"},
-					Regex:     "*\\.gif",
-				},
-			},
-		}},
-		{"v1 file properties", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			Type:        TypeFileProperties,
-			FileProperties: []FileProperty{
-				FileProperty{
-					Name:          "pat1",
-					FileType:      "xlsx",
-					FileProperty:  "panav-rsp-office-dlp-category",
-					PropertyValue: "John",
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/custom/spyware/const.go b/objs/custom/spyware/const.go
deleted file mode 100644
index 8af7bdf2..00000000
--- a/objs/custom/spyware/const.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package spyware
-
-// Valid values for Entry.DefaultAction.
-const (
-	DefaultActionAllow       = "allow"
-	DefaultActionAlert       = "alert"
-	DefaultActionDrop        = "drop"
-	DefaultActionResetClient = "reset-client"
-	DefaultActionResetServer = "reset-server"
-	DefaultActionResetBoth   = "reset-both"
-	DefaultActionBlockIp     = "block-ip"
-)
-
-const (
-	singular = "custom spyware object"
-	plural   = "custom spyware objects"
-)
diff --git a/objs/custom/spyware/doc.go b/objs/custom/spyware/doc.go
deleted file mode 100644
index 44659f34..00000000
--- a/objs/custom/spyware/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package spyware is the client.Objects.CustomSpyware namespace.
-
-This module supports PAN-OS 7.0+.
-
-Normalized object:  Entry
-*/
-package spyware
diff --git a/objs/custom/spyware/entry.go b/objs/custom/spyware/entry.go
deleted file mode 100644
index 9973a82a..00000000
--- a/objs/custom/spyware/entry.go
+++ /dev/null
@@ -1,1088 +0,0 @@
-package spyware
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// custom data pattern object.
-//
-// PAN-OS 7.0+.
-type Entry struct {
-	Name                     string
-	ThreatName               string
-	Comment                  string
-	Severity                 string
-	Direction                string
-	DefaultAction            string
-	BlockIpTrackBy           string
-	BlockIpDuration          int
-	Cves                     []string
-	Bugtraqs                 []string
-	Vendors                  []string
-	References               []string
-	StandardSignatureType    *StandardSignatureType
-	CombinationSignatureType *CombinationSignatureType
-}
-
-type StandardSignatureType struct {
-	Signatures []StandardSignature
-}
-
-type StandardSignature struct {
-	Name         string
-	Comment      string
-	Scope        string
-	OrderFree    bool
-	StandardAnds []StandardAnd
-}
-
-type StandardAnd struct {
-	Name        string
-	StandardOrs []StandardOr
-}
-
-type StandardOr struct {
-	Name         string
-	LessThan     *Condition
-	EqualTo      *EqualTo
-	GreaterThan  *Condition
-	PatternMatch *Pattern
-}
-
-type Condition struct {
-	Value      int
-	Context    string
-	Qualifiers []Qualifier
-}
-
-type EqualTo struct {
-	Value      int
-	Context    string
-	Negate     bool // PAN-OS 10.0
-	Qualifiers []Qualifier
-}
-
-type Qualifier struct {
-	Qualifier string
-	Value     string
-}
-
-type Pattern struct {
-	Pattern    string
-	Context    string
-	Negate     bool
-	Qualifiers []Qualifier
-}
-
-type CombinationSignatureType struct {
-	OrderFree           bool
-	ThresholdTime       int
-	IntervalTime        int
-	AggregationCriteria string
-	Signatures          []CombinationSignature
-}
-
-type CombinationSignature struct {
-	Name           string
-	CombinationOrs []CombinationOr
-}
-
-type CombinationOr struct {
-	Name     string
-	ThreatId string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.ThreatName = s.ThreatName
-	o.Comment = s.Comment
-	o.Severity = s.Severity
-	o.Direction = s.Direction
-	o.DefaultAction = s.DefaultAction
-	o.BlockIpTrackBy = s.BlockIpTrackBy
-	o.BlockIpDuration = s.BlockIpDuration
-	if s.Cves == nil {
-		o.Cves = nil
-	} else {
-		o.Cves = make([]string, len(s.Cves))
-		copy(o.Cves, s.Cves)
-	}
-	if s.Bugtraqs == nil {
-		o.Bugtraqs = nil
-	} else {
-		o.Bugtraqs = make([]string, len(s.Bugtraqs))
-		copy(o.Bugtraqs, s.Bugtraqs)
-	}
-	if s.Vendors == nil {
-		o.Vendors = nil
-	} else {
-		o.Vendors = make([]string, len(s.Vendors))
-		copy(o.Vendors, s.Vendors)
-	}
-	if s.References == nil {
-		o.References = nil
-	} else {
-		o.References = make([]string, len(s.References))
-		copy(o.References, s.References)
-	}
-
-	if s.StandardSignatureType == nil {
-		o.StandardSignatureType = nil
-	} else {
-		o.StandardSignatureType = &StandardSignatureType{}
-		if len(s.StandardSignatureType.Signatures) > 0 {
-			sstl := make([]StandardSignature, 0, len(s.StandardSignatureType.Signatures))
-			for _, x := range s.StandardSignatureType.Signatures {
-				var acl []StandardAnd
-				if x.StandardAnds != nil {
-					acl = make([]StandardAnd, 0, len(x.StandardAnds))
-					for _, aobj := range x.StandardAnds {
-						var olist []StandardOr
-						if aobj.StandardOrs != nil {
-							olist = make([]StandardOr, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     copyCondition(oobj.LessThan),
-									EqualTo:      copyEqualTo(oobj.EqualTo),
-									GreaterThan:  copyCondition(oobj.GreaterThan),
-									PatternMatch: copyPattern(oobj.PatternMatch),
-								})
-							}
-						}
-						acl = append(acl, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sstl = append(sstl, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    x.OrderFree,
-					StandardAnds: acl,
-				})
-			}
-			o.StandardSignatureType.Signatures = sstl
-		}
-	}
-
-	if s.CombinationSignatureType == nil {
-		o.CombinationSignatureType = nil
-	} else {
-		var slist []CombinationSignature
-		if s.CombinationSignatureType.Signatures != nil {
-			slist = make([]CombinationSignature, 0, len(s.CombinationSignatureType.Signatures))
-			for _, sobj := range s.CombinationSignatureType.Signatures {
-				var olist []CombinationOr
-				if sobj.CombinationOrs != nil {
-					olist = make([]CombinationOr, 0, len(sobj.CombinationOrs))
-					for _, oobj := range sobj.CombinationOrs {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				slist = append(slist, CombinationSignature{
-					Name:           sobj.Name,
-					CombinationOrs: olist,
-				})
-			}
-		}
-		o.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           s.CombinationSignatureType.OrderFree,
-			ThresholdTime:       s.CombinationSignatureType.ThresholdTime,
-			IntervalTime:        s.CombinationSignatureType.IntervalTime,
-			AggregationCriteria: s.CombinationSignatureType.AggregationCriteria,
-			Signatures:          slist,
-		}
-	}
-}
-
-func copyCondition(v *Condition) *Condition {
-	if v == nil {
-		return nil
-	}
-
-	return &Condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-func copyQualifiers(v []Qualifier) []Qualifier {
-	if v == nil {
-		return nil
-	}
-
-	list := make([]Qualifier, 0, len(v))
-	for _, x := range v {
-		list = append(list, Qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return list
-}
-
-func copyEqualTo(v *EqualTo) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     v.Negate,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-func copyPattern(v *Pattern) *Pattern {
-	if v == nil {
-		return nil
-	}
-
-	return &Pattern{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     v.Negate,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		ThreatName: o.ThreatName,
-		Comment:    o.Comment,
-		Severity:   o.Severity,
-		Direction:  o.Direction,
-		Cves:       util.MemToStr(o.Cves),
-		Bugtraqs:   util.MemToStr(o.Bugtraqs),
-		Vendors:    util.MemToStr(o.Vendors),
-		References: util.MemToStr(o.References),
-	}
-
-	if o.DefaultAction == nil {
-		ans.DefaultAction = DefaultActionAlert
-	} else {
-		switch {
-		case o.DefaultAction.Allow != nil:
-			ans.DefaultAction = DefaultActionAllow
-		case o.DefaultAction.Alert != nil:
-			ans.DefaultAction = DefaultActionAlert
-		case o.DefaultAction.Drop != nil:
-			ans.DefaultAction = DefaultActionDrop
-		case o.DefaultAction.ResetClient != nil:
-			ans.DefaultAction = DefaultActionResetClient
-		case o.DefaultAction.ResetServer != nil:
-			ans.DefaultAction = DefaultActionResetServer
-		case o.DefaultAction.ResetBoth != nil:
-			ans.DefaultAction = DefaultActionResetBoth
-		case o.DefaultAction.BlockIp != nil:
-			ans.DefaultAction = DefaultActionBlockIp
-			ans.BlockIpTrackBy = o.DefaultAction.BlockIp.BlockIpTrackBy
-			ans.BlockIpDuration = o.DefaultAction.BlockIp.BlockIpDuration
-		}
-	}
-
-	if o.Signature.Standard != nil {
-		ans.StandardSignatureType = &StandardSignatureType{}
-		if len(o.Signature.Standard.Entries) > 0 {
-			sigs := make([]StandardSignature, 0, len(o.Signature.Standard.Entries))
-			for _, x := range o.Signature.Standard.Entries {
-				var alist []StandardAnd
-				if x.Ands != nil && len(x.Ands.Entries) > 0 {
-					alist = make([]StandardAnd, 0, len(x.Ands.Entries))
-					for _, aobj := range x.Ands.Entries {
-						var olist []StandardOr
-						if aobj.Ors != nil && len(aobj.Ors.Entries) > 0 {
-							olist = make([]StandardOr, 0, len(aobj.Ors.Entries))
-							for _, oobj := range aobj.Ors.Entries {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     normalizeCondition(oobj.Op.LessThan),
-									EqualTo:      normalizeEqualToFromCondition(oobj.Op.EqualTo),
-									GreaterThan:  normalizeCondition(oobj.Op.GreaterThan),
-									PatternMatch: normalizePatternMatch(oobj.Op.PatternMatch),
-								})
-							}
-						}
-						alist = append(alist, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sigs = append(sigs, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    util.AsBool(x.OrderFree),
-					StandardAnds: alist,
-				})
-			}
-			ans.StandardSignatureType.Signatures = sigs
-		}
-	}
-
-	if o.Signature.Combination != nil {
-		ans.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           util.AsBool(o.Signature.Combination.OrderFree),
-			ThresholdTime:       o.Signature.Combination.TimeAttribute.ThresholdTime,
-			IntervalTime:        o.Signature.Combination.TimeAttribute.IntervalTime,
-			AggregationCriteria: o.Signature.Combination.TimeAttribute.AggregationCriteria,
-		}
-
-		if o.Signature.Combination.AndConditions != nil && len(o.Signature.Combination.AndConditions.Entries) > 0 {
-			list := make([]CombinationSignature, 0, len(o.Signature.Combination.AndConditions.Entries))
-			for _, x := range o.Signature.Combination.AndConditions.Entries {
-				var olist []CombinationOr
-				if x.OrConditions != nil && len(x.OrConditions.Entries) > 0 {
-					olist = make([]CombinationOr, 0, len(x.OrConditions.Entries))
-					for _, oobj := range x.OrConditions.Entries {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				list = append(list, CombinationSignature{
-					Name:           x.Name,
-					CombinationOrs: olist,
-				})
-			}
-			ans.CombinationSignatureType.Signatures = list
-		}
-	}
-
-	return ans
-}
-
-func normalizeCondition(v *condition) *Condition {
-	if v == nil {
-		return nil
-	}
-
-	return &Condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-func normalizeQualifiers(v *qualifiers) []Qualifier {
-	if v == nil || len(v.Entries) == 0 {
-		return nil
-	}
-
-	list := make([]Qualifier, 0, len(v.Entries))
-	for _, x := range v.Entries {
-		list = append(list, Qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return list
-}
-
-func normalizeEqualToFromCondition(v *condition) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-func normalizePatternMatch(v *patternMatch) *Pattern {
-	if v == nil {
-		return nil
-	}
-
-	return &Pattern{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     util.AsBool(v.Negate),
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-type entry_v1 struct {
-	XMLName       xml.Name         `xml:"entry"`
-	Name          string           `xml:"name,attr"`
-	ThreatName    string           `xml:"threatname"`
-	Comment       string           `xml:"comment,omitempty"`
-	Severity      string           `xml:"severity"`
-	Direction     string           `xml:"direction"`
-	DefaultAction *action          `xml:"default-action"`
-	Cves          *util.MemberType `xml:"cve"`
-	Bugtraqs      *util.MemberType `xml:"bugtraq"`
-	Vendors       *util.MemberType `xml:"vendor"`
-	References    *util.MemberType `xml:"reference"`
-	Signature     sig_v1           `xml:"signature"`
-}
-
-type action struct {
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-type blockIp struct {
-	BlockIpTrackBy  string `xml:"track-by"`
-	BlockIpDuration int    `xml:"duration"`
-}
-
-type sig_v1 struct {
-	Standard    *standard_v1 `xml:"standard"`
-	Combination *combination `xml:"combination"`
-}
-
-type standard_v1 struct {
-	Entries []standardEntry_v1 `xml:"entry"`
-}
-
-type standardEntry_v1 struct {
-	Name      string   `xml:"name,attr"`
-	Comment   string   `xml:"comment,omitempty"`
-	Scope     string   `xml:"scope,omitempty"`
-	OrderFree string   `xml:"order-free"`
-	Ands      *ands_v1 `xml:"and-condition"`
-}
-
-type ands_v1 struct {
-	Entries []standardAnd_v1 `xml:"entry"`
-}
-
-type standardAnd_v1 struct {
-	Name string  `xml:"name,attr"`
-	Ors  *ors_v1 `xml:"or-condition"`
-}
-
-type ors_v1 struct {
-	Entries []standardOr_v1 `xml:"entry"`
-}
-
-type standardOr_v1 struct {
-	Name string        `xml:"name,attr"`
-	Op   standardOp_v1 `xml:"operator"`
-}
-
-type standardOp_v1 struct {
-	LessThan     *condition    `xml:"less-than"`
-	EqualTo      *condition    `xml:"equal-to"`
-	GreaterThan  *condition    `xml:"greater-than"`
-	PatternMatch *patternMatch `xml:"pattern-match"`
-}
-
-type condition struct {
-	Value      int         `xml:"value"`
-	Context    string      `xml:"context"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-type qualifiers struct {
-	Entries []qualifier `xml:"entry"`
-}
-
-type qualifier struct {
-	Qualifier string `xml:"name,attr"`
-	Value     string `xml:"value"`
-}
-
-type combination struct {
-	OrderFree     string    `xml:"order-free"`
-	TimeAttribute comboTime `xml:"time-attribute"`
-	AndConditions *andCond  `xml:"and-condition"`
-}
-
-type patternMatch struct {
-	Pattern    string      `xml:"pattern"`
-	Context    string      `xml:"context"`
-	Negate     string      `xml:"negate"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-type comboTime struct {
-	ThresholdTime       int    `xml:"threshold"`
-	IntervalTime        int    `xml:"interval"`
-	AggregationCriteria string `xml:"track-by,omitempty"`
-}
-
-type andCond struct {
-	Entries []andCondEntry `xml:"entry"`
-}
-
-type andCondEntry struct {
-	Name         string  `xml:"name,attr"`
-	OrConditions *orCond `xml:"or-condition"`
-}
-
-type orCond struct {
-	Entries []orCondEntry `xml:"entry"`
-}
-
-type orCondEntry struct {
-	Name     string `xml:"name,attr"`
-	ThreatId string `xml:"threat-id"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		ThreatName:    e.ThreatName,
-		Comment:       e.Comment,
-		Severity:      e.Severity,
-		Direction:     e.Direction,
-		DefaultAction: &action{},
-		Cves:          util.StrToMem(e.Cves),
-		Bugtraqs:      util.StrToMem(e.Bugtraqs),
-		Vendors:       util.StrToMem(e.Vendors),
-		References:    util.StrToMem(e.References),
-	}
-
-	s := ""
-	switch e.DefaultAction {
-	case DefaultActionAllow:
-		ans.DefaultAction.Allow = &s
-	case DefaultActionAlert:
-		ans.DefaultAction.Alert = &s
-	case DefaultActionDrop:
-		ans.DefaultAction.Drop = &s
-	case DefaultActionResetClient:
-		ans.DefaultAction.ResetClient = &s
-	case DefaultActionResetServer:
-		ans.DefaultAction.ResetServer = &s
-	case DefaultActionResetBoth:
-		ans.DefaultAction.ResetBoth = &s
-	case DefaultActionBlockIp:
-		ans.DefaultAction.BlockIp = &blockIp{
-			BlockIpTrackBy:  e.BlockIpTrackBy,
-			BlockIpDuration: e.BlockIpDuration,
-		}
-	default:
-		ans.DefaultAction = nil
-	}
-
-	if e.StandardSignatureType != nil {
-		ans.Signature.Standard = &standard_v1{}
-		if len(e.StandardSignatureType.Signatures) > 0 {
-			sigList := make([]standardEntry_v1, 0, len(e.StandardSignatureType.Signatures))
-			for _, ss := range e.StandardSignatureType.Signatures {
-				var av *ands_v1
-				if len(ss.StandardAnds) > 0 {
-					alist := make([]standardAnd_v1, 0, len(ss.StandardAnds))
-					for _, aobj := range ss.StandardAnds {
-						var ov *ors_v1
-						if len(aobj.StandardOrs) > 0 {
-							olist := make([]standardOr_v1, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, standardOr_v1{
-									Name: oobj.Name,
-									Op: standardOp_v1{
-										LessThan:     specifyCondition(oobj.LessThan),
-										EqualTo:      specifyEqualToAsCondition(oobj.EqualTo),
-										GreaterThan:  specifyCondition(oobj.GreaterThan),
-										PatternMatch: specifyPatternMatch(oobj.PatternMatch),
-									},
-								})
-							}
-							ov = &ors_v1{Entries: olist}
-						}
-						alist = append(alist, standardAnd_v1{
-							Name: aobj.Name,
-							Ors:  ov,
-						})
-					}
-					av = &ands_v1{Entries: alist}
-				}
-				sigList = append(sigList, standardEntry_v1{
-					Name:      ss.Name,
-					Comment:   ss.Comment,
-					Scope:     ss.Scope,
-					OrderFree: util.YesNo(ss.OrderFree),
-					Ands:      av,
-				})
-			}
-			ans.Signature.Standard.Entries = sigList
-		}
-	}
-
-	if e.CombinationSignatureType != nil {
-		ans.Signature.Combination = &combination{
-			OrderFree: util.YesNo(e.CombinationSignatureType.OrderFree),
-			TimeAttribute: comboTime{
-				ThresholdTime:       e.CombinationSignatureType.ThresholdTime,
-				IntervalTime:        e.CombinationSignatureType.IntervalTime,
-				AggregationCriteria: e.CombinationSignatureType.AggregationCriteria,
-			},
-		}
-
-		if len(e.CombinationSignatureType.Signatures) > 0 {
-			list := make([]andCondEntry, 0, len(e.CombinationSignatureType.Signatures))
-			for _, x := range e.CombinationSignatureType.Signatures {
-				ors := make([]orCondEntry, 0, len(x.CombinationOrs))
-				for _, y := range x.CombinationOrs {
-					ors = append(ors, orCondEntry{
-						Name:     y.Name,
-						ThreatId: y.ThreatId,
-					})
-				}
-
-				list = append(list, andCondEntry{
-					Name:         x.Name,
-					OrConditions: &orCond{Entries: ors},
-				})
-			}
-
-			ans.Signature.Combination.AndConditions = &andCond{
-				Entries: list,
-			}
-		}
-	}
-
-	return ans
-}
-
-func specifyCondition(v *Condition) *condition {
-	if v == nil {
-		return nil
-	}
-
-	return &condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-func specifyEqualToAsCondition(v *EqualTo) *condition {
-	if v == nil {
-		return nil
-	}
-
-	return &condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-func specifyQualifiers(v []Qualifier) *qualifiers {
-	if len(v) == 0 {
-		return nil
-	}
-
-	list := make([]qualifier, 0, len(v))
-	for _, x := range v {
-		list = append(list, qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return &qualifiers{Entries: list}
-}
-
-func specifyPatternMatch(v *Pattern) *patternMatch {
-	if v == nil {
-		return nil
-	}
-
-	return &patternMatch{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     util.YesNo(v.Negate),
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-// PAN-OS 10.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:       o.Name,
-		ThreatName: o.ThreatName,
-		Comment:    o.Comment,
-		Severity:   o.Severity,
-		Direction:  o.Direction,
-		Cves:       util.MemToStr(o.Cves),
-		Bugtraqs:   util.MemToStr(o.Bugtraqs),
-		Vendors:    util.MemToStr(o.Vendors),
-		References: util.MemToStr(o.References),
-	}
-
-	if o.DefaultAction == nil {
-		ans.DefaultAction = DefaultActionAlert
-	} else {
-		switch {
-		case o.DefaultAction.Allow != nil:
-			ans.DefaultAction = DefaultActionAllow
-		case o.DefaultAction.Alert != nil:
-			ans.DefaultAction = DefaultActionAlert
-		case o.DefaultAction.Drop != nil:
-			ans.DefaultAction = DefaultActionDrop
-		case o.DefaultAction.ResetClient != nil:
-			ans.DefaultAction = DefaultActionResetClient
-		case o.DefaultAction.ResetServer != nil:
-			ans.DefaultAction = DefaultActionResetServer
-		case o.DefaultAction.ResetBoth != nil:
-			ans.DefaultAction = DefaultActionResetBoth
-		case o.DefaultAction.BlockIp != nil:
-			ans.DefaultAction = DefaultActionBlockIp
-			ans.BlockIpTrackBy = o.DefaultAction.BlockIp.BlockIpTrackBy
-			ans.BlockIpDuration = o.DefaultAction.BlockIp.BlockIpDuration
-		}
-	}
-
-	if o.Signature.Standard != nil {
-		ans.StandardSignatureType = &StandardSignatureType{}
-		if len(o.Signature.Standard.Entries) > 0 {
-			sigs := make([]StandardSignature, 0, len(o.Signature.Standard.Entries))
-			for _, x := range o.Signature.Standard.Entries {
-				var alist []StandardAnd
-				if x.Ands != nil && len(x.Ands.Entries) > 0 {
-					alist = make([]StandardAnd, 0, len(x.Ands.Entries))
-					for _, aobj := range x.Ands.Entries {
-						var olist []StandardOr
-						if aobj.Ors != nil && len(aobj.Ors.Entries) > 0 {
-							olist = make([]StandardOr, 0, len(aobj.Ors.Entries))
-							for _, oobj := range aobj.Ors.Entries {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     normalizeCondition(oobj.Op.LessThan),
-									EqualTo:      normalizeEqualToFromEqualTo(oobj.Op.EqualTo),
-									GreaterThan:  normalizeCondition(oobj.Op.GreaterThan),
-									PatternMatch: normalizePatternMatch(oobj.Op.PatternMatch),
-								})
-							}
-						}
-						alist = append(alist, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sigs = append(sigs, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    util.AsBool(x.OrderFree),
-					StandardAnds: alist,
-				})
-			}
-			ans.StandardSignatureType.Signatures = sigs
-		}
-	}
-
-	if o.Signature.Combination != nil {
-		ans.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           util.AsBool(o.Signature.Combination.OrderFree),
-			ThresholdTime:       o.Signature.Combination.TimeAttribute.ThresholdTime,
-			IntervalTime:        o.Signature.Combination.TimeAttribute.IntervalTime,
-			AggregationCriteria: o.Signature.Combination.TimeAttribute.AggregationCriteria,
-		}
-
-		if o.Signature.Combination.AndConditions != nil && len(o.Signature.Combination.AndConditions.Entries) > 0 {
-			list := make([]CombinationSignature, 0, len(o.Signature.Combination.AndConditions.Entries))
-			for _, x := range o.Signature.Combination.AndConditions.Entries {
-				var olist []CombinationOr
-				if x.OrConditions != nil && len(x.OrConditions.Entries) > 0 {
-					olist = make([]CombinationOr, 0, len(x.OrConditions.Entries))
-					for _, oobj := range x.OrConditions.Entries {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				list = append(list, CombinationSignature{
-					Name:           x.Name,
-					CombinationOrs: olist,
-				})
-			}
-			ans.CombinationSignatureType.Signatures = list
-		}
-	}
-
-	return ans
-}
-
-func normalizeEqualToFromEqualTo(v *equalTo) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     util.AsBool(v.Negate),
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-type entry_v2 struct {
-	XMLName       xml.Name         `xml:"entry"`
-	Name          string           `xml:"name,attr"`
-	ThreatName    string           `xml:"threatname"`
-	Comment       string           `xml:"comment,omitempty"`
-	Severity      string           `xml:"severity"`
-	Direction     string           `xml:"direction"`
-	DefaultAction *action          `xml:"default-action"`
-	Cves          *util.MemberType `xml:"cve"`
-	Bugtraqs      *util.MemberType `xml:"bugtraq"`
-	Vendors       *util.MemberType `xml:"vendor"`
-	References    *util.MemberType `xml:"reference"`
-	Signature     sig_v2           `xml:"signature"`
-}
-
-type sig_v2 struct {
-	Standard    *standard_v2 `xml:"standard"`
-	Combination *combination `xml:"combination"`
-}
-
-type standard_v2 struct {
-	Entries []standardEntry_v2 `xml:"entry"`
-}
-
-type standardEntry_v2 struct {
-	Name      string   `xml:"name,attr"`
-	Comment   string   `xml:"comment,omitempty"`
-	Scope     string   `xml:"scope,omitempty"`
-	OrderFree string   `xml:"order-free"`
-	Ands      *ands_v2 `xml:"and-condition"`
-}
-
-type ands_v2 struct {
-	Entries []standardAnd_v2 `xml:"entry"`
-}
-
-type standardAnd_v2 struct {
-	Name string  `xml:"name,attr"`
-	Ors  *ors_v2 `xml:"or-condition"`
-}
-
-type ors_v2 struct {
-	Entries []standardOr_v2 `xml:"entry"`
-}
-
-type standardOr_v2 struct {
-	Name string        `xml:"name,attr"`
-	Op   standardOp_v2 `xml:"operator"`
-}
-
-type standardOp_v2 struct {
-	LessThan     *condition    `xml:"less-than"`
-	EqualTo      *equalTo      `xml:"equal-to"`
-	GreaterThan  *condition    `xml:"greater-than"`
-	PatternMatch *patternMatch `xml:"pattern-match"`
-}
-
-type equalTo struct {
-	Value      int         `xml:"value"`
-	Context    string      `xml:"context"`
-	Negate     string      `xml:"negate"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		ThreatName:    e.ThreatName,
-		Comment:       e.Comment,
-		Severity:      e.Severity,
-		Direction:     e.Direction,
-		DefaultAction: &action{},
-		Cves:          util.StrToMem(e.Cves),
-		Bugtraqs:      util.StrToMem(e.Bugtraqs),
-		Vendors:       util.StrToMem(e.Vendors),
-		References:    util.StrToMem(e.References),
-	}
-
-	s := ""
-	switch e.DefaultAction {
-	case DefaultActionAllow:
-		ans.DefaultAction.Allow = &s
-	case DefaultActionAlert:
-		ans.DefaultAction.Alert = &s
-	case DefaultActionDrop:
-		ans.DefaultAction.Drop = &s
-	case DefaultActionResetClient:
-		ans.DefaultAction.ResetClient = &s
-	case DefaultActionResetServer:
-		ans.DefaultAction.ResetServer = &s
-	case DefaultActionResetBoth:
-		ans.DefaultAction.ResetBoth = &s
-	case DefaultActionBlockIp:
-		ans.DefaultAction.BlockIp = &blockIp{
-			BlockIpTrackBy:  e.BlockIpTrackBy,
-			BlockIpDuration: e.BlockIpDuration,
-		}
-	default:
-		ans.DefaultAction = nil
-	}
-
-	if e.StandardSignatureType != nil {
-		ans.Signature.Standard = &standard_v2{}
-		if len(e.StandardSignatureType.Signatures) > 0 {
-			sigList := make([]standardEntry_v2, 0, len(e.StandardSignatureType.Signatures))
-			for _, ss := range e.StandardSignatureType.Signatures {
-				var av *ands_v2
-				if len(ss.StandardAnds) > 0 {
-					alist := make([]standardAnd_v2, 0, len(ss.StandardAnds))
-					for _, aobj := range ss.StandardAnds {
-						var ov *ors_v2
-						if len(aobj.StandardOrs) > 0 {
-							olist := make([]standardOr_v2, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, standardOr_v2{
-									Name: oobj.Name,
-									Op: standardOp_v2{
-										LessThan:     specifyCondition(oobj.LessThan),
-										EqualTo:      specifyEqualToFromEqualTo(oobj.EqualTo),
-										GreaterThan:  specifyCondition(oobj.GreaterThan),
-										PatternMatch: specifyPatternMatch(oobj.PatternMatch),
-									},
-								})
-							}
-							ov = &ors_v2{Entries: olist}
-						}
-						alist = append(alist, standardAnd_v2{
-							Name: aobj.Name,
-							Ors:  ov,
-						})
-					}
-					av = &ands_v2{Entries: alist}
-				}
-				sigList = append(sigList, standardEntry_v2{
-					Name:      ss.Name,
-					Comment:   ss.Comment,
-					Scope:     ss.Scope,
-					OrderFree: util.YesNo(ss.OrderFree),
-					Ands:      av,
-				})
-			}
-			ans.Signature.Standard.Entries = sigList
-		}
-	}
-
-	if e.CombinationSignatureType != nil {
-		ans.Signature.Combination = &combination{
-			OrderFree: util.YesNo(e.CombinationSignatureType.OrderFree),
-			TimeAttribute: comboTime{
-				ThresholdTime:       e.CombinationSignatureType.ThresholdTime,
-				IntervalTime:        e.CombinationSignatureType.IntervalTime,
-				AggregationCriteria: e.CombinationSignatureType.AggregationCriteria,
-			},
-		}
-
-		if len(e.CombinationSignatureType.Signatures) > 0 {
-			list := make([]andCondEntry, 0, len(e.CombinationSignatureType.Signatures))
-			for _, x := range e.CombinationSignatureType.Signatures {
-				ors := make([]orCondEntry, 0, len(x.CombinationOrs))
-				for _, y := range x.CombinationOrs {
-					ors = append(ors, orCondEntry{
-						Name:     y.Name,
-						ThreatId: y.ThreatId,
-					})
-				}
-
-				list = append(list, andCondEntry{
-					Name:         x.Name,
-					OrConditions: &orCond{Entries: ors},
-				})
-			}
-
-			ans.Signature.Combination.AndConditions = &andCond{
-				Entries: list,
-			}
-		}
-	}
-
-	return ans
-}
-
-func specifyEqualToFromEqualTo(v *EqualTo) *equalTo {
-	if v == nil {
-		return nil
-	}
-
-	return &equalTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     util.YesNo(v.Negate),
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
diff --git a/objs/custom/spyware/funcs.go b/objs/custom/spyware/funcs.go
deleted file mode 100644
index 24b98eaf..00000000
--- a/objs/custom/spyware/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package spyware
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/custom/spyware/fw.go b/objs/custom/spyware/fw.go
deleted file mode 100644
index 9426ee50..00000000
--- a/objs/custom/spyware/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.CustomSpyware namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"threats",
-		"spyware",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/spyware/fw_test.go b/objs/custom/spyware/fw_test.go
deleted file mode 100644
index 4777dffb..00000000
--- a/objs/custom/spyware/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package spyware
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/spyware/pano.go b/objs/custom/spyware/pano.go
deleted file mode 100644
index f1461efe..00000000
--- a/objs/custom/spyware/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.CustomSpyware namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"threats",
-		"spyware",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/spyware/pano_test.go b/objs/custom/spyware/pano_test.go
deleted file mode 100644
index 501752e6..00000000
--- a/objs/custom/spyware/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package spyware
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/spyware/testdata_test.go b/objs/custom/spyware/testdata_test.go
deleted file mode 100644
index 50f747ef..00000000
--- a/objs/custom/spyware/testdata_test.go
+++ /dev/null
@@ -1,1349 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 standard less than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t1",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t2",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t3",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t4",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t5",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t6",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:            "t7",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t8",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t9",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "mySig",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t10",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t11",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t12",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t13",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t14",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t15",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:            "t16",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t17",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination order free", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t18",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination ordered", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t19",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t1",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t2",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t3",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t4",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t5",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t6",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t7",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t8",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t9",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "mySig",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t10",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t11",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t12",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t13",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t14",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t15",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t16",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t17",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination order free", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t18",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination ordered", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t19",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to and negate", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t20",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "high",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/custom/url/const.go b/objs/custom/url/const.go
deleted file mode 100644
index 66ddda4e..00000000
--- a/objs/custom/url/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package url
-
-const (
-	singular = "custom url category"
-	plural   = "custom url categories"
-)
diff --git a/objs/custom/url/doc.go b/objs/custom/url/doc.go
deleted file mode 100644
index 642c7525..00000000
--- a/objs/custom/url/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package url is the ngfw.Objects.CustomUrlCategory namespace.
-
-Normalized object:  Entry
-*/
-package url
diff --git a/objs/custom/url/entry.go b/objs/custom/url/entry.go
deleted file mode 100644
index 9b6a58a1..00000000
--- a/objs/custom/url/entry.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package url
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a custom URL category.
-type Entry struct {
-	Name        string
-	Description string
-	Sites       []string // Ordered
-	Type        string   // PAN-OS 9.0
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Sites = util.CopyStringSlice(s.Sites)
-	o.Type = s.Type
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	Description string           `xml:"description,omitempty"`
-	Sites       *util.MemberType `xml:"list"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Sites:       util.StrToMem(e.Sites),
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        e.Name,
-		Description: e.Description,
-		Sites:       util.MemToStr(e.Sites),
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	Description string           `xml:"description,omitempty"`
-	Sites       *util.MemberType `xml:"list"`
-	Type        string           `xml:"type"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-		Sites:       util.StrToMem(e.Sites),
-		Type:        e.Type,
-	}
-
-	return ans
-}
-
-func (e *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        e.Name,
-		Description: e.Description,
-		Sites:       util.MemToStr(e.Sites),
-		Type:        e.Type,
-	}
-
-	return ans
-}
diff --git a/objs/custom/url/funcs.go b/objs/custom/url/funcs.go
deleted file mode 100644
index 28ea8528..00000000
--- a/objs/custom/url/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package url
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/custom/url/fw.go b/objs/custom/url/fw.go
deleted file mode 100644
index 969bb6bc..00000000
--- a/objs/custom/url/fw.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.CustomUrlCategory namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// SetSite performs a SET to add a site to the custom URL category.
-func (c *Firewall) SetSite(vsys, name, site string) error {
-	c.ns.Client.LogAction("(set) site for %s: %s", name, site)
-
-	path, err := c.xpath(vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "list")
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: site}, nil, nil)
-	return err
-}
-
-// DeleteSite performs a DELETE to remove a site from the custom URL category.
-func (c *Firewall) DeleteSite(vsys, name, site string) error {
-	c.ns.Client.LogAction("(delete) site from %s: %s", name, site)
-
-	path, err := c.xpath(vsys, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "list", util.AsMemberXpath([]string{site}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"custom-url-category",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/url/fw_test.go b/objs/custom/url/fw_test.go
deleted file mode 100644
index de515734..00000000
--- a/objs/custom/url/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package url
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/url/pano.go b/objs/custom/url/pano.go
deleted file mode 100644
index 351a0615..00000000
--- a/objs/custom/url/pano.go
+++ /dev/null
@@ -1,119 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.CustomUrlCategory namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// SetSite performs a SET to add a site to the custom URL category.
-func (c *Panorama) SetSite(dg, name, site string) error {
-	c.ns.Client.LogAction("(set) site for %s: %s", name, site)
-
-	path, err := c.xpath(dg, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "list")
-
-	_, err = c.ns.Client.Set(path, util.Member{Value: site}, nil, nil)
-	return err
-}
-
-// DeleteSite performs a DELETE to remove a site from the custom URL category.
-func (c *Panorama) DeleteSite(dg, name, site string) error {
-	c.ns.Client.LogAction("(delete) site from %s: %s", name, site)
-
-	path, err := c.xpath(dg, []string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "list", util.AsMemberXpath([]string{site}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"custom-url-category",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/url/pano_test.go b/objs/custom/url/pano_test.go
deleted file mode 100644
index 263af437..00000000
--- a/objs/custom/url/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package url
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my dg", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my dg", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/url/testdata_test.go b/objs/custom/url/testdata_test.go
deleted file mode 100644
index d1d79ee4..00000000
--- a/objs/custom/url/testdata_test.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 basic", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "one",
-			Description: "my description",
-			Sites:       []string{"palo", "alto", "networks"},
-		}},
-		{"v2 basic", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "one",
-			Description: "my description",
-			Sites:       []string{"palo", "alto", "networks"},
-			Type:        "URL List",
-		}},
-	}
-}
diff --git a/objs/custom/vulnerability/const.go b/objs/custom/vulnerability/const.go
deleted file mode 100644
index 57179aca..00000000
--- a/objs/custom/vulnerability/const.go
+++ /dev/null
@@ -1,17 +0,0 @@
-package vulnerability
-
-// Valid values for Entry.DefaultAction.
-const (
-	DefaultActionAllow       = "allow"
-	DefaultActionAlert       = "alert"
-	DefaultActionDrop        = "drop"
-	DefaultActionResetClient = "reset-client"
-	DefaultActionResetServer = "reset-server"
-	DefaultActionResetBoth   = "reset-both"
-	DefaultActionBlockIp     = "block-ip"
-)
-
-const (
-	singular = "custom vulnerability object"
-	plural   = "custom vulnerability objects"
-)
diff --git a/objs/custom/vulnerability/doc.go b/objs/custom/vulnerability/doc.go
deleted file mode 100644
index a1338c75..00000000
--- a/objs/custom/vulnerability/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package vulnerability is the client.Objects.CustomVulnerability namespace.
-
-This module supports PAN-OS 7.0+.
-
-Normalized object:  Entry
-*/
-package vulnerability
diff --git a/objs/custom/vulnerability/entry.go b/objs/custom/vulnerability/entry.go
deleted file mode 100644
index bacdb415..00000000
--- a/objs/custom/vulnerability/entry.go
+++ /dev/null
@@ -1,1111 +0,0 @@
-package vulnerability
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// custom data pattern object.
-//
-// PAN-OS 7.0+.
-type Entry struct {
-	Name                     string
-	ThreatName               string
-	Comment                  string
-	AffectedSystemClient     bool
-	AffectedSystemServer     bool
-	Severity                 string
-	Direction                string
-	DefaultAction            string
-	BlockIpTrackBy           string
-	BlockIpDuration          int
-	Cves                     []string
-	Bugtraqs                 []string
-	Vendors                  []string
-	References               []string
-	StandardSignatureType    *StandardSignatureType
-	CombinationSignatureType *CombinationSignatureType
-}
-
-type StandardSignatureType struct {
-	Signatures []StandardSignature
-}
-
-type StandardSignature struct {
-	Name         string
-	Comment      string
-	Scope        string
-	OrderFree    bool
-	StandardAnds []StandardAnd
-}
-
-type StandardAnd struct {
-	Name        string
-	StandardOrs []StandardOr
-}
-
-type StandardOr struct {
-	Name         string
-	LessThan     *Condition
-	EqualTo      *EqualTo
-	GreaterThan  *Condition
-	PatternMatch *Pattern
-}
-
-type Condition struct {
-	Value      int
-	Context    string
-	Qualifiers []Qualifier
-}
-
-type EqualTo struct {
-	Value      int
-	Context    string
-	Negate     bool // PAN-OS 10.0
-	Qualifiers []Qualifier
-}
-
-type Qualifier struct {
-	Qualifier string
-	Value     string
-}
-
-type Pattern struct {
-	Pattern    string
-	Context    string
-	Negate     bool
-	Qualifiers []Qualifier
-}
-
-type CombinationSignatureType struct {
-	OrderFree           bool
-	ThresholdTime       int
-	IntervalTime        int
-	AggregationCriteria string
-	Signatures          []CombinationSignature
-}
-
-type CombinationSignature struct {
-	Name           string
-	CombinationOrs []CombinationOr
-}
-
-type CombinationOr struct {
-	Name     string
-	ThreatId string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.ThreatName = s.ThreatName
-	o.Comment = s.Comment
-	o.AffectedSystemClient = s.AffectedSystemClient
-	o.AffectedSystemServer = s.AffectedSystemServer
-	o.Severity = s.Severity
-	o.Direction = s.Direction
-	o.DefaultAction = s.DefaultAction
-	o.BlockIpTrackBy = s.BlockIpTrackBy
-	o.BlockIpDuration = s.BlockIpDuration
-	if s.Cves == nil {
-		o.Cves = nil
-	} else {
-		o.Cves = make([]string, len(s.Cves))
-		copy(o.Cves, s.Cves)
-	}
-	if s.Bugtraqs == nil {
-		o.Bugtraqs = nil
-	} else {
-		o.Bugtraqs = make([]string, len(s.Bugtraqs))
-		copy(o.Bugtraqs, s.Bugtraqs)
-	}
-	if s.Vendors == nil {
-		o.Vendors = nil
-	} else {
-		o.Vendors = make([]string, len(s.Vendors))
-		copy(o.Vendors, s.Vendors)
-	}
-	if s.References == nil {
-		o.References = nil
-	} else {
-		o.References = make([]string, len(s.References))
-		copy(o.References, s.References)
-	}
-
-	if s.StandardSignatureType == nil {
-		o.StandardSignatureType = nil
-	} else {
-		o.StandardSignatureType = &StandardSignatureType{}
-		if len(s.StandardSignatureType.Signatures) > 0 {
-			sstl := make([]StandardSignature, 0, len(s.StandardSignatureType.Signatures))
-			for _, x := range s.StandardSignatureType.Signatures {
-				var acl []StandardAnd
-				if x.StandardAnds != nil {
-					acl = make([]StandardAnd, 0, len(x.StandardAnds))
-					for _, aobj := range x.StandardAnds {
-						var olist []StandardOr
-						if aobj.StandardOrs != nil {
-							olist = make([]StandardOr, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     copyCondition(oobj.LessThan),
-									EqualTo:      copyEqualTo(oobj.EqualTo),
-									GreaterThan:  copyCondition(oobj.GreaterThan),
-									PatternMatch: copyPattern(oobj.PatternMatch),
-								})
-							}
-						}
-						acl = append(acl, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sstl = append(sstl, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    x.OrderFree,
-					StandardAnds: acl,
-				})
-			}
-			o.StandardSignatureType.Signatures = sstl
-		}
-	}
-
-	if s.CombinationSignatureType == nil {
-		o.CombinationSignatureType = nil
-	} else {
-		var slist []CombinationSignature
-		if s.CombinationSignatureType.Signatures != nil {
-			slist = make([]CombinationSignature, 0, len(s.CombinationSignatureType.Signatures))
-			for _, sobj := range s.CombinationSignatureType.Signatures {
-				var olist []CombinationOr
-				if sobj.CombinationOrs != nil {
-					olist = make([]CombinationOr, 0, len(sobj.CombinationOrs))
-					for _, oobj := range sobj.CombinationOrs {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				slist = append(slist, CombinationSignature{
-					Name:           sobj.Name,
-					CombinationOrs: olist,
-				})
-			}
-		}
-		o.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           s.CombinationSignatureType.OrderFree,
-			ThresholdTime:       s.CombinationSignatureType.ThresholdTime,
-			IntervalTime:        s.CombinationSignatureType.IntervalTime,
-			AggregationCriteria: s.CombinationSignatureType.AggregationCriteria,
-			Signatures:          slist,
-		}
-	}
-}
-
-func copyCondition(v *Condition) *Condition {
-	if v == nil {
-		return nil
-	}
-
-	return &Condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-func copyQualifiers(v []Qualifier) []Qualifier {
-	if v == nil {
-		return nil
-	}
-
-	list := make([]Qualifier, 0, len(v))
-	for _, x := range v {
-		list = append(list, Qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return list
-}
-
-func copyEqualTo(v *EqualTo) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     v.Negate,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-func copyPattern(v *Pattern) *Pattern {
-	if v == nil {
-		return nil
-	}
-
-	return &Pattern{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     v.Negate,
-		Qualifiers: copyQualifiers(v.Qualifiers),
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		ThreatName:           o.ThreatName,
-		AffectedSystemClient: util.AsBool(o.AffectedSystem.AffectedSystemClient),
-		AffectedSystemServer: util.AsBool(o.AffectedSystem.AffectedSystemServer),
-		Comment:              o.Comment,
-		Severity:             o.Severity,
-		Direction:            o.Direction,
-		Cves:                 util.MemToStr(o.Cves),
-		Bugtraqs:             util.MemToStr(o.Bugtraqs),
-		Vendors:              util.MemToStr(o.Vendors),
-		References:           util.MemToStr(o.References),
-	}
-
-	if o.DefaultAction == nil {
-		ans.DefaultAction = DefaultActionAlert
-	} else {
-		switch {
-		case o.DefaultAction.Allow != nil:
-			ans.DefaultAction = DefaultActionAllow
-		case o.DefaultAction.Alert != nil:
-			ans.DefaultAction = DefaultActionAlert
-		case o.DefaultAction.Drop != nil:
-			ans.DefaultAction = DefaultActionDrop
-		case o.DefaultAction.ResetClient != nil:
-			ans.DefaultAction = DefaultActionResetClient
-		case o.DefaultAction.ResetServer != nil:
-			ans.DefaultAction = DefaultActionResetServer
-		case o.DefaultAction.ResetBoth != nil:
-			ans.DefaultAction = DefaultActionResetBoth
-		case o.DefaultAction.BlockIp != nil:
-			ans.DefaultAction = DefaultActionBlockIp
-			ans.BlockIpTrackBy = o.DefaultAction.BlockIp.BlockIpTrackBy
-			ans.BlockIpDuration = o.DefaultAction.BlockIp.BlockIpDuration
-		}
-	}
-
-	if o.Signature.Standard != nil {
-		ans.StandardSignatureType = &StandardSignatureType{}
-		if len(o.Signature.Standard.Entries) > 0 {
-			sigs := make([]StandardSignature, 0, len(o.Signature.Standard.Entries))
-			for _, x := range o.Signature.Standard.Entries {
-				var alist []StandardAnd
-				if x.Ands != nil && len(x.Ands.Entries) > 0 {
-					alist = make([]StandardAnd, 0, len(x.Ands.Entries))
-					for _, aobj := range x.Ands.Entries {
-						var olist []StandardOr
-						if aobj.Ors != nil && len(aobj.Ors.Entries) > 0 {
-							olist = make([]StandardOr, 0, len(aobj.Ors.Entries))
-							for _, oobj := range aobj.Ors.Entries {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     normalizeCondition(oobj.Op.LessThan),
-									EqualTo:      normalizeEqualToFromCondition(oobj.Op.EqualTo),
-									GreaterThan:  normalizeCondition(oobj.Op.GreaterThan),
-									PatternMatch: normalizePatternMatch(oobj.Op.PatternMatch),
-								})
-							}
-						}
-						alist = append(alist, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sigs = append(sigs, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    util.AsBool(x.OrderFree),
-					StandardAnds: alist,
-				})
-			}
-			ans.StandardSignatureType.Signatures = sigs
-		}
-	}
-
-	if o.Signature.Combination != nil {
-		ans.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           util.AsBool(o.Signature.Combination.OrderFree),
-			ThresholdTime:       o.Signature.Combination.TimeAttribute.ThresholdTime,
-			IntervalTime:        o.Signature.Combination.TimeAttribute.IntervalTime,
-			AggregationCriteria: o.Signature.Combination.TimeAttribute.AggregationCriteria,
-		}
-
-		if o.Signature.Combination.AndConditions != nil && len(o.Signature.Combination.AndConditions.Entries) > 0 {
-			list := make([]CombinationSignature, 0, len(o.Signature.Combination.AndConditions.Entries))
-			for _, x := range o.Signature.Combination.AndConditions.Entries {
-				var olist []CombinationOr
-				if x.OrConditions != nil && len(x.OrConditions.Entries) > 0 {
-					olist = make([]CombinationOr, 0, len(x.OrConditions.Entries))
-					for _, oobj := range x.OrConditions.Entries {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				list = append(list, CombinationSignature{
-					Name:           x.Name,
-					CombinationOrs: olist,
-				})
-			}
-			ans.CombinationSignatureType.Signatures = list
-		}
-	}
-
-	return ans
-}
-
-func normalizeCondition(v *condition) *Condition {
-	if v == nil {
-		return nil
-	}
-
-	return &Condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-func normalizeQualifiers(v *qualifiers) []Qualifier {
-	if v == nil || len(v.Entries) == 0 {
-		return nil
-	}
-
-	list := make([]Qualifier, 0, len(v.Entries))
-	for _, x := range v.Entries {
-		list = append(list, Qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return list
-}
-
-func normalizeEqualToFromCondition(v *condition) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-func normalizePatternMatch(v *patternMatch) *Pattern {
-	if v == nil {
-		return nil
-	}
-
-	return &Pattern{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     util.AsBool(v.Negate),
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-type entry_v1 struct {
-	XMLName        xml.Name         `xml:"entry"`
-	Name           string           `xml:"name,attr"`
-	ThreatName     string           `xml:"threatname"`
-	Comment        string           `xml:"comment,omitempty"`
-	AffectedSystem affectedSystem   `xml:"affected-host"`
-	Severity       string           `xml:"severity"`
-	Direction      string           `xml:"direction"`
-	DefaultAction  *action          `xml:"default-action"`
-	Cves           *util.MemberType `xml:"cve"`
-	Bugtraqs       *util.MemberType `xml:"bugtraq"`
-	Vendors        *util.MemberType `xml:"vendor"`
-	References     *util.MemberType `xml:"reference"`
-	Signature      sig_v1           `xml:"signature"`
-}
-
-type affectedSystem struct {
-	AffectedSystemClient string `xml:"client"`
-	AffectedSystemServer string `xml:"server"`
-}
-
-type action struct {
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-type blockIp struct {
-	BlockIpTrackBy  string `xml:"track-by"`
-	BlockIpDuration int    `xml:"duration"`
-}
-
-type sig_v1 struct {
-	Standard    *standard_v1 `xml:"standard"`
-	Combination *combination `xml:"combination"`
-}
-
-type standard_v1 struct {
-	Entries []standardEntry_v1 `xml:"entry"`
-}
-
-type standardEntry_v1 struct {
-	Name      string   `xml:"name,attr"`
-	Comment   string   `xml:"comment,omitempty"`
-	Scope     string   `xml:"scope,omitempty"`
-	OrderFree string   `xml:"order-free"`
-	Ands      *ands_v1 `xml:"and-condition"`
-}
-
-type ands_v1 struct {
-	Entries []standardAnd_v1 `xml:"entry"`
-}
-
-type standardAnd_v1 struct {
-	Name string  `xml:"name,attr"`
-	Ors  *ors_v1 `xml:"or-condition"`
-}
-
-type ors_v1 struct {
-	Entries []standardOr_v1 `xml:"entry"`
-}
-
-type standardOr_v1 struct {
-	Name string        `xml:"name,attr"`
-	Op   standardOp_v1 `xml:"operator"`
-}
-
-type standardOp_v1 struct {
-	LessThan     *condition    `xml:"less-than"`
-	EqualTo      *condition    `xml:"equal-to"`
-	GreaterThan  *condition    `xml:"greater-than"`
-	PatternMatch *patternMatch `xml:"pattern-match"`
-}
-
-type condition struct {
-	Value      int         `xml:"value"`
-	Context    string      `xml:"context"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-type qualifiers struct {
-	Entries []qualifier `xml:"entry"`
-}
-
-type qualifier struct {
-	Qualifier string `xml:"name,attr"`
-	Value     string `xml:"value"`
-}
-
-type combination struct {
-	OrderFree     string    `xml:"order-free"`
-	TimeAttribute comboTime `xml:"time-attribute"`
-	AndConditions *andCond  `xml:"and-condition"`
-}
-
-type patternMatch struct {
-	Pattern    string      `xml:"pattern"`
-	Context    string      `xml:"context"`
-	Negate     string      `xml:"negate"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-type comboTime struct {
-	ThresholdTime       int    `xml:"threshold"`
-	IntervalTime        int    `xml:"interval"`
-	AggregationCriteria string `xml:"track-by,omitempty"`
-}
-
-type andCond struct {
-	Entries []andCondEntry `xml:"entry"`
-}
-
-type andCondEntry struct {
-	Name         string  `xml:"name,attr"`
-	OrConditions *orCond `xml:"or-condition"`
-}
-
-type orCond struct {
-	Entries []orCondEntry `xml:"entry"`
-}
-
-type orCondEntry struct {
-	Name     string `xml:"name,attr"`
-	ThreatId string `xml:"threat-id"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		ThreatName:    e.ThreatName,
-		Comment:       e.Comment,
-		Severity:      e.Severity,
-		Direction:     e.Direction,
-		DefaultAction: &action{},
-		Cves:          util.StrToMem(e.Cves),
-		Bugtraqs:      util.StrToMem(e.Bugtraqs),
-		Vendors:       util.StrToMem(e.Vendors),
-		References:    util.StrToMem(e.References),
-		AffectedSystem: affectedSystem{
-			AffectedSystemClient: util.YesNo(e.AffectedSystemClient),
-			AffectedSystemServer: util.YesNo(e.AffectedSystemServer),
-		},
-	}
-
-	s := ""
-	switch e.DefaultAction {
-	case DefaultActionAllow:
-		ans.DefaultAction.Allow = &s
-	case DefaultActionAlert:
-		ans.DefaultAction.Alert = &s
-	case DefaultActionDrop:
-		ans.DefaultAction.Drop = &s
-	case DefaultActionResetClient:
-		ans.DefaultAction.ResetClient = &s
-	case DefaultActionResetServer:
-		ans.DefaultAction.ResetServer = &s
-	case DefaultActionResetBoth:
-		ans.DefaultAction.ResetBoth = &s
-	case DefaultActionBlockIp:
-		ans.DefaultAction.BlockIp = &blockIp{
-			BlockIpTrackBy:  e.BlockIpTrackBy,
-			BlockIpDuration: e.BlockIpDuration,
-		}
-	default:
-		ans.DefaultAction = nil
-	}
-
-	if e.StandardSignatureType != nil {
-		ans.Signature.Standard = &standard_v1{}
-		if len(e.StandardSignatureType.Signatures) > 0 {
-			sigList := make([]standardEntry_v1, 0, len(e.StandardSignatureType.Signatures))
-			for _, ss := range e.StandardSignatureType.Signatures {
-				var av *ands_v1
-				if len(ss.StandardAnds) > 0 {
-					alist := make([]standardAnd_v1, 0, len(ss.StandardAnds))
-					for _, aobj := range ss.StandardAnds {
-						var ov *ors_v1
-						if len(aobj.StandardOrs) > 0 {
-							olist := make([]standardOr_v1, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, standardOr_v1{
-									Name: oobj.Name,
-									Op: standardOp_v1{
-										LessThan:     specifyCondition(oobj.LessThan),
-										EqualTo:      specifyEqualToAsCondition(oobj.EqualTo),
-										GreaterThan:  specifyCondition(oobj.GreaterThan),
-										PatternMatch: specifyPatternMatch(oobj.PatternMatch),
-									},
-								})
-							}
-							ov = &ors_v1{Entries: olist}
-						}
-						alist = append(alist, standardAnd_v1{
-							Name: aobj.Name,
-							Ors:  ov,
-						})
-					}
-					av = &ands_v1{Entries: alist}
-				}
-				sigList = append(sigList, standardEntry_v1{
-					Name:      ss.Name,
-					Comment:   ss.Comment,
-					Scope:     ss.Scope,
-					OrderFree: util.YesNo(ss.OrderFree),
-					Ands:      av,
-				})
-			}
-			ans.Signature.Standard.Entries = sigList
-		}
-	}
-
-	if e.CombinationSignatureType != nil {
-		ans.Signature.Combination = &combination{
-			OrderFree: util.YesNo(e.CombinationSignatureType.OrderFree),
-			TimeAttribute: comboTime{
-				ThresholdTime:       e.CombinationSignatureType.ThresholdTime,
-				IntervalTime:        e.CombinationSignatureType.IntervalTime,
-				AggregationCriteria: e.CombinationSignatureType.AggregationCriteria,
-			},
-		}
-
-		if len(e.CombinationSignatureType.Signatures) > 0 {
-			list := make([]andCondEntry, 0, len(e.CombinationSignatureType.Signatures))
-			for _, x := range e.CombinationSignatureType.Signatures {
-				ors := make([]orCondEntry, 0, len(x.CombinationOrs))
-				for _, y := range x.CombinationOrs {
-					ors = append(ors, orCondEntry{
-						Name:     y.Name,
-						ThreatId: y.ThreatId,
-					})
-				}
-
-				list = append(list, andCondEntry{
-					Name:         x.Name,
-					OrConditions: &orCond{Entries: ors},
-				})
-			}
-
-			ans.Signature.Combination.AndConditions = &andCond{
-				Entries: list,
-			}
-		}
-	}
-
-	return ans
-}
-
-func specifyCondition(v *Condition) *condition {
-	if v == nil {
-		return nil
-	}
-
-	return &condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-func specifyEqualToAsCondition(v *EqualTo) *condition {
-	if v == nil {
-		return nil
-	}
-
-	return &condition{
-		Value:      v.Value,
-		Context:    v.Context,
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-func specifyQualifiers(v []Qualifier) *qualifiers {
-	if len(v) == 0 {
-		return nil
-	}
-
-	list := make([]qualifier, 0, len(v))
-	for _, x := range v {
-		list = append(list, qualifier{
-			Qualifier: x.Qualifier,
-			Value:     x.Value,
-		})
-	}
-
-	return &qualifiers{Entries: list}
-}
-
-func specifyPatternMatch(v *Pattern) *patternMatch {
-	if v == nil {
-		return nil
-	}
-
-	return &patternMatch{
-		Pattern:    v.Pattern,
-		Context:    v.Context,
-		Negate:     util.YesNo(v.Negate),
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
-
-// PAN-OS 10.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		ThreatName:           o.ThreatName,
-		AffectedSystemClient: util.AsBool(o.AffectedSystem.AffectedSystemClient),
-		AffectedSystemServer: util.AsBool(o.AffectedSystem.AffectedSystemServer),
-		Comment:              o.Comment,
-		Severity:             o.Severity,
-		Direction:            o.Direction,
-		Cves:                 util.MemToStr(o.Cves),
-		Bugtraqs:             util.MemToStr(o.Bugtraqs),
-		Vendors:              util.MemToStr(o.Vendors),
-		References:           util.MemToStr(o.References),
-	}
-
-	if o.DefaultAction == nil {
-		ans.DefaultAction = DefaultActionAlert
-	} else {
-		switch {
-		case o.DefaultAction.Allow != nil:
-			ans.DefaultAction = DefaultActionAllow
-		case o.DefaultAction.Alert != nil:
-			ans.DefaultAction = DefaultActionAlert
-		case o.DefaultAction.Drop != nil:
-			ans.DefaultAction = DefaultActionDrop
-		case o.DefaultAction.ResetClient != nil:
-			ans.DefaultAction = DefaultActionResetClient
-		case o.DefaultAction.ResetServer != nil:
-			ans.DefaultAction = DefaultActionResetServer
-		case o.DefaultAction.ResetBoth != nil:
-			ans.DefaultAction = DefaultActionResetBoth
-		case o.DefaultAction.BlockIp != nil:
-			ans.DefaultAction = DefaultActionBlockIp
-			ans.BlockIpTrackBy = o.DefaultAction.BlockIp.BlockIpTrackBy
-			ans.BlockIpDuration = o.DefaultAction.BlockIp.BlockIpDuration
-		}
-	}
-
-	if o.Signature.Standard != nil {
-		ans.StandardSignatureType = &StandardSignatureType{}
-		if len(o.Signature.Standard.Entries) > 0 {
-			sigs := make([]StandardSignature, 0, len(o.Signature.Standard.Entries))
-			for _, x := range o.Signature.Standard.Entries {
-				var alist []StandardAnd
-				if x.Ands != nil && len(x.Ands.Entries) > 0 {
-					alist = make([]StandardAnd, 0, len(x.Ands.Entries))
-					for _, aobj := range x.Ands.Entries {
-						var olist []StandardOr
-						if aobj.Ors != nil && len(aobj.Ors.Entries) > 0 {
-							olist = make([]StandardOr, 0, len(aobj.Ors.Entries))
-							for _, oobj := range aobj.Ors.Entries {
-								olist = append(olist, StandardOr{
-									Name:         oobj.Name,
-									LessThan:     normalizeCondition(oobj.Op.LessThan),
-									EqualTo:      normalizeEqualToFromEqualTo(oobj.Op.EqualTo),
-									GreaterThan:  normalizeCondition(oobj.Op.GreaterThan),
-									PatternMatch: normalizePatternMatch(oobj.Op.PatternMatch),
-								})
-							}
-						}
-						alist = append(alist, StandardAnd{
-							Name:        aobj.Name,
-							StandardOrs: olist,
-						})
-					}
-				}
-				sigs = append(sigs, StandardSignature{
-					Name:         x.Name,
-					Comment:      x.Comment,
-					Scope:        x.Scope,
-					OrderFree:    util.AsBool(x.OrderFree),
-					StandardAnds: alist,
-				})
-			}
-			ans.StandardSignatureType.Signatures = sigs
-		}
-	}
-
-	if o.Signature.Combination != nil {
-		ans.CombinationSignatureType = &CombinationSignatureType{
-			OrderFree:           util.AsBool(o.Signature.Combination.OrderFree),
-			ThresholdTime:       o.Signature.Combination.TimeAttribute.ThresholdTime,
-			IntervalTime:        o.Signature.Combination.TimeAttribute.IntervalTime,
-			AggregationCriteria: o.Signature.Combination.TimeAttribute.AggregationCriteria,
-		}
-
-		if o.Signature.Combination.AndConditions != nil && len(o.Signature.Combination.AndConditions.Entries) > 0 {
-			list := make([]CombinationSignature, 0, len(o.Signature.Combination.AndConditions.Entries))
-			for _, x := range o.Signature.Combination.AndConditions.Entries {
-				var olist []CombinationOr
-				if x.OrConditions != nil && len(x.OrConditions.Entries) > 0 {
-					olist = make([]CombinationOr, 0, len(x.OrConditions.Entries))
-					for _, oobj := range x.OrConditions.Entries {
-						olist = append(olist, CombinationOr{
-							Name:     oobj.Name,
-							ThreatId: oobj.ThreatId,
-						})
-					}
-				}
-				list = append(list, CombinationSignature{
-					Name:           x.Name,
-					CombinationOrs: olist,
-				})
-			}
-			ans.CombinationSignatureType.Signatures = list
-		}
-	}
-
-	return ans
-}
-
-func normalizeEqualToFromEqualTo(v *equalTo) *EqualTo {
-	if v == nil {
-		return nil
-	}
-
-	return &EqualTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     util.AsBool(v.Negate),
-		Qualifiers: normalizeQualifiers(v.Qualifiers),
-	}
-}
-
-type entry_v2 struct {
-	XMLName        xml.Name         `xml:"entry"`
-	Name           string           `xml:"name,attr"`
-	ThreatName     string           `xml:"threatname"`
-	Comment        string           `xml:"comment,omitempty"`
-	AffectedSystem affectedSystem   `xml:"affected-host"`
-	Severity       string           `xml:"severity"`
-	Direction      string           `xml:"direction"`
-	DefaultAction  *action          `xml:"default-action"`
-	Cves           *util.MemberType `xml:"cve"`
-	Bugtraqs       *util.MemberType `xml:"bugtraq"`
-	Vendors        *util.MemberType `xml:"vendor"`
-	References     *util.MemberType `xml:"reference"`
-	Signature      sig_v2           `xml:"signature"`
-}
-
-type sig_v2 struct {
-	Standard    *standard_v2 `xml:"standard"`
-	Combination *combination `xml:"combination"`
-}
-
-type standard_v2 struct {
-	Entries []standardEntry_v2 `xml:"entry"`
-}
-
-type standardEntry_v2 struct {
-	Name      string   `xml:"name,attr"`
-	Comment   string   `xml:"comment,omitempty"`
-	Scope     string   `xml:"scope,omitempty"`
-	OrderFree string   `xml:"order-free"`
-	Ands      *ands_v2 `xml:"and-condition"`
-}
-
-type ands_v2 struct {
-	Entries []standardAnd_v2 `xml:"entry"`
-}
-
-type standardAnd_v2 struct {
-	Name string  `xml:"name,attr"`
-	Ors  *ors_v2 `xml:"or-condition"`
-}
-
-type ors_v2 struct {
-	Entries []standardOr_v2 `xml:"entry"`
-}
-
-type standardOr_v2 struct {
-	Name string        `xml:"name,attr"`
-	Op   standardOp_v2 `xml:"operator"`
-}
-
-type standardOp_v2 struct {
-	LessThan     *condition    `xml:"less-than"`
-	EqualTo      *equalTo      `xml:"equal-to"`
-	GreaterThan  *condition    `xml:"greater-than"`
-	PatternMatch *patternMatch `xml:"pattern-match"`
-}
-
-type equalTo struct {
-	Value      int         `xml:"value"`
-	Context    string      `xml:"context"`
-	Negate     string      `xml:"negate"`
-	Qualifiers *qualifiers `xml:"qualifier"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:          e.Name,
-		ThreatName:    e.ThreatName,
-		Comment:       e.Comment,
-		Severity:      e.Severity,
-		Direction:     e.Direction,
-		DefaultAction: &action{},
-		Cves:          util.StrToMem(e.Cves),
-		Bugtraqs:      util.StrToMem(e.Bugtraqs),
-		Vendors:       util.StrToMem(e.Vendors),
-		References:    util.StrToMem(e.References),
-		AffectedSystem: affectedSystem{
-			AffectedSystemClient: util.YesNo(e.AffectedSystemClient),
-			AffectedSystemServer: util.YesNo(e.AffectedSystemServer),
-		},
-	}
-
-	s := ""
-	switch e.DefaultAction {
-	case DefaultActionAllow:
-		ans.DefaultAction.Allow = &s
-	case DefaultActionAlert:
-		ans.DefaultAction.Alert = &s
-	case DefaultActionDrop:
-		ans.DefaultAction.Drop = &s
-	case DefaultActionResetClient:
-		ans.DefaultAction.ResetClient = &s
-	case DefaultActionResetServer:
-		ans.DefaultAction.ResetServer = &s
-	case DefaultActionResetBoth:
-		ans.DefaultAction.ResetBoth = &s
-	case DefaultActionBlockIp:
-		ans.DefaultAction.BlockIp = &blockIp{
-			BlockIpTrackBy:  e.BlockIpTrackBy,
-			BlockIpDuration: e.BlockIpDuration,
-		}
-	default:
-		ans.DefaultAction = nil
-	}
-
-	if e.StandardSignatureType != nil {
-		ans.Signature.Standard = &standard_v2{}
-		if len(e.StandardSignatureType.Signatures) > 0 {
-			sigList := make([]standardEntry_v2, 0, len(e.StandardSignatureType.Signatures))
-			for _, ss := range e.StandardSignatureType.Signatures {
-				var av *ands_v2
-				if len(ss.StandardAnds) > 0 {
-					alist := make([]standardAnd_v2, 0, len(ss.StandardAnds))
-					for _, aobj := range ss.StandardAnds {
-						var ov *ors_v2
-						if len(aobj.StandardOrs) > 0 {
-							olist := make([]standardOr_v2, 0, len(aobj.StandardOrs))
-							for _, oobj := range aobj.StandardOrs {
-								olist = append(olist, standardOr_v2{
-									Name: oobj.Name,
-									Op: standardOp_v2{
-										LessThan:     specifyCondition(oobj.LessThan),
-										EqualTo:      specifyEqualToFromEqualTo(oobj.EqualTo),
-										GreaterThan:  specifyCondition(oobj.GreaterThan),
-										PatternMatch: specifyPatternMatch(oobj.PatternMatch),
-									},
-								})
-							}
-							ov = &ors_v2{Entries: olist}
-						}
-						alist = append(alist, standardAnd_v2{
-							Name: aobj.Name,
-							Ors:  ov,
-						})
-					}
-					av = &ands_v2{Entries: alist}
-				}
-				sigList = append(sigList, standardEntry_v2{
-					Name:      ss.Name,
-					Comment:   ss.Comment,
-					Scope:     ss.Scope,
-					OrderFree: util.YesNo(ss.OrderFree),
-					Ands:      av,
-				})
-			}
-			ans.Signature.Standard.Entries = sigList
-		}
-	}
-
-	if e.CombinationSignatureType != nil {
-		ans.Signature.Combination = &combination{
-			OrderFree: util.YesNo(e.CombinationSignatureType.OrderFree),
-			TimeAttribute: comboTime{
-				ThresholdTime:       e.CombinationSignatureType.ThresholdTime,
-				IntervalTime:        e.CombinationSignatureType.IntervalTime,
-				AggregationCriteria: e.CombinationSignatureType.AggregationCriteria,
-			},
-		}
-
-		if len(e.CombinationSignatureType.Signatures) > 0 {
-			list := make([]andCondEntry, 0, len(e.CombinationSignatureType.Signatures))
-			for _, x := range e.CombinationSignatureType.Signatures {
-				ors := make([]orCondEntry, 0, len(x.CombinationOrs))
-				for _, y := range x.CombinationOrs {
-					ors = append(ors, orCondEntry{
-						Name:     y.Name,
-						ThreatId: y.ThreatId,
-					})
-				}
-
-				list = append(list, andCondEntry{
-					Name:         x.Name,
-					OrConditions: &orCond{Entries: ors},
-				})
-			}
-
-			ans.Signature.Combination.AndConditions = &andCond{
-				Entries: list,
-			}
-		}
-	}
-
-	return ans
-}
-
-func specifyEqualToFromEqualTo(v *EqualTo) *equalTo {
-	if v == nil {
-		return nil
-	}
-
-	return &equalTo{
-		Value:      v.Value,
-		Context:    v.Context,
-		Negate:     util.YesNo(v.Negate),
-		Qualifiers: specifyQualifiers(v.Qualifiers),
-	}
-}
diff --git a/objs/custom/vulnerability/funcs.go b/objs/custom/vulnerability/funcs.go
deleted file mode 100644
index 0d6a212c..00000000
--- a/objs/custom/vulnerability/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package vulnerability
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/custom/vulnerability/fw.go b/objs/custom/vulnerability/fw.go
deleted file mode 100644
index 520275c0..00000000
--- a/objs/custom/vulnerability/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.CustomVulnerability namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"threats",
-		"vulnerability",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/vulnerability/fw_test.go b/objs/custom/vulnerability/fw_test.go
deleted file mode 100644
index f0f4a9dd..00000000
--- a/objs/custom/vulnerability/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package vulnerability
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/vulnerability/pano.go b/objs/custom/vulnerability/pano.go
deleted file mode 100644
index df9e215b..00000000
--- a/objs/custom/vulnerability/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.CustomVulnerability namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"threats",
-		"vulnerability",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/custom/vulnerability/pano_test.go b/objs/custom/vulnerability/pano_test.go
deleted file mode 100644
index ddebca11..00000000
--- a/objs/custom/vulnerability/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package vulnerability
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/custom/vulnerability/testdata_test.go b/objs/custom/vulnerability/testdata_test.go
deleted file mode 100644
index d5a9c322..00000000
--- a/objs/custom/vulnerability/testdata_test.go
+++ /dev/null
@@ -1,1353 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 standard less than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:                 "t1",
-			ThreatName:           "threat1",
-			Comment:              "foobar",
-			AffectedSystemClient: true,
-			AffectedSystemServer: true,
-			Severity:             "low",
-			Direction:            "client2server",
-			DefaultAction:        DefaultActionAllow,
-			Cves:                 []string{"cve1", "cve2"},
-			Bugtraqs:             []string{"bug1", "bug2"},
-			Vendors:              []string{"vendor1", "vendor2"},
-			References:           []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t2",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t3",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t4",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t5",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t6",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:            "t7",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t8",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t9",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "mySig",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t10",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard less than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t11",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t12",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard equal to with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t13",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t14",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard greater than with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t15",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match no qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:            "t16",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 standard pattern match with qualifiers", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t17",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination order free", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t18",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v1 combination ordered", version.Number{7, 0, 0, ""}, Entry{
-			Name:          "t19",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:                 "t1",
-			ThreatName:           "threat1",
-			Comment:              "foobar",
-			AffectedSystemClient: true,
-			AffectedSystemServer: true,
-			Severity:             "low",
-			Direction:            "client2server",
-			DefaultAction:        DefaultActionAllow,
-			Cves:                 []string{"cve1", "cve2"},
-			Bugtraqs:             []string{"bug1", "bug2"},
-			Vendors:              []string{"vendor1", "vendor2"},
-			References:           []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t2",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t3",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t4",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t5",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t6",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t7",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t8",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t9",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "mySig",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t10",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			Cves:          []string{"cve1", "cve2"},
-			Bugtraqs:      []string{"bug1", "bug2"},
-			Vendors:       []string{"vendor1", "vendor2"},
-			References:    []string{"ref1", "ref2"},
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard less than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t11",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										LessThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t12",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t13",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetClient,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t14",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetServer,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard greater than with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t15",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionResetBoth,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										GreaterThan: &Condition{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match no qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t16",
-			ThreatName:      "threat1",
-			Comment:         "foobar",
-			Severity:        "low",
-			Direction:       "client2server",
-			DefaultAction:   DefaultActionBlockIp,
-			BlockIpTrackBy:  "source-and-destination",
-			BlockIpDuration: 1024,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard pattern match with qualifiers", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t17",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "low",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAllow,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										PatternMatch: &Pattern{
-											Pattern: "abcdefgh",
-											Context: "http-rsp-code",
-											Negate:  false,
-											Qualifiers: []Qualifier{
-												Qualifier{
-													Qualifier: "foo",
-													Value:     "bar",
-												},
-											},
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination order free", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t18",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				OrderFree:           true,
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 combination ordered", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t19",
-			ThreatName:    "myThreat",
-			Comment:       "foobar",
-			Severity:      "medium",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionAlert,
-			CombinationSignatureType: &CombinationSignatureType{
-				ThresholdTime:       7,
-				IntervalTime:        8,
-				AggregationCriteria: "source-and-destination",
-				Signatures: []CombinationSignature{
-					CombinationSignature{
-						Name: "And Condition 1",
-						CombinationOrs: []CombinationOr{
-							CombinationOr{
-								Name:     "Or Condition 1",
-								ThreatId: "10052",
-							},
-						},
-					},
-				},
-			},
-		}},
-		{"v2 standard equal to and negate", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t20",
-			ThreatName:    "threat1",
-			Comment:       "foobar",
-			Severity:      "high",
-			Direction:     "client2server",
-			DefaultAction: DefaultActionDrop,
-			StandardSignatureType: &StandardSignatureType{
-				Signatures: []StandardSignature{
-					StandardSignature{
-						Name:      "sig1",
-						Comment:   "sig comment",
-						Scope:     "transaction",
-						OrderFree: true,
-						StandardAnds: []StandardAnd{
-							StandardAnd{
-								Name: "And 1",
-								StandardOrs: []StandardOr{
-									StandardOr{
-										Name: "Or 1",
-										EqualTo: &EqualTo{
-											Value:   4096,
-											Context: "http-rsp-code",
-											Negate:  true,
-										},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/doc.go b/objs/doc.go
deleted file mode 100644
index 3ac75d3c..00000000
--- a/objs/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-/*
-Package objs is the client.Objects namespace.
-*/
-package objs
diff --git a/objs/dug/const.go b/objs/dug/const.go
deleted file mode 100644
index 021f78e3..00000000
--- a/objs/dug/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package dug
-
-const (
-	singular = "dynamic user group"
-	plural   = "dynamic user groups"
-)
diff --git a/objs/dug/doc.go b/objs/dug/doc.go
deleted file mode 100644
index e413f4c4..00000000
--- a/objs/dug/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package dug is the client.Objects.DynamicUserGroup namespace.
-
-Dynamic user groups have been added to PAN-OS 9.1.
-
-Normalized object:  Entry
-*/
-package dug
diff --git a/objs/dug/entry.go b/objs/dug/entry.go
deleted file mode 100644
index 436b11bf..00000000
--- a/objs/dug/entry.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package dug
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of
-// a dynamic user group.
-type Entry struct {
-	Name        string
-	Description string
-	Filter      string
-	Tags        []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Filter = s.Filter
-	if s.Tags == nil {
-		o.Tags = nil
-	} else {
-		o.Tags = make([]string, len(s.Tags))
-		copy(o.Tags, s.Tags)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	Description string           `xml:"description,omitempty"`
-	Filter      string           `xml:"filter"`
-	Tags        *util.MemberType `xml:"tag"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Filter:      e.Filter,
-		Tags:        util.StrToMem(e.Tags),
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        e.Name,
-		Description: e.Description,
-		Filter:      e.Filter,
-		Tags:        util.MemToStr(e.Tags),
-	}
-
-	return ans
-}
diff --git a/objs/dug/funcs.go b/objs/dug/funcs.go
deleted file mode 100644
index 76a4feb6..00000000
--- a/objs/dug/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package dug
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/dug/fw.go b/objs/dug/fw.go
deleted file mode 100644
index f599ccae..00000000
--- a/objs/dug/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package dug
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.DynamicUserGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"dynamic-user-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/dug/fw_test.go b/objs/dug/fw_test.go
deleted file mode 100644
index 8b9cb863..00000000
--- a/objs/dug/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dug
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/dug/pano.go b/objs/dug/pano.go
deleted file mode 100644
index 651cab3f..00000000
--- a/objs/dug/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package dug
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Address namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"dynamic-user-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/dug/pano_test.go b/objs/dug/pano_test.go
deleted file mode 100644
index 6f845c21..00000000
--- a/objs/dug/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package dug
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.dg, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.dg, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/dug/testdata_test.go b/objs/dug/testdata_test.go
deleted file mode 100644
index 34d2e2f4..00000000
--- a/objs/dug/testdata_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package dug
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	vsys    string
-	dg      string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 single with no tags", "", "", version.Number{9, 1, 0, ""}, Entry{
-			Name:        "one",
-			Description: "my description",
-			Filter:      "'single'",
-		}},
-		{"v1 single with tags", "", "", version.Number{9, 1, 0, ""}, Entry{
-			Name:        "two",
-			Description: "my second description",
-			Filter:      "'single' and 'foo'",
-			Tags:        []string{"tag2", "tag1"},
-		}},
-	}
-}
diff --git a/objs/edl/const.go b/objs/edl/const.go
deleted file mode 100644
index 10043cf4..00000000
--- a/objs/edl/const.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package edl
-
-// Constants for Entry.Type field.  Only TypeIp is valid for PAN-OS 7.0 and
-// earlier.
-const (
-	TypeIp            string = "ip"
-	TypeDomain        string = "domain"
-	TypeUrl           string = "url"
-	TypePredefinedIp  string = "predefined-ip"  // PAN-OS 8.0+
-	TypePredefinedUrl string = "predefined-url" // PAN-OS 10.0+
-)
-
-// Constants for the Repeat field.
-const (
-	RepeatEveryFiveMinutes = "every five minutes" // PAN-OS 8.0+
-	RepeatHourly           = "hourly"
-	RepeatDaily            = "daily"
-	RepeatWeekly           = "weekly"
-	RepeatMonthly          = "monthly"
-)
-
-const (
-	singular = "edl"
-	plural   = "edls"
-)
diff --git a/objs/edl/doc.go b/objs/edl/doc.go
deleted file mode 100644
index 4f2dcfd6..00000000
--- a/objs/edl/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package edl is the ngfw.Objects.Edl namespace.
-
-Normalized object:  Entry
-*/
-package edl
diff --git a/objs/edl/entry.go b/objs/edl/entry.go
deleted file mode 100644
index a2da5ea9..00000000
--- a/objs/edl/entry.go
+++ /dev/null
@@ -1,649 +0,0 @@
-package edl
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an
-// external dynamic list.
-type Entry struct {
-	Name               string
-	Type               string
-	Description        string
-	Source             string
-	CertificateProfile string // PAN-OS 8.0+
-	Username           string // PAN-OS 8.0+
-	Password           string // PAN-OS 8.0+
-	ExpandDomain       bool   // PAN-OS 9.0+
-	Repeat             string
-	RepeatAt           string
-	RepeatDayOfWeek    string
-	RepeatDayOfMonth   int
-	Exceptions         []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Type = s.Type
-	o.Description = s.Description
-	o.Source = s.Source
-	o.CertificateProfile = s.CertificateProfile
-	o.Username = s.Username
-	o.Password = s.Password
-	o.ExpandDomain = s.ExpandDomain
-	o.Repeat = s.Repeat
-	o.RepeatAt = s.RepeatAt
-	o.RepeatDayOfWeek = s.RepeatDayOfWeek
-	o.RepeatDayOfMonth = s.RepeatDayOfMonth
-	if s.Exceptions == nil {
-		o.Exceptions = nil
-	} else {
-		o.Exceptions = make([]string, len(s.Exceptions))
-		copy(o.Exceptions, s.Exceptions)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Type:        o.Type,
-		Description: o.Description,
-		Source:      o.Source,
-	}
-
-	if o.Repeat.FiveMinute != nil {
-		ans.Repeat = RepeatEveryFiveMinutes
-	} else if o.Repeat.Hourly != nil {
-		ans.Repeat = RepeatHourly
-	} else if o.Repeat.Daily != nil {
-		ans.Repeat = RepeatDaily
-		ans.RepeatAt = o.Repeat.Daily.At
-	} else if o.Repeat.Weekly != nil {
-		ans.Repeat = RepeatWeekly
-		ans.RepeatAt = o.Repeat.Weekly.At
-		ans.RepeatDayOfWeek = o.Repeat.Weekly.DayOfWeek
-	} else if o.Repeat.Monthly != nil {
-		ans.Repeat = RepeatMonthly
-		ans.RepeatAt = o.Repeat.Monthly.At
-		ans.RepeatDayOfMonth = o.Repeat.Monthly.DayOfMonth
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Type        string   `xml:"type"`
-	Description string   `xml:"description,omitempty"`
-	Source      string   `xml:"url"`
-	Repeat      repeat   `xml:"recurring"`
-}
-
-type repeat struct {
-	FiveMinute *string    `xml:"five-minute"`
-	Hourly     *string    `xml:"hourly"`
-	Daily      *timeDay   `xml:"daily"`
-	Weekly     *timeWeek  `xml:"weekly"`
-	Monthly    *timeMonth `xml:"monthly"`
-}
-
-type timeDay struct {
-	At string `xml:"at,omitempty"`
-}
-
-type timeWeek struct {
-	At        string `xml:"at"`
-	DayOfWeek string `xml:"day-of-week"`
-}
-
-type timeMonth struct {
-	At         string `xml:"at"`
-	DayOfMonth int    `xml:"day-of-month"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Type:        e.Type,
-		Description: e.Description,
-		Source:      e.Source,
-	}
-
-	switch e.Repeat {
-	case RepeatEveryFiveMinutes:
-		s := ""
-		ans.Repeat.FiveMinute = &s
-	case RepeatHourly:
-		s := ""
-		ans.Repeat.Hourly = &s
-	case RepeatDaily:
-		ans.Repeat.Daily = &timeDay{e.RepeatAt}
-	case RepeatWeekly:
-		ans.Repeat.Weekly = &timeWeek{e.RepeatAt, e.RepeatDayOfWeek}
-	case RepeatMonthly:
-		ans.Repeat.Monthly = &timeMonth{e.RepeatAt, e.RepeatDayOfMonth}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0.
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	var sp *typeSpec
-
-	if o.PredefinedIp != nil {
-		ans.Type = TypePredefinedIp
-		ans.Description = o.PredefinedIp.Description
-		ans.Source = o.PredefinedIp.Source
-		ans.Exceptions = util.MemToStr(o.PredefinedIp.Exceptions)
-	} else if o.Ip != nil {
-		ans.Type = TypeIp
-		sp = o.Ip
-	} else if o.Domain != nil {
-		ans.Type = TypeDomain
-		sp = o.Domain
-	} else if o.Url != nil {
-		ans.Type = TypeUrl
-		sp = o.Url
-	}
-
-	if sp != nil {
-		ans.Description = sp.Description
-		ans.Source = sp.Source
-		ans.CertificateProfile = sp.CertificateProfile
-		ans.Exceptions = util.MemToStr(sp.Exceptions)
-		if sp.Auth != nil {
-			ans.Username = sp.Auth.Username
-			ans.Password = sp.Auth.Password
-		}
-		if sp.Repeat.FiveMinute != nil {
-			ans.Repeat = RepeatEveryFiveMinutes
-		} else if sp.Repeat.Hourly != nil {
-			ans.Repeat = RepeatHourly
-		} else if sp.Repeat.Daily != nil {
-			ans.Repeat = RepeatDaily
-			ans.RepeatAt = sp.Repeat.Daily.At
-		} else if sp.Repeat.Weekly != nil {
-			ans.Repeat = RepeatWeekly
-			ans.RepeatAt = sp.Repeat.Weekly.At
-			ans.RepeatDayOfWeek = sp.Repeat.Weekly.DayOfWeek
-		} else if sp.Repeat.Monthly != nil {
-			ans.Repeat = RepeatMonthly
-			ans.RepeatAt = sp.Repeat.Monthly.At
-			ans.RepeatDayOfMonth = sp.Repeat.Monthly.DayOfMonth
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName      xml.Name        `xml:"entry"`
-	Name         string          `xml:"name,attr"`
-	PredefinedIp *typePredefined `xml:"type>predefined-ip"`
-	Ip           *typeSpec       `xml:"type>ip"`
-	Domain       *typeSpec       `xml:"type>domain"`
-	Url          *typeSpec       `xml:"type>url"`
-}
-
-type typePredefined struct {
-	Description string           `xml:"description"`
-	Source      string           `xml:"url"`
-	Exceptions  *util.MemberType `xml:"exception-list"`
-}
-
-type typeSpec struct {
-	Description        string           `xml:"description,omitempty"`
-	Source             string           `xml:"url"`
-	CertificateProfile string           `xml:"certificate-profile,omitempty"`
-	Auth               *authType        `xml:"auth"`
-	Repeat             repeat           `xml:"recurring"`
-	Exceptions         *util.MemberType `xml:"exception-list"`
-}
-
-type authType struct {
-	Username string `xml:"username"`
-	Password string `xml:"password"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	switch e.Type {
-	case TypePredefinedIp:
-		ans.PredefinedIp = &typePredefined{
-			Description: e.Description,
-			Source:      e.Source,
-			Exceptions:  util.StrToMem(e.Exceptions),
-		}
-	default:
-		spec := &typeSpec{
-			Description:        e.Description,
-			Source:             e.Source,
-			CertificateProfile: e.CertificateProfile,
-			Exceptions:         util.StrToMem(e.Exceptions),
-		}
-
-		if e.Username != "" || e.Password != "" {
-			spec.Auth = &authType{e.Username, e.Password}
-		}
-
-		sp := ""
-		switch e.Repeat {
-		case RepeatEveryFiveMinutes:
-			spec.Repeat.FiveMinute = &sp
-		case RepeatHourly:
-			spec.Repeat.Hourly = &sp
-		case RepeatDaily:
-			spec.Repeat.Daily = &timeDay{e.RepeatAt}
-		case RepeatWeekly:
-			spec.Repeat.Weekly = &timeWeek{e.RepeatAt, e.RepeatDayOfWeek}
-		case RepeatMonthly:
-			spec.Repeat.Monthly = &timeMonth{e.RepeatAt, e.RepeatDayOfMonth}
-		}
-
-		switch e.Type {
-		case TypeIp:
-			ans.Ip = spec
-		case TypeDomain:
-			ans.Domain = spec
-		case TypeUrl:
-			ans.Url = spec
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0.
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	var sp *typeSpec
-
-	if o.PredefinedIp != nil {
-		ans.Type = TypePredefinedIp
-		ans.Description = o.PredefinedIp.Description
-		ans.Source = o.PredefinedIp.Source
-		ans.Exceptions = util.MemToStr(o.PredefinedIp.Exceptions)
-	} else if o.Ip != nil {
-		ans.Type = TypeIp
-		sp = o.Ip
-	} else if o.Domain != nil {
-		ans.Type = TypeDomain
-		ans.ExpandDomain = util.AsBool(o.Domain.ExpandDomain)
-		sp = &typeSpec{
-			Description:        o.Domain.Description,
-			Source:             o.Domain.Source,
-			CertificateProfile: o.Domain.CertificateProfile,
-			Auth:               o.Domain.Auth,
-			Repeat:             o.Domain.Repeat,
-			Exceptions:         o.Domain.Exceptions,
-		}
-	} else if o.Url != nil {
-		ans.Type = TypeUrl
-		sp = o.Url
-	}
-
-	if sp != nil {
-		ans.Description = sp.Description
-		ans.Source = sp.Source
-		ans.CertificateProfile = sp.CertificateProfile
-		ans.Exceptions = util.MemToStr(sp.Exceptions)
-		if sp.Auth != nil {
-			ans.Username = sp.Auth.Username
-			ans.Password = sp.Auth.Password
-		}
-		if sp.Repeat.FiveMinute != nil {
-			ans.Repeat = RepeatEveryFiveMinutes
-		} else if sp.Repeat.Hourly != nil {
-			ans.Repeat = RepeatHourly
-		} else if sp.Repeat.Daily != nil {
-			ans.Repeat = RepeatDaily
-			ans.RepeatAt = sp.Repeat.Daily.At
-		} else if sp.Repeat.Weekly != nil {
-			ans.Repeat = RepeatWeekly
-			ans.RepeatAt = sp.Repeat.Weekly.At
-			ans.RepeatDayOfWeek = sp.Repeat.Weekly.DayOfWeek
-		} else if sp.Repeat.Monthly != nil {
-			ans.Repeat = RepeatMonthly
-			ans.RepeatAt = sp.Repeat.Monthly.At
-			ans.RepeatDayOfMonth = sp.Repeat.Monthly.DayOfMonth
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName      xml.Name        `xml:"entry"`
-	Name         string          `xml:"name,attr"`
-	PredefinedIp *typePredefined `xml:"type>predefined-ip"`
-	Ip           *typeSpec       `xml:"type>ip"`
-	Domain       *domainSpec     `xml:"type>domain"`
-	Url          *typeSpec       `xml:"type>url"`
-}
-
-type domainSpec struct {
-	Description        string           `xml:"description,omitempty"`
-	Source             string           `xml:"url"`
-	CertificateProfile string           `xml:"certificate-profile,omitempty"`
-	Auth               *authType        `xml:"auth"`
-	Repeat             repeat           `xml:"recurring"`
-	Exceptions         *util.MemberType `xml:"exception-list"`
-	ExpandDomain       string           `xml:"expand-domain"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name: e.Name,
-	}
-
-	switch e.Type {
-	case TypePredefinedIp:
-		ans.PredefinedIp = &typePredefined{
-			Description: e.Description,
-			Source:      e.Source,
-			Exceptions:  util.StrToMem(e.Exceptions),
-		}
-	default:
-		spec := &typeSpec{
-			Description:        e.Description,
-			Source:             e.Source,
-			CertificateProfile: e.CertificateProfile,
-			Exceptions:         util.StrToMem(e.Exceptions),
-		}
-
-		if e.Username != "" || e.Password != "" {
-			spec.Auth = &authType{e.Username, e.Password}
-		}
-
-		sp := ""
-		switch e.Repeat {
-		case RepeatEveryFiveMinutes:
-			spec.Repeat.FiveMinute = &sp
-		case RepeatHourly:
-			spec.Repeat.Hourly = &sp
-		case RepeatDaily:
-			spec.Repeat.Daily = &timeDay{e.RepeatAt}
-		case RepeatWeekly:
-			spec.Repeat.Weekly = &timeWeek{e.RepeatAt, e.RepeatDayOfWeek}
-		case RepeatMonthly:
-			spec.Repeat.Monthly = &timeMonth{e.RepeatAt, e.RepeatDayOfMonth}
-		}
-
-		switch e.Type {
-		case TypeIp:
-			ans.Ip = spec
-		case TypeDomain:
-			ans.Domain = &domainSpec{
-				Description:        spec.Description,
-				Source:             spec.Source,
-				CertificateProfile: spec.CertificateProfile,
-				Auth:               spec.Auth,
-				Repeat:             spec.Repeat,
-				Exceptions:         spec.Exceptions,
-				ExpandDomain:       util.YesNo(e.ExpandDomain),
-			}
-		case TypeUrl:
-			ans.Url = spec
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 10.0.
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	var sp *typeSpec
-
-	if o.PredefinedIp != nil {
-		ans.Type = TypePredefinedIp
-		ans.Description = o.PredefinedIp.Description
-		ans.Source = o.PredefinedIp.Source
-		ans.Exceptions = util.MemToStr(o.PredefinedIp.Exceptions)
-	} else if o.PredefinedUrl != nil {
-		ans.Type = TypePredefinedUrl
-		ans.Description = o.PredefinedUrl.Description
-		ans.Source = o.PredefinedUrl.Source
-		ans.Exceptions = util.MemToStr(o.PredefinedUrl.Exceptions)
-	} else if o.Ip != nil {
-		ans.Type = TypeIp
-		sp = o.Ip
-	} else if o.Domain != nil {
-		ans.Type = TypeDomain
-		ans.ExpandDomain = util.AsBool(o.Domain.ExpandDomain)
-		sp = &typeSpec{
-			Description:        o.Domain.Description,
-			Source:             o.Domain.Source,
-			CertificateProfile: o.Domain.CertificateProfile,
-			Auth:               o.Domain.Auth,
-			Repeat:             o.Domain.Repeat,
-			Exceptions:         o.Domain.Exceptions,
-		}
-	} else if o.Url != nil {
-		ans.Type = TypeUrl
-		sp = o.Url
-	}
-
-	if sp != nil {
-		ans.Description = sp.Description
-		ans.Source = sp.Source
-		ans.CertificateProfile = sp.CertificateProfile
-		ans.Exceptions = util.MemToStr(sp.Exceptions)
-		if sp.Auth != nil {
-			ans.Username = sp.Auth.Username
-			ans.Password = sp.Auth.Password
-		}
-		if sp.Repeat.FiveMinute != nil {
-			ans.Repeat = RepeatEveryFiveMinutes
-		} else if sp.Repeat.Hourly != nil {
-			ans.Repeat = RepeatHourly
-		} else if sp.Repeat.Daily != nil {
-			ans.Repeat = RepeatDaily
-			ans.RepeatAt = sp.Repeat.Daily.At
-		} else if sp.Repeat.Weekly != nil {
-			ans.Repeat = RepeatWeekly
-			ans.RepeatAt = sp.Repeat.Weekly.At
-			ans.RepeatDayOfWeek = sp.Repeat.Weekly.DayOfWeek
-		} else if sp.Repeat.Monthly != nil {
-			ans.Repeat = RepeatMonthly
-			ans.RepeatAt = sp.Repeat.Monthly.At
-			ans.RepeatDayOfMonth = sp.Repeat.Monthly.DayOfMonth
-		}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName       xml.Name        `xml:"entry"`
-	Name          string          `xml:"name,attr"`
-	PredefinedIp  *typePredefined `xml:"type>predefined-ip"`
-	PredefinedUrl *typePredefined `xml:"type>predefined-url"`
-	Ip            *typeSpec       `xml:"type>ip"`
-	Domain        *domainSpec     `xml:"type>domain"`
-	Url           *typeSpec       `xml:"type>url"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name: e.Name,
-	}
-
-	switch e.Type {
-	case TypePredefinedIp:
-		ans.PredefinedIp = &typePredefined{
-			Description: e.Description,
-			Source:      e.Source,
-			Exceptions:  util.StrToMem(e.Exceptions),
-		}
-	case TypePredefinedUrl:
-		ans.PredefinedUrl = &typePredefined{
-			Description: e.Description,
-			Source:      e.Source,
-			Exceptions:  util.StrToMem(e.Exceptions),
-		}
-	default:
-		spec := &typeSpec{
-			Description:        e.Description,
-			Source:             e.Source,
-			CertificateProfile: e.CertificateProfile,
-			Exceptions:         util.StrToMem(e.Exceptions),
-		}
-
-		if e.Username != "" || e.Password != "" {
-			spec.Auth = &authType{e.Username, e.Password}
-		}
-
-		sp := ""
-		switch e.Repeat {
-		case RepeatEveryFiveMinutes:
-			spec.Repeat.FiveMinute = &sp
-		case RepeatHourly:
-			spec.Repeat.Hourly = &sp
-		case RepeatDaily:
-			spec.Repeat.Daily = &timeDay{e.RepeatAt}
-		case RepeatWeekly:
-			spec.Repeat.Weekly = &timeWeek{e.RepeatAt, e.RepeatDayOfWeek}
-		case RepeatMonthly:
-			spec.Repeat.Monthly = &timeMonth{e.RepeatAt, e.RepeatDayOfMonth}
-		}
-
-		switch e.Type {
-		case TypeIp:
-			ans.Ip = spec
-		case TypeDomain:
-			ans.Domain = &domainSpec{
-				Description:        spec.Description,
-				Source:             spec.Source,
-				CertificateProfile: spec.CertificateProfile,
-				Auth:               spec.Auth,
-				Repeat:             spec.Repeat,
-				Exceptions:         spec.Exceptions,
-				ExpandDomain:       util.YesNo(e.ExpandDomain),
-			}
-		case TypeUrl:
-			ans.Url = spec
-		}
-	}
-
-	return ans
-}
diff --git a/objs/edl/funcs.go b/objs/edl/funcs.go
deleted file mode 100644
index 37c8e384..00000000
--- a/objs/edl/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package edl
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/edl/fw.go b/objs/edl/fw.go
deleted file mode 100644
index 8c6783cc..00000000
--- a/objs/edl/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package edl
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.Edl namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"external-list",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/edl/fw_test.go b/objs/edl/fw_test.go
deleted file mode 100644
index 66002886..00000000
--- a/objs/edl/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package edl
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/edl/pano.go b/objs/edl/pano.go
deleted file mode 100644
index 37481fa5..00000000
--- a/objs/edl/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package edl
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Edl namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"external-list",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/edl/pano_test.go b/objs/edl/pano_test.go
deleted file mode 100644
index 562e4f4b..00000000
--- a/objs/edl/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package edl
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set("myDg", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("myDg", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/edl/testdata_test.go b/objs/edl/testdata_test.go
deleted file mode 100644
index 6d225dcb..00000000
--- a/objs/edl/testdata_test.go
+++ /dev/null
@@ -1,226 +0,0 @@
-package edl
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 ip hourly", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "one",
-			Type:        TypeIp,
-			Description: "first",
-			Source:      "http://1.1.1.1",
-			Repeat:      RepeatHourly,
-		}},
-		{"v1 domain daily", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "three",
-			Type:        TypeDomain,
-			Description: "third",
-			Source:      "http://3.3.3.3",
-			Repeat:      RepeatDaily,
-			RepeatAt:    "12:34",
-		}},
-		{"v1 url weekly", version.Number{6, 1, 0, ""}, Entry{
-			Name:            "four",
-			Type:            TypeUrl,
-			Description:     "fourth",
-			Source:          "http://4.4.4.4",
-			Repeat:          RepeatWeekly,
-			RepeatAt:        "actually invalid",
-			RepeatDayOfWeek: "tuesday",
-		}},
-		{"v1 url monthly", version.Number{6, 1, 0, ""}, Entry{
-			Name:             "five",
-			Type:             TypeUrl,
-			Description:      "fifth",
-			Source:           "http://5.5.5.5",
-			Repeat:           RepeatMonthly,
-			RepeatAt:         "also invalid",
-			RepeatDayOfMonth: 7,
-		}},
-		{"v2 ip hourly", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "one",
-			Type:        TypeIp,
-			Description: "first",
-			Source:      "http://1.1.1.1",
-			Repeat:      RepeatHourly,
-		}},
-		{"v2 domain daily", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "three",
-			Type:        TypeDomain,
-			Description: "third",
-			Source:      "http://3.3.3.3",
-			Repeat:      RepeatDaily,
-			RepeatAt:    "12:34",
-		}},
-		{"v2 url weekly", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "four",
-			Type:            TypeUrl,
-			Description:     "fourth",
-			Source:          "http://4.4.4.4",
-			Repeat:          RepeatWeekly,
-			RepeatAt:        "actually invalid",
-			RepeatDayOfWeek: "tuesday",
-		}},
-		{"v2 url monthly", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "five",
-			Type:             TypeUrl,
-			Description:      "fifth",
-			Source:           "http://5.5.5.5",
-			Repeat:           RepeatMonthly,
-			RepeatAt:         "also invalid",
-			RepeatDayOfMonth: 7,
-		}},
-		{"v2 predefined", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "six",
-			Type:        TypePredefinedIp,
-			Description: "predef test",
-			Source:      "http://7.7.7.7:8444",
-			Exceptions:  []string{"ex1", "ex2"},
-		}},
-		{"v2 ip with cert and auth", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "seven",
-			Type:               TypeIp,
-			Description:        "ip with cert and auth",
-			Source:             "https://8.8.8.8",
-			CertificateProfile: "myProfile",
-			Username:           "admin",
-			Password:           "swordfish",
-			Exceptions:         []string{"firstException", "secondOne"},
-		}},
-		{"v3 ip hourly", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "one",
-			Type:        TypeIp,
-			Description: "first",
-			Source:      "http://1.1.1.1",
-			Repeat:      RepeatHourly,
-		}},
-		{"v3 domain daily", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "three",
-			Type:        TypeDomain,
-			Description: "third",
-			Source:      "http://3.3.3.3",
-			Repeat:      RepeatDaily,
-			RepeatAt:    "12:34",
-		}},
-		{"v3 url weekly", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "four",
-			Type:            TypeUrl,
-			Description:     "fourth",
-			Source:          "http://4.4.4.4",
-			Repeat:          RepeatWeekly,
-			RepeatAt:        "actually invalid",
-			RepeatDayOfWeek: "tuesday",
-		}},
-		{"v3 url monthly", version.Number{9, 0, 0, ""}, Entry{
-			Name:             "five",
-			Type:             TypeUrl,
-			Description:      "fifth",
-			Source:           "http://5.5.5.5",
-			Repeat:           RepeatMonthly,
-			RepeatAt:         "also invalid",
-			RepeatDayOfMonth: 7,
-		}},
-		{"v3 predefined", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "six",
-			Type:        TypePredefinedIp,
-			Description: "predef test",
-			Source:      "http://7.7.7.7:8444",
-			Exceptions:  []string{"ex1", "ex2"},
-		}},
-		{"v3 ip with cert and auth", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "seven",
-			Type:               TypeIp,
-			Description:        "ip with cert and auth",
-			Source:             "https://8.8.8.8",
-			CertificateProfile: "myProfile",
-			Username:           "admin",
-			Password:           "swordfish",
-			Exceptions:         []string{"firstException", "secondOne"},
-		}},
-		{"v3 domain with expand domain", version.Number{9, 0, 0, ""}, Entry{
-			Name:         "eight",
-			Type:         TypeDomain,
-			Description:  "domain with expand domain",
-			Source:       "https://localhost",
-			ExpandDomain: true,
-			Username:     "foo",
-			Password:     "bar",
-			Exceptions:   []string{"example.com"},
-		}},
-		{"v4 ip hourly", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "one",
-			Type:        TypeIp,
-			Description: "first",
-			Source:      "http://1.1.1.1",
-			Repeat:      RepeatHourly,
-		}},
-		{"v4 domain daily", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "three",
-			Type:        TypeDomain,
-			Description: "third",
-			Source:      "http://3.3.3.3",
-			Repeat:      RepeatDaily,
-			RepeatAt:    "12:34",
-		}},
-		{"v4 url weekly", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "four",
-			Type:            TypeUrl,
-			Description:     "fourth",
-			Source:          "http://4.4.4.4",
-			Repeat:          RepeatWeekly,
-			RepeatAt:        "actually invalid",
-			RepeatDayOfWeek: "tuesday",
-		}},
-		{"v4 url monthly", version.Number{10, 0, 0, ""}, Entry{
-			Name:             "five",
-			Type:             TypeUrl,
-			Description:      "fifth",
-			Source:           "http://5.5.5.5",
-			Repeat:           RepeatMonthly,
-			RepeatAt:         "also invalid",
-			RepeatDayOfMonth: 7,
-		}},
-		{"v4 predefined", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "six",
-			Type:        TypePredefinedIp,
-			Description: "predef test",
-			Source:      "http://7.7.7.7:8444",
-			Exceptions:  []string{"ex1", "ex2"},
-		}},
-		{"v4 ip with cert and auth", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "seven",
-			Type:               TypeIp,
-			Description:        "ip with cert and auth",
-			Source:             "https://8.8.8.8",
-			CertificateProfile: "myProfile",
-			Username:           "admin",
-			Password:           "swordfish",
-			Exceptions:         []string{"firstException", "secondOne"},
-		}},
-		{"v4 domain with expand domain", version.Number{10, 0, 0, ""}, Entry{
-			Name:         "eight",
-			Type:         TypeDomain,
-			Description:  "domain with expand domain",
-			Source:       "https://localhost",
-			ExpandDomain: true,
-			Username:     "foo",
-			Password:     "bar",
-			Exceptions:   []string{"example.com"},
-		}},
-		{"v4 predefined url", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "nine",
-			Type:        TypePredefinedUrl,
-			Description: "predef url",
-			Source:      "https://127.0.0.1:8443",
-			Exceptions:  []string{"palo.com", "alto.com"},
-		}},
-	}
-}
diff --git a/objs/fw.go b/objs/fw.go
deleted file mode 100644
index 11e27170..00000000
--- a/objs/fw.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package objs
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	"github.com/PaloAltoNetworks/pango/objs/addr"
-	"github.com/PaloAltoNetworks/pango/objs/addrgrp"
-	"github.com/PaloAltoNetworks/pango/objs/app"
-	appgrp "github.com/PaloAltoNetworks/pango/objs/app/group"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature/andcond"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature/orcond"
-	datapat "github.com/PaloAltoNetworks/pango/objs/custom/data"
-	cusspy "github.com/PaloAltoNetworks/pango/objs/custom/spyware"
-	cusurl "github.com/PaloAltoNetworks/pango/objs/custom/url"
-	cusvuln "github.com/PaloAltoNetworks/pango/objs/custom/vulnerability"
-	"github.com/PaloAltoNetworks/pango/objs/dug"
-	"github.com/PaloAltoNetworks/pango/objs/edl"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd/matchlist"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd/matchlist/action"
-	dfsp "github.com/PaloAltoNetworks/pango/objs/profile/security/data"
-	dpsp "github.com/PaloAltoNetworks/pango/objs/profile/security/dos"
-	fprof "github.com/PaloAltoNetworks/pango/objs/profile/security/file"
-	spg "github.com/PaloAltoNetworks/pango/objs/profile/security/group"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/spyware"
-	ufsp "github.com/PaloAltoNetworks/pango/objs/profile/security/url"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/virus"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/vulnerability"
-	wfasp "github.com/PaloAltoNetworks/pango/objs/profile/security/wildfire"
-	"github.com/PaloAltoNetworks/pango/objs/srvc"
-	"github.com/PaloAltoNetworks/pango/objs/srvcgrp"
-	"github.com/PaloAltoNetworks/pango/objs/tags"
-)
-
-// FwObjs is the client.Objects namespace.
-type FwObjs struct {
-	Address                             *addr.Firewall
-	AddressGroup                        *addrgrp.Firewall
-	AntiSpywareProfile                  *spyware.Firewall
-	AntivirusProfile                    *virus.Firewall
-	Application                         *app.Firewall
-	AppGroup                            *appgrp.FwGroup
-	AppSignature                        *signature.FwSignature
-	AppSigAndCond                       *andcond.FwAndCond
-	AppSigOrCond                        *orcond.FwOrCond
-	CustomSpyware                       *cusspy.Firewall
-	CustomUrlCategory                   *cusurl.Firewall
-	CustomVulnerability                 *cusvuln.Firewall
-	DataPattern                         *datapat.Firewall
-	DataFilteringProfile                *dfsp.Firewall
-	DosProtectionProfile                *dpsp.Firewall
-	DynamicUserGroup                    *dug.Firewall
-	Edl                                 *edl.Firewall
-	FileBlockingProfile                 *fprof.Firewall
-	LogForwardingProfile                *logfwd.Firewall
-	LogForwardingProfileMatchList       *matchlist.FwMatchList
-	LogForwardingProfileMatchListAction *action.FwAction
-	SecurityProfileGroup                *spg.Firewall
-	Services                            *srvc.Firewall
-	ServiceGroup                        *srvcgrp.Firewall
-	Tags                                *tags.Firewall
-	UrlFilteringProfile                 *ufsp.Firewall
-	VulnerabilityProfile                *vulnerability.Firewall
-	WildfireAnalysisProfile             *wfasp.Firewall
-}
-
-// Initialize is invoked on client.Initialize().
-func (c *FwObjs) Initialize(i util.XapiClient) {
-	c.Address = addr.FirewallNamespace(i)
-	c.AddressGroup = addrgrp.FirewallNamespace(i)
-	c.AntiSpywareProfile = spyware.FirewallNamespace(i)
-	c.AntivirusProfile = virus.FirewallNamespace(i)
-	c.Application = app.FirewallNamespace(i)
-
-	c.AppGroup = &appgrp.FwGroup{}
-	c.AppGroup.Initialize(i)
-
-	c.AppSignature = &signature.FwSignature{}
-	c.AppSignature.Initialize(i)
-
-	c.AppSigAndCond = &andcond.FwAndCond{}
-	c.AppSigAndCond.Initialize(i)
-
-	c.AppSigOrCond = &orcond.FwOrCond{}
-	c.AppSigOrCond.Initialize(i)
-
-	c.CustomSpyware = cusspy.FirewallNamespace(i)
-	c.CustomUrlCategory = cusurl.FirewallNamespace(i)
-	c.CustomVulnerability = cusvuln.FirewallNamespace(i)
-	c.DataFilteringProfile = dfsp.FirewallNamespace(i)
-	c.DataPattern = datapat.FirewallNamespace(i)
-	c.DosProtectionProfile = dpsp.FirewallNamespace(i)
-	c.DynamicUserGroup = dug.FirewallNamespace(i)
-	c.Edl = edl.FirewallNamespace(i)
-	c.FileBlockingProfile = fprof.FirewallNamespace(i)
-	c.LogForwardingProfile = logfwd.FirewallNamespace(i)
-
-	c.LogForwardingProfileMatchList = &matchlist.FwMatchList{}
-	c.LogForwardingProfileMatchList.Initialize(i)
-
-	c.LogForwardingProfileMatchListAction = &action.FwAction{}
-	c.LogForwardingProfileMatchListAction.Initialize(i)
-
-	c.SecurityProfileGroup = spg.FirewallNamespace(i)
-	c.Services = srvc.FirewallNamespace(i)
-	c.ServiceGroup = srvcgrp.FirewallNamespace(i)
-	c.Tags = tags.FirewallNamespace(i)
-	c.UrlFilteringProfile = ufsp.FirewallNamespace(i)
-	c.VulnerabilityProfile = vulnerability.FirewallNamespace(i)
-	c.WildfireAnalysisProfile = wfasp.FirewallNamespace(i)
-}
diff --git a/objs/pano.go b/objs/pano.go
deleted file mode 100644
index 7d21defd..00000000
--- a/objs/pano.go
+++ /dev/null
@@ -1,112 +0,0 @@
-package objs
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	"github.com/PaloAltoNetworks/pango/objs/addr"
-	"github.com/PaloAltoNetworks/pango/objs/addrgrp"
-	"github.com/PaloAltoNetworks/pango/objs/app"
-	appgrp "github.com/PaloAltoNetworks/pango/objs/app/group"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature/andcond"
-	"github.com/PaloAltoNetworks/pango/objs/app/signature/orcond"
-	datapat "github.com/PaloAltoNetworks/pango/objs/custom/data"
-	cusspy "github.com/PaloAltoNetworks/pango/objs/custom/spyware"
-	cusurl "github.com/PaloAltoNetworks/pango/objs/custom/url"
-	cusvuln "github.com/PaloAltoNetworks/pango/objs/custom/vulnerability"
-	"github.com/PaloAltoNetworks/pango/objs/dug"
-	"github.com/PaloAltoNetworks/pango/objs/edl"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd/matchlist"
-	"github.com/PaloAltoNetworks/pango/objs/profile/logfwd/matchlist/action"
-	dfsp "github.com/PaloAltoNetworks/pango/objs/profile/security/data"
-	dpsp "github.com/PaloAltoNetworks/pango/objs/profile/security/dos"
-	fprof "github.com/PaloAltoNetworks/pango/objs/profile/security/file"
-	spg "github.com/PaloAltoNetworks/pango/objs/profile/security/group"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/spyware"
-	ufsp "github.com/PaloAltoNetworks/pango/objs/profile/security/url"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/virus"
-	"github.com/PaloAltoNetworks/pango/objs/profile/security/vulnerability"
-	wfasp "github.com/PaloAltoNetworks/pango/objs/profile/security/wildfire"
-	"github.com/PaloAltoNetworks/pango/objs/srvc"
-	"github.com/PaloAltoNetworks/pango/objs/srvcgrp"
-	"github.com/PaloAltoNetworks/pango/objs/tags"
-)
-
-// PanoObjs is the client.Objects namespace.
-type PanoObjs struct {
-	Address                             *addr.Panorama
-	AddressGroup                        *addrgrp.Panorama
-	AntiSpywareProfile                  *spyware.Panorama
-	AntivirusProfile                    *virus.Panorama
-	Application                         *app.Panorama
-	AppGroup                            *appgrp.PanoGroup
-	AppSignature                        *signature.PanoSignature
-	AppSigAndCond                       *andcond.PanoAndCond
-	AppSigOrCond                        *orcond.PanoOrCond
-	CustomSpyware                       *cusspy.Panorama
-	CustomUrlCategory                   *cusurl.Panorama
-	CustomVulnerability                 *cusvuln.Panorama
-	DataFilteringProfile                *dfsp.Panorama
-	DataPattern                         *datapat.Panorama
-	DosProtectionProfile                *dpsp.Panorama
-	DynamicUserGroup                    *dug.Panorama
-	Edl                                 *edl.Panorama
-	FileBlockingProfile                 *fprof.Panorama
-	LogForwardingProfile                *logfwd.Panorama
-	LogForwardingProfileMatchList       *matchlist.PanoMatchList
-	LogForwardingProfileMatchListAction *action.PanoAction
-	SecurityProfileGroup                *spg.Panorama
-	Services                            *srvc.Panorama
-	ServiceGroup                        *srvcgrp.Panorama
-	Tags                                *tags.Panorama
-	UrlFilteringProfile                 *ufsp.Panorama
-	VulnerabilityProfile                *vulnerability.Panorama
-	WildfireAnalysisProfile             *wfasp.Panorama
-}
-
-// Initialize is invoked on client.Initialize().
-func (c *PanoObjs) Initialize(i util.XapiClient) {
-	c.Address = addr.PanoramaNamespace(i)
-	c.AddressGroup = addrgrp.PanoramaNamespace(i)
-	c.AntiSpywareProfile = spyware.PanoramaNamespace(i)
-	c.AntivirusProfile = virus.PanoramaNamespace(i)
-	c.Application = app.PanoramaNamespace(i)
-
-	c.AppGroup = &appgrp.PanoGroup{}
-	c.AppGroup.Initialize(i)
-
-	c.AppSignature = &signature.PanoSignature{}
-	c.AppSignature.Initialize(i)
-
-	c.AppSigAndCond = &andcond.PanoAndCond{}
-	c.AppSigAndCond.Initialize(i)
-
-	c.AppSigOrCond = &orcond.PanoOrCond{}
-	c.AppSigOrCond.Initialize(i)
-
-	c.CustomSpyware = cusspy.PanoramaNamespace(i)
-	c.CustomUrlCategory = cusurl.PanoramaNamespace(i)
-	c.CustomVulnerability = cusvuln.PanoramaNamespace(i)
-	c.DataFilteringProfile = dfsp.PanoramaNamespace(i)
-	c.DataPattern = datapat.PanoramaNamespace(i)
-	c.DosProtectionProfile = dpsp.PanoramaNamespace(i)
-	c.DynamicUserGroup = dug.PanoramaNamespace(i)
-	c.Edl = edl.PanoramaNamespace(i)
-	c.FileBlockingProfile = fprof.PanoramaNamespace(i)
-	c.LogForwardingProfile = logfwd.PanoramaNamespace(i)
-
-	c.LogForwardingProfileMatchList = &matchlist.PanoMatchList{}
-	c.LogForwardingProfileMatchList.Initialize(i)
-
-	c.LogForwardingProfileMatchListAction = &action.PanoAction{}
-	c.LogForwardingProfileMatchListAction.Initialize(i)
-
-	c.SecurityProfileGroup = spg.PanoramaNamespace(i)
-	c.Services = srvc.PanoramaNamespace(i)
-	c.ServiceGroup = srvcgrp.PanoramaNamespace(i)
-	c.Tags = tags.PanoramaNamespace(i)
-	c.UrlFilteringProfile = ufsp.PanoramaNamespace(i)
-	c.VulnerabilityProfile = vulnerability.PanoramaNamespace(i)
-	c.WildfireAnalysisProfile = wfasp.PanoramaNamespace(i)
-}
diff --git a/objs/profile/logfwd/const.go b/objs/profile/logfwd/const.go
deleted file mode 100644
index 3e03135c..00000000
--- a/objs/profile/logfwd/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package logfwd
-
-const (
-	singular = "log forwarding profile"
-	plural   = "log forwarding profiles"
-)
diff --git a/objs/profile/logfwd/doc.go b/objs/profile/logfwd/doc.go
deleted file mode 100644
index 08f0c8a1..00000000
--- a/objs/profile/logfwd/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package logfwd is the client.Object.LogForwardingProfile namespace.
-
-Normalized object:  Entry
-*/
-package logfwd
diff --git a/objs/profile/logfwd/entry.go b/objs/profile/logfwd/entry.go
deleted file mode 100644
index 09c91dbc..00000000
--- a/objs/profile/logfwd/entry.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package logfwd
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a log forwarding profile.
-//
-// PAN-OS 8.0+.
-type Entry struct {
-	Name            string
-	Description     string
-	EnhancedLogging bool // 8.1+
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.EnhancedLogging = s.EnhancedLogging
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.MatchList != nil {
-		ans.raw = map[string]string{
-			"ml": util.CleanRawXml(o.MatchList.Text),
-		}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:            o.Name,
-		Description:     o.Description,
-		EnhancedLogging: util.AsBool(o.EnhancedLogging),
-	}
-
-	if o.MatchList != nil {
-		ans.raw = map[string]string{
-			"ml": util.CleanRawXml(o.MatchList.Text),
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name     `xml:"entry"`
-	Name        string       `xml:"name,attr"`
-	Description string       `xml:"description,omitempty"`
-	MatchList   *util.RawXml `xml:"match-list"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if text := e.raw["ml"]; text != "" {
-		ans.MatchList = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName         xml.Name     `xml:"entry"`
-	Name            string       `xml:"name,attr"`
-	Description     string       `xml:"description,omitempty"`
-	EnhancedLogging string       `xml:"enhanced-application-logging"`
-	MatchList       *util.RawXml `xml:"match-list"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:            e.Name,
-		Description:     e.Description,
-		EnhancedLogging: util.YesNo(e.EnhancedLogging),
-	}
-
-	if text := e.raw["ml"]; text != "" {
-		ans.MatchList = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/objs/profile/logfwd/funcs.go b/objs/profile/logfwd/funcs.go
deleted file mode 100644
index 36936733..00000000
--- a/objs/profile/logfwd/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package logfwd
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/logfwd/fw.go b/objs/profile/logfwd/fw.go
deleted file mode 100644
index 20b46ae9..00000000
--- a/objs/profile/logfwd/fw.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package logfwd
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.LogForwardingProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// SetWithoutSubconfig performs a DELETE to remove any subconfig
-// before performing a SET to create an object.
-func (c *Firewall) SetWithoutSubconfig(vsys string, e Entry) error {
-	c.ns.Client.LogAction("(delete) %s subconfig for %s", c.ns.Singular, e.Name)
-
-	path, err := c.xpath(vsys, []string{e.Name})
-	if err != nil {
-		return err
-	}
-
-	path = append(path, "description")
-	_, _ = c.ns.Client.Delete(path, nil, nil)
-
-	path[len(path)-1] = "match-list"
-	_, _ = c.ns.Client.Delete(path, nil, nil)
-
-	return c.Set(vsys, e)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/logfwd/fw_test.go b/objs/profile/logfwd/fw_test.go
deleted file mode 100644
index 03f5ad56..00000000
--- a/objs/profile/logfwd/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package logfwd
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/action/const.go b/objs/profile/logfwd/matchlist/action/const.go
deleted file mode 100644
index 18654c01..00000000
--- a/objs/profile/logfwd/matchlist/action/const.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package action
-
-// Valid values for ActionType.
-const (
-	ActionTypeTagging     = "tagging"
-	ActionTypeIntegration = "integration"
-)
-
-// Valid values for Action.
-const (
-	ActionAddTag    = "add-tag"
-	ActionRemoveTag = "remove-tag"
-	ActionAzure     = "Azure-Security-Center-Integration"
-)
-
-// Valid values for Target.
-const (
-	TargetSource      = "source-address"
-	TargetDestination = "destination-address"
-)
-
-// Valid values for Registration.
-const (
-	RegistrationLocal    = "localhost"
-	RegistrationRemote   = "remote"
-	RegistrationPanorama = "panorama"
-)
-
-const (
-	singular = "log forwarding profile match list action"
-	plural   = "log forwarding profile match list actions"
-)
diff --git a/objs/profile/logfwd/matchlist/action/doc.go b/objs/profile/logfwd/matchlist/action/doc.go
deleted file mode 100644
index 22b95184..00000000
--- a/objs/profile/logfwd/matchlist/action/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package action is the client.Object.LogForwardingProfileMatchListAction namespace.
-
-Normalized object:  Entry
-*/
-package action
diff --git a/objs/profile/logfwd/matchlist/action/entry.go b/objs/profile/logfwd/matchlist/action/entry.go
deleted file mode 100644
index bfae8331..00000000
--- a/objs/profile/logfwd/matchlist/action/entry.go
+++ /dev/null
@@ -1,276 +0,0 @@
-package action
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Entry is a normalized, version independent representation of a log forwarding profile match list action.
-//
-// PAN-OS 8.0+.
-type Entry struct {
-	Name         string
-	ActionType   string
-	Action       string
-	Target       string
-	Registration string
-	HttpProfile  string
-	Tags         []string // ordered
-	Timeout      int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.ActionType = s.ActionType
-	o.Action = s.Action
-	o.Target = s.Target
-	o.Registration = s.Registration
-	o.HttpProfile = s.HttpProfile
-	o.Tags = s.Tags
-	o.Timeout = s.Timeout
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name:       o.Answer.Name,
-		ActionType: ActionTypeTagging,
-		Action:     o.Answer.Type.Tagging.Action,
-		Target:     o.Answer.Type.Tagging.Target,
-		Tags:       util.MemToStr(o.Answer.Type.Tagging.Tags),
-	}
-
-	if o.Answer.Type.Tagging.Reg.Local != nil {
-		ans.Registration = RegistrationLocal
-	} else if o.Answer.Type.Tagging.Reg.Panorama != nil {
-		ans.Registration = RegistrationPanorama
-	} else if o.Answer.Type.Tagging.Reg.Remote != nil {
-		ans.Registration = RegistrationRemote
-		ans.HttpProfile = o.Answer.Type.Tagging.Reg.Remote.HttpProfile
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer entry_v2 `xml:"result>entry"`
-}
-
-func (o *container_v2) Normalize() Entry {
-	ans := Entry{
-		Name: o.Answer.Name,
-	}
-
-	if o.Answer.Type.Tagging != nil {
-		ans.ActionType = ActionTypeTagging
-		ans.Action = o.Answer.Type.Tagging.Action
-		ans.Target = o.Answer.Type.Tagging.Target
-		ans.Tags = util.MemToStr(o.Answer.Type.Tagging.Tags)
-
-		if o.Answer.Type.Tagging.Reg.Local != nil {
-			ans.Registration = RegistrationLocal
-		} else if o.Answer.Type.Tagging.Reg.Panorama != nil {
-			ans.Registration = RegistrationPanorama
-		} else if o.Answer.Type.Tagging.Reg.Remote != nil {
-			ans.Registration = RegistrationRemote
-			ans.HttpProfile = o.Answer.Type.Tagging.Reg.Remote.HttpProfile
-		}
-	} else if o.Answer.Type.Integration != nil {
-		ans.ActionType = ActionTypeIntegration
-		ans.Action = o.Answer.Type.Integration.Action
-	}
-
-	return ans
-}
-
-type container_v3 struct {
-	Answer entry_v3 `xml:"result>entry"`
-}
-
-func (o *container_v3) Normalize() Entry {
-	ans := Entry{
-		Name: o.Answer.Name,
-	}
-
-	if o.Answer.Type.Tagging != nil {
-		ans.ActionType = ActionTypeTagging
-		ans.Action = o.Answer.Type.Tagging.Action
-		ans.Target = o.Answer.Type.Tagging.Target
-		ans.Tags = util.MemToStr(o.Answer.Type.Tagging.Tags)
-		ans.Timeout = o.Answer.Type.Tagging.Timeout
-
-		if o.Answer.Type.Tagging.Reg.Local != nil {
-			ans.Registration = RegistrationLocal
-		} else if o.Answer.Type.Tagging.Reg.Panorama != nil {
-			ans.Registration = RegistrationPanorama
-		} else if o.Answer.Type.Tagging.Reg.Remote != nil {
-			ans.Registration = RegistrationRemote
-			ans.HttpProfile = o.Answer.Type.Tagging.Reg.Remote.HttpProfile
-		}
-	} else if o.Answer.Type.Integration != nil {
-		ans.ActionType = ActionTypeIntegration
-		ans.Action = o.Answer.Type.Integration.Action
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name      `xml:"entry"`
-	Name    string        `xml:"name,attr"`
-	Type    actionType_v1 `xml:"type"`
-}
-
-type actionType_v1 struct {
-	Tagging tagging_v1 `xml:"tagging"`
-}
-
-type tagging_v1 struct {
-	Action string           `xml:"action"`
-	Target string           `xml:"target"`
-	Reg    reg              `xml:"registration"`
-	Tags   *util.MemberType `xml:"tags"`
-}
-
-type reg struct {
-	Local    *string    `xml:"localhost"`
-	Panorama *string    `xml:"panorama"`
-	Remote   *regRemote `xml:"remote"`
-}
-
-type regRemote struct {
-	HttpProfile string `xml:"http-profile"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-		Type: actionType_v1{
-			Tagging: tagging_v1{
-				Action: e.Action,
-				Target: e.Target,
-				Tags:   util.StrToMem(e.Tags),
-			},
-		},
-	}
-
-	s := ""
-	switch e.Registration {
-	case RegistrationLocal:
-		ans.Type.Tagging.Reg.Local = &s
-	case RegistrationPanorama:
-		ans.Type.Tagging.Reg.Panorama = &s
-	case RegistrationRemote:
-		ans.Type.Tagging.Reg.Remote = &regRemote{e.HttpProfile}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name      `xml:"entry"`
-	Name    string        `xml:"name,attr"`
-	Type    actionType_v2 `xml:"type"`
-}
-
-type actionType_v2 struct {
-	Tagging     *tagging_v1  `xml:"tagging"`
-	Integration *integration `xml:"integration"`
-}
-
-type integration struct {
-	Action string `xml:"action"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	switch e.ActionType {
-	case ActionTypeTagging:
-		ans.Type.Tagging = &tagging_v1{
-			Action: e.Action,
-			Target: e.Target,
-			Tags:   util.StrToMem(e.Tags),
-		}
-
-		s := ""
-		switch e.Registration {
-		case RegistrationLocal:
-			ans.Type.Tagging.Reg.Local = &s
-		case RegistrationPanorama:
-			ans.Type.Tagging.Reg.Panorama = &s
-		case RegistrationRemote:
-			ans.Type.Tagging.Reg.Remote = &regRemote{e.HttpProfile}
-		}
-	case ActionTypeIntegration:
-		ans.Type.Integration = &integration{
-			Action: e.Action,
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName xml.Name      `xml:"entry"`
-	Name    string        `xml:"name,attr"`
-	Type    actionType_v3 `xml:"type"`
-}
-
-type actionType_v3 struct {
-	Tagging     *tagging_v2  `xml:"tagging"`
-	Integration *integration `xml:"integration"`
-}
-
-type tagging_v2 struct {
-	Action  string           `xml:"action"`
-	Target  string           `xml:"target"`
-	Reg     reg              `xml:"registration"`
-	Tags    *util.MemberType `xml:"tags"`
-	Timeout int              `xml:"timeout,omitempty"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name: e.Name,
-	}
-
-	switch e.ActionType {
-	case ActionTypeTagging:
-		ans.Type.Tagging = &tagging_v2{
-			Action:  e.Action,
-			Target:  e.Target,
-			Tags:    util.StrToMem(e.Tags),
-			Timeout: e.Timeout,
-		}
-
-		s := ""
-		switch e.Registration {
-		case RegistrationLocal:
-			ans.Type.Tagging.Reg.Local = &s
-		case RegistrationPanorama:
-			ans.Type.Tagging.Reg.Panorama = &s
-		case RegistrationRemote:
-			ans.Type.Tagging.Reg.Remote = &regRemote{e.HttpProfile}
-		}
-	case ActionTypeIntegration:
-		ans.Type.Integration = &integration{
-			Action: e.Action,
-		}
-	}
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/action/fw.go b/objs/profile/logfwd/matchlist/action/fw.go
deleted file mode 100644
index df7c61e1..00000000
--- a/objs/profile/logfwd/matchlist/action/fw.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package action
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// FwAction is the client.Objects.LogForwardingProfileMatchListAction namespace.
-type FwAction struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwAction) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwAction) ShowList(vsys, logfwd, matchlist string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, logfwd, matchlist, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwAction) GetList(vsys, logfwd, matchlist string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, logfwd, matchlist, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwAction) Get(vsys, logfwd, matchlist, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, logfwd, matchlist, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwAction) Show(vsys, logfwd, matchlist, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, logfwd, matchlist, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwAction) Set(vsys, logfwd, matchlist string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, logfwd, matchlist, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwAction) Edit(vsys, logfwd, matchlist string, e Entry) error {
-	var err error
-
-	if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, logfwd, matchlist, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwAction) Delete(vsys, logfwd, matchlist string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, logfwd, matchlist, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwAction) versioning() (normalizer, func(Entry) interface{}) {
-	v := c.con.Versioning()
-
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func (c *FwAction) details(fn util.Retriever, vsys, logfwd, matchlist, name string) (Entry, error) {
-	path := c.xpath(vsys, logfwd, matchlist, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwAction) xpath(vsys, logfwd, matchlist string, vals []string) []string {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath([]string{logfwd}),
-		"match-list",
-		util.AsEntryXpath([]string{matchlist}),
-		"actions",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/action/fw_test.go b/objs/profile/logfwd/matchlist/action/fw_test.go
deleted file mode 100644
index 6b27d079..00000000
--- a/objs/profile/logfwd/matchlist/action/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package action
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwAction{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", "lfp", "match list", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", "lfp", "match list", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/action/pano.go b/objs/profile/logfwd/matchlist/action/pano.go
deleted file mode 100644
index 66e882ec..00000000
--- a/objs/profile/logfwd/matchlist/action/pano.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package action
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// PanoAction is the client.Objects.LogForwardingProfileMatchListAction namespace.
-type PanoAction struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoAction) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoAction) ShowList(dg, logfwd, matchlist string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, logfwd, matchlist, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoAction) GetList(dg, logfwd, matchlist string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, logfwd, matchlist, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoAction) Get(dg, logfwd, matchlist, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, logfwd, matchlist, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoAction) Show(dg, logfwd, matchlist, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, logfwd, matchlist, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoAction) Set(dg, logfwd, matchlist string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, logfwd, matchlist, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoAction) Edit(dg, logfwd, matchlist string, e Entry) error {
-	var err error
-
-	if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, logfwd, matchlist, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoAction) Delete(dg, logfwd, matchlist string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	} else if matchlist == "" {
-		return fmt.Errorf("matchlist must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, logfwd, matchlist, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoAction) versioning() (normalizer, func(Entry) interface{}) {
-	v := c.con.Versioning()
-
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func (c *PanoAction) details(fn util.Retriever, dg, logfwd, matchlist, name string) (Entry, error) {
-	path := c.xpath(dg, logfwd, matchlist, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoAction) xpath(dg, logfwd, matchlist string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 12)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath([]string{logfwd}),
-		"match-list",
-		util.AsEntryXpath([]string{matchlist}),
-		"actions",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/action/pano_test.go b/objs/profile/logfwd/matchlist/action/pano_test.go
deleted file mode 100644
index e9243a1f..00000000
--- a/objs/profile/logfwd/matchlist/action/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package action
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoAction{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", "lfp", "match list", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", "lfp", "match list", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/action/testdata_test.go b/objs/profile/logfwd/matchlist/action/testdata_test.go
deleted file mode 100644
index 56f0e28b..00000000
--- a/objs/profile/logfwd/matchlist/action/testdata_test.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package action
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 tagging add-tag with local", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "t1",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionAddTag,
-			Target:       TargetSource,
-			Registration: RegistrationLocal,
-			Tags:         []string{"tag3", "tag1", "tag2"},
-		}},
-		{"v1 tagging remove-tag with panorama", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "t2",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationPanorama,
-		}},
-		{"v1 tagging add-tag with remote", version.Number{8, 0, 0, ""}, Entry{
-			Name:         "t3",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationRemote,
-			HttpProfile:  "my profile",
-			Tags:         []string{"mytag"},
-		}},
-		{"v2 tagging add-tag with local", version.Number{8, 1, 0, ""}, Entry{
-			Name:         "t1",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionAddTag,
-			Target:       TargetSource,
-			Registration: RegistrationLocal,
-			Tags:         []string{"tag3", "tag1", "tag2"},
-		}},
-		{"v2 tagging remove-tag with panorama", version.Number{8, 1, 0, ""}, Entry{
-			Name:         "t2",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationPanorama,
-		}},
-		{"v2 tagging add-tag with remote", version.Number{8, 1, 0, ""}, Entry{
-			Name:         "t3",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationRemote,
-			HttpProfile:  "my profile",
-			Tags:         []string{"mytag"},
-		}},
-		{"v2 integration", version.Number{8, 1, 0, ""}, Entry{
-			Name:       "t4",
-			ActionType: ActionTypeIntegration,
-			Action:     ActionAzure,
-		}},
-		{"v3 tagging add-tag with local", version.Number{9, 0, 0, ""}, Entry{
-			Name:         "t1",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionAddTag,
-			Target:       TargetSource,
-			Registration: RegistrationLocal,
-			Tags:         []string{"tag3", "tag1", "tag2"},
-		}},
-		{"v3 tagging remove-tag with panorama", version.Number{9, 0, 0, ""}, Entry{
-			Name:         "t2",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationPanorama,
-		}},
-		{"v3 tagging add-tag with remote", version.Number{9, 0, 0, ""}, Entry{
-			Name:         "t3",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionRemoveTag,
-			Target:       TargetDestination,
-			Registration: RegistrationRemote,
-			HttpProfile:  "my profile",
-			Tags:         []string{"mytag"},
-		}},
-		{"v3 integration", version.Number{9, 0, 0, ""}, Entry{
-			Name:       "t4",
-			ActionType: ActionTypeIntegration,
-			Action:     ActionAzure,
-		}},
-		{"v3 tagging add-tag with local and timeout", version.Number{9, 0, 0, ""}, Entry{
-			Name:         "t5",
-			ActionType:   ActionTypeTagging,
-			Action:       ActionAddTag,
-			Target:       TargetSource,
-			Registration: RegistrationLocal,
-			Timeout:      42,
-			Tags:         []string{"tag3", "tag1", "tag2"},
-		}},
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/const.go b/objs/profile/logfwd/matchlist/const.go
deleted file mode 100644
index b3181454..00000000
--- a/objs/profile/logfwd/matchlist/const.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package matchlist
-
-// These are valid values for LogType.
-// The value "sctp" is valid for PAN-OS 8.1+.
-// The value "decryption" is valid for PAN-OS 10.0+.
-const (
-	LogTypeTraffic    = "traffic"
-	LogTypeThreat     = "threat"
-	LogTypeWildfire   = "wildfire"
-	LogTypeUrl        = "url"
-	LogTypeData       = "data"
-	LogTypeGtp        = "gtp"
-	LogTypeTunnel     = "tunnel"
-	LogTypeAuth       = "auth"
-	LogTypeSctp       = "sctp"
-	LogTypeDecryption = "decryption"
-)
-
-const (
-	singular = "log forwarding profile match list"
-	plural   = "log forwarding profile match lists"
-)
diff --git a/objs/profile/logfwd/matchlist/doc.go b/objs/profile/logfwd/matchlist/doc.go
deleted file mode 100644
index b7331a22..00000000
--- a/objs/profile/logfwd/matchlist/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package matchlist is the client.Object.LogForwardingProfileMatchList namespace.
-
-Normalized object:  Entry
-*/
-package matchlist
diff --git a/objs/profile/logfwd/matchlist/entry.go b/objs/profile/logfwd/matchlist/entry.go
deleted file mode 100644
index 2f352487..00000000
--- a/objs/profile/logfwd/matchlist/entry.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package matchlist
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Entry is a normalized, version independent representation of a log forwarding profile match list.
-//
-// PAN-OS 8.0+.
-type Entry struct {
-	Name           string
-	Description    string
-	LogType        string
-	Filter         string
-	SendToPanorama bool
-	SnmpProfiles   []string // unordered
-	EmailProfiles  []string // unordered
-	SyslogProfiles []string // unordered
-	HttpProfiles   []string // unordered
-
-	raw map[string]string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.LogType = s.LogType
-	o.Filter = s.Filter
-	o.SendToPanorama = s.SendToPanorama
-	o.SnmpProfiles = s.SnmpProfiles
-	o.EmailProfiles = s.EmailProfiles
-	o.SyslogProfiles = s.SyslogProfiles
-	o.HttpProfiles = s.HttpProfiles
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() Entry
-}
-
-type container_v1 struct {
-	Answer entry_v1 `xml:"result>entry"`
-}
-
-func (o *container_v1) Normalize() Entry {
-	ans := Entry{
-		Name:           o.Answer.Name,
-		Description:    o.Answer.Description,
-		LogType:        o.Answer.LogType,
-		Filter:         o.Answer.Filter,
-		SendToPanorama: util.AsBool(o.Answer.SendToPanorama),
-		SnmpProfiles:   util.MemToStr(o.Answer.SnmpProfiles),
-		EmailProfiles:  util.MemToStr(o.Answer.EmailProfiles),
-		SyslogProfiles: util.MemToStr(o.Answer.SyslogProfiles),
-		HttpProfiles:   util.MemToStr(o.Answer.HttpProfiles),
-	}
-
-	if o.Answer.Actions != nil {
-		ans.raw = map[string]string{
-			"act": util.CleanRawXml(o.Answer.Actions.Text),
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName        xml.Name         `xml:"entry"`
-	Name           string           `xml:"name,attr"`
-	Description    string           `xml:"action-desc,omitempty"`
-	LogType        string           `xml:"log-type"`
-	Filter         string           `xml:"filter"`
-	SendToPanorama string           `xml:"send-to-panorama"`
-	SnmpProfiles   *util.MemberType `xml:"send-snmptrap"`
-	EmailProfiles  *util.MemberType `xml:"send-email"`
-	SyslogProfiles *util.MemberType `xml:"send-syslog"`
-	HttpProfiles   *util.MemberType `xml:"send-http"`
-	Actions        *util.RawXml     `xml:"actions"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:           e.Name,
-		Description:    e.Description,
-		LogType:        e.LogType,
-		Filter:         e.Filter,
-		SendToPanorama: util.YesNo(e.SendToPanorama),
-		SnmpProfiles:   util.StrToMem(e.SnmpProfiles),
-		EmailProfiles:  util.StrToMem(e.EmailProfiles),
-		SyslogProfiles: util.StrToMem(e.SyslogProfiles),
-		HttpProfiles:   util.StrToMem(e.HttpProfiles),
-	}
-
-	if text := e.raw["act"]; text != "" {
-		ans.Actions = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/fw.go b/objs/profile/logfwd/matchlist/fw.go
deleted file mode 100644
index 9ee7e337..00000000
--- a/objs/profile/logfwd/matchlist/fw.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package matchlist
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// FwMatchList is the client.Objects.LogForwardingProfileMatchList namespace.
-type FwMatchList struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *FwMatchList) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *FwMatchList) ShowList(vsys, logfwd string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(vsys, logfwd, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *FwMatchList) GetList(vsys, logfwd string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(vsys, logfwd, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *FwMatchList) Get(vsys, logfwd, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, vsys, logfwd, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *FwMatchList) Show(vsys, logfwd, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, vsys, logfwd, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *FwMatchList) Set(vsys, logfwd string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(vsys, logfwd, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *FwMatchList) Edit(vsys, logfwd string, e Entry) error {
-	var err error
-
-	if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(vsys, logfwd, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *FwMatchList) Delete(vsys, logfwd string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(vsys, logfwd, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *FwMatchList) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *FwMatchList) details(fn util.Retriever, vsys, logfwd, name string) (Entry, error) {
-	path := c.xpath(vsys, logfwd, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *FwMatchList) xpath(vsys, logfwd string, vals []string) []string {
-	if vsys == "" {
-		vsys = "shared"
-	}
-
-	ans := make([]string, 0, 10)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath([]string{logfwd}),
-		"match-list",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/fw_test.go b/objs/profile/logfwd/matchlist/fw_test.go
deleted file mode 100644
index c1c3075e..00000000
--- a/objs/profile/logfwd/matchlist/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package matchlist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &FwMatchList{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", "lfp", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", "lfp", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/pano.go b/objs/profile/logfwd/matchlist/pano.go
deleted file mode 100644
index af89fdd4..00000000
--- a/objs/profile/logfwd/matchlist/pano.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package matchlist
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// PanoMatchList is the client.Objects.LogForwardingProfileMatchList namespace.
-type PanoMatchList struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked by client.Initialize().
-func (c *PanoMatchList) Initialize(con util.XapiClient) {
-	c.con = con
-}
-
-// ShowList performs SHOW to retrieve a list of values.
-func (c *PanoMatchList) ShowList(dg, logfwd string) ([]string, error) {
-	c.con.LogQuery("(show) list of %s", plural)
-	path := c.xpath(dg, logfwd, nil)
-	return c.con.EntryListUsing(c.con.Show, path[:len(path)-1])
-}
-
-// GetList performs GET to retrieve a list of values.
-func (c *PanoMatchList) GetList(dg, logfwd string) ([]string, error) {
-	c.con.LogQuery("(get) list of %s", plural)
-	path := c.xpath(dg, logfwd, nil)
-	return c.con.EntryListUsing(c.con.Get, path[:len(path)-1])
-}
-
-// Get performs GET to retrieve information for the given uid.
-func (c *PanoMatchList) Get(dg, logfwd, name string) (Entry, error) {
-	c.con.LogQuery("(get) %s %q", singular, name)
-	return c.details(c.con.Get, dg, logfwd, name)
-}
-
-// Show performs SHOW to retrieve information for the given uid.
-func (c *PanoMatchList) Show(dg, logfwd, name string) (Entry, error) {
-	c.con.LogQuery("(show) %s %q", singular, name)
-	return c.details(c.con.Show, dg, logfwd, name)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *PanoMatchList) Set(dg, logfwd string, e ...Entry) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	_, fn := c.versioning()
-	names := make([]string, len(e))
-
-	// Build up the struct.
-	d := util.BulkElement{XMLName: xml.Name{Local: "temp"}}
-	for i := range e {
-		d.Data = append(d.Data, fn(e[i]))
-		names[i] = e[i].Name
-	}
-	c.con.LogAction("(set) %s: %v", plural, names)
-
-	// Set xpath.
-	path := c.xpath(dg, logfwd, names)
-	d.XMLName = xml.Name{Local: path[len(path)-2]}
-	if len(e) == 1 {
-		path = path[:len(path)-1]
-	} else {
-		path = path[:len(path)-2]
-	}
-
-	// Create the objects.
-	_, err = c.con.Set(path, d.Config(), nil, nil)
-	return err
-}
-
-// Edit performs EDIT to create / update one object.
-func (c *PanoMatchList) Edit(dg, logfwd string, e Entry) error {
-	var err error
-
-	if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	_, fn := c.versioning()
-
-	c.con.LogAction("(edit) %s %q", singular, e.Name)
-
-	// Set xpath.
-	path := c.xpath(dg, logfwd, []string{e.Name})
-
-	// Edit the object.
-	_, err = c.con.Edit(path, fn(e), nil, nil)
-	return err
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *PanoMatchList) Delete(dg, logfwd string, e ...interface{}) error {
-	var err error
-
-	if len(e) == 0 {
-		return nil
-	} else if logfwd == "" {
-		return fmt.Errorf("logfwd must be specified")
-	}
-
-	names := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			names[i] = v
-		case Entry:
-			names[i] = v.Name
-		default:
-			return fmt.Errorf("Unknown type sent to delete: %s", v)
-		}
-	}
-	c.con.LogAction("(delete) %s: %v", plural, names)
-
-	// Remove the objects.
-	path := c.xpath(dg, logfwd, names)
-	_, err = c.con.Delete(path, nil, nil)
-	return err
-}
-
-/** Internal functions for this namespace struct **/
-
-func (c *PanoMatchList) versioning() (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func (c *PanoMatchList) details(fn util.Retriever, dg, logfwd, name string) (Entry, error) {
-	path := c.xpath(dg, logfwd, []string{name})
-	obj, _ := c.versioning()
-	if _, err := fn(path, nil, obj); err != nil {
-		return Entry{}, err
-	}
-	ans := obj.Normalize()
-
-	return ans, nil
-}
-
-func (c *PanoMatchList) xpath(dg, logfwd string, vals []string) []string {
-	if dg == "" {
-		dg = "shared"
-	}
-
-	ans := make([]string, 0, 10)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath([]string{logfwd}),
-		"match-list",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans
-}
diff --git a/objs/profile/logfwd/matchlist/pano_test.go b/objs/profile/logfwd/matchlist/pano_test.go
deleted file mode 100644
index da8db175..00000000
--- a/objs/profile/logfwd/matchlist/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package matchlist
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := &PanoMatchList{}
-	ns.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", "lfp", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", "lfp", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/matchlist/testdata_test.go b/objs/profile/logfwd/matchlist/testdata_test.go
deleted file mode 100644
index 916a0ab9..00000000
--- a/objs/profile/logfwd/matchlist/testdata_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package matchlist
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"basic without raw", version.Number{8, 0, 0, ""}, Entry{
-			Name:           "t1",
-			Description:    "foobar",
-			LogType:        LogTypeTunnel,
-			Filter:         "my filter",
-			SnmpProfiles:   []string{"prof1", "prof2"},
-			SyslogProfiles: []string{"syslog1", "syslog2"},
-		}},
-		{"basic without raw", version.Number{8, 0, 0, ""}, Entry{
-			Name:           "t1",
-			LogType:        LogTypeAuth,
-			Filter:         "my other filter",
-			SendToPanorama: true,
-			EmailProfiles:  []string{"email1", "email2"},
-			HttpProfiles:   []string{"http1", "http3"},
-			raw: map[string]string{
-				"act": "my various actions",
-			},
-		}},
-	}
-}
diff --git a/objs/profile/logfwd/pano.go b/objs/profile/logfwd/pano.go
deleted file mode 100644
index eae4d0d2..00000000
--- a/objs/profile/logfwd/pano.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package logfwd
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.LogForwardingProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-// SetWithoutSubconfig performs a DELETE to remove any subconfig
-// before performing a SET to create an object.
-func (c *Panorama) SetWithoutSubconfig(dg string, e Entry) error {
-	c.ns.Client.LogAction("(delete) %s subconfig for %s", c.ns.Singular, e.Name)
-
-	path, err := c.xpath(dg, []string{e.Name})
-	if err != nil {
-		return err
-	}
-
-	path = append(path, "description")
-	_, _ = c.ns.Client.Delete(path, nil, nil)
-
-	path[len(path)-1] = "match-list"
-	_, _ = c.ns.Client.Delete(path, nil, nil)
-
-	return c.Set(dg, e)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"log-settings",
-		"profiles",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/logfwd/pano_test.go b/objs/profile/logfwd/pano_test.go
deleted file mode 100644
index e2b756e1..00000000
--- a/objs/profile/logfwd/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package logfwd
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/logfwd/testdata_test.go b/objs/profile/logfwd/testdata_test.go
deleted file mode 100644
index 8236e5ad..00000000
--- a/objs/profile/logfwd/testdata_test.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package logfwd
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"version1 basic", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"version1 with raw data", version.Number{8, 0, 0, ""}, Entry{
-			Name: "t2",
-			raw: map[string]string{
-				"ml": "match list data",
-			},
-		}},
-		{"version2 basic no enhanced logging", version.Number{8, 1, 0, ""}, Entry{
-			Name:        "t3",
-			Description: "foobar",
-		}},
-		{"version2 basic enhanced logging", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t4",
-			Description:     "foobar",
-			EnhancedLogging: true,
-		}},
-		{"version2 with raw data", version.Number{8, 1, 0, ""}, Entry{
-			Name: "t5",
-			raw: map[string]string{
-				"ml": "match list data",
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/data/const.go b/objs/profile/security/data/const.go
deleted file mode 100644
index b7600be9..00000000
--- a/objs/profile/security/data/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package data
-
-// Valid values for Rule.Direction.
-const (
-	DirectionUpload   = "upload"
-	DirectionDownload = "download"
-	DirectionBoth     = "both"
-)
-
-const (
-	singular = "data filtering security profile"
-	plural   = "data filtering security profiles"
-)
diff --git a/objs/profile/security/data/doc.go b/objs/profile/security/data/doc.go
deleted file mode 100644
index 4f47423c..00000000
--- a/objs/profile/security/data/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package data is the client.Object.DataFilteringProfile namespace.
-
-Normalized object:  Entry
-*/
-package data
diff --git a/objs/profile/security/data/entry.go b/objs/profile/security/data/entry.go
deleted file mode 100644
index 4d37bb14..00000000
--- a/objs/profile/security/data/entry.go
+++ /dev/null
@@ -1,278 +0,0 @@
-package data
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// data filtering profile.
-type Entry struct {
-	Name        string
-	Description string
-	DataCapture bool
-	Rules       []Rule
-}
-
-// Rule is a data filtering rule.  In PAN-OS, the Name param is
-// auto generated and look like "rule1", "rule2"...  If the Name param
-// is an empty string, the name will be auto populated as appropriate.
-type Rule struct {
-	Name           string
-	DataPattern    string
-	Applications   []string // ordered
-	FileTypes      []string // ordered
-	Direction      string
-	AlertThreshold int
-	BlockThreshold int
-	LogSeverity    string // 8.0+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.DataCapture = s.DataCapture
-	if s.Rules == nil {
-		o.Rules = nil
-	} else {
-		o.Rules = make([]Rule, 0, len(s.Rules))
-		for _, x := range s.Rules {
-			r := Rule{
-				Name:           x.Name,
-				DataPattern:    x.DataPattern,
-				Direction:      x.Direction,
-				AlertThreshold: x.AlertThreshold,
-				BlockThreshold: x.BlockThreshold,
-				LogSeverity:    x.LogSeverity,
-			}
-			if len(x.Applications) != 0 {
-				r.Applications = make([]string, len(x.Applications))
-				copy(r.Applications, x.Applications)
-			}
-			if len(x.FileTypes) != 0 {
-				r.FileTypes = make([]string, len(x.FileTypes))
-				copy(r.FileTypes, x.FileTypes)
-			}
-			o.Rules = append(o.Rules, r)
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		DataCapture: util.AsBool(o.DataCapture),
-	}
-
-	if o.Rules != nil {
-		rules := make([]Rule, 0, len(o.Rules.Entries))
-		for _, v := range o.Rules.Entries {
-			r := Rule{
-				Name:           v.Name,
-				DataPattern:    v.DataPattern,
-				Applications:   util.MemToStr(v.Applications),
-				FileTypes:      util.MemToStr(v.FileTypes),
-				Direction:      v.Direction,
-				AlertThreshold: v.AlertThreshold,
-				BlockThreshold: v.BlockThreshold,
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = rules
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name  `xml:"entry"`
-	Name        string    `xml:"name,attr"`
-	Description string    `xml:"description,omitempty"`
-	DataCapture string    `xml:"data-capture,omitempty"`
-	Rules       *rules_v1 `xml:"rules"`
-}
-
-type rules_v1 struct {
-	Entries []rule_v1 `xml:"entry"`
-}
-
-type rule_v1 struct {
-	Name           string           `xml:"name,attr"`
-	DataPattern    string           `xml:"data-object"`
-	Applications   *util.MemberType `xml:"application"`
-	FileTypes      *util.MemberType `xml:"file-type"`
-	Direction      string           `xml:"direction,omitempty"`
-	AlertThreshold int              `xml:"alert-threshold,omitempty"`
-	BlockThreshold int              `xml:"block-threshold,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		DataCapture: util.YesNo(e.DataCapture),
-	}
-
-	if len(e.Rules) > 0 {
-		rules := make([]rule_v1, 0, len(e.Rules))
-		for num, er := range e.Rules {
-			r := rule_v1{
-				Name:           er.Name,
-				DataPattern:    er.DataPattern,
-				Applications:   util.StrToMem(er.Applications),
-				FileTypes:      util.StrToMem(er.FileTypes),
-				Direction:      er.Direction,
-				AlertThreshold: er.AlertThreshold,
-				BlockThreshold: er.BlockThreshold,
-			}
-			if er.Name == "" {
-				r.Name = fmt.Sprintf("rule%d", num)
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = &rules_v1{Entries: rules}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		DataCapture: util.AsBool(o.DataCapture),
-	}
-
-	if o.Rules != nil {
-		rules := make([]Rule, 0, len(o.Rules.Entries))
-		for _, v := range o.Rules.Entries {
-			r := Rule{
-				Name:           v.Name,
-				DataPattern:    v.DataPattern,
-				Applications:   util.MemToStr(v.Applications),
-				FileTypes:      util.MemToStr(v.FileTypes),
-				Direction:      v.Direction,
-				AlertThreshold: v.AlertThreshold,
-				BlockThreshold: v.BlockThreshold,
-				LogSeverity:    v.LogSeverity,
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = rules
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name  `xml:"entry"`
-	Name        string    `xml:"name,attr"`
-	Description string    `xml:"description,omitempty"`
-	DataCapture string    `xml:"data-capture,omitempty"`
-	Rules       *rules_v2 `xml:"rules"`
-}
-
-type rules_v2 struct {
-	Entries []rule_v2 `xml:"entry"`
-}
-
-type rule_v2 struct {
-	Name           string           `xml:"name,attr"`
-	DataPattern    string           `xml:"data-object"`
-	Applications   *util.MemberType `xml:"application"`
-	FileTypes      *util.MemberType `xml:"file-type"`
-	Direction      string           `xml:"direction,omitempty"`
-	AlertThreshold int              `xml:"alert-threshold,omitempty"`
-	BlockThreshold int              `xml:"block-threshold,omitempty"`
-	LogSeverity    string           `xml:"log-severity,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-		DataCapture: util.YesNo(e.DataCapture),
-	}
-
-	if len(e.Rules) > 0 {
-		rules := make([]rule_v2, 0, len(e.Rules))
-		for num, er := range e.Rules {
-			r := rule_v2{
-				Name:           er.Name,
-				DataPattern:    er.DataPattern,
-				Applications:   util.StrToMem(er.Applications),
-				FileTypes:      util.StrToMem(er.FileTypes),
-				Direction:      er.Direction,
-				AlertThreshold: er.AlertThreshold,
-				BlockThreshold: er.BlockThreshold,
-				LogSeverity:    er.LogSeverity,
-			}
-			if er.Name == "" {
-				r.Name = fmt.Sprintf("rule%d", num)
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = &rules_v2{Entries: rules}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/data/funcs.go b/objs/profile/security/data/funcs.go
deleted file mode 100644
index 874024eb..00000000
--- a/objs/profile/security/data/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package data
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/data/fw.go b/objs/profile/security/data/fw.go
deleted file mode 100644
index 92a594bb..00000000
--- a/objs/profile/security/data/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.DataFilteringProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"data-filtering",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/data/fw_test.go b/objs/profile/security/data/fw_test.go
deleted file mode 100644
index 26f9c8e3..00000000
--- a/objs/profile/security/data/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package data
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/data/pano.go b/objs/profile/security/data/pano.go
deleted file mode 100644
index f21cd45b..00000000
--- a/objs/profile/security/data/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.DataFilteringProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"data-filtering",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/data/pano_test.go b/objs/profile/security/data/pano_test.go
deleted file mode 100644
index 1bf6ccce..00000000
--- a/objs/profile/security/data/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package data
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/data/testdata_test.go b/objs/profile/security/data/testdata_test.go
deleted file mode 100644
index d4a66a5c..00000000
--- a/objs/profile/security/data/testdata_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-package data
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no rules", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			DataCapture: true,
-		}},
-		{"v1 with rules", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Rules: []Rule{
-				Rule{
-					Name:           "rule0",
-					Applications:   []string{"aim-mail"},
-					FileTypes:      []string{"text/html", "rtf"},
-					Direction:      DirectionDownload,
-					AlertThreshold: 42,
-					BlockThreshold: 53,
-					DataPattern:    "myObj",
-				},
-			},
-		}},
-		{"v2 no rules", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v2 with rules", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			DataCapture: true,
-			Rules: []Rule{
-				Rule{
-					Name:           "rule0",
-					Applications:   []string{"aim-mail"},
-					FileTypes:      []string{"text/html", "rtf"},
-					Direction:      DirectionDownload,
-					AlertThreshold: 42,
-					BlockThreshold: 53,
-					DataPattern:    "myObj",
-					LogSeverity:    "high",
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/dos/const.go b/objs/profile/security/dos/const.go
deleted file mode 100644
index 77b4ea9d..00000000
--- a/objs/profile/security/dos/const.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package dos
-
-// Valid values for Type.
-const (
-	TypeAggregate  = "aggregate"
-	TypeClassified = "classified"
-)
-
-// Valid values for Syn.Action.
-const (
-	SynActionRed     = "red"
-	SynActionCookies = "syn-cookies"
-)
-
-const (
-	singular = "dos protection security profile"
-	plural   = "dos protection security profiles"
-)
diff --git a/objs/profile/security/dos/doc.go b/objs/profile/security/dos/doc.go
deleted file mode 100644
index 00cd6b75..00000000
--- a/objs/profile/security/dos/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package dos is the client.Object.DosProtectionProfile namespace.
-
-Normalized object:  Entry
-*/
-package dos
diff --git a/objs/profile/security/dos/entry.go b/objs/profile/security/dos/entry.go
deleted file mode 100644
index 05c0737b..00000000
--- a/objs/profile/security/dos/entry.go
+++ /dev/null
@@ -1,425 +0,0 @@
-package dos
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// DOS protection security profile.
-type Entry struct {
-	Name                      string
-	Description               string
-	Type                      string
-	EnableSessionsProtections bool
-	MaxConcurrentSessions     int
-	Syn                       *SynProtection
-	Udp                       *Protection
-	Icmp                      *Protection
-	Icmpv6                    *Protection
-	Other                     *Protection
-}
-
-type SynProtection struct {
-	Enable        bool
-	Action        string
-	AlarmRate     int
-	ActivateRate  int
-	MaxRate       int
-	BlockDuration int
-}
-
-type Protection struct {
-	Enable        bool
-	AlarmRate     int
-	ActivateRate  int
-	MaxRate       int
-	BlockDuration int
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Type = s.Type
-	o.EnableSessionsProtections = s.EnableSessionsProtections
-	o.MaxConcurrentSessions = s.MaxConcurrentSessions
-	if s.Syn == nil {
-		o.Syn = nil
-	} else {
-		o.Syn = &SynProtection{
-			Enable:        s.Syn.Enable,
-			Action:        s.Syn.Action,
-			AlarmRate:     s.Syn.AlarmRate,
-			ActivateRate:  s.Syn.ActivateRate,
-			MaxRate:       s.Syn.MaxRate,
-			BlockDuration: s.Syn.BlockDuration,
-		}
-	}
-	if s.Udp == nil {
-		o.Udp = nil
-	} else {
-		o.Udp = &Protection{
-			Enable:        s.Udp.Enable,
-			AlarmRate:     s.Udp.AlarmRate,
-			ActivateRate:  s.Udp.ActivateRate,
-			MaxRate:       s.Udp.MaxRate,
-			BlockDuration: s.Udp.BlockDuration,
-		}
-	}
-	if s.Icmp == nil {
-		o.Icmp = nil
-	} else {
-		o.Icmp = &Protection{
-			Enable:        s.Icmp.Enable,
-			AlarmRate:     s.Icmp.AlarmRate,
-			ActivateRate:  s.Icmp.ActivateRate,
-			MaxRate:       s.Icmp.MaxRate,
-			BlockDuration: s.Icmp.BlockDuration,
-		}
-	}
-	if s.Icmpv6 == nil {
-		o.Icmpv6 = nil
-	} else {
-		o.Icmpv6 = &Protection{
-			Enable:        s.Icmpv6.Enable,
-			AlarmRate:     s.Icmpv6.AlarmRate,
-			ActivateRate:  s.Icmpv6.ActivateRate,
-			MaxRate:       s.Icmpv6.MaxRate,
-			BlockDuration: s.Icmpv6.BlockDuration,
-		}
-	}
-	if s.Other == nil {
-		o.Other = nil
-	} else {
-		o.Other = &Protection{
-			Enable:        s.Other.Enable,
-			AlarmRate:     s.Other.AlarmRate,
-			ActivateRate:  s.Other.ActivateRate,
-			MaxRate:       s.Other.MaxRate,
-			BlockDuration: s.Other.BlockDuration,
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Type:        o.Type,
-	}
-
-	if o.Flood != nil {
-		if o.Flood.Syn != nil {
-			if o.Flood.Syn.Red != nil {
-				ans.Syn = &SynProtection{
-					Action:       SynActionRed,
-					AlarmRate:    o.Flood.Syn.Red.AlarmRate,
-					ActivateRate: o.Flood.Syn.Red.ActivateRate,
-					MaxRate:      o.Flood.Syn.Red.MaxRate,
-				}
-				if o.Flood.Syn.Red.Block != nil {
-					ans.Syn.BlockDuration = o.Flood.Syn.Red.Block.BlockDuration
-				}
-			} else if o.Flood.Syn.Cookies != nil {
-				ans.Syn = &SynProtection{
-					Action:       SynActionCookies,
-					AlarmRate:    o.Flood.Syn.Cookies.AlarmRate,
-					ActivateRate: o.Flood.Syn.Cookies.ActivateRate,
-					MaxRate:      o.Flood.Syn.Cookies.MaxRate,
-				}
-				if o.Flood.Syn.Cookies.Block != nil {
-					ans.Syn.BlockDuration = o.Flood.Syn.Cookies.Block.BlockDuration
-				}
-			} else {
-				ans.Syn = &SynProtection{}
-			}
-			ans.Syn.Enable = util.AsBool(o.Flood.Syn.Enable)
-		}
-
-		if o.Flood.Udp != nil {
-			if o.Flood.Udp.Red != nil {
-				ans.Udp = &Protection{
-					AlarmRate:    o.Flood.Udp.Red.AlarmRate,
-					ActivateRate: o.Flood.Udp.Red.ActivateRate,
-					MaxRate:      o.Flood.Udp.Red.MaxRate,
-				}
-				if o.Flood.Udp.Red.Block != nil {
-					ans.Udp.BlockDuration = o.Flood.Udp.Red.Block.BlockDuration
-				}
-			} else {
-				ans.Udp = &Protection{}
-			}
-			ans.Udp.Enable = util.AsBool(o.Flood.Udp.Enable)
-		}
-
-		if o.Flood.Icmp != nil {
-			if o.Flood.Icmp.Red != nil {
-				ans.Icmp = &Protection{
-					AlarmRate:    o.Flood.Icmp.Red.AlarmRate,
-					ActivateRate: o.Flood.Icmp.Red.ActivateRate,
-					MaxRate:      o.Flood.Icmp.Red.MaxRate,
-				}
-				if o.Flood.Icmp.Red.Block != nil {
-					ans.Icmp.BlockDuration = o.Flood.Icmp.Red.Block.BlockDuration
-				}
-			} else {
-				ans.Icmp = &Protection{}
-			}
-			ans.Icmp.Enable = util.AsBool(o.Flood.Icmp.Enable)
-		}
-
-		if o.Flood.Icmpv6 != nil {
-			if o.Flood.Icmpv6.Red != nil {
-				ans.Icmpv6 = &Protection{
-					AlarmRate:    o.Flood.Icmpv6.Red.AlarmRate,
-					ActivateRate: o.Flood.Icmpv6.Red.ActivateRate,
-					MaxRate:      o.Flood.Icmpv6.Red.MaxRate,
-				}
-				if o.Flood.Icmpv6.Red.Block != nil {
-					ans.Icmpv6.BlockDuration = o.Flood.Icmpv6.Red.Block.BlockDuration
-				}
-			} else {
-				ans.Icmpv6 = &Protection{}
-			}
-			ans.Icmpv6.Enable = util.AsBool(o.Flood.Icmpv6.Enable)
-		}
-
-		if o.Flood.Other != nil {
-			if o.Flood.Other.Red != nil {
-				ans.Other = &Protection{
-					AlarmRate:    o.Flood.Other.Red.AlarmRate,
-					ActivateRate: o.Flood.Other.Red.ActivateRate,
-					MaxRate:      o.Flood.Other.Red.MaxRate,
-				}
-				if o.Flood.Other.Red.Block != nil {
-					ans.Other.BlockDuration = o.Flood.Other.Red.Block.BlockDuration
-				}
-			} else {
-				ans.Other = &Protection{}
-			}
-			ans.Other.Enable = util.AsBool(o.Flood.Other.Enable)
-		}
-	}
-
-	if o.Resource != nil {
-		if o.Resource.Sess != nil {
-			ans.EnableSessionsProtections = util.AsBool(o.Resource.Sess.EnableSessionsProtections)
-			ans.MaxConcurrentSessions = o.Resource.Sess.MaxConcurrentSessions
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name  `xml:"entry"`
-	Name        string    `xml:"name,attr"`
-	Description string    `xml:"description,omitempty"`
-	Type        string    `xml:"type"`
-	Flood       *flood    `xml:"flood"`
-	Resource    *resource `xml:"resource"`
-}
-
-type flood struct {
-	Syn    *syn    `xml:"tcp-syn"`
-	Udp    *common `xml:"udp"`
-	Icmp   *common `xml:"icmp"`
-	Icmpv6 *common `xml:"icmpv6"`
-	Other  *common `xml:"other-ip"`
-}
-
-type syn struct {
-	Enable  string   `xml:"enable"`
-	Red     *details `xml:"red"`
-	Cookies *details `xml:"syn-cookies"`
-}
-
-type details struct {
-	AlarmRate    int    `xml:"alarm-rate"`
-	ActivateRate int    `xml:"activate-rate"`
-	MaxRate      int    `xml:"maximal-rate"`
-	Block        *block `xml:"block"`
-}
-
-type block struct {
-	BlockDuration int `xml:"duration,omitempty"`
-}
-
-type common struct {
-	Enable string   `xml:"enable"`
-	Red    *details `xml:"red"`
-}
-
-type resource struct {
-	Sess *sess `xml:"sessions"`
-}
-
-type sess struct {
-	EnableSessionsProtections string `xml:"enabled"`
-	MaxConcurrentSessions     int    `xml:"max-concurrent-limit,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Type:        e.Type,
-	}
-
-	if e.Syn != nil || e.Udp != nil || e.Icmp != nil || e.Icmpv6 != nil || e.Other != nil {
-		ans.Flood = &flood{}
-		if e.Syn != nil {
-			ans.Flood.Syn = &syn{
-				Enable: util.YesNo(e.Syn.Enable),
-			}
-
-			switch e.Syn.Action {
-			case SynActionRed:
-				ans.Flood.Syn.Red = &details{
-					AlarmRate:    e.Syn.AlarmRate,
-					ActivateRate: e.Syn.ActivateRate,
-					MaxRate:      e.Syn.MaxRate,
-				}
-				if e.Syn.BlockDuration != 0 {
-					ans.Flood.Syn.Red.Block = &block{
-						BlockDuration: e.Syn.BlockDuration,
-					}
-				}
-			case SynActionCookies:
-				ans.Flood.Syn.Cookies = &details{
-					AlarmRate:    e.Syn.AlarmRate,
-					ActivateRate: e.Syn.ActivateRate,
-					MaxRate:      e.Syn.MaxRate,
-				}
-				if e.Syn.BlockDuration != 0 {
-					ans.Flood.Syn.Cookies.Block = &block{
-						BlockDuration: e.Syn.BlockDuration,
-					}
-				}
-			}
-		}
-
-		if e.Udp != nil {
-			ans.Flood.Udp = &common{
-				Enable: util.YesNo(e.Udp.Enable),
-			}
-
-			if e.Udp.AlarmRate != 0 || e.Udp.ActivateRate != 0 || e.Udp.MaxRate != 0 || e.Udp.BlockDuration != 0 {
-				ans.Flood.Udp.Red = &details{
-					AlarmRate:    e.Udp.AlarmRate,
-					ActivateRate: e.Udp.ActivateRate,
-					MaxRate:      e.Udp.MaxRate,
-				}
-				if e.Udp.BlockDuration != 0 {
-					ans.Flood.Udp.Red.Block = &block{
-						BlockDuration: e.Udp.BlockDuration,
-					}
-				}
-			}
-		}
-
-		if e.Icmp != nil {
-			ans.Flood.Icmp = &common{
-				Enable: util.YesNo(e.Icmp.Enable),
-			}
-
-			if e.Icmp.AlarmRate != 0 || e.Icmp.ActivateRate != 0 || e.Icmp.MaxRate != 0 || e.Icmp.BlockDuration != 0 {
-				ans.Flood.Icmp.Red = &details{
-					AlarmRate:    e.Icmp.AlarmRate,
-					ActivateRate: e.Icmp.ActivateRate,
-					MaxRate:      e.Icmp.MaxRate,
-				}
-				if e.Icmp.BlockDuration != 0 {
-					ans.Flood.Icmp.Red.Block = &block{
-						BlockDuration: e.Icmp.BlockDuration,
-					}
-				}
-			}
-		}
-
-		if e.Icmpv6 != nil {
-			ans.Flood.Icmpv6 = &common{
-				Enable: util.YesNo(e.Icmpv6.Enable),
-			}
-
-			if e.Icmpv6.AlarmRate != 0 || e.Icmpv6.ActivateRate != 0 || e.Icmpv6.MaxRate != 0 || e.Icmpv6.BlockDuration != 0 {
-				ans.Flood.Icmpv6.Red = &details{
-					AlarmRate:    e.Icmpv6.AlarmRate,
-					ActivateRate: e.Icmpv6.ActivateRate,
-					MaxRate:      e.Icmpv6.MaxRate,
-				}
-				if e.Icmpv6.BlockDuration != 0 {
-					ans.Flood.Icmpv6.Red.Block = &block{
-						BlockDuration: e.Icmpv6.BlockDuration,
-					}
-				}
-			}
-		}
-
-		if e.Other != nil {
-			ans.Flood.Other = &common{
-				Enable: util.YesNo(e.Other.Enable),
-			}
-
-			if e.Other.AlarmRate != 0 || e.Other.ActivateRate != 0 || e.Other.MaxRate != 0 || e.Other.BlockDuration != 0 {
-				ans.Flood.Other.Red = &details{
-					AlarmRate:    e.Other.AlarmRate,
-					ActivateRate: e.Other.ActivateRate,
-					MaxRate:      e.Other.MaxRate,
-				}
-				if e.Other.BlockDuration != 0 {
-					ans.Flood.Other.Red.Block = &block{
-						BlockDuration: e.Other.BlockDuration,
-					}
-				}
-			}
-		}
-	}
-
-	if e.EnableSessionsProtections || e.MaxConcurrentSessions != 0 {
-		ans.Resource = &resource{
-			Sess: &sess{
-				EnableSessionsProtections: util.YesNo(e.EnableSessionsProtections),
-				MaxConcurrentSessions:     e.MaxConcurrentSessions,
-			},
-		}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/dos/funcs.go b/objs/profile/security/dos/funcs.go
deleted file mode 100644
index 54cb82fa..00000000
--- a/objs/profile/security/dos/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package dos
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/dos/fw.go b/objs/profile/security/dos/fw.go
deleted file mode 100644
index 955e6182..00000000
--- a/objs/profile/security/dos/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package dos
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.DosProtectionProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"dos-protection",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/dos/fw_test.go b/objs/profile/security/dos/fw_test.go
deleted file mode 100644
index c7377d94..00000000
--- a/objs/profile/security/dos/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package dos
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/dos/pano.go b/objs/profile/security/dos/pano.go
deleted file mode 100644
index 1cddcc81..00000000
--- a/objs/profile/security/dos/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package dos
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.DosProtectionProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"dos-protection",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/dos/pano_test.go b/objs/profile/security/dos/pano_test.go
deleted file mode 100644
index fb49657d..00000000
--- a/objs/profile/security/dos/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package dos
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/dos/testdata_test.go b/objs/profile/security/dos/testdata_test.go
deleted file mode 100644
index d9e65991..00000000
--- a/objs/profile/security/dos/testdata_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package dos
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 blank", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v1 with resource", version.Number{6, 1, 0, ""}, Entry{
-			Name:                      "t2",
-			Description:               "second",
-			EnableSessionsProtections: true,
-			MaxConcurrentSessions:     42000,
-		}},
-		{"v1 with syn red", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Syn: &SynProtection{
-				Enable:        true,
-				Action:        SynActionRed,
-				AlarmRate:     1001,
-				ActivateRate:  1002,
-				MaxRate:       1003,
-				BlockDuration: 300,
-			},
-		}},
-		{"v1 with syn cookies", version.Number{6, 1, 0, ""}, Entry{
-			Name:                  "t3",
-			MaxConcurrentSessions: 12345,
-			Syn: &SynProtection{
-				Action:       SynActionCookies,
-				AlarmRate:    1001,
-				ActivateRate: 1002,
-				MaxRate:      1003,
-			},
-		}},
-		{"v1 with udp red", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Udp: &Protection{
-				Enable:        true,
-				AlarmRate:     1001,
-				ActivateRate:  1002,
-				MaxRate:       1003,
-				BlockDuration: 300,
-			},
-		}},
-		{"v1 with icmp red", version.Number{6, 1, 0, ""}, Entry{
-			Name:                      "t2",
-			Description:               "second",
-			EnableSessionsProtections: true,
-			Icmp: &Protection{
-				Enable:        true,
-				AlarmRate:     1001,
-				ActivateRate:  1002,
-				MaxRate:       1003,
-				BlockDuration: 300,
-			},
-		}},
-		{"v1 with icmpv6 red", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Icmpv6: &Protection{
-				Enable:        true,
-				AlarmRate:     1001,
-				ActivateRate:  1002,
-				MaxRate:       1003,
-				BlockDuration: 300,
-			},
-		}},
-		{"v1 with other red", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Other: &Protection{
-				Enable:        true,
-				AlarmRate:     1001,
-				ActivateRate:  1002,
-				MaxRate:       1003,
-				BlockDuration: 300,
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/file/const.go b/objs/profile/security/file/const.go
deleted file mode 100644
index 4685187d..00000000
--- a/objs/profile/security/file/const.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package file
-
-// Valid values for Rule.Direction.
-const (
-	DirectionUpload   = "upload"
-	DirectionDownload = "download"
-	DirectionBoth     = "both"
-)
-
-// Valid values for Rule.Action.  The ActionForward and
-// ActionContineAndForward constants are valid for PAN-OS 6.1 only.
-const (
-	ActionAlert              = "alert"
-	ActionBlock              = "block"
-	ActionContinue           = "continue"
-	ActionForward            = "forward"
-	ActionContinueAndForward = "continue-and-forward"
-)
-
-const (
-	singular = "file blocking security profile"
-	plural   = "file blocking security profiles"
-)
diff --git a/objs/profile/security/file/doc.go b/objs/profile/security/file/doc.go
deleted file mode 100644
index 5f499a6f..00000000
--- a/objs/profile/security/file/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package file is the client.Object.FileBlockingProfile namespace.
-
-Normalized object:  Entry
-*/
-package file
diff --git a/objs/profile/security/file/entry.go b/objs/profile/security/file/entry.go
deleted file mode 100644
index 6df59d5c..00000000
--- a/objs/profile/security/file/entry.go
+++ /dev/null
@@ -1,154 +0,0 @@
-package file
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// file blocking security profile.
-//
-// PAN-OS 8.0+.
-type Entry struct {
-	Name        string
-	Description string
-	Rules       []Rule
-}
-
-type Rule struct {
-	Name         string
-	Applications []string // ordered
-	FileTypes    []string // ordered
-	Direction    string
-	Action       string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	if s.Rules == nil {
-		o.Rules = nil
-	} else {
-		o.Rules = make([]Rule, 0, len(s.Rules))
-		for _, x := range s.Rules {
-			item := Rule{
-				Name:      x.Name,
-				Direction: x.Direction,
-				Action:    x.Action,
-			}
-			if len(x.Applications) > 0 {
-				item.Applications = make([]string, len(x.Applications))
-				copy(item.Applications, x.Applications)
-			}
-			if len(x.FileTypes) > 0 {
-				item.FileTypes = make([]string, len(x.FileTypes))
-				copy(item.FileTypes, x.FileTypes)
-			}
-			o.Rules = append(o.Rules, item)
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Rules != nil {
-		rules := make([]Rule, 0, len(o.Rules.Entries))
-		for _, v := range o.Rules.Entries {
-			r := Rule{
-				Name:         v.Name,
-				Applications: util.MemToStr(v.Applications),
-				FileTypes:    util.MemToStr(v.FileTypes),
-				Direction:    v.Direction,
-				Action:       v.Action,
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = rules
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name  `xml:"entry"`
-	Name        string    `xml:"name,attr"`
-	Description string    `xml:"description,omitempty"`
-	Rules       *rules_v1 `xml:"rules"`
-}
-
-type rules_v1 struct {
-	Entries []rule_v1 `xml:"entry"`
-}
-
-type rule_v1 struct {
-	Name         string           `xml:"name,attr"`
-	Applications *util.MemberType `xml:"application"`
-	FileTypes    *util.MemberType `xml:"file-type"`
-	Direction    string           `xml:"direction,omitempty"`
-	Action       string           `xml:"action"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.Rules) > 0 {
-		rules := make([]rule_v1, 0, len(e.Rules))
-		for _, er := range e.Rules {
-			r := rule_v1{
-				Name:         er.Name,
-				Applications: util.StrToMem(er.Applications),
-				FileTypes:    util.StrToMem(er.FileTypes),
-				Direction:    er.Direction,
-				Action:       er.Action,
-			}
-
-			rules = append(rules, r)
-		}
-		ans.Rules = &rules_v1{Entries: rules}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/file/funcs.go b/objs/profile/security/file/funcs.go
deleted file mode 100644
index d0126d92..00000000
--- a/objs/profile/security/file/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package file
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	// The constants for Rule.Action changes between 6.1 and 7.0, but
-	// the schema itself is the same, so no new normalization is needed.
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/file/fw.go b/objs/profile/security/file/fw.go
deleted file mode 100644
index 68bc55ab..00000000
--- a/objs/profile/security/file/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package file
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.FileBlockingProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"file-blocking",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/file/fw_test.go b/objs/profile/security/file/fw_test.go
deleted file mode 100644
index 15f4226d..00000000
--- a/objs/profile/security/file/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package file
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/file/pano.go b/objs/profile/security/file/pano.go
deleted file mode 100644
index 72e394ce..00000000
--- a/objs/profile/security/file/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package file
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.FileBlockingProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"file-blocking",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/file/pano_test.go b/objs/profile/security/file/pano_test.go
deleted file mode 100644
index 5d4a7521..00000000
--- a/objs/profile/security/file/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package file
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/file/testdata_test.go b/objs/profile/security/file/testdata_test.go
deleted file mode 100644
index 57cd4589..00000000
--- a/objs/profile/security/file/testdata_test.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package file
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no rules", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v1 with rules", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Rules: []Rule{
-				Rule{
-					Name:         "rule1",
-					Applications: []string{"app1", "app2"},
-					FileTypes:    []string{"7z"},
-					Direction:    DirectionDownload,
-					Action:       ActionAlert,
-				},
-				Rule{
-					Name:         "rule2",
-					Applications: []string{"app1"},
-					FileTypes:    []string{"mpeg2", "mpeg3", "mpeg4"},
-					Direction:    DirectionUpload,
-					Action:       ActionBlock,
-				},
-				Rule{
-					Name:         "rule3",
-					Applications: []string{"app3"},
-					FileTypes:    []string{"mp3", "ogg"},
-					Direction:    DirectionBoth,
-					Action:       ActionContinue,
-				},
-				Rule{
-					Name:         "rule4",
-					Applications: []string{"app4", "app5"},
-					FileTypes:    []string{"tar", "gz"},
-					Direction:    DirectionBoth,
-					Action:       ActionForward,
-				},
-				Rule{
-					Name:         "rule5",
-					Applications: []string{"app4", "app5"},
-					FileTypes:    []string{"jpeg", "jpg"},
-					Direction:    DirectionUpload,
-					Action:       ActionContinueAndForward,
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/group/const.go b/objs/profile/security/group/const.go
deleted file mode 100644
index 67acbb3a..00000000
--- a/objs/profile/security/group/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package group
-
-const (
-	singular = "security profile group"
-	plural   = "security profile groups"
-)
diff --git a/objs/profile/security/group/doc.go b/objs/profile/security/group/doc.go
deleted file mode 100644
index c3809a9e..00000000
--- a/objs/profile/security/group/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package group is the client.Objects.SecurityProfileGroup namespace.
-
-Normalized object:  Entry
-*/
-package group
diff --git a/objs/profile/security/group/entry.go b/objs/profile/security/group/entry.go
deleted file mode 100644
index 22a86cc9..00000000
--- a/objs/profile/security/group/entry.go
+++ /dev/null
@@ -1,310 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// security profile group.
-type Entry struct {
-	Name                    string
-	AntivirusProfile        string
-	AntiSpywareProfile      string
-	VulnerabilityProfile    string
-	UrlFilteringProfile     string
-	FileBlockingProfile     string
-	DataFilteringProfile    string
-	WildfireAnalysisProfile string // PAN-OS 7.0
-	GtpProfile              string // PAN-OS 8.0
-	SctpProfile             string // PAN-OS 9.0
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.AntivirusProfile = s.AntivirusProfile
-	o.AntiSpywareProfile = s.AntiSpywareProfile
-	o.VulnerabilityProfile = s.VulnerabilityProfile
-	o.UrlFilteringProfile = s.UrlFilteringProfile
-	o.FileBlockingProfile = s.FileBlockingProfile
-	o.DataFilteringProfile = s.DataFilteringProfile
-	o.WildfireAnalysisProfile = s.WildfireAnalysisProfile
-	o.GtpProfile = s.GtpProfile
-	o.SctpProfile = s.SctpProfile
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		AntivirusProfile:     util.MemToOneStr(o.AntivirusProfile),
-		AntiSpywareProfile:   util.MemToOneStr(o.AntiSpywareProfile),
-		VulnerabilityProfile: util.MemToOneStr(o.VulnerabilityProfile),
-		UrlFilteringProfile:  util.MemToOneStr(o.UrlFilteringProfile),
-		FileBlockingProfile:  util.MemToOneStr(o.FileBlockingProfile),
-		DataFilteringProfile: util.MemToOneStr(o.DataFilteringProfile),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	AntivirusProfile     *util.MemberType `xml:"virus"`
-	AntiSpywareProfile   *util.MemberType `xml:"spyware"`
-	VulnerabilityProfile *util.MemberType `xml:"vulnerability"`
-	UrlFilteringProfile  *util.MemberType `xml:"url-filtering"`
-	FileBlockingProfile  *util.MemberType `xml:"file-blocking"`
-	DataFilteringProfile *util.MemberType `xml:"data-filtering"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		AntivirusProfile:     util.OneStrToMem(e.AntivirusProfile),
-		AntiSpywareProfile:   util.OneStrToMem(e.AntiSpywareProfile),
-		VulnerabilityProfile: util.OneStrToMem(e.VulnerabilityProfile),
-		UrlFilteringProfile:  util.OneStrToMem(e.UrlFilteringProfile),
-		FileBlockingProfile:  util.OneStrToMem(e.FileBlockingProfile),
-		DataFilteringProfile: util.OneStrToMem(e.DataFilteringProfile),
-	}
-
-	return ans
-}
-
-// PAN-OS 7.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		AntivirusProfile:        util.MemToOneStr(o.AntivirusProfile),
-		AntiSpywareProfile:      util.MemToOneStr(o.AntiSpywareProfile),
-		VulnerabilityProfile:    util.MemToOneStr(o.VulnerabilityProfile),
-		UrlFilteringProfile:     util.MemToOneStr(o.UrlFilteringProfile),
-		FileBlockingProfile:     util.MemToOneStr(o.FileBlockingProfile),
-		DataFilteringProfile:    util.MemToOneStr(o.DataFilteringProfile),
-		WildfireAnalysisProfile: util.MemToOneStr(o.WildfireAnalysisProfile),
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                 xml.Name         `xml:"entry"`
-	Name                    string           `xml:"name,attr"`
-	AntivirusProfile        *util.MemberType `xml:"virus"`
-	AntiSpywareProfile      *util.MemberType `xml:"spyware"`
-	VulnerabilityProfile    *util.MemberType `xml:"vulnerability"`
-	UrlFilteringProfile     *util.MemberType `xml:"url-filtering"`
-	FileBlockingProfile     *util.MemberType `xml:"file-blocking"`
-	DataFilteringProfile    *util.MemberType `xml:"data-filtering"`
-	WildfireAnalysisProfile *util.MemberType `xml:"wildfire-analysis"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                    e.Name,
-		AntivirusProfile:        util.OneStrToMem(e.AntivirusProfile),
-		AntiSpywareProfile:      util.OneStrToMem(e.AntiSpywareProfile),
-		VulnerabilityProfile:    util.OneStrToMem(e.VulnerabilityProfile),
-		UrlFilteringProfile:     util.OneStrToMem(e.UrlFilteringProfile),
-		FileBlockingProfile:     util.OneStrToMem(e.FileBlockingProfile),
-		DataFilteringProfile:    util.OneStrToMem(e.DataFilteringProfile),
-		WildfireAnalysisProfile: util.OneStrToMem(e.WildfireAnalysisProfile),
-	}
-
-	return ans
-}
-
-// PAN-OS 8.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		AntivirusProfile:        util.MemToOneStr(o.AntivirusProfile),
-		AntiSpywareProfile:      util.MemToOneStr(o.AntiSpywareProfile),
-		VulnerabilityProfile:    util.MemToOneStr(o.VulnerabilityProfile),
-		UrlFilteringProfile:     util.MemToOneStr(o.UrlFilteringProfile),
-		FileBlockingProfile:     util.MemToOneStr(o.FileBlockingProfile),
-		DataFilteringProfile:    util.MemToOneStr(o.DataFilteringProfile),
-		WildfireAnalysisProfile: util.MemToOneStr(o.WildfireAnalysisProfile),
-		GtpProfile:              util.MemToOneStr(o.GtpProfile),
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                 xml.Name         `xml:"entry"`
-	Name                    string           `xml:"name,attr"`
-	AntivirusProfile        *util.MemberType `xml:"virus"`
-	AntiSpywareProfile      *util.MemberType `xml:"spyware"`
-	VulnerabilityProfile    *util.MemberType `xml:"vulnerability"`
-	UrlFilteringProfile     *util.MemberType `xml:"url-filtering"`
-	FileBlockingProfile     *util.MemberType `xml:"file-blocking"`
-	DataFilteringProfile    *util.MemberType `xml:"data-filtering"`
-	WildfireAnalysisProfile *util.MemberType `xml:"wildfire-analysis"`
-	GtpProfile              *util.MemberType `xml:"gtp"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                    e.Name,
-		AntivirusProfile:        util.OneStrToMem(e.AntivirusProfile),
-		AntiSpywareProfile:      util.OneStrToMem(e.AntiSpywareProfile),
-		VulnerabilityProfile:    util.OneStrToMem(e.VulnerabilityProfile),
-		UrlFilteringProfile:     util.OneStrToMem(e.UrlFilteringProfile),
-		FileBlockingProfile:     util.OneStrToMem(e.FileBlockingProfile),
-		DataFilteringProfile:    util.OneStrToMem(e.DataFilteringProfile),
-		WildfireAnalysisProfile: util.OneStrToMem(e.WildfireAnalysisProfile),
-		GtpProfile:              util.OneStrToMem(e.GtpProfile),
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                    o.Name,
-		AntivirusProfile:        util.MemToOneStr(o.AntivirusProfile),
-		AntiSpywareProfile:      util.MemToOneStr(o.AntiSpywareProfile),
-		VulnerabilityProfile:    util.MemToOneStr(o.VulnerabilityProfile),
-		UrlFilteringProfile:     util.MemToOneStr(o.UrlFilteringProfile),
-		FileBlockingProfile:     util.MemToOneStr(o.FileBlockingProfile),
-		DataFilteringProfile:    util.MemToOneStr(o.DataFilteringProfile),
-		WildfireAnalysisProfile: util.MemToOneStr(o.WildfireAnalysisProfile),
-		GtpProfile:              util.MemToOneStr(o.GtpProfile),
-		SctpProfile:             util.MemToOneStr(o.SctpProfile),
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                 xml.Name         `xml:"entry"`
-	Name                    string           `xml:"name,attr"`
-	AntivirusProfile        *util.MemberType `xml:"virus"`
-	AntiSpywareProfile      *util.MemberType `xml:"spyware"`
-	VulnerabilityProfile    *util.MemberType `xml:"vulnerability"`
-	UrlFilteringProfile     *util.MemberType `xml:"url-filtering"`
-	FileBlockingProfile     *util.MemberType `xml:"file-blocking"`
-	DataFilteringProfile    *util.MemberType `xml:"data-filtering"`
-	WildfireAnalysisProfile *util.MemberType `xml:"wildfire-analysis"`
-	GtpProfile              *util.MemberType `xml:"gtp"`
-	SctpProfile             *util.MemberType `xml:"sctp"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                    e.Name,
-		AntivirusProfile:        util.OneStrToMem(e.AntivirusProfile),
-		AntiSpywareProfile:      util.OneStrToMem(e.AntiSpywareProfile),
-		VulnerabilityProfile:    util.OneStrToMem(e.VulnerabilityProfile),
-		UrlFilteringProfile:     util.OneStrToMem(e.UrlFilteringProfile),
-		FileBlockingProfile:     util.OneStrToMem(e.FileBlockingProfile),
-		DataFilteringProfile:    util.OneStrToMem(e.DataFilteringProfile),
-		WildfireAnalysisProfile: util.OneStrToMem(e.WildfireAnalysisProfile),
-		GtpProfile:              util.OneStrToMem(e.GtpProfile),
-		SctpProfile:             util.OneStrToMem(e.SctpProfile),
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/group/funcs.go b/objs/profile/security/group/funcs.go
deleted file mode 100644
index 7c43780b..00000000
--- a/objs/profile/security/group/funcs.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/group/fw.go b/objs/profile/security/group/fw.go
deleted file mode 100644
index 05c913b3..00000000
--- a/objs/profile/security/group/fw.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.SecurityProfileGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profile-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/group/fw_test.go b/objs/profile/security/group/fw_test.go
deleted file mode 100644
index 3980108e..00000000
--- a/objs/profile/security/group/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/group/pano.go b/objs/profile/security/group/pano.go
deleted file mode 100644
index 7bb1bae2..00000000
--- a/objs/profile/security/group/pano.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.SecurityProfileGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(dg), ans)
-	return all(ans, err)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profile-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/group/pano_test.go b/objs/profile/security/group/pano_test.go
deleted file mode 100644
index c4f16123..00000000
--- a/objs/profile/security/group/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/group/testdata_test.go b/objs/profile/security/group/testdata_test.go
deleted file mode 100644
index 049a6d0b..00000000
--- a/objs/profile/security/group/testdata_test.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 first half", version.Number{6, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			AntivirusProfile:     "av",
-			AntiSpywareProfile:   "spyware",
-			VulnerabilityProfile: "vuln",
-		}},
-		{"v1 second half", version.Number{6, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			UrlFilteringProfile:  "url",
-			FileBlockingProfile:  "file",
-			DataFilteringProfile: "data",
-		}},
-		{"v2 first half", version.Number{7, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			AntivirusProfile:     "av",
-			AntiSpywareProfile:   "spyware",
-			VulnerabilityProfile: "vuln",
-		}},
-		{"v2 second half", version.Number{7, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			UrlFilteringProfile:  "url",
-			FileBlockingProfile:  "file",
-			DataFilteringProfile: "data",
-		}},
-		{"v2 wildfire", version.Number{7, 0, 0, ""}, Entry{
-			Name:                    "foo",
-			WildfireAnalysisProfile: "wildfire",
-		}},
-		{"v3 first half", version.Number{8, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			AntivirusProfile:     "av",
-			AntiSpywareProfile:   "spyware",
-			VulnerabilityProfile: "vuln",
-		}},
-		{"v3 second half", version.Number{8, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			UrlFilteringProfile:  "url",
-			FileBlockingProfile:  "file",
-			DataFilteringProfile: "data",
-		}},
-		{"v3 wildfire", version.Number{8, 0, 0, ""}, Entry{
-			Name:                    "foo",
-			WildfireAnalysisProfile: "wildfire",
-		}},
-		{"v3 gtp", version.Number{8, 0, 0, ""}, Entry{
-			Name:       "foo",
-			GtpProfile: "wildfire",
-		}},
-		{"v4 first half", version.Number{9, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			AntivirusProfile:     "av",
-			AntiSpywareProfile:   "spyware",
-			VulnerabilityProfile: "vuln",
-		}},
-		{"v4 second half", version.Number{9, 0, 0, ""}, Entry{
-			Name:                 "foo",
-			UrlFilteringProfile:  "url",
-			FileBlockingProfile:  "file",
-			DataFilteringProfile: "data",
-		}},
-		{"v4 wildfire", version.Number{9, 0, 0, ""}, Entry{
-			Name:                    "foo",
-			WildfireAnalysisProfile: "wildfire",
-		}},
-		{"v4 gtp", version.Number{9, 0, 0, ""}, Entry{
-			Name:       "foo",
-			GtpProfile: "wildfire",
-		}},
-		{"v4 sctp", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "foo",
-			SctpProfile: "wildfire",
-		}},
-	}
-}
diff --git a/objs/profile/security/spyware/const.go b/objs/profile/security/spyware/const.go
deleted file mode 100644
index 4f6661c2..00000000
--- a/objs/profile/security/spyware/const.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package spyware
-
-// Valid values for WhiteList.LogLevel.
-const (
-	LogLevelDefault       = "default"
-	LogLevelNone          = "none"
-	LogLevelLow           = "low"
-	LogLevelInformational = "informational"
-	LogLevelMedium        = "medium"
-	LogLevelHigh          = "high"
-	LogLevelCritical      = "critical"
-)
-
-// Valid values for PacketCapture params.
-const (
-	Disable         = "disable"
-	SinglePacket    = "single-packet"
-	ExtendedCapture = "extended-capture"
-)
-
-// Valid values for Action params.
-const (
-	ActionAlert       = "alert"        // BotnetList, BlockList, Rule, Exception
-	ActionAllow       = "allow"        // BotnetList, DnsCategory, Rule, Exception
-	ActionBlock       = "block"        // BotnetList, DnsCategory
-	ActionBlockIp     = "block-ip"     // Rule, Exception
-	ActionDefault     = "default"      // DnsCategory, Rule, Exception
-	ActionDrop        = "drop"         // Rule, Exception
-	ActionResetBoth   = "reset-both"   // Rule, Exception
-	ActionResetClient = "reset-client" // Rule, Exception
-	ActionResetServer = "reset-server" // Rule, Exception
-	ActionSinkhole    = "sinkhole"     // BotnetList, DnsCategory
-)
-
-// Valid values for BlockIpTrackBy.
-const (
-	TrackBySource               = "source"
-	TrackBySourceAndDestination = "source-and-destination"
-)
-
-const (
-	singular = "anti-spyware security profile"
-	plural   = "anti-spyware security profiles"
-)
diff --git a/objs/profile/security/spyware/doc.go b/objs/profile/security/spyware/doc.go
deleted file mode 100644
index 8c85207a..00000000
--- a/objs/profile/security/spyware/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package spyware is the client.Object.AntiSpywareProfile namespace.
-
-PAN-OS 8.0+
-
-Normalized object:  Entry
-*/
-package spyware
diff --git a/objs/profile/security/spyware/entry.go b/objs/profile/security/spyware/entry.go
deleted file mode 100644
index 2d07aa2d..00000000
--- a/objs/profile/security/spyware/entry.go
+++ /dev/null
@@ -1,1263 +0,0 @@
-package spyware
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// anti-spyware security profile.
-//
-// PAN-OS 8.0+
-type Entry struct {
-	Name                string
-	Description         string
-	PacketCapture       string // 8.x only.
-	BotnetLists         []BotnetList
-	DnsCategories       []DnsCategory // 10.0
-	WhiteLists          []WhiteList   // 10.0
-	SinkholeIpv4Address string
-	SinkholeIpv6Address string
-	ThreatExceptions    []string
-	Rules               []Rule
-	Exceptions          []Exception
-}
-
-type BotnetList struct {
-	Name          string
-	Action        string
-	PacketCapture string // 9.0+
-}
-
-// DnsCategory is present in PAN-OS 10.0+.
-type DnsCategory struct {
-	Name          string
-	Action        string
-	LogLevel      string
-	PacketCapture string
-}
-
-// WhiteList is present in PAN-OS 10.0+.
-type WhiteList struct {
-	Name        string
-	Description string
-}
-
-type Rule struct {
-	Name            string
-	ThreatName      string
-	Category        string
-	Severities      []string
-	PacketCapture   string
-	Action          string
-	BlockIpTrackBy  string
-	BlockIpDuration int
-}
-
-type Exception struct {
-	Name            string
-	PacketCapture   string
-	Action          string
-	BlockIpTrackBy  string
-	BlockIpDuration int
-	ExemptIps       []string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.PacketCapture = s.PacketCapture
-	if len(s.BotnetLists) == 0 {
-		o.BotnetLists = nil
-	} else {
-		o.BotnetLists = make([]BotnetList, 0, len(s.BotnetLists))
-		for _, x := range s.BotnetLists {
-			o.BotnetLists = append(o.BotnetLists, BotnetList{
-				Name:          x.Name,
-				Action:        x.Action,
-				PacketCapture: x.PacketCapture,
-			})
-		}
-	}
-	if len(s.DnsCategories) == 0 {
-		o.DnsCategories = nil
-	} else {
-		o.DnsCategories = make([]DnsCategory, 0, len(s.DnsCategories))
-		for _, x := range s.DnsCategories {
-			o.DnsCategories = append(o.DnsCategories, DnsCategory{
-				Name:          x.Name,
-				Action:        x.Action,
-				LogLevel:      x.LogLevel,
-				PacketCapture: x.PacketCapture,
-			})
-		}
-	}
-	if len(s.WhiteLists) == 0 {
-		o.WhiteLists = nil
-	} else {
-		o.WhiteLists = make([]WhiteList, 0, len(s.WhiteLists))
-		for _, x := range s.WhiteLists {
-			o.WhiteLists = append(o.WhiteLists, WhiteList{
-				Name:        x.Name,
-				Description: x.Description,
-			})
-		}
-	}
-	o.SinkholeIpv4Address = s.SinkholeIpv4Address
-	o.SinkholeIpv6Address = s.SinkholeIpv6Address
-	if len(s.ThreatExceptions) == 0 {
-		o.ThreatExceptions = nil
-	} else {
-		o.ThreatExceptions = make([]string, len(s.ThreatExceptions))
-		copy(o.ThreatExceptions, s.ThreatExceptions)
-	}
-	if len(s.Rules) == 0 {
-		o.Rules = nil
-	} else {
-		o.Rules = make([]Rule, 0, len(s.Rules))
-		for _, x := range s.Rules {
-			var sevs []string
-			if len(x.Severities) > 0 {
-				sevs = make([]string, len(x.Severities))
-				copy(sevs, x.Severities)
-			}
-			o.Rules = append(o.Rules, Rule{
-				Name:            x.Name,
-				ThreatName:      x.ThreatName,
-				Category:        x.Category,
-				Severities:      sevs,
-				PacketCapture:   x.PacketCapture,
-				Action:          x.Action,
-				BlockIpTrackBy:  x.BlockIpTrackBy,
-				BlockIpDuration: x.BlockIpDuration,
-			})
-		}
-	}
-	if len(s.Exceptions) == 0 {
-		o.Exceptions = nil
-	} else {
-		o.Exceptions = make([]Exception, 0, len(s.Exceptions))
-		for _, x := range s.Exceptions {
-			var eis []string
-			if len(x.ExemptIps) > 0 {
-				eis = make([]string, len(x.ExemptIps))
-				copy(eis, x.ExemptIps)
-			}
-			o.Exceptions = append(o.Exceptions, Exception{
-				Name:            x.Name,
-				PacketCapture:   x.PacketCapture,
-				Action:          x.Action,
-				BlockIpTrackBy:  x.BlockIpTrackBy,
-				BlockIpDuration: x.BlockIpDuration,
-				ExemptIps:       eis,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-// 8.0
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Botnet != nil {
-		ans.PacketCapture = o.Botnet.PacketCapture
-		ans.ThreatExceptions = util.EntToStr(o.Botnet.ThreatExceptions)
-
-		if o.Botnet.Lists != nil {
-			lists := make([]BotnetList, 0, len(o.Botnet.Lists.Entries))
-			for _, x := range o.Botnet.Lists.Entries {
-				val := BotnetList{
-					Name: x.Name,
-				}
-
-				switch {
-				case x.Action.Alert != nil:
-					val.Action = ActionAlert
-				case x.Action.Allow != nil:
-					val.Action = ActionAllow
-				case x.Action.Block != nil:
-					val.Action = ActionBlock
-				case x.Action.Sinkhole != nil:
-					val.Action = ActionSinkhole
-				}
-
-				lists = append(lists, val)
-			}
-
-			ans.BotnetLists = lists
-		}
-
-		if o.Botnet.Sinkhole != nil {
-			ans.SinkholeIpv4Address = o.Botnet.Sinkhole.SinkholeIpv4Address
-			ans.SinkholeIpv6Address = o.Botnet.Sinkhole.SinkholeIpv6Address
-		}
-	}
-
-	if o.Rules != nil {
-		list := make([]Rule, 0, len(o.Rules.Entries))
-		for _, x := range o.Rules.Entries {
-			item := Rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.MemToStr(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = list
-	}
-
-	if o.Exceptions != nil {
-		list := make([]Exception, 0, len(o.Exceptions.Entries))
-		for _, x := range o.Exceptions.Entries {
-			item := Exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.EntToStr(x.ExemptIps),
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = list
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name    `xml:"entry"`
-	Name        string      `xml:"name,attr"`
-	Description string      `xml:"description,omitempty"`
-	Botnet      *botnet_v1  `xml:"botnet-domains"`
-	Rules       *rules      `xml:"rules"`
-	Exceptions  *exceptions `xml:"threat-exception"`
-}
-
-type botnet_v1 struct {
-	Lists            *bnLists_v1     `xml:"lists"`
-	Sinkhole         *sinkhole       `xml:"sinkhole"`
-	PacketCapture    string          `xml:"packet-capture,omitempty"`
-	ThreatExceptions *util.EntryType `xml:"threat-exception"`
-}
-
-type bnLists_v1 struct {
-	Entries []bnlEntry_v1 `xml:"entry"`
-}
-
-type bnlEntry_v1 struct {
-	Name   string `xml:"name,attr"`
-	Action action `xml:"action"`
-}
-
-type action struct {
-	Alert    *string `xml:"alert"`
-	Allow    *string `xml:"allow"`
-	Block    *string `xml:"block"`
-	Sinkhole *string `xml:"sinkhole"`
-}
-
-type sinkhole struct {
-	SinkholeIpv4Address string `xml:"ipv4-address,omitempty"`
-	SinkholeIpv6Address string `xml:"ipv6-address,omitempty"`
-}
-
-type rules struct {
-	Entries []rule `xml:"entry"`
-}
-
-type rule struct {
-	Name          string           `xml:"name,attr"`
-	ThreatName    string           `xml:"threat-name,omitempty"`
-	Category      string           `xml:"category"`
-	Severities    *util.MemberType `xml:"severity"`
-	PacketCapture string           `xml:"packet-capture,omitempty"`
-	Action        *ruleAction      `xml:"action"`
-}
-
-type ruleAction struct {
-	Default     *string  `xml:"default"`
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-type blockIp struct {
-	TrackBy  string `xml:"track-by"`
-	Duration int    `xml:"duration"`
-}
-
-type exceptions struct {
-	Entries []exception `xml:"entry"`
-}
-
-type exception struct {
-	Name          string           `xml:"name,attr"`
-	PacketCapture string           `xml:"packet-capture,omitempty"`
-	Action        *exceptionAction `xml:"action"`
-	ExemptIps     *util.EntryType  `xml:"exempt-ip"`
-}
-
-type exceptionAction struct {
-	Default     *string  `xml:"default"`
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	s := ""
-
-	if e.PacketCapture != "" || len(e.ThreatExceptions) > 0 || len(e.BotnetLists) > 0 || e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" {
-		spec := botnet_v1{
-			PacketCapture:    e.PacketCapture,
-			ThreatExceptions: util.StrToEnt(e.ThreatExceptions),
-		}
-
-		if len(e.BotnetLists) > 0 {
-			list := make([]bnlEntry_v1, 0, len(e.BotnetLists))
-			for _, x := range e.BotnetLists {
-				val := bnlEntry_v1{
-					Name: x.Name,
-				}
-
-				switch x.Action {
-				case ActionAlert:
-					val.Action.Alert = &s
-				case ActionAllow:
-					val.Action.Allow = &s
-				case ActionBlock:
-					val.Action.Block = &s
-				case ActionSinkhole:
-					val.Action.Sinkhole = &s
-				}
-
-				list = append(list, val)
-			}
-
-			spec.Lists = &bnLists_v1{Entries: list}
-		}
-
-		if e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" {
-			spec.Sinkhole = &sinkhole{
-				SinkholeIpv4Address: e.SinkholeIpv4Address,
-				SinkholeIpv6Address: e.SinkholeIpv6Address,
-			}
-		}
-
-		ans.Botnet = &spec
-	}
-
-	if len(e.Rules) > 0 {
-		list := make([]rule, 0, len(e.Rules))
-		for _, x := range e.Rules {
-			item := rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.StrToMem(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &ruleAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &ruleAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &ruleAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &ruleAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &ruleAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &ruleAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &ruleAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &ruleAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = &rules{Entries: list}
-	}
-
-	if len(e.Exceptions) > 0 {
-		list := make([]exception, 0, len(e.Exceptions))
-		for _, x := range e.Exceptions {
-			item := exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.StrToEnt(x.ExemptIps),
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &exceptionAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &exceptionAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &exceptionAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &exceptionAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &exceptionAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &exceptionAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &exceptionAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &exceptionAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = &exceptions{Entries: list}
-	}
-
-	return ans
-}
-
-// 9.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Botnet != nil {
-		ans.ThreatExceptions = util.EntToStr(o.Botnet.ThreatExceptions)
-
-		if o.Botnet.Lists != nil {
-			lists := make([]BotnetList, 0, len(o.Botnet.Lists.Entries))
-			for _, x := range o.Botnet.Lists.Entries {
-				val := BotnetList{
-					Name:          x.Name,
-					PacketCapture: x.PacketCapture,
-				}
-
-				switch {
-				case x.Action.Alert != nil:
-					val.Action = ActionAlert
-				case x.Action.Allow != nil:
-					val.Action = ActionAllow
-				case x.Action.Block != nil:
-					val.Action = ActionBlock
-				case x.Action.Sinkhole != nil:
-					val.Action = ActionSinkhole
-				}
-
-				lists = append(lists, val)
-			}
-
-			ans.BotnetLists = lists
-		}
-
-		if o.Botnet.Sinkhole != nil {
-			ans.SinkholeIpv4Address = o.Botnet.Sinkhole.SinkholeIpv4Address
-			ans.SinkholeIpv6Address = o.Botnet.Sinkhole.SinkholeIpv6Address
-		}
-	}
-
-	if o.Rules != nil {
-		list := make([]Rule, 0, len(o.Rules.Entries))
-		for _, x := range o.Rules.Entries {
-			item := Rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.MemToStr(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = list
-	}
-
-	if o.Exceptions != nil {
-		list := make([]Exception, 0, len(o.Exceptions.Entries))
-		for _, x := range o.Exceptions.Entries {
-			item := Exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.EntToStr(x.ExemptIps),
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = list
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name    `xml:"entry"`
-	Name        string      `xml:"name,attr"`
-	Description string      `xml:"description,omitempty"`
-	Botnet      *botnet_v2  `xml:"botnet-domains"`
-	Rules       *rules      `xml:"rules"`
-	Exceptions  *exceptions `xml:"threat-exception"`
-}
-
-type botnet_v2 struct {
-	Lists            *bnLists_v2     `xml:"lists"`
-	Sinkhole         *sinkhole       `xml:"sinkhole"`
-	ThreatExceptions *util.EntryType `xml:"threat-exception"`
-}
-
-type bnLists_v2 struct {
-	Entries []bnlEntry_v2 `xml:"entry"`
-}
-
-type bnlEntry_v2 struct {
-	Name          string `xml:"name,attr"`
-	Action        action `xml:"action"`
-	PacketCapture string `xml:"packet-capture,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.ThreatExceptions) > 0 || len(e.BotnetLists) > 0 || e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" {
-		spec := botnet_v2{
-			ThreatExceptions: util.StrToEnt(e.ThreatExceptions),
-		}
-
-		if len(e.BotnetLists) > 0 {
-			list := make([]bnlEntry_v2, 0, len(e.BotnetLists))
-			for _, x := range e.BotnetLists {
-				val := bnlEntry_v2{
-					Name:          x.Name,
-					PacketCapture: x.PacketCapture,
-				}
-
-				s := ""
-				switch x.Action {
-				case ActionAlert:
-					val.Action.Alert = &s
-				case ActionAllow:
-					val.Action.Allow = &s
-				case ActionBlock:
-					val.Action.Block = &s
-				case ActionSinkhole:
-					val.Action.Sinkhole = &s
-				}
-
-				list = append(list, val)
-			}
-
-			spec.Lists = &bnLists_v2{Entries: list}
-		}
-
-		if e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" {
-			spec.Sinkhole = &sinkhole{
-				SinkholeIpv4Address: e.SinkholeIpv4Address,
-				SinkholeIpv6Address: e.SinkholeIpv6Address,
-			}
-		}
-
-		ans.Botnet = &spec
-	}
-
-	s := ""
-
-	if len(e.Rules) > 0 {
-		list := make([]rule, 0, len(e.Rules))
-		for _, x := range e.Rules {
-			item := rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.StrToMem(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &ruleAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &ruleAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &ruleAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &ruleAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &ruleAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &ruleAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &ruleAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &ruleAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = &rules{Entries: list}
-	}
-
-	if len(e.Exceptions) > 0 {
-		list := make([]exception, 0, len(e.Exceptions))
-		for _, x := range e.Exceptions {
-			item := exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.StrToEnt(x.ExemptIps),
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &exceptionAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &exceptionAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &exceptionAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &exceptionAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &exceptionAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &exceptionAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &exceptionAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &exceptionAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = &exceptions{Entries: list}
-	}
-
-	return ans
-}
-
-// 10.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Botnet != nil {
-		ans.ThreatExceptions = util.EntToStr(o.Botnet.ThreatExceptions)
-
-		if o.Botnet.Lists != nil {
-			lists := make([]BotnetList, 0, len(o.Botnet.Lists.Entries))
-			for _, x := range o.Botnet.Lists.Entries {
-				val := BotnetList{
-					Name:          x.Name,
-					PacketCapture: x.PacketCapture,
-				}
-
-				switch {
-				case x.Action.Alert != nil:
-					val.Action = ActionAlert
-				case x.Action.Allow != nil:
-					val.Action = ActionAllow
-				case x.Action.Block != nil:
-					val.Action = ActionBlock
-				case x.Action.Sinkhole != nil:
-					val.Action = ActionSinkhole
-				}
-
-				lists = append(lists, val)
-			}
-
-			ans.BotnetLists = lists
-		}
-
-		if o.Botnet.Dns != nil {
-			list := make([]DnsCategory, 0, len(o.Botnet.Dns.Entries))
-			for _, x := range o.Botnet.Dns.Entries {
-				list = append(list, DnsCategory{
-					Name:          x.Name,
-					Action:        x.Action,
-					LogLevel:      x.LogLevel,
-					PacketCapture: x.PacketCapture,
-				})
-			}
-
-			ans.DnsCategories = list
-		}
-
-		if o.Botnet.WhiteLists != nil {
-			list := make([]WhiteList, 0, len(o.Botnet.WhiteLists.Entries))
-			for _, x := range o.Botnet.WhiteLists.Entries {
-				list = append(list, WhiteList{
-					Name:        x.Name,
-					Description: x.Description,
-				})
-			}
-
-			ans.WhiteLists = list
-		}
-
-		if o.Botnet.Sinkhole != nil {
-			ans.SinkholeIpv4Address = o.Botnet.Sinkhole.SinkholeIpv4Address
-			ans.SinkholeIpv6Address = o.Botnet.Sinkhole.SinkholeIpv6Address
-		}
-	}
-
-	if o.Rules != nil {
-		list := make([]Rule, 0, len(o.Rules.Entries))
-		for _, x := range o.Rules.Entries {
-			item := Rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.MemToStr(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = list
-	}
-
-	if o.Exceptions != nil {
-		list := make([]Exception, 0, len(o.Exceptions.Entries))
-		for _, x := range o.Exceptions.Entries {
-			item := Exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.EntToStr(x.ExemptIps),
-			}
-
-			if x.Action != nil {
-				switch {
-				case x.Action.Default != nil:
-					item.Action = ActionDefault
-				case x.Action.Allow != nil:
-					item.Action = ActionAllow
-				case x.Action.Alert != nil:
-					item.Action = ActionAlert
-				case x.Action.Drop != nil:
-					item.Action = ActionDrop
-				case x.Action.ResetClient != nil:
-					item.Action = ActionResetClient
-				case x.Action.ResetServer != nil:
-					item.Action = ActionResetServer
-				case x.Action.ResetBoth != nil:
-					item.Action = ActionResetBoth
-				case x.Action.BlockIp != nil:
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.TrackBy
-					item.BlockIpDuration = x.Action.BlockIp.Duration
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = list
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName     xml.Name    `xml:"entry"`
-	Name        string      `xml:"name,attr"`
-	Description string      `xml:"description,omitempty"`
-	Botnet      *botnet_v3  `xml:"botnet-domains"`
-	Rules       *rules      `xml:"rules"`
-	Exceptions  *exceptions `xml:"threat-exception"`
-}
-
-type botnet_v3 struct {
-	Lists            *bnLists_v2     `xml:"lists"`
-	Dns              *dns            `xml:"dns-security-categories"`
-	WhiteLists       *whiteList      `xml:"whitelist"`
-	Sinkhole         *sinkhole       `xml:"sinkhole"`
-	ThreatExceptions *util.EntryType `xml:"threat-exception"`
-}
-
-type dns struct {
-	Entries []dnsEntry `xml:"entry"`
-}
-
-type dnsEntry struct {
-	Name          string `xml:"name,attr"`
-	Action        string `xml:"action,omitempty"`
-	LogLevel      string `xml:"log-level,omitempty"`
-	PacketCapture string `xml:"packet-capture,omitempty"`
-}
-
-type whiteList struct {
-	Entries []wlEntry `xml:"entry"`
-}
-
-type wlEntry struct {
-	Name        string `xml:"name,attr"`
-	Description string `xml:"description,omitempty"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.ThreatExceptions) > 0 || len(e.BotnetLists) > 0 || e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" || len(e.DnsCategories) > 0 || len(e.WhiteLists) > 0 {
-		spec := botnet_v3{
-			ThreatExceptions: util.StrToEnt(e.ThreatExceptions),
-		}
-
-		if len(e.DnsCategories) > 0 {
-			list := make([]dnsEntry, 0, len(e.DnsCategories))
-			for _, x := range e.DnsCategories {
-				list = append(list, dnsEntry{
-					Name:          x.Name,
-					Action:        x.Action,
-					LogLevel:      x.LogLevel,
-					PacketCapture: x.PacketCapture,
-				})
-			}
-
-			spec.Dns = &dns{Entries: list}
-		}
-
-		if len(e.WhiteLists) > 0 {
-			list := make([]wlEntry, 0, len(e.WhiteLists))
-			for _, x := range e.WhiteLists {
-				list = append(list, wlEntry{
-					Name:        x.Name,
-					Description: x.Description,
-				})
-			}
-
-			spec.WhiteLists = &whiteList{Entries: list}
-		}
-
-		if len(e.BotnetLists) > 0 {
-			list := make([]bnlEntry_v2, 0, len(e.BotnetLists))
-			for _, x := range e.BotnetLists {
-				val := bnlEntry_v2{
-					Name:          x.Name,
-					PacketCapture: x.PacketCapture,
-				}
-
-				s := ""
-				switch x.Action {
-				case ActionAlert:
-					val.Action.Alert = &s
-				case ActionAllow:
-					val.Action.Allow = &s
-				case ActionBlock:
-					val.Action.Block = &s
-				case ActionSinkhole:
-					val.Action.Sinkhole = &s
-				}
-
-				list = append(list, val)
-			}
-
-			spec.Lists = &bnLists_v2{Entries: list}
-		}
-
-		if e.SinkholeIpv4Address != "" || e.SinkholeIpv6Address != "" {
-			spec.Sinkhole = &sinkhole{
-				SinkholeIpv4Address: e.SinkholeIpv4Address,
-				SinkholeIpv6Address: e.SinkholeIpv6Address,
-			}
-		}
-
-		ans.Botnet = &spec
-	}
-
-	s := ""
-
-	if len(e.Rules) > 0 {
-		list := make([]rule, 0, len(e.Rules))
-		for _, x := range e.Rules {
-			item := rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Category:      x.Category,
-				Severities:    util.StrToMem(x.Severities),
-				PacketCapture: x.PacketCapture,
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &ruleAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &ruleAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &ruleAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &ruleAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &ruleAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &ruleAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &ruleAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &ruleAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = &rules{Entries: list}
-	}
-
-	if len(e.Exceptions) > 0 {
-		list := make([]exception, 0, len(e.Exceptions))
-		for _, x := range e.Exceptions {
-			item := exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.StrToEnt(x.ExemptIps),
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &exceptionAction{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &exceptionAction{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &exceptionAction{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &exceptionAction{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &exceptionAction{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &exceptionAction{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &exceptionAction{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &exceptionAction{
-					BlockIp: &blockIp{
-						TrackBy:  x.BlockIpTrackBy,
-						Duration: x.BlockIpDuration,
-					},
-				}
-			}
-			list = append(list, item)
-		}
-		ans.Exceptions = &exceptions{Entries: list}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/spyware/funcs.go b/objs/profile/security/spyware/funcs.go
deleted file mode 100644
index 9be02bba..00000000
--- a/objs/profile/security/spyware/funcs.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package spyware
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/spyware/fw.go b/objs/profile/security/spyware/fw.go
deleted file mode 100644
index be6287c6..00000000
--- a/objs/profile/security/spyware/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.AntiSpywareProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"spyware",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/spyware/fw_test.go b/objs/profile/security/spyware/fw_test.go
deleted file mode 100644
index 4777dffb..00000000
--- a/objs/profile/security/spyware/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package spyware
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/spyware/pano.go b/objs/profile/security/spyware/pano.go
deleted file mode 100644
index b668807b..00000000
--- a/objs/profile/security/spyware/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.AntiSpywareProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"spyware",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/spyware/pano_test.go b/objs/profile/security/spyware/pano_test.go
deleted file mode 100644
index 501752e6..00000000
--- a/objs/profile/security/spyware/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package spyware
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/spyware/testdata_test.go b/objs/profile/security/spyware/testdata_test.go
deleted file mode 100644
index 0b6a6425..00000000
--- a/objs/profile/security/spyware/testdata_test.go
+++ /dev/null
@@ -1,467 +0,0 @@
-package spyware
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 only desc", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v1 with raw", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v1 with packet capture", version.Number{8, 0, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "my desc",
-			PacketCapture: SinglePacket,
-		}},
-		{"v1 with ipv4 sinkhole", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv4Address: "127.0.0.1",
-		}},
-		{"v1 with ipv6 sinkhole", version.Number{8, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv6Address: "::1",
-		}},
-		{"v1 with threat exceptions", version.Number{8, 0, 0, ""}, Entry{
-			Name:             "t1",
-			Description:      "my desc",
-			ThreatExceptions: []string{"threat1", "threat2"},
-		}},
-		{"v1 with botnet list", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-			BotnetLists: []BotnetList{
-				BotnetList{
-					Name:   "alert list",
-					Action: ActionAlert,
-				},
-				BotnetList{
-					Name:   "allow list",
-					Action: ActionAllow,
-				},
-				BotnetList{
-					Name:   "block list",
-					Action: ActionBlock,
-				},
-				BotnetList{
-					Name:   "sinkhole list",
-					Action: ActionSinkhole,
-				},
-			},
-		}},
-		{"v1 with rules", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "with rules",
-			Description: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "t1",
-					ThreatName:    "any",
-					Category:      "my category",
-					Severities:    []string{"high", "low"},
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Rule{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v1 with exceptions", version.Number{8, 0, 0, ""}, Entry{
-			Name:        "with exceptions",
-			Description: "with exceptions",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "t1",
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Exception{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v2 only desc", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v2 with raw", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v2 with ipv4 sinkhole", version.Number{9, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv4Address: "127.0.0.1",
-		}},
-		{"v2 with ipv6 sinkhole", version.Number{9, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv6Address: "::1",
-		}},
-		{"v2 with threat exceptions", version.Number{9, 0, 0, ""}, Entry{
-			Name:             "t1",
-			Description:      "my desc",
-			ThreatExceptions: []string{"threat1", "threat2"},
-		}},
-		{"v2 with botnet list", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-			BotnetLists: []BotnetList{
-				BotnetList{
-					Name:          "alert list",
-					Action:        ActionAlert,
-					PacketCapture: Disable,
-				},
-				BotnetList{
-					Name:          "allow list",
-					Action:        ActionAllow,
-					PacketCapture: SinglePacket,
-				},
-				BotnetList{
-					Name:          "block list",
-					Action:        ActionBlock,
-					PacketCapture: ExtendedCapture,
-				},
-				BotnetList{
-					Name:   "sinkhole list",
-					Action: ActionSinkhole,
-				},
-			},
-		}},
-		{"v2 with rules", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "with rules",
-			Description: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "t1",
-					ThreatName:    "any",
-					Category:      "my category",
-					Severities:    []string{"high", "low"},
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Rule{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v2 with exceptions", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "with exceptions",
-			Description: "with exceptions",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "t1",
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Exception{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v3 only desc", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v3 with raw", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-		}},
-		{"v3 with ipv4 sinkhole", version.Number{10, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv4Address: "127.0.0.1",
-		}},
-		{"v3 with ipv6 sinkhole", version.Number{10, 0, 0, ""}, Entry{
-			Name:                "t1",
-			Description:         "my desc",
-			SinkholeIpv6Address: "::1",
-		}},
-		{"v3 with threat exceptions", version.Number{10, 0, 0, ""}, Entry{
-			Name:             "t1",
-			Description:      "my desc",
-			ThreatExceptions: []string{"threat1", "threat2"},
-		}},
-		{"v3 with botnet list", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-			BotnetLists: []BotnetList{
-				BotnetList{
-					Name:          "alert list",
-					Action:        ActionAlert,
-					PacketCapture: Disable,
-				},
-				BotnetList{
-					Name:          "allow list",
-					Action:        ActionAllow,
-					PacketCapture: SinglePacket,
-				},
-				BotnetList{
-					Name:          "block list",
-					Action:        ActionBlock,
-					PacketCapture: ExtendedCapture,
-				},
-				BotnetList{
-					Name:   "sinkhole list",
-					Action: ActionSinkhole,
-				},
-			},
-		}},
-		{"v3 with whitelists", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-			WhiteLists: []WhiteList{
-				WhiteList{
-					Name:        "wl1",
-					Description: "desc1",
-				},
-				WhiteList{
-					Name:        "wl2",
-					Description: "desc 2",
-				},
-			},
-		}},
-		{"v3 with dns categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "my desc",
-			DnsCategories: []DnsCategory{
-				DnsCategory{
-					Name:          "cat1",
-					Action:        ActionDefault,
-					LogLevel:      LogLevelDefault,
-					PacketCapture: SinglePacket,
-				},
-				DnsCategory{
-					Name:          "cat2",
-					Action:        ActionSinkhole,
-					LogLevel:      LogLevelHigh,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v3 with rules", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "with rules",
-			Description: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "t1",
-					ThreatName:    "any",
-					Category:      "my category",
-					Severities:    []string{"high", "low"},
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-				},
-				Rule{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Rule{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Rule{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v3 with exceptions", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "with exceptions",
-			Description: "with exceptions",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "t1",
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-					ExemptIps:     []string{"192.168.50.1", "192.168.50.2"},
-				},
-				Exception{
-					Name:          "t1",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionDrop,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetClient,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetServer,
-				},
-				Exception{
-					Name:   "t1",
-					Action: ActionResetBoth,
-				},
-				Exception{
-					Name:            "t1",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySourceAndDestination,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/url/const.go b/objs/profile/security/url/const.go
deleted file mode 100644
index 9e81c396..00000000
--- a/objs/profile/security/url/const.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package url
-
-// Valid values for UcdMode.
-const (
-	UcdModeDisabled          = "disabled"
-	UcdModeIpUser            = "ip-user"
-	UcdModeDomainCredentials = "domain-credentials"
-	UcdModeGroupMapping      = "group-mapping"
-)
-
-const (
-	singular = "url filtering security profile"
-	plural   = "url filtering security profiles"
-)
diff --git a/objs/profile/security/url/doc.go b/objs/profile/security/url/doc.go
deleted file mode 100644
index 654953ff..00000000
--- a/objs/profile/security/url/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package url is the client.Object.UrlFilteringProfile namespace.
-
-Normalized object:  Entry
-*/
-package url
diff --git a/objs/profile/security/url/entry.go b/objs/profile/security/url/entry.go
deleted file mode 100644
index f39866e6..00000000
--- a/objs/profile/security/url/entry.go
+++ /dev/null
@@ -1,1160 +0,0 @@
-package url
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// URL filtering security profile.
-type Entry struct {
-	Name                      string
-	Description               string
-	DynamicUrl                bool     // Removed in 9.0
-	ExpiredLicenseAction      bool     // Removed in 9.0
-	BlockListAction           string   // Removed in 9.0
-	BlockList                 []string // Removed in 9.0
-	AllowList                 []string // Removed in 9.0
-	AllowCategories           []string // ordered
-	AlertCategories           []string // ordered
-	BlockCategories           []string // ordered
-	ContinueCategories        []string // ordered
-	OverrideCategories        []string // ordered
-	TrackContainerPage        bool
-	LogContainerPageOnly      bool
-	SafeSearchEnforcement     bool
-	LogHttpHeaderXff          bool
-	LogHttpHeaderUserAgent    bool
-	LogHttpHeaderReferer      bool
-	UcdMode                   string                 // 8.0
-	UcdModeGroupMapping       string                 // 8.0
-	UcdLogSeverity            string                 // 8.0
-	UcdAllowCategories        []string               // 8.0, ordered
-	UcdAlertCategories        []string               // 8.0, ordered
-	UcdBlockCategories        []string               // 8.0, ordered
-	UcdContinueCategories     []string               // 8.0, ordered
-	HttpHeaderInsertions      []HttpHeaderInsertion  // 8.1
-	MachineLearningModels     []MachineLearningModel // 10.0
-	MachineLearningExceptions []string               // 10.0
-}
-
-type HttpHeaderInsertion struct {
-	Name        string
-	Type        string
-	Domains     []string // ordered
-	HttpHeaders []HttpHeader
-}
-
-// HttpHeader is an individual HTTP header.  In PAN-OS, the Name param is
-// auto generated and look like "header-0", "header-1"..  If the Name param
-// is an empty string, the name will be auto populated as appropriate.
-type HttpHeader struct {
-	Name   string
-	Header string
-	Value  string
-	Log    bool
-}
-
-type MachineLearningModel struct {
-	Model  string
-	Action string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.DynamicUrl = s.DynamicUrl
-	o.ExpiredLicenseAction = s.ExpiredLicenseAction
-	o.BlockListAction = s.BlockListAction
-	if s.BlockList == nil {
-		o.BlockList = nil
-	} else {
-		o.BlockList = make([]string, len(s.BlockList))
-		copy(o.BlockList, s.BlockList)
-	}
-	if s.AllowList == nil {
-		o.AllowList = nil
-	} else {
-		o.AllowList = make([]string, len(s.AllowList))
-		copy(o.AllowList, s.AllowList)
-	}
-	if s.AllowCategories == nil {
-		o.AllowCategories = nil
-	} else {
-		o.AllowCategories = make([]string, len(s.AllowCategories))
-		copy(o.AllowCategories, s.AllowCategories)
-	}
-	if s.AlertCategories == nil {
-		o.AlertCategories = nil
-	} else {
-		o.AlertCategories = make([]string, len(s.AlertCategories))
-		copy(o.AlertCategories, s.AlertCategories)
-	}
-	if s.BlockCategories == nil {
-		o.BlockCategories = nil
-	} else {
-		o.BlockCategories = make([]string, len(s.BlockCategories))
-		copy(o.BlockCategories, s.BlockCategories)
-	}
-	if s.ContinueCategories == nil {
-		o.ContinueCategories = nil
-	} else {
-		o.ContinueCategories = make([]string, len(s.ContinueCategories))
-		copy(o.ContinueCategories, s.ContinueCategories)
-	}
-	if s.OverrideCategories == nil {
-		o.OverrideCategories = nil
-	} else {
-		o.OverrideCategories = make([]string, len(s.OverrideCategories))
-		copy(o.OverrideCategories, s.OverrideCategories)
-	}
-	o.TrackContainerPage = s.TrackContainerPage
-	o.LogContainerPageOnly = s.LogContainerPageOnly
-	o.SafeSearchEnforcement = s.SafeSearchEnforcement
-	o.LogHttpHeaderXff = s.LogHttpHeaderXff
-	o.LogHttpHeaderUserAgent = s.LogHttpHeaderUserAgent
-	o.LogHttpHeaderReferer = s.LogHttpHeaderReferer
-	o.UcdMode = s.UcdMode
-	o.UcdModeGroupMapping = s.UcdModeGroupMapping
-	o.UcdLogSeverity = s.UcdLogSeverity
-	if s.UcdAllowCategories == nil {
-		o.UcdAllowCategories = nil
-	} else {
-		o.UcdAllowCategories = make([]string, len(s.UcdAllowCategories))
-		copy(o.UcdAllowCategories, s.UcdAllowCategories)
-	}
-	if s.UcdAlertCategories == nil {
-		o.UcdAlertCategories = nil
-	} else {
-		o.UcdAlertCategories = make([]string, len(s.UcdAlertCategories))
-		copy(o.UcdAlertCategories, s.UcdAlertCategories)
-	}
-	if s.UcdBlockCategories == nil {
-		o.UcdBlockCategories = nil
-	} else {
-		o.UcdBlockCategories = make([]string, len(s.UcdBlockCategories))
-		copy(o.UcdBlockCategories, s.UcdBlockCategories)
-	}
-	if s.UcdContinueCategories == nil {
-		o.UcdContinueCategories = nil
-	} else {
-		o.UcdContinueCategories = make([]string, len(s.UcdContinueCategories))
-		copy(o.UcdContinueCategories, s.UcdContinueCategories)
-	}
-	if s.HttpHeaderInsertions == nil {
-		o.HttpHeaderInsertions = nil
-	} else {
-		o.HttpHeaderInsertions = make([]HttpHeaderInsertion, 0, len(s.HttpHeaderInsertions))
-		for _, hi := range s.HttpHeaderInsertions {
-			item := HttpHeaderInsertion{
-				Name: hi.Name,
-				Type: hi.Type,
-			}
-			if hi.Domains != nil {
-				item.Domains = make([]string, len(hi.Domains))
-				copy(item.Domains, hi.Domains)
-			}
-			if hi.HttpHeaders != nil {
-				item.HttpHeaders = make([]HttpHeader, 0, len(hi.HttpHeaders))
-				for _, hh := range hi.HttpHeaders {
-					item.HttpHeaders = append(item.HttpHeaders, HttpHeader{
-						Name:   hh.Name,
-						Header: hh.Header,
-						Value:  hh.Value,
-						Log:    hh.Log,
-					})
-				}
-			}
-			o.HttpHeaderInsertions = append(o.HttpHeaderInsertions, item)
-		}
-	}
-	if s.MachineLearningModels == nil {
-		o.MachineLearningModels = nil
-	} else {
-		o.MachineLearningModels = make([]MachineLearningModel, 0, len(s.MachineLearningModels))
-		for _, mlm := range s.MachineLearningModels {
-			o.MachineLearningModels = append(o.MachineLearningModels, MachineLearningModel{
-				Model:  mlm.Model,
-				Action: mlm.Action,
-			})
-		}
-	}
-	if s.MachineLearningExceptions == nil {
-		o.MachineLearningExceptions = nil
-	} else {
-		o.MachineLearningExceptions = make([]string, len(s.MachineLearningExceptions))
-		copy(o.MachineLearningExceptions, s.MachineLearningExceptions)
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-// 7.1 and lower.
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                   o.Name,
-		Description:            o.Description,
-		DynamicUrl:             util.AsBool(o.DynamicUrl),
-		ExpiredLicenseAction:   util.AsBool(o.ExpiredLicenseAction),
-		BlockListAction:        o.BlockListAction,
-		BlockList:              util.MemToStr(o.BlockList),
-		AllowList:              util.MemToStr(o.AllowList),
-		AllowCategories:        util.MemToStr(o.AllowCategories),
-		AlertCategories:        util.MemToStr(o.AlertCategories),
-		BlockCategories:        util.MemToStr(o.BlockCategories),
-		ContinueCategories:     util.MemToStr(o.ContinueCategories),
-		OverrideCategories:     util.MemToStr(o.OverrideCategories),
-		TrackContainerPage:     util.AsBool(o.TrackContainerPage),
-		LogContainerPageOnly:   util.AsBool(o.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.AsBool(o.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.AsBool(o.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.AsBool(o.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.AsBool(o.LogHttpHeaderReferer),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Description            string           `xml:"description,omitempty"`
-	DynamicUrl             string           `xml:"dynamic-url"`
-	ExpiredLicenseAction   string           `xml:"license-expired"`
-	BlockListAction        string           `xml:"action"`
-	BlockList              *util.MemberType `xml:"block-list"`
-	AllowList              *util.MemberType `xml:"allow-list"`
-	AllowCategories        *util.MemberType `xml:"allow"`
-	AlertCategories        *util.MemberType `xml:"alert"`
-	BlockCategories        *util.MemberType `xml:"block"`
-	ContinueCategories     *util.MemberType `xml:"continue"`
-	OverrideCategories     *util.MemberType `xml:"override"`
-	TrackContainerPage     string           `xml:"enable-container-page"`
-	LogContainerPageOnly   string           `xml:"log-container-page-only"`
-	SafeSearchEnforcement  string           `xml:"safe-search-enforcement"`
-	LogHttpHeaderXff       string           `xml:"log-http-hdr-xff"`
-	LogHttpHeaderUserAgent string           `xml:"log-http-hdr-user-agent"`
-	LogHttpHeaderReferer   string           `xml:"log-http-hdr-referer"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                   e.Name,
-		Description:            e.Description,
-		DynamicUrl:             util.YesNo(e.DynamicUrl),
-		ExpiredLicenseAction:   util.YesNo(e.ExpiredLicenseAction),
-		BlockListAction:        e.BlockListAction,
-		BlockList:              util.StrToMem(e.BlockList),
-		AllowList:              util.StrToMem(e.AllowList),
-		AllowCategories:        util.StrToMem(e.AllowCategories),
-		AlertCategories:        util.StrToMem(e.AlertCategories),
-		BlockCategories:        util.StrToMem(e.BlockCategories),
-		ContinueCategories:     util.StrToMem(e.ContinueCategories),
-		OverrideCategories:     util.StrToMem(e.OverrideCategories),
-		TrackContainerPage:     util.YesNo(e.TrackContainerPage),
-		LogContainerPageOnly:   util.YesNo(e.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.YesNo(e.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.YesNo(e.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.YesNo(e.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.YesNo(e.LogHttpHeaderReferer),
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                   o.Name,
-		Description:            o.Description,
-		DynamicUrl:             util.AsBool(o.DynamicUrl),
-		ExpiredLicenseAction:   util.AsBool(o.ExpiredLicenseAction),
-		BlockListAction:        o.BlockListAction,
-		BlockList:              util.MemToStr(o.BlockList),
-		AllowList:              util.MemToStr(o.AllowList),
-		AllowCategories:        util.MemToStr(o.AllowCategories),
-		AlertCategories:        util.MemToStr(o.AlertCategories),
-		BlockCategories:        util.MemToStr(o.BlockCategories),
-		ContinueCategories:     util.MemToStr(o.ContinueCategories),
-		OverrideCategories:     util.MemToStr(o.OverrideCategories),
-		TrackContainerPage:     util.AsBool(o.TrackContainerPage),
-		LogContainerPageOnly:   util.AsBool(o.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.AsBool(o.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.AsBool(o.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.AsBool(o.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.AsBool(o.LogHttpHeaderReferer),
-	}
-
-	if o.Ucd != nil {
-		switch {
-		case o.Ucd.Mode.UcdModeDisabled != nil:
-			ans.UcdMode = UcdModeDisabled
-		case o.Ucd.Mode.UcdModeIpUser != nil:
-			ans.UcdMode = UcdModeIpUser
-		case o.Ucd.Mode.UcdModeDomainCredentials != nil:
-			ans.UcdMode = UcdModeDomainCredentials
-		case o.Ucd.Mode.UcdModeGroupMapping != "":
-			ans.UcdMode = UcdModeGroupMapping
-			ans.UcdModeGroupMapping = o.Ucd.Mode.UcdModeGroupMapping
-		}
-
-		ans.UcdLogSeverity = o.Ucd.UcdLogSeverity
-		ans.UcdAllowCategories = util.MemToStr(o.Ucd.UcdAllowCategories)
-		ans.UcdAlertCategories = util.MemToStr(o.Ucd.UcdAlertCategories)
-		ans.UcdBlockCategories = util.MemToStr(o.Ucd.UcdBlockCategories)
-		ans.UcdContinueCategories = util.MemToStr(o.Ucd.UcdContinueCategories)
-	}
-
-	return ans
-}
-
-// 8.0
-type entry_v2 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Description            string           `xml:"description,omitempty"`
-	DynamicUrl             string           `xml:"dynamic-url"`
-	ExpiredLicenseAction   string           `xml:"license-expired"`
-	BlockListAction        string           `xml:"action"`
-	BlockList              *util.MemberType `xml:"block-list"`
-	AllowList              *util.MemberType `xml:"allow-list"`
-	AllowCategories        *util.MemberType `xml:"allow"`
-	AlertCategories        *util.MemberType `xml:"alert"`
-	BlockCategories        *util.MemberType `xml:"block"`
-	ContinueCategories     *util.MemberType `xml:"continue"`
-	OverrideCategories     *util.MemberType `xml:"override"`
-	Ucd                    *creds           `xml:"credential-enforcement"`
-	TrackContainerPage     string           `xml:"enable-container-page"`
-	LogContainerPageOnly   string           `xml:"log-container-page-only"`
-	SafeSearchEnforcement  string           `xml:"safe-search-enforcement"`
-	LogHttpHeaderXff       string           `xml:"log-http-hdr-xff"`
-	LogHttpHeaderUserAgent string           `xml:"log-http-hdr-user-agent"`
-	LogHttpHeaderReferer   string           `xml:"log-http-hdr-referer"`
-}
-
-type creds struct {
-	Mode                  credMode         `xml:"mode"`
-	UcdLogSeverity        string           `xml:"log-severity"`
-	UcdAllowCategories    *util.MemberType `xml:"allow"`
-	UcdAlertCategories    *util.MemberType `xml:"alert"`
-	UcdBlockCategories    *util.MemberType `xml:"block"`
-	UcdContinueCategories *util.MemberType `xml:"continue"`
-}
-
-type credMode struct {
-	UcdModeDisabled          *string `xml:"disabled"`
-	UcdModeIpUser            *string `xml:"ip-user"`
-	UcdModeDomainCredentials *string `xml:"domain-credentials"`
-	UcdModeGroupMapping      string  `xml:"group-mapping,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                   e.Name,
-		Description:            e.Description,
-		DynamicUrl:             util.YesNo(e.DynamicUrl),
-		ExpiredLicenseAction:   util.YesNo(e.ExpiredLicenseAction),
-		BlockListAction:        e.BlockListAction,
-		BlockList:              util.StrToMem(e.BlockList),
-		AllowList:              util.StrToMem(e.AllowList),
-		AllowCategories:        util.StrToMem(e.AllowCategories),
-		AlertCategories:        util.StrToMem(e.AlertCategories),
-		BlockCategories:        util.StrToMem(e.BlockCategories),
-		ContinueCategories:     util.StrToMem(e.ContinueCategories),
-		OverrideCategories:     util.StrToMem(e.OverrideCategories),
-		TrackContainerPage:     util.YesNo(e.TrackContainerPage),
-		LogContainerPageOnly:   util.YesNo(e.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.YesNo(e.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.YesNo(e.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.YesNo(e.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.YesNo(e.LogHttpHeaderReferer),
-	}
-
-	if e.UcdMode != "" || e.UcdLogSeverity != "" || len(e.UcdAllowCategories) != 0 || len(e.UcdAlertCategories) != 0 || len(e.UcdBlockCategories) != 0 || len(e.UcdContinueCategories) != 0 {
-		s := ""
-		var m credMode
-		switch e.UcdMode {
-		case UcdModeDisabled:
-			m = credMode{
-				UcdModeDisabled: &s,
-			}
-		case UcdModeIpUser:
-			m = credMode{
-				UcdModeIpUser: &s,
-			}
-		case UcdModeDomainCredentials:
-			m = credMode{
-				UcdModeDomainCredentials: &s,
-			}
-		case UcdModeGroupMapping:
-			m = credMode{
-				UcdModeGroupMapping: e.UcdModeGroupMapping,
-			}
-		}
-
-		ans.Ucd = &creds{
-			Mode:                  m,
-			UcdLogSeverity:        e.UcdLogSeverity,
-			UcdAllowCategories:    util.StrToMem(e.UcdAllowCategories),
-			UcdAlertCategories:    util.StrToMem(e.UcdAlertCategories),
-			UcdBlockCategories:    util.StrToMem(e.UcdBlockCategories),
-			UcdContinueCategories: util.StrToMem(e.UcdContinueCategories),
-		}
-	}
-
-	return ans
-}
-
-// 8.1
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                   o.Name,
-		Description:            o.Description,
-		DynamicUrl:             util.AsBool(o.DynamicUrl),
-		ExpiredLicenseAction:   util.AsBool(o.ExpiredLicenseAction),
-		BlockListAction:        o.BlockListAction,
-		BlockList:              util.MemToStr(o.BlockList),
-		AllowList:              util.MemToStr(o.AllowList),
-		AllowCategories:        util.MemToStr(o.AllowCategories),
-		AlertCategories:        util.MemToStr(o.AlertCategories),
-		BlockCategories:        util.MemToStr(o.BlockCategories),
-		ContinueCategories:     util.MemToStr(o.ContinueCategories),
-		OverrideCategories:     util.MemToStr(o.OverrideCategories),
-		TrackContainerPage:     util.AsBool(o.TrackContainerPage),
-		LogContainerPageOnly:   util.AsBool(o.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.AsBool(o.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.AsBool(o.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.AsBool(o.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.AsBool(o.LogHttpHeaderReferer),
-	}
-
-	if o.Ucd != nil {
-		switch {
-		case o.Ucd.Mode.UcdModeDisabled != nil:
-			ans.UcdMode = UcdModeDisabled
-		case o.Ucd.Mode.UcdModeIpUser != nil:
-			ans.UcdMode = UcdModeIpUser
-		case o.Ucd.Mode.UcdModeDomainCredentials != nil:
-			ans.UcdMode = UcdModeDomainCredentials
-		case o.Ucd.Mode.UcdModeGroupMapping != "":
-			ans.UcdMode = UcdModeGroupMapping
-			ans.UcdModeGroupMapping = o.Ucd.Mode.UcdModeGroupMapping
-		}
-
-		ans.UcdLogSeverity = o.Ucd.UcdLogSeverity
-		ans.UcdAllowCategories = util.MemToStr(o.Ucd.UcdAllowCategories)
-		ans.UcdAlertCategories = util.MemToStr(o.Ucd.UcdAlertCategories)
-		ans.UcdBlockCategories = util.MemToStr(o.Ucd.UcdBlockCategories)
-		ans.UcdContinueCategories = util.MemToStr(o.Ucd.UcdContinueCategories)
-	}
-
-	if o.Hhi != nil {
-		ins := make([]HttpHeaderInsertion, 0, len(o.Hhi.Entries))
-		for _, hhiObj := range o.Hhi.Entries {
-			var headerList []HttpHeader
-			if hhiObj.Types.Entry.Headers != nil {
-				headerList = make([]HttpHeader, 0, len(hhiObj.Types.Entry.Headers.Entries))
-				for _, hle := range hhiObj.Types.Entry.Headers.Entries {
-					headerList = append(headerList, HttpHeader{
-						Name:   hle.Name,
-						Header: hle.Header,
-						Value:  hle.Value,
-						Log:    util.AsBool(hle.Log),
-					})
-				}
-			}
-
-			ins = append(ins, HttpHeaderInsertion{
-				Name:        hhiObj.Name,
-				Type:        hhiObj.Types.Entry.Type,
-				Domains:     util.MemToStr(hhiObj.Types.Entry.Domains),
-				HttpHeaders: headerList,
-			})
-		}
-
-		ans.HttpHeaderInsertions = ins
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Description            string           `xml:"description,omitempty"`
-	DynamicUrl             string           `xml:"dynamic-url"`
-	ExpiredLicenseAction   string           `xml:"license-expired"`
-	BlockListAction        string           `xml:"action"`
-	BlockList              *util.MemberType `xml:"block-list"`
-	AllowList              *util.MemberType `xml:"allow-list"`
-	AllowCategories        *util.MemberType `xml:"allow"`
-	AlertCategories        *util.MemberType `xml:"alert"`
-	BlockCategories        *util.MemberType `xml:"block"`
-	ContinueCategories     *util.MemberType `xml:"continue"`
-	OverrideCategories     *util.MemberType `xml:"override"`
-	Ucd                    *creds           `xml:"credential-enforcement"`
-	TrackContainerPage     string           `xml:"enable-container-page"`
-	LogContainerPageOnly   string           `xml:"log-container-page-only"`
-	SafeSearchEnforcement  string           `xml:"safe-search-enforcement"`
-	LogHttpHeaderXff       string           `xml:"log-http-hdr-xff"`
-	LogHttpHeaderUserAgent string           `xml:"log-http-hdr-user-agent"`
-	LogHttpHeaderReferer   string           `xml:"log-http-hdr-referer"`
-	Hhi                    *hhi             `xml:"http-header-insertion"`
-}
-
-type hhi struct {
-	Entries []hhiEntry `xml:"entry"`
-}
-
-type hhiEntry struct {
-	Name  string  `xml:"name,attr"`
-	Types hhiType `xml:"type"`
-}
-
-type hhiType struct {
-	Entry hhiTypeEntry `xml:"entry"`
-}
-
-type hhiTypeEntry struct {
-	Type    string           `xml:"name,attr"`
-	Domains *util.MemberType `xml:"domains"`
-	Headers *headers         `xml:"headers"`
-}
-
-type headers struct {
-	Entries []headerEntry `xml:"entry"`
-}
-
-type headerEntry struct {
-	Name   string `xml:"name,attr"`
-	Header string `xml:"header"`
-	Value  string `xml:"value"`
-	Log    string `xml:"log"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                   e.Name,
-		Description:            e.Description,
-		DynamicUrl:             util.YesNo(e.DynamicUrl),
-		ExpiredLicenseAction:   util.YesNo(e.ExpiredLicenseAction),
-		BlockListAction:        e.BlockListAction,
-		BlockList:              util.StrToMem(e.BlockList),
-		AllowList:              util.StrToMem(e.AllowList),
-		AllowCategories:        util.StrToMem(e.AllowCategories),
-		AlertCategories:        util.StrToMem(e.AlertCategories),
-		BlockCategories:        util.StrToMem(e.BlockCategories),
-		ContinueCategories:     util.StrToMem(e.ContinueCategories),
-		OverrideCategories:     util.StrToMem(e.OverrideCategories),
-		TrackContainerPage:     util.YesNo(e.TrackContainerPage),
-		LogContainerPageOnly:   util.YesNo(e.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.YesNo(e.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.YesNo(e.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.YesNo(e.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.YesNo(e.LogHttpHeaderReferer),
-	}
-
-	if e.UcdMode != "" || e.UcdLogSeverity != "" || len(e.UcdAllowCategories) != 0 || len(e.UcdAlertCategories) != 0 || len(e.UcdBlockCategories) != 0 || len(e.UcdContinueCategories) != 0 {
-		s := ""
-		var m credMode
-		switch e.UcdMode {
-		case UcdModeDisabled:
-			m = credMode{
-				UcdModeDisabled: &s,
-			}
-		case UcdModeIpUser:
-			m = credMode{
-				UcdModeIpUser: &s,
-			}
-		case UcdModeDomainCredentials:
-			m = credMode{
-				UcdModeDomainCredentials: &s,
-			}
-		case UcdModeGroupMapping:
-			m = credMode{
-				UcdModeGroupMapping: e.UcdModeGroupMapping,
-			}
-		}
-
-		ans.Ucd = &creds{
-			Mode:                  m,
-			UcdLogSeverity:        e.UcdLogSeverity,
-			UcdAllowCategories:    util.StrToMem(e.UcdAllowCategories),
-			UcdAlertCategories:    util.StrToMem(e.UcdAlertCategories),
-			UcdBlockCategories:    util.StrToMem(e.UcdBlockCategories),
-			UcdContinueCategories: util.StrToMem(e.UcdContinueCategories),
-		}
-	}
-
-	if len(e.HttpHeaderInsertions) > 0 {
-		hhiEntries := make([]hhiEntry, 0, len(e.HttpHeaderInsertions))
-
-		for _, hhiObject := range e.HttpHeaderInsertions {
-			var headersInst *headers
-
-			if len(hhiObject.HttpHeaders) > 0 {
-				list := make([]headerEntry, 0, len(hhiObject.HttpHeaders))
-				for i := range hhiObject.HttpHeaders {
-					var name string
-					if hhiObject.HttpHeaders[i].Name == "" {
-						name = fmt.Sprintf("header-%d", i)
-					} else {
-						name = hhiObject.HttpHeaders[i].Name
-					}
-					list = append(list, headerEntry{
-						Name:   name,
-						Header: hhiObject.HttpHeaders[i].Header,
-						Value:  hhiObject.HttpHeaders[i].Value,
-						Log:    util.YesNo(hhiObject.HttpHeaders[i].Log),
-					})
-				}
-
-				headersInst = &headers{
-					Entries: list,
-				}
-			}
-
-			hhiEntries = append(hhiEntries, hhiEntry{
-				Name: hhiObject.Name,
-				Types: hhiType{
-					Entry: hhiTypeEntry{
-						Type:    hhiObject.Type,
-						Domains: util.StrToMem(hhiObject.Domains),
-						Headers: headersInst,
-					},
-				},
-			})
-		}
-
-		ans.Hhi = &hhi{
-			Entries: hhiEntries,
-		}
-	}
-
-	return ans
-}
-
-// 9.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                   o.Name,
-		Description:            o.Description,
-		AllowCategories:        util.MemToStr(o.AllowCategories),
-		AlertCategories:        util.MemToStr(o.AlertCategories),
-		BlockCategories:        util.MemToStr(o.BlockCategories),
-		ContinueCategories:     util.MemToStr(o.ContinueCategories),
-		OverrideCategories:     util.MemToStr(o.OverrideCategories),
-		TrackContainerPage:     util.AsBool(o.TrackContainerPage),
-		LogContainerPageOnly:   util.AsBool(o.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.AsBool(o.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.AsBool(o.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.AsBool(o.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.AsBool(o.LogHttpHeaderReferer),
-	}
-
-	if o.Ucd != nil {
-		switch {
-		case o.Ucd.Mode.UcdModeDisabled != nil:
-			ans.UcdMode = UcdModeDisabled
-		case o.Ucd.Mode.UcdModeIpUser != nil:
-			ans.UcdMode = UcdModeIpUser
-		case o.Ucd.Mode.UcdModeDomainCredentials != nil:
-			ans.UcdMode = UcdModeDomainCredentials
-		case o.Ucd.Mode.UcdModeGroupMapping != "":
-			ans.UcdMode = UcdModeGroupMapping
-			ans.UcdModeGroupMapping = o.Ucd.Mode.UcdModeGroupMapping
-		}
-
-		ans.UcdLogSeverity = o.Ucd.UcdLogSeverity
-		ans.UcdAllowCategories = util.MemToStr(o.Ucd.UcdAllowCategories)
-		ans.UcdAlertCategories = util.MemToStr(o.Ucd.UcdAlertCategories)
-		ans.UcdBlockCategories = util.MemToStr(o.Ucd.UcdBlockCategories)
-		ans.UcdContinueCategories = util.MemToStr(o.Ucd.UcdContinueCategories)
-	}
-
-	if o.Hhi != nil {
-		ins := make([]HttpHeaderInsertion, 0, len(o.Hhi.Entries))
-		for _, hhiObj := range o.Hhi.Entries {
-			var headerList []HttpHeader
-			if hhiObj.Types.Entry.Headers != nil {
-				headerList = make([]HttpHeader, 0, len(hhiObj.Types.Entry.Headers.Entries))
-				for _, hle := range hhiObj.Types.Entry.Headers.Entries {
-					headerList = append(headerList, HttpHeader{
-						Name:   hle.Name,
-						Header: hle.Header,
-						Value:  hle.Value,
-						Log:    util.AsBool(hle.Log),
-					})
-				}
-			}
-
-			ins = append(ins, HttpHeaderInsertion{
-				Name:        hhiObj.Name,
-				Type:        hhiObj.Types.Entry.Type,
-				Domains:     util.MemToStr(hhiObj.Types.Entry.Domains),
-				HttpHeaders: headerList,
-			})
-		}
-
-		ans.HttpHeaderInsertions = ins
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                xml.Name         `xml:"entry"`
-	Name                   string           `xml:"name,attr"`
-	Description            string           `xml:"description,omitempty"`
-	AllowCategories        *util.MemberType `xml:"allow"`
-	AlertCategories        *util.MemberType `xml:"alert"`
-	BlockCategories        *util.MemberType `xml:"block"`
-	ContinueCategories     *util.MemberType `xml:"continue"`
-	OverrideCategories     *util.MemberType `xml:"override"`
-	Ucd                    *creds           `xml:"credential-enforcement"`
-	TrackContainerPage     string           `xml:"enable-container-page"`
-	LogContainerPageOnly   string           `xml:"log-container-page-only"`
-	SafeSearchEnforcement  string           `xml:"safe-search-enforcement"`
-	LogHttpHeaderXff       string           `xml:"log-http-hdr-xff"`
-	LogHttpHeaderUserAgent string           `xml:"log-http-hdr-user-agent"`
-	LogHttpHeaderReferer   string           `xml:"log-http-hdr-referer"`
-	Hhi                    *hhi             `xml:"http-header-insertion"`
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                   e.Name,
-		Description:            e.Description,
-		AllowCategories:        util.StrToMem(e.AllowCategories),
-		AlertCategories:        util.StrToMem(e.AlertCategories),
-		BlockCategories:        util.StrToMem(e.BlockCategories),
-		ContinueCategories:     util.StrToMem(e.ContinueCategories),
-		OverrideCategories:     util.StrToMem(e.OverrideCategories),
-		TrackContainerPage:     util.YesNo(e.TrackContainerPage),
-		LogContainerPageOnly:   util.YesNo(e.LogContainerPageOnly),
-		SafeSearchEnforcement:  util.YesNo(e.SafeSearchEnforcement),
-		LogHttpHeaderXff:       util.YesNo(e.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent: util.YesNo(e.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:   util.YesNo(e.LogHttpHeaderReferer),
-	}
-
-	if e.UcdMode != "" || e.UcdLogSeverity != "" || len(e.UcdAllowCategories) != 0 || len(e.UcdAlertCategories) != 0 || len(e.UcdBlockCategories) != 0 || len(e.UcdContinueCategories) != 0 {
-		s := ""
-		var m credMode
-		switch e.UcdMode {
-		case UcdModeDisabled:
-			m = credMode{
-				UcdModeDisabled: &s,
-			}
-		case UcdModeIpUser:
-			m = credMode{
-				UcdModeIpUser: &s,
-			}
-		case UcdModeDomainCredentials:
-			m = credMode{
-				UcdModeDomainCredentials: &s,
-			}
-		case UcdModeGroupMapping:
-			m = credMode{
-				UcdModeGroupMapping: e.UcdModeGroupMapping,
-			}
-		}
-
-		ans.Ucd = &creds{
-			Mode:                  m,
-			UcdLogSeverity:        e.UcdLogSeverity,
-			UcdAllowCategories:    util.StrToMem(e.UcdAllowCategories),
-			UcdAlertCategories:    util.StrToMem(e.UcdAlertCategories),
-			UcdBlockCategories:    util.StrToMem(e.UcdBlockCategories),
-			UcdContinueCategories: util.StrToMem(e.UcdContinueCategories),
-		}
-	}
-
-	if len(e.HttpHeaderInsertions) > 0 {
-		hhiEntries := make([]hhiEntry, 0, len(e.HttpHeaderInsertions))
-
-		for _, hhiObject := range e.HttpHeaderInsertions {
-			var headersInst *headers
-
-			if len(hhiObject.HttpHeaders) > 0 {
-				list := make([]headerEntry, 0, len(hhiObject.HttpHeaders))
-				for i := range hhiObject.HttpHeaders {
-					var name string
-					if hhiObject.HttpHeaders[i].Name == "" {
-						name = fmt.Sprintf("header-%d", i)
-					} else {
-						name = hhiObject.HttpHeaders[i].Name
-					}
-					list = append(list, headerEntry{
-						Name:   name,
-						Header: hhiObject.HttpHeaders[i].Header,
-						Value:  hhiObject.HttpHeaders[i].Value,
-						Log:    util.YesNo(hhiObject.HttpHeaders[i].Log),
-					})
-				}
-
-				headersInst = &headers{
-					Entries: list,
-				}
-			}
-
-			hhiEntries = append(hhiEntries, hhiEntry{
-				Name: hhiObject.Name,
-				Types: hhiType{
-					Entry: hhiTypeEntry{
-						Type:    hhiObject.Type,
-						Domains: util.StrToMem(hhiObject.Domains),
-						Headers: headersInst,
-					},
-				},
-			})
-		}
-
-		ans.Hhi = &hhi{
-			Entries: hhiEntries,
-		}
-	}
-
-	return ans
-}
-
-// 10.0
-type container_v5 struct {
-	Answer []entry_v5 `xml:"entry"`
-}
-
-func (o *container_v5) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v5) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v5) normalize() Entry {
-	ans := Entry{
-		Name:                      o.Name,
-		Description:               o.Description,
-		AllowCategories:           util.MemToStr(o.AllowCategories),
-		AlertCategories:           util.MemToStr(o.AlertCategories),
-		BlockCategories:           util.MemToStr(o.BlockCategories),
-		ContinueCategories:        util.MemToStr(o.ContinueCategories),
-		OverrideCategories:        util.MemToStr(o.OverrideCategories),
-		TrackContainerPage:        util.AsBool(o.TrackContainerPage),
-		LogContainerPageOnly:      util.AsBool(o.LogContainerPageOnly),
-		SafeSearchEnforcement:     util.AsBool(o.SafeSearchEnforcement),
-		LogHttpHeaderXff:          util.AsBool(o.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent:    util.AsBool(o.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:      util.AsBool(o.LogHttpHeaderReferer),
-		MachineLearningExceptions: util.MemToStr(o.MachineLearningExceptions),
-	}
-
-	if o.Ucd != nil {
-		switch {
-		case o.Ucd.Mode.UcdModeDisabled != nil:
-			ans.UcdMode = UcdModeDisabled
-		case o.Ucd.Mode.UcdModeIpUser != nil:
-			ans.UcdMode = UcdModeIpUser
-		case o.Ucd.Mode.UcdModeDomainCredentials != nil:
-			ans.UcdMode = UcdModeDomainCredentials
-		case o.Ucd.Mode.UcdModeGroupMapping != "":
-			ans.UcdMode = UcdModeGroupMapping
-			ans.UcdModeGroupMapping = o.Ucd.Mode.UcdModeGroupMapping
-		}
-
-		ans.UcdLogSeverity = o.Ucd.UcdLogSeverity
-		ans.UcdAllowCategories = util.MemToStr(o.Ucd.UcdAllowCategories)
-		ans.UcdAlertCategories = util.MemToStr(o.Ucd.UcdAlertCategories)
-		ans.UcdBlockCategories = util.MemToStr(o.Ucd.UcdBlockCategories)
-		ans.UcdContinueCategories = util.MemToStr(o.Ucd.UcdContinueCategories)
-	}
-
-	if o.Hhi != nil {
-		ins := make([]HttpHeaderInsertion, 0, len(o.Hhi.Entries))
-		for _, hhiObj := range o.Hhi.Entries {
-			var headerList []HttpHeader
-			if hhiObj.Types.Entry.Headers != nil {
-				headerList = make([]HttpHeader, 0, len(hhiObj.Types.Entry.Headers.Entries))
-				for _, hle := range hhiObj.Types.Entry.Headers.Entries {
-					headerList = append(headerList, HttpHeader{
-						Name:   hle.Name,
-						Header: hle.Header,
-						Value:  hle.Value,
-						Log:    util.AsBool(hle.Log),
-					})
-				}
-			}
-
-			ins = append(ins, HttpHeaderInsertion{
-				Name:        hhiObj.Name,
-				Type:        hhiObj.Types.Entry.Type,
-				Domains:     util.MemToStr(hhiObj.Types.Entry.Domains),
-				HttpHeaders: headerList,
-			})
-		}
-
-		ans.HttpHeaderInsertions = ins
-	}
-
-	if o.MlModels != nil {
-		listing := make([]MachineLearningModel, 0, len(o.MlModels.Entries))
-		for _, model := range o.MlModels.Entries {
-			listing = append(listing, MachineLearningModel{
-				Model:  model.Model,
-				Action: model.Action,
-			})
-		}
-
-		ans.MachineLearningModels = listing
-	}
-
-	return ans
-}
-
-type entry_v5 struct {
-	XMLName                   xml.Name         `xml:"entry"`
-	Name                      string           `xml:"name,attr"`
-	Description               string           `xml:"description,omitempty"`
-	AllowCategories           *util.MemberType `xml:"allow"`
-	AlertCategories           *util.MemberType `xml:"alert"`
-	BlockCategories           *util.MemberType `xml:"block"`
-	ContinueCategories        *util.MemberType `xml:"continue"`
-	OverrideCategories        *util.MemberType `xml:"override"`
-	Ucd                       *creds           `xml:"credential-enforcement"`
-	TrackContainerPage        string           `xml:"enable-container-page"`
-	LogContainerPageOnly      string           `xml:"log-container-page-only"`
-	SafeSearchEnforcement     string           `xml:"safe-search-enforcement"`
-	LogHttpHeaderXff          string           `xml:"log-http-hdr-xff"`
-	LogHttpHeaderUserAgent    string           `xml:"log-http-hdr-user-agent"`
-	LogHttpHeaderReferer      string           `xml:"log-http-hdr-referer"`
-	Hhi                       *hhi             `xml:"http-header-insertion"`
-	MachineLearningExceptions *util.MemberType `xml:"mlav-category-exception"`
-	MlModels                  *mlmodels        `xml:"mlav-engine-urlbased-enabled"`
-}
-
-type mlmodels struct {
-	Entries []mlmodel `xml:"entry"`
-}
-
-type mlmodel struct {
-	Model  string `xml:"name,attr"`
-	Action string `xml:"mlav-policy-action"`
-}
-
-func specify_v5(e Entry) interface{} {
-	ans := entry_v5{
-		Name:                      e.Name,
-		Description:               e.Description,
-		AllowCategories:           util.StrToMem(e.AllowCategories),
-		AlertCategories:           util.StrToMem(e.AlertCategories),
-		BlockCategories:           util.StrToMem(e.BlockCategories),
-		ContinueCategories:        util.StrToMem(e.ContinueCategories),
-		OverrideCategories:        util.StrToMem(e.OverrideCategories),
-		TrackContainerPage:        util.YesNo(e.TrackContainerPage),
-		LogContainerPageOnly:      util.YesNo(e.LogContainerPageOnly),
-		SafeSearchEnforcement:     util.YesNo(e.SafeSearchEnforcement),
-		LogHttpHeaderXff:          util.YesNo(e.LogHttpHeaderXff),
-		LogHttpHeaderUserAgent:    util.YesNo(e.LogHttpHeaderUserAgent),
-		LogHttpHeaderReferer:      util.YesNo(e.LogHttpHeaderReferer),
-		MachineLearningExceptions: util.StrToMem(e.MachineLearningExceptions),
-	}
-
-	if e.UcdMode != "" || e.UcdLogSeverity != "" || len(e.UcdAllowCategories) != 0 || len(e.UcdAlertCategories) != 0 || len(e.UcdBlockCategories) != 0 || len(e.UcdContinueCategories) != 0 {
-		s := ""
-		var m credMode
-		switch e.UcdMode {
-		case UcdModeDisabled:
-			m = credMode{
-				UcdModeDisabled: &s,
-			}
-		case UcdModeIpUser:
-			m = credMode{
-				UcdModeIpUser: &s,
-			}
-		case UcdModeDomainCredentials:
-			m = credMode{
-				UcdModeDomainCredentials: &s,
-			}
-		case UcdModeGroupMapping:
-			m = credMode{
-				UcdModeGroupMapping: e.UcdModeGroupMapping,
-			}
-		}
-
-		ans.Ucd = &creds{
-			Mode:                  m,
-			UcdLogSeverity:        e.UcdLogSeverity,
-			UcdAllowCategories:    util.StrToMem(e.UcdAllowCategories),
-			UcdAlertCategories:    util.StrToMem(e.UcdAlertCategories),
-			UcdBlockCategories:    util.StrToMem(e.UcdBlockCategories),
-			UcdContinueCategories: util.StrToMem(e.UcdContinueCategories),
-		}
-	}
-
-	if len(e.HttpHeaderInsertions) > 0 {
-		hhiEntries := make([]hhiEntry, 0, len(e.HttpHeaderInsertions))
-
-		for _, hhiObject := range e.HttpHeaderInsertions {
-			var headersInst *headers
-
-			if len(hhiObject.HttpHeaders) > 0 {
-				list := make([]headerEntry, 0, len(hhiObject.HttpHeaders))
-				for i := range hhiObject.HttpHeaders {
-					var name string
-					if hhiObject.HttpHeaders[i].Name == "" {
-						name = fmt.Sprintf("header-%d", i)
-					} else {
-						name = hhiObject.HttpHeaders[i].Name
-					}
-					list = append(list, headerEntry{
-						Name:   name,
-						Header: hhiObject.HttpHeaders[i].Header,
-						Value:  hhiObject.HttpHeaders[i].Value,
-						Log:    util.YesNo(hhiObject.HttpHeaders[i].Log),
-					})
-				}
-
-				headersInst = &headers{
-					Entries: list,
-				}
-			}
-
-			hhiEntries = append(hhiEntries, hhiEntry{
-				Name: hhiObject.Name,
-				Types: hhiType{
-					Entry: hhiTypeEntry{
-						Type:    hhiObject.Type,
-						Domains: util.StrToMem(hhiObject.Domains),
-						Headers: headersInst,
-					},
-				},
-			})
-		}
-
-		ans.Hhi = &hhi{
-			Entries: hhiEntries,
-		}
-	}
-
-	if len(e.MachineLearningModels) > 0 {
-		listing := make([]mlmodel, 0, len(e.MachineLearningModels))
-		for _, model := range e.MachineLearningModels {
-			listing = append(listing, mlmodel{
-				Model:  model.Model,
-				Action: model.Action,
-			})
-		}
-
-		ans.MlModels = &mlmodels{
-			Entries: listing,
-		}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/url/funcs.go b/objs/profile/security/url/funcs.go
deleted file mode 100644
index 83e64f4d..00000000
--- a/objs/profile/security/url/funcs.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package url
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v5{}, specify_v5
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/url/fw.go b/objs/profile/security/url/fw.go
deleted file mode 100644
index d0630e7d..00000000
--- a/objs/profile/security/url/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.UrlFilteringProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"url-filtering",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/url/fw_test.go b/objs/profile/security/url/fw_test.go
deleted file mode 100644
index c7ddbbba..00000000
--- a/objs/profile/security/url/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package url
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/url/pano.go b/objs/profile/security/url/pano.go
deleted file mode 100644
index fe395c23..00000000
--- a/objs/profile/security/url/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.UrlFilteringProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"url-filtering",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/url/pano_test.go b/objs/profile/security/url/pano_test.go
deleted file mode 100644
index ca09932c..00000000
--- a/objs/profile/security/url/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package url
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/url/testdata_test.go b/objs/profile/security/url/testdata_test.go
deleted file mode 100644
index 521b8156..00000000
--- a/objs/profile/security/url/testdata_test.go
+++ /dev/null
@@ -1,493 +0,0 @@
-package url
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 minimal", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "block",
-		}},
-		{"v1 all bools true", version.Number{7, 1, 0, ""}, Entry{
-			Name:                   "t1",
-			Description:            "foobar",
-			BlockListAction:        "continue",
-			DynamicUrl:             true,
-			ExpiredLicenseAction:   true,
-			TrackContainerPage:     true,
-			LogContainerPageOnly:   true,
-			SafeSearchEnforcement:  true,
-			LogHttpHeaderXff:       true,
-			LogHttpHeaderUserAgent: true,
-			LogHttpHeaderReferer:   true,
-		}},
-		{"v1 block list", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v1 allow list", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v1 allow categories", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v1 alert categories", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v1 block categories", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v1 continue categories", version.Number{7, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			ContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v1 override categories", version.Number{7, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			OverrideCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 minimal", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "block",
-		}},
-		{"v2 all bools true", version.Number{8, 0, 0, ""}, Entry{
-			Name:                   "t1",
-			Description:            "foobar",
-			BlockListAction:        "continue",
-			DynamicUrl:             true,
-			ExpiredLicenseAction:   true,
-			TrackContainerPage:     true,
-			LogContainerPageOnly:   true,
-			SafeSearchEnforcement:  true,
-			LogHttpHeaderXff:       true,
-			LogHttpHeaderUserAgent: true,
-			LogHttpHeaderReferer:   true,
-		}},
-		{"v2 block list", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v2 allow list", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v2 allow categories", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 alert categories", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 block categories", version.Number{8, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 continue categories", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			ContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 override categories", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			OverrideCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 with credential enforcement settings mode disabled", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeDisabled,
-			UcdAllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 with credential enforcement settings mode user ip user mappings", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeIpUser,
-			UcdLogSeverity:     "informational",
-			UcdAlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 with credential enforcement settings mode domain credentials", version.Number{8, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeDomainCredentials,
-			UcdLogSeverity:     "informational",
-			UcdBlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v2 with credential enforcement settings mode group mapping", version.Number{8, 0, 0, ""}, Entry{
-			Name:                  "t1",
-			Description:           "foobar",
-			BlockListAction:       "alert",
-			UcdMode:               UcdModeGroupMapping,
-			UcdModeGroupMapping:   "myGroup",
-			UcdLogSeverity:        "informational",
-			UcdContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 minimal", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "block",
-		}},
-		{"v3 all bools true", version.Number{8, 1, 0, ""}, Entry{
-			Name:                   "t1",
-			Description:            "foobar",
-			BlockListAction:        "continue",
-			DynamicUrl:             true,
-			ExpiredLicenseAction:   true,
-			TrackContainerPage:     true,
-			LogContainerPageOnly:   true,
-			SafeSearchEnforcement:  true,
-			LogHttpHeaderXff:       true,
-			LogHttpHeaderUserAgent: true,
-			LogHttpHeaderReferer:   true,
-		}},
-		{"v3 block list", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v3 allow list", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowList:       []string{"www.hotmail.com", "www.cnn.com/news"},
-		}},
-		{"v3 allow categories", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 alert categories", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			AlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 block categories", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			BlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 continue categories", version.Number{8, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			ContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 override categories", version.Number{8, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			OverrideCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 with credential enforcement settings mode disabled", version.Number{8, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeDisabled,
-			UcdAllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 with credential enforcement settings mode user ip user mappings", version.Number{8, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeIpUser,
-			UcdLogSeverity:     "informational",
-			UcdAlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 with credential enforcement settings mode domain credentials", version.Number{8, 1, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			BlockListAction:    "alert",
-			UcdMode:            UcdModeDomainCredentials,
-			UcdLogSeverity:     "informational",
-			UcdBlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 with credential enforcement settings mode group mapping", version.Number{8, 1, 0, ""}, Entry{
-			Name:                  "t1",
-			Description:           "foobar",
-			BlockListAction:       "alert",
-			UcdMode:               UcdModeGroupMapping,
-			UcdModeGroupMapping:   "myGroup",
-			UcdLogSeverity:        "informational",
-			UcdContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v3 with header insertion", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockListAction: "alert",
-			HttpHeaderInsertions: []HttpHeaderInsertion{
-				HttpHeaderInsertion{
-					Name:    "h1",
-					Type:    "Custom",
-					Domains: []string{"domain1.com", "domain2.com"},
-					HttpHeaders: []HttpHeader{
-						HttpHeader{
-							Name:   "header-0",
-							Header: "X-Panw",
-							Value:  "foo",
-							Log:    true,
-						},
-						HttpHeader{
-							Name:   "header-1",
-							Header: "X-Api",
-							Value:  "bar",
-							Log:    false,
-						},
-					},
-				},
-			},
-		}},
-		{"v4 minimal", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v4 all bools true", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "t1",
-			Description:            "foobar",
-			TrackContainerPage:     true,
-			LogContainerPageOnly:   true,
-			SafeSearchEnforcement:  true,
-			LogHttpHeaderXff:       true,
-			LogHttpHeaderUserAgent: true,
-			LogHttpHeaderReferer:   true,
-		}},
-		{"v4 allow categories", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			AllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 alert categories", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			AlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 block categories", version.Number{9, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 continue categories", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			ContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 override categories", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			OverrideCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 with credential enforcement settings mode disabled", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeDisabled,
-			UcdAllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 with credential enforcement settings mode user ip user mappings", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeIpUser,
-			UcdLogSeverity:     "informational",
-			UcdAlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 with credential enforcement settings mode domain credentials", version.Number{9, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeDomainCredentials,
-			UcdLogSeverity:     "informational",
-			UcdBlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 with credential enforcement settings mode group mapping", version.Number{9, 0, 0, ""}, Entry{
-			Name:                  "t1",
-			Description:           "foobar",
-			UcdMode:               UcdModeGroupMapping,
-			UcdModeGroupMapping:   "myGroup",
-			UcdLogSeverity:        "informational",
-			UcdContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v4 with header insertion", version.Number{9, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			HttpHeaderInsertions: []HttpHeaderInsertion{
-				HttpHeaderInsertion{
-					Name:    "h1",
-					Type:    "Custom",
-					Domains: []string{"domain1.com", "domain2.com"},
-					HttpHeaders: []HttpHeader{
-						HttpHeader{
-							Name:   "header-0",
-							Header: "X-Panw",
-							Value:  "foo",
-							Log:    true,
-						},
-						HttpHeader{
-							Name:   "header-1",
-							Header: "X-Api",
-							Value:  "bar",
-							Log:    false,
-						},
-					},
-				},
-			},
-		}},
-		{"v5 minimal", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v5 all bools true", version.Number{10, 0, 0, ""}, Entry{
-			Name:                   "t1",
-			Description:            "foobar",
-			TrackContainerPage:     true,
-			LogContainerPageOnly:   true,
-			SafeSearchEnforcement:  true,
-			LogHttpHeaderXff:       true,
-			LogHttpHeaderUserAgent: true,
-			LogHttpHeaderReferer:   true,
-		}},
-		{"v5 allow categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			AllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 alert categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			AlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 block categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:            "t1",
-			Description:     "foobar",
-			BlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 continue categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			ContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 override categories", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			OverrideCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 with credential enforcement settings mode disabled", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeDisabled,
-			UcdAllowCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 with credential enforcement settings mode user ip user mappings", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeIpUser,
-			UcdLogSeverity:     "informational",
-			UcdAlertCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 with credential enforcement settings mode domain credentials", version.Number{10, 0, 0, ""}, Entry{
-			Name:               "t1",
-			Description:        "foobar",
-			UcdMode:            UcdModeDomainCredentials,
-			UcdLogSeverity:     "informational",
-			UcdBlockCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 with credential enforcement settings mode group mapping", version.Number{10, 0, 0, ""}, Entry{
-			Name:                  "t1",
-			Description:           "foobar",
-			UcdMode:               UcdModeGroupMapping,
-			UcdModeGroupMapping:   "myGroup",
-			UcdLogSeverity:        "informational",
-			UcdContinueCategories: []string{"hacking", "dating", "malware", "phishing"},
-		}},
-		{"v5 with header insertion", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			HttpHeaderInsertions: []HttpHeaderInsertion{
-				HttpHeaderInsertion{
-					Name:    "h1",
-					Type:    "Custom",
-					Domains: []string{"domain1.com", "domain2.com"},
-					HttpHeaders: []HttpHeader{
-						HttpHeader{
-							Name:   "header-0",
-							Header: "X-Panw",
-							Value:  "foo",
-							Log:    true,
-						},
-						HttpHeader{
-							Name:   "header-1",
-							Header: "X-Api",
-							Value:  "bar",
-							Log:    false,
-						},
-					},
-				},
-			},
-		}},
-		{"v5 ml models", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			MachineLearningModels: []MachineLearningModel{
-				MachineLearningModel{
-					Model:  "model1",
-					Action: "allow",
-				},
-				MachineLearningModel{
-					Model:  "model2",
-					Action: "alert",
-				},
-				MachineLearningModel{
-					Model:  "model3",
-					Action: "block",
-				},
-			},
-		}},
-		{"v5 ml exceptions", version.Number{10, 0, 0, ""}, Entry{
-			Name:                      "t1",
-			Description:               "foobar",
-			MachineLearningExceptions: []string{"ex1", "ex2"},
-		}},
-	}
-}
diff --git a/objs/profile/security/virus/const.go b/objs/profile/security/virus/const.go
deleted file mode 100644
index 898ec4c8..00000000
--- a/objs/profile/security/virus/const.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package virus
-
-/*
-Valid values for Decoder.Action and ApplicationException.Action.
-
-Block:          PAN-OS 6.1 only.
-Drop:           PAN-OS 7.0+
-ResetClient:    PAN-OS 7.0+
-ResetServer:    PAN-OS 7.0+
-ResetBoth:      PAN-OS 7.0+
-*/
-const (
-	Default     = "default"
-	Allow       = "allow"
-	Alert       = "alert"
-	Block       = "block"
-	Drop        = "drop"
-	ResetClient = "reset-client"
-	ResetServer = "reset-server"
-	ResetBoth   = "reset-both"
-)
-
-const (
-	singular = "antivirus security profile"
-	plural   = "antivirus security profiles"
-)
diff --git a/objs/profile/security/virus/doc.go b/objs/profile/security/virus/doc.go
deleted file mode 100644
index 43c103f0..00000000
--- a/objs/profile/security/virus/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package virus is the client.Object.AntivirusProfile namespace.
-
-Normalized object:  Entry
-*/
-package virus
diff --git a/objs/profile/security/virus/entry.go b/objs/profile/security/virus/entry.go
deleted file mode 100644
index b1553589..00000000
--- a/objs/profile/security/virus/entry.go
+++ /dev/null
@@ -1,420 +0,0 @@
-package virus
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// antivirus security profile.
-type Entry struct {
-	Name                      string
-	Description               string
-	PacketCapture             bool
-	Decoders                  []Decoder
-	ApplicationExceptions     []ApplicationException
-	ThreatExceptions          []string
-	MachineLearningModels     []MachineLearningModel     // 10.0
-	MachineLearningExceptions []MachineLearningException // 10.0
-}
-
-type Decoder struct {
-	Name                  string
-	Action                string
-	WildfireAction        string
-	MachineLearningAction string // 10.0
-}
-
-type ApplicationException struct {
-	Application string
-	Action      string
-}
-
-type MachineLearningModel struct {
-	Model  string
-	Action string
-}
-
-type MachineLearningException struct {
-	Name        string
-	Description string
-	Filename    string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.PacketCapture = s.PacketCapture
-	if s.Decoders == nil {
-		o.Decoders = nil
-	} else {
-		o.Decoders = make([]Decoder, 0, len(s.Decoders))
-		for _, x := range s.Decoders {
-			o.Decoders = append(o.Decoders, Decoder{
-				Name:                  x.Name,
-				Action:                x.Action,
-				WildfireAction:        x.WildfireAction,
-				MachineLearningAction: x.MachineLearningAction,
-			})
-		}
-	}
-	if s.ApplicationExceptions == nil {
-		o.ApplicationExceptions = nil
-	} else {
-		o.ApplicationExceptions = make([]ApplicationException, 0, len(s.ApplicationExceptions))
-		for _, x := range s.ApplicationExceptions {
-			o.ApplicationExceptions = append(o.ApplicationExceptions, ApplicationException{
-				Application: x.Application,
-				Action:      x.Action,
-			})
-		}
-	}
-	o.ThreatExceptions = s.ThreatExceptions
-	if s.MachineLearningModels == nil {
-		o.MachineLearningModels = nil
-	} else {
-		o.MachineLearningModels = make([]MachineLearningModel, 0, len(s.MachineLearningModels))
-		for _, x := range s.MachineLearningModels {
-			o.MachineLearningModels = append(o.MachineLearningModels, MachineLearningModel{
-				Model:  x.Model,
-				Action: x.Action,
-			})
-		}
-	}
-	if s.MachineLearningExceptions == nil {
-		o.MachineLearningExceptions = nil
-	} else {
-		o.MachineLearningExceptions = make([]MachineLearningException, 0, len(s.MachineLearningExceptions))
-		for _, x := range s.MachineLearningExceptions {
-			o.MachineLearningExceptions = append(o.MachineLearningExceptions, MachineLearningException{
-				Name:        x.Name,
-				Description: x.Description,
-				Filename:    x.Filename,
-			})
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		Description:      o.Description,
-		PacketCapture:    util.AsBool(o.PacketCapture),
-		ThreatExceptions: util.EntToStr(o.ThreatExceptions),
-	}
-
-	if o.Decoder != nil {
-		data := make([]Decoder, 0, len(o.Decoder.Entries))
-		for _, d := range o.Decoder.Entries {
-			data = append(data, Decoder{
-				Name:           d.Name,
-				Action:         d.Action,
-				WildfireAction: d.WildfireAction,
-			})
-		}
-
-		ans.Decoders = data
-	}
-
-	if o.Application != nil {
-		data := make([]ApplicationException, 0, len(o.Application.Entries))
-		for _, d := range o.Application.Entries {
-			data = append(data, ApplicationException{
-				Application: d.Application,
-				Action:      d.Action,
-			})
-		}
-
-		ans.ApplicationExceptions = data
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName          xml.Name        `xml:"entry"`
-	Name             string          `xml:"name,attr"`
-	Description      string          `xml:"description,omitempty"`
-	PacketCapture    string          `xml:"packet-capture"`
-	Decoder          *decoder_v1     `xml:"decoder"`
-	Application      *application    `xml:"application"`
-	ThreatExceptions *util.EntryType `xml:"threat-exception"`
-}
-
-type decoder_v1 struct {
-	Entries []decoderEntry_v1 `xml:"entry"`
-}
-
-type decoderEntry_v1 struct {
-	Name           string `xml:"name,attr"`
-	Action         string `xml:"action,omitempty"`
-	WildfireAction string `xml:"wildfire-action,omitempty"`
-}
-
-type application struct {
-	Entries []applicationEntry `xml:"entry"`
-}
-
-type applicationEntry struct {
-	Application string `xml:"name,attr"`
-	Action      string `xml:"action,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:             e.Name,
-		Description:      e.Description,
-		PacketCapture:    util.YesNo(e.PacketCapture),
-		ThreatExceptions: util.StrToEnt(e.ThreatExceptions),
-	}
-
-	if len(e.Decoders) > 0 {
-		data := make([]decoderEntry_v1, 0, len(e.Decoders))
-		for _, d := range e.Decoders {
-			data = append(data, decoderEntry_v1{
-				Name:           d.Name,
-				Action:         d.Action,
-				WildfireAction: d.WildfireAction,
-			})
-		}
-
-		ans.Decoder = &decoder_v1{Entries: data}
-	}
-
-	if len(e.ApplicationExceptions) > 0 {
-		data := make([]applicationEntry, 0, len(e.ApplicationExceptions))
-		for _, d := range e.ApplicationExceptions {
-			data = append(data, applicationEntry{
-				Application: d.Application,
-				Action:      d.Action,
-			})
-		}
-
-		ans.Application = &application{Entries: data}
-	}
-
-	return ans
-}
-
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:             o.Name,
-		Description:      o.Description,
-		PacketCapture:    util.AsBool(o.PacketCapture),
-		ThreatExceptions: util.EntToStr(o.ThreatExceptions),
-	}
-
-	if o.Decoder != nil {
-		data := make([]Decoder, 0, len(o.Decoder.Entries))
-		for _, d := range o.Decoder.Entries {
-			data = append(data, Decoder{
-				Name:                  d.Name,
-				Action:                d.Action,
-				WildfireAction:        d.WildfireAction,
-				MachineLearningAction: d.MachineLearningAction,
-			})
-		}
-
-		ans.Decoders = data
-	}
-
-	if o.Application != nil {
-		data := make([]ApplicationException, 0, len(o.Application.Entries))
-		for _, d := range o.Application.Entries {
-			data = append(data, ApplicationException{
-				Application: d.Application,
-				Action:      d.Action,
-			})
-		}
-
-		ans.ApplicationExceptions = data
-	}
-
-	if o.Ml != nil {
-		data := make([]MachineLearningModel, 0, len(o.Ml.Entries))
-		for _, d := range o.Ml.Entries {
-			data = append(data, MachineLearningModel{
-				Model:  d.Model,
-				Action: d.Action,
-			})
-		}
-
-		ans.MachineLearningModels = data
-	}
-
-	if o.MlException != nil {
-		data := make([]MachineLearningException, 0, len(o.MlException.Entries))
-		for _, d := range o.MlException.Entries {
-			data = append(data, MachineLearningException{
-				Name:        d.Name,
-				Description: d.Description,
-				Filename:    d.Filename,
-			})
-		}
-
-		ans.MachineLearningExceptions = data
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName          xml.Name        `xml:"entry"`
-	Name             string          `xml:"name,attr"`
-	Description      string          `xml:"description,omitempty"`
-	PacketCapture    string          `xml:"packet-capture"`
-	Ml               *mlConfig       `xml:"mlav-engine-filebased-enabled"`
-	Decoder          *decoder_v2     `xml:"decoder"`
-	Application      *application    `xml:"application"`
-	ThreatExceptions *util.EntryType `xml:"threat-exception"`
-	MlException      *mleConfig      `xml:"mlav-exception"`
-}
-
-type mlConfig struct {
-	Entries []mlEntry `xml:"entry"`
-}
-
-type mlEntry struct {
-	Model  string `xml:"name,attr"`
-	Action string `xml:"mlav-policy-action"`
-}
-
-type decoder_v2 struct {
-	Entries []decoderEntry_v2 `xml:"entry"`
-}
-
-type decoderEntry_v2 struct {
-	Name                  string `xml:"name,attr"`
-	Action                string `xml:"action,omitempty"`
-	WildfireAction        string `xml:"wildfire-action,omitempty"`
-	MachineLearningAction string `xml:"mlav-action,omitempty"`
-}
-
-type mleConfig struct {
-	Entries []mlExceptionEntry `xml:"entry"`
-}
-
-type mlExceptionEntry struct {
-	Name        string `xml:"name,attr"`
-	Description string `xml:"description,omitempty"`
-	Filename    string `xml:"filename,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:             e.Name,
-		Description:      e.Description,
-		PacketCapture:    util.YesNo(e.PacketCapture),
-		ThreatExceptions: util.StrToEnt(e.ThreatExceptions),
-	}
-
-	if len(e.Decoders) > 0 {
-		data := make([]decoderEntry_v2, 0, len(e.Decoders))
-		for _, d := range e.Decoders {
-			data = append(data, decoderEntry_v2{
-				Name:                  d.Name,
-				Action:                d.Action,
-				WildfireAction:        d.WildfireAction,
-				MachineLearningAction: d.MachineLearningAction,
-			})
-		}
-
-		ans.Decoder = &decoder_v2{Entries: data}
-	}
-
-	if len(e.ApplicationExceptions) > 0 {
-		data := make([]applicationEntry, 0, len(e.ApplicationExceptions))
-		for _, d := range e.ApplicationExceptions {
-			data = append(data, applicationEntry{
-				Application: d.Application,
-				Action:      d.Action,
-			})
-		}
-
-		ans.Application = &application{Entries: data}
-	}
-
-	if len(e.MachineLearningModels) > 0 {
-		data := make([]mlEntry, 0, len(e.MachineLearningModels))
-		for _, d := range e.MachineLearningModels {
-			data = append(data, mlEntry{
-				Model:  d.Model,
-				Action: d.Action,
-			})
-		}
-
-		ans.Ml = &mlConfig{Entries: data}
-	}
-
-	if len(e.MachineLearningExceptions) > 0 {
-		data := make([]mlExceptionEntry, 0, len(e.MachineLearningExceptions))
-		for _, d := range e.MachineLearningExceptions {
-			data = append(data, mlExceptionEntry{
-				Name:        d.Name,
-				Description: d.Description,
-				Filename:    d.Filename,
-			})
-		}
-
-		ans.MlException = &mleConfig{Entries: data}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/virus/funcs.go b/objs/profile/security/virus/funcs.go
deleted file mode 100644
index 791fd949..00000000
--- a/objs/profile/security/virus/funcs.go
+++ /dev/null
@@ -1,95 +0,0 @@
-package virus
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		// Between PAN-OS 6.1 and PAN-OS 9.1, some defaults and acceptable
-		// values have changed, but not the schema itself.  Thus, we will
-		// use the same normalization code for all of these versions.
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/virus/fw.go b/objs/profile/security/virus/fw.go
deleted file mode 100644
index 284f435b..00000000
--- a/objs/profile/security/virus/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package virus
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.AntivirusProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"virus",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/virus/fw_test.go b/objs/profile/security/virus/fw_test.go
deleted file mode 100644
index 3377f5de..00000000
--- a/objs/profile/security/virus/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package virus
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/virus/pano.go b/objs/profile/security/virus/pano.go
deleted file mode 100644
index 09f42dd9..00000000
--- a/objs/profile/security/virus/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package virus
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.AntivirusProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"virus",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/virus/pano_test.go b/objs/profile/security/virus/pano_test.go
deleted file mode 100644
index 5077f6ad..00000000
--- a/objs/profile/security/virus/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package virus
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/virus/testdata_test.go b/objs/profile/security/virus/testdata_test.go
deleted file mode 100644
index 711dd21c..00000000
--- a/objs/profile/security/virus/testdata_test.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package virus
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 blank", version.Number{6, 1, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "foobar",
-			PacketCapture: false,
-		}},
-		{"v1 with decoders", version.Number{6, 1, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "foobar",
-			PacketCapture: true,
-			Decoders: []Decoder{
-				Decoder{
-					Name: "smtp",
-				},
-				Decoder{
-					Name:   "smb",
-					Action: Allow,
-				},
-				Decoder{
-					Name:           "pop3",
-					Action:         ResetClient,
-					WildfireAction: Alert,
-				},
-				Decoder{
-					Name:           "http",
-					WildfireAction: ResetServer,
-				},
-			},
-		}},
-		{"v1 with app exceptions", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			ApplicationExceptions: []ApplicationException{
-				ApplicationException{
-					Application: "amazon-aws-console",
-				},
-				ApplicationException{
-					Application: "dell-update",
-					Action:      Allow,
-				},
-				ApplicationException{
-					Application: "hotmail",
-					Action:      ResetClient,
-				},
-			},
-		}},
-		{"v2 blank", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "foobar",
-			PacketCapture: false,
-		}},
-		{"v2 with decoders", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "foobar",
-			PacketCapture: true,
-			Decoders: []Decoder{
-				Decoder{
-					Name: "smtp",
-				},
-				Decoder{
-					Name:   "smb",
-					Action: Allow,
-				},
-				Decoder{
-					Name:           "pop3",
-					Action:         ResetClient,
-					WildfireAction: Alert,
-				},
-				Decoder{
-					Name:           "http",
-					WildfireAction: ResetServer,
-				},
-			},
-		}},
-		{"v2 with ml decoder", version.Number{10, 0, 0, ""}, Entry{
-			Name:          "t1",
-			Description:   "foobar",
-			PacketCapture: true,
-			Decoders: []Decoder{
-				Decoder{
-					Name:                  "smtp",
-					WildfireAction:        ResetBoth,
-					MachineLearningAction: Default,
-				},
-			},
-		}},
-		{"v2 with app exceptions", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			ApplicationExceptions: []ApplicationException{
-				ApplicationException{
-					Application: "amazon-aws-console",
-				},
-				ApplicationException{
-					Application: "dell-update",
-					Action:      Allow,
-				},
-				ApplicationException{
-					Application: "hotmail",
-					Action:      ResetClient,
-				},
-			},
-		}},
-		{"v2 with ml config", version.Number{10, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-			MachineLearningModels: []MachineLearningModel{
-				MachineLearningModel{
-					Model:  "model1",
-					Action: Drop,
-				},
-				MachineLearningModel{
-					Model:  "model2",
-					Action: Alert,
-				},
-			},
-		}},
-		{"v2 with ml config and exceptions", version.Number{10, 0, 0, ""}, Entry{
-			Name: "t1",
-			MachineLearningModels: []MachineLearningModel{
-				MachineLearningModel{
-					Model:  "model1",
-					Action: Drop,
-				},
-			},
-			MachineLearningExceptions: []MachineLearningException{
-				MachineLearningException{
-					Name:        "exception1",
-					Description: "foo",
-					Filename:    "myfilename",
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/vulnerability/const.go b/objs/profile/security/vulnerability/const.go
deleted file mode 100644
index 99cff7fa..00000000
--- a/objs/profile/security/vulnerability/const.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package vulnerability
-
-// Valid values for the Rule.Host field.
-const (
-	HostAny    = "any"
-	HostClient = "client"
-	HostServer = "server"
-)
-
-// Valid values for Rule.Action / Exception.Action.
-const (
-	ActionDefault = "default"
-	ActionAllow   = "allow"
-	ActionAlert   = "alert"
-
-	// PAN-OS 6.1 Rule.Action only.
-	ActionBlock = "block"
-
-	// PAN-OS 6.1 Exception.Action only.
-	ActionDropAll = "drop-all-packets"
-
-	// PAN-OS 7.0+ Rule.Action, but ok for all PAN-OS Exception.Action.
-	ActionDrop = "drop"
-
-	// PAN-OS 7.0+.
-	ActionResetClient = "reset-client"
-
-	// PAN-OS 7.0+.
-	ActionResetServer = "reset-server"
-
-	// PAN-OS 7.0+.
-	ActionResetBoth = "reset-both"
-
-	// PAN-OS 7.0+.
-	ActionBlockIp = "block-ip"
-)
-
-// Valid values for PacketCapture.
-const (
-	Disable         = "disable"
-	SinglePacket    = "single-packet"
-	ExtendedCapture = "extended-capture"
-)
-
-// Valid values for BlockIpTrackBy.  For Rules, this is PAN-OS 7.0+.
-const (
-	TrackBySource               = "source"
-	TrackByDestination          = "destination"
-	TrackBySourceAndDestination = "source-and-destination"
-)
-
-const (
-	singular = "vulnerability security profile"
-	plural   = "vulnerability security profiles"
-)
diff --git a/objs/profile/security/vulnerability/doc.go b/objs/profile/security/vulnerability/doc.go
deleted file mode 100644
index f968ac44..00000000
--- a/objs/profile/security/vulnerability/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package vulnerability is the client.Object.VulnerabilityProfile namespace.
-
-Normalized object:  Entry
-*/
-package vulnerability
diff --git a/objs/profile/security/vulnerability/entry.go b/objs/profile/security/vulnerability/entry.go
deleted file mode 100644
index 772d8d81..00000000
--- a/objs/profile/security/vulnerability/entry.go
+++ /dev/null
@@ -1,700 +0,0 @@
-package vulnerability
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// vulnerability protection profile.
-type Entry struct {
-	Name        string
-	Description string
-	Rules       []Rule
-	Exceptions  []Exception
-}
-
-type Rule struct {
-	Name            string
-	ThreatName      string
-	Cves            []string // unordered
-	Host            string
-	VendorIds       []string // ordered
-	Severities      []string // ordered
-	Category        string
-	Action          string
-	BlockIpTrackBy  string // PAN-OS 7.0+
-	BlockIpDuration int    //PAN-OS 7.0+
-	PacketCapture   string
-}
-
-type Exception struct {
-	Name            string
-	PacketCapture   string
-	Action          string
-	BlockIpTrackBy  string
-	BlockIpDuration int
-	TimeInterval    int
-	TimeThreshold   int
-	TimeTrackBy     string
-	ExemptIps       []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	if len(s.Rules) > 0 {
-		o.Rules = make([]Rule, 0, len(s.Rules))
-		for _, x := range s.Rules {
-			r := Rule{
-				Name:            x.Name,
-				ThreatName:      x.ThreatName,
-				Host:            x.Host,
-				Category:        x.Category,
-				Action:          x.Action,
-				BlockIpTrackBy:  x.BlockIpTrackBy,
-				BlockIpDuration: x.BlockIpDuration,
-				PacketCapture:   x.PacketCapture,
-			}
-			if len(x.Cves) > 0 {
-				r.Cves = make([]string, len(x.Cves))
-				copy(r.Cves, x.Cves)
-			}
-			if len(x.VendorIds) > 0 {
-				r.VendorIds = make([]string, len(x.VendorIds))
-				copy(r.VendorIds, x.VendorIds)
-			}
-			if len(x.Severities) > 0 {
-				r.Severities = make([]string, len(x.Severities))
-				copy(r.Severities, x.Severities)
-			}
-			o.Rules = append(o.Rules, r)
-		}
-	} else {
-		o.Rules = nil
-	}
-	if len(s.Exceptions) > 0 {
-		o.Exceptions = make([]Exception, 0, len(s.Exceptions))
-		for _, x := range s.Exceptions {
-			e := Exception{
-				Name:            x.Name,
-				PacketCapture:   x.PacketCapture,
-				Action:          x.Action,
-				BlockIpTrackBy:  x.BlockIpTrackBy,
-				BlockIpDuration: x.BlockIpDuration,
-				TimeInterval:    x.TimeInterval,
-				TimeThreshold:   x.TimeThreshold,
-				TimeTrackBy:     x.TimeTrackBy,
-			}
-			if len(x.ExemptIps) > 0 {
-				e.ExemptIps = make([]string, len(x.ExemptIps))
-				copy(e.ExemptIps, x.ExemptIps)
-			}
-			o.Exceptions = append(o.Exceptions, e)
-		}
-	} else {
-		o.Exceptions = nil
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Rules != nil {
-		list := make([]Rule, 0, len(o.Rules.Entries))
-		for _, x := range o.Rules.Entries {
-			item := Rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Cves:          util.MemToStr(x.Cves),
-				Host:          x.Host,
-				VendorIds:     util.MemToStr(x.VendorIds),
-				Severities:    util.MemToStr(x.Severities),
-				Category:      x.Category,
-				PacketCapture: x.PacketCapture,
-			}
-
-			if x.Action != nil {
-				if x.Action.Default != nil {
-					item.Action = ActionDefault
-				} else if x.Action.Allow != nil {
-					item.Action = ActionAllow
-				} else if x.Action.Alert != nil {
-					item.Action = ActionAlert
-				} else if x.Action.Block != nil {
-					item.Action = ActionBlock
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = list
-	}
-
-	if o.Exceptions != nil {
-		list := make([]Exception, 0, len(o.Exceptions.Entries))
-		for _, x := range o.Exceptions.Entries {
-			item := Exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.EntToStr(x.ExemptIps),
-			}
-
-			if x.Action != nil {
-				if x.Action.Default != nil {
-					item.Action = ActionDefault
-				} else if x.Action.Allow != nil {
-					item.Action = ActionAllow
-				} else if x.Action.Alert != nil {
-					item.Action = ActionAlert
-				} else if x.Action.Drop != nil {
-					item.Action = ActionDrop
-				} else if x.Action.DropAll != nil {
-					item.Action = ActionDropAll
-				} else if x.Action.ResetClient != nil {
-					item.Action = ActionResetClient
-				} else if x.Action.ResetServer != nil {
-					item.Action = ActionResetServer
-				} else if x.Action.ResetBoth != nil {
-					item.Action = ActionResetBoth
-				} else if x.Action.BlockIp != nil {
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.BlockIpTrackBy
-					item.BlockIpDuration = x.Action.BlockIp.BlockIpDuration
-				}
-			}
-
-			if x.Time != nil {
-				item.TimeInterval = x.Time.TimeInterval
-				item.TimeThreshold = x.Time.TimeThreshold
-				item.TimeTrackBy = x.Time.TimeTrackBy
-			}
-
-			list = append(list, item)
-		}
-		ans.Exceptions = list
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name       `xml:"entry"`
-	Name        string         `xml:"name,attr"`
-	Description string         `xml:"description,omitempty"`
-	Rules       *rules_v1      `xml:"rules"`
-	Exceptions  *exceptions_v1 `xml:"threat-exception"`
-}
-
-type rules_v1 struct {
-	Entries []rule_v1 `xml:"entry"`
-}
-
-type rule_v1 struct {
-	Name          string           `xml:"name,attr"`
-	ThreatName    string           `xml:"threat-name,omitempty"`
-	Cves          *util.MemberType `xml:"cve"`
-	Host          string           `xml:"host"`
-	VendorIds     *util.MemberType `xml:"vendor-id"`
-	Severities    *util.MemberType `xml:"severity"`
-	Category      string           `xml:"category"`
-	Action        *ruleAction_v1   `xml:"action"`
-	PacketCapture string           `xml:"packet-capture,omitempty"`
-}
-
-type ruleAction_v1 struct {
-	Default *string `xml:"default"`
-	Allow   *string `xml:"allow"`
-	Alert   *string `xml:"alert"`
-	Block   *string `xml:"block"`
-}
-
-type exceptions_v1 struct {
-	Entries []exception_v1 `xml:"entry"`
-}
-
-type exception_v1 struct {
-	XMLName       xml.Name            `xml:"entry"`
-	Name          string              `xml:"name,attr"`
-	PacketCapture string              `xml:"packet-capture,omitempty"`
-	Action        *exceptionAction_v1 `xml:"action"`
-	Time          *timeAttr           `xml:"time-attribute"`
-	ExemptIps     *util.EntryType     `xml:"exempt-ip"`
-}
-
-type exceptionAction_v1 struct {
-	Default     *string  `xml:"default"`
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	DropAll     *string  `xml:"drop-all-packets"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-type blockIp struct {
-	BlockIpTrackBy  string `xml:"track-by"`
-	BlockIpDuration int    `xml:"duration"`
-}
-
-type timeAttr struct {
-	TimeInterval  int    `xml:"interval"`
-	TimeThreshold int    `xml:"threshold"`
-	TimeTrackBy   string `xml:"track-by"`
-}
-
-func specify_v1(e Entry) interface{} {
-	s := ""
-
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.Rules) > 0 {
-		list := make([]rule_v1, 0, len(e.Rules))
-		for _, x := range e.Rules {
-			item := rule_v1{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Cves:          util.StrToMem(x.Cves),
-				Host:          x.Host,
-				VendorIds:     util.StrToMem(x.VendorIds),
-				Severities:    util.StrToMem(x.Severities),
-				Category:      x.Category,
-				PacketCapture: x.PacketCapture,
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &ruleAction_v1{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &ruleAction_v1{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &ruleAction_v1{
-					Alert: &s,
-				}
-			case ActionBlock:
-				item.Action = &ruleAction_v1{
-					Block: &s,
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = &rules_v1{Entries: list}
-	}
-
-	if len(e.Exceptions) > 0 {
-		list := make([]exception_v1, 0, len(e.Exceptions))
-		for _, x := range e.Exceptions {
-			item := exception_v1{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.StrToEnt(x.ExemptIps),
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &exceptionAction_v1{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &exceptionAction_v1{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &exceptionAction_v1{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &exceptionAction_v1{
-					Drop: &s,
-				}
-			case ActionDropAll:
-				item.Action = &exceptionAction_v1{
-					DropAll: &s,
-				}
-			case ActionResetClient:
-				item.Action = &exceptionAction_v1{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &exceptionAction_v1{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &exceptionAction_v1{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &exceptionAction_v1{
-					BlockIp: &blockIp{
-						BlockIpTrackBy:  x.BlockIpTrackBy,
-						BlockIpDuration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			if x.TimeInterval != 0 || x.TimeThreshold != 0 || x.TimeTrackBy != "" {
-				item.Time = &timeAttr{
-					TimeInterval:  x.TimeInterval,
-					TimeThreshold: x.TimeThreshold,
-					TimeTrackBy:   x.TimeTrackBy,
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Exceptions = &exceptions_v1{Entries: list}
-	}
-
-	return ans
-}
-
-// PAN-OS 7.0.
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Rules != nil {
-		list := make([]Rule, 0, len(o.Rules.Entries))
-		for _, x := range o.Rules.Entries {
-			item := Rule{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Cves:          util.MemToStr(x.Cves),
-				Host:          x.Host,
-				VendorIds:     util.MemToStr(x.VendorIds),
-				Severities:    util.MemToStr(x.Severities),
-				Category:      x.Category,
-				PacketCapture: x.PacketCapture,
-			}
-
-			if x.Action != nil {
-				if x.Action.Default != nil {
-					item.Action = ActionDefault
-				} else if x.Action.Allow != nil {
-					item.Action = ActionAllow
-				} else if x.Action.Alert != nil {
-					item.Action = ActionAlert
-				} else if x.Action.Drop != nil {
-					item.Action = ActionDrop
-				} else if x.Action.ResetClient != nil {
-					item.Action = ActionResetClient
-				} else if x.Action.ResetServer != nil {
-					item.Action = ActionResetServer
-				} else if x.Action.ResetBoth != nil {
-					item.Action = ActionResetBoth
-				} else if x.Action.BlockIp != nil {
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.BlockIpTrackBy
-					item.BlockIpDuration = x.Action.BlockIp.BlockIpDuration
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = list
-	}
-
-	if o.Exceptions != nil {
-		list := make([]Exception, 0, len(o.Exceptions.Entries))
-		for _, x := range o.Exceptions.Entries {
-			item := Exception{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.EntToStr(x.ExemptIps),
-			}
-
-			if x.Action != nil {
-				if x.Action.Default != nil {
-					item.Action = ActionDefault
-				} else if x.Action.Allow != nil {
-					item.Action = ActionAllow
-				} else if x.Action.Alert != nil {
-					item.Action = ActionAlert
-				} else if x.Action.Drop != nil {
-					item.Action = ActionDrop
-				} else if x.Action.ResetClient != nil {
-					item.Action = ActionResetClient
-				} else if x.Action.ResetServer != nil {
-					item.Action = ActionResetServer
-				} else if x.Action.ResetBoth != nil {
-					item.Action = ActionResetBoth
-				} else if x.Action.BlockIp != nil {
-					item.Action = ActionBlockIp
-					item.BlockIpTrackBy = x.Action.BlockIp.BlockIpTrackBy
-					item.BlockIpDuration = x.Action.BlockIp.BlockIpDuration
-				}
-			}
-
-			if x.Time != nil {
-				item.TimeInterval = x.Time.TimeInterval
-				item.TimeThreshold = x.Time.TimeThreshold
-				item.TimeTrackBy = x.Time.TimeTrackBy
-			}
-
-			list = append(list, item)
-		}
-		ans.Exceptions = list
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name       `xml:"entry"`
-	Name        string         `xml:"name,attr"`
-	Description string         `xml:"description,omitempty"`
-	Rules       *rules_v2      `xml:"rules"`
-	Exceptions  *exceptions_v2 `xml:"threat-exception"`
-}
-
-type rules_v2 struct {
-	Entries []rule_v2 `xml:"entry"`
-}
-
-type rule_v2 struct {
-	XMLName       xml.Name         `xml:"entry"`
-	Name          string           `xml:"name,attr"`
-	ThreatName    string           `xml:"threat-name,omitempty"`
-	Cves          *util.MemberType `xml:"cve"`
-	Host          string           `xml:"host"`
-	VendorIds     *util.MemberType `xml:"vendor-id"`
-	Severities    *util.MemberType `xml:"severity"`
-	Category      string           `xml:"category"`
-	Action        *ruleAction_v2   `xml:"action"`
-	PacketCapture string           `xml:"packet-capture,omitempty"`
-}
-
-type ruleAction_v2 struct {
-	Default     *string  `xml:"default"`
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-type exceptions_v2 struct {
-	Entries []exception_v2 `xml:"entry"`
-}
-
-type exception_v2 struct {
-	XMLName       xml.Name            `xml:"entry"`
-	Name          string              `xml:"name,attr"`
-	PacketCapture string              `xml:"packet-capture,omitempty"`
-	Action        *exceptionAction_v2 `xml:"action"`
-	Time          *timeAttr           `xml:"time-attribute"`
-	ExemptIps     *util.EntryType     `xml:"exempt-ip"`
-}
-
-type exceptionAction_v2 struct {
-	Default     *string  `xml:"default"`
-	Allow       *string  `xml:"allow"`
-	Alert       *string  `xml:"alert"`
-	Drop        *string  `xml:"drop"`
-	ResetClient *string  `xml:"reset-client"`
-	ResetServer *string  `xml:"reset-server"`
-	ResetBoth   *string  `xml:"reset-both"`
-	BlockIp     *blockIp `xml:"block-ip"`
-}
-
-func specify_v2(e Entry) interface{} {
-	s := ""
-
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.Rules) > 0 {
-		list := make([]rule_v2, 0, len(e.Rules))
-		for _, x := range e.Rules {
-			item := rule_v2{
-				Name:          x.Name,
-				ThreatName:    x.ThreatName,
-				Cves:          util.StrToMem(x.Cves),
-				Host:          x.Host,
-				VendorIds:     util.StrToMem(x.VendorIds),
-				Severities:    util.StrToMem(x.Severities),
-				Category:      x.Category,
-				PacketCapture: x.PacketCapture,
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &ruleAction_v2{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &ruleAction_v2{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &ruleAction_v2{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &ruleAction_v2{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &ruleAction_v2{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &ruleAction_v2{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &ruleAction_v2{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &ruleAction_v2{
-					BlockIp: &blockIp{
-						BlockIpTrackBy:  x.BlockIpTrackBy,
-						BlockIpDuration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Rules = &rules_v2{Entries: list}
-	}
-
-	if len(e.Exceptions) > 0 {
-		list := make([]exception_v2, 0, len(e.Exceptions))
-		for _, x := range e.Exceptions {
-			item := exception_v2{
-				Name:          x.Name,
-				PacketCapture: x.PacketCapture,
-				ExemptIps:     util.StrToEnt(x.ExemptIps),
-			}
-
-			switch x.Action {
-			case ActionDefault:
-				item.Action = &exceptionAction_v2{
-					Default: &s,
-				}
-			case ActionAllow:
-				item.Action = &exceptionAction_v2{
-					Allow: &s,
-				}
-			case ActionAlert:
-				item.Action = &exceptionAction_v2{
-					Alert: &s,
-				}
-			case ActionDrop:
-				item.Action = &exceptionAction_v2{
-					Drop: &s,
-				}
-			case ActionResetClient:
-				item.Action = &exceptionAction_v2{
-					ResetClient: &s,
-				}
-			case ActionResetServer:
-				item.Action = &exceptionAction_v2{
-					ResetServer: &s,
-				}
-			case ActionResetBoth:
-				item.Action = &exceptionAction_v2{
-					ResetBoth: &s,
-				}
-			case ActionBlockIp:
-				item.Action = &exceptionAction_v2{
-					BlockIp: &blockIp{
-						BlockIpTrackBy:  x.BlockIpTrackBy,
-						BlockIpDuration: x.BlockIpDuration,
-					},
-				}
-			}
-
-			if x.TimeInterval != 0 || x.TimeThreshold != 0 || x.TimeTrackBy != "" {
-				item.Time = &timeAttr{
-					TimeInterval:  x.TimeInterval,
-					TimeThreshold: x.TimeThreshold,
-					TimeTrackBy:   x.TimeTrackBy,
-				}
-			}
-
-			list = append(list, item)
-		}
-		ans.Exceptions = &exceptions_v2{Entries: list}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/vulnerability/funcs.go b/objs/profile/security/vulnerability/funcs.go
deleted file mode 100644
index d88ee489..00000000
--- a/objs/profile/security/vulnerability/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package vulnerability
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/vulnerability/fw.go b/objs/profile/security/vulnerability/fw.go
deleted file mode 100644
index f4a93bc0..00000000
--- a/objs/profile/security/vulnerability/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.VulnerabilityProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"vulnerability",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/vulnerability/fw_test.go b/objs/profile/security/vulnerability/fw_test.go
deleted file mode 100644
index f0f4a9dd..00000000
--- a/objs/profile/security/vulnerability/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package vulnerability
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/vulnerability/pano.go b/objs/profile/security/vulnerability/pano.go
deleted file mode 100644
index 4f8e5943..00000000
--- a/objs/profile/security/vulnerability/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.VulnerabilityProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"vulnerability",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/vulnerability/pano_test.go b/objs/profile/security/vulnerability/pano_test.go
deleted file mode 100644
index ddebca11..00000000
--- a/objs/profile/security/vulnerability/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package vulnerability
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/vulnerability/testdata_test.go b/objs/profile/security/vulnerability/testdata_test.go
deleted file mode 100644
index 1376e89a..00000000
--- a/objs/profile/security/vulnerability/testdata_test.go
+++ /dev/null
@@ -1,403 +0,0 @@
-package vulnerability
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 with desc", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "foobar",
-		}},
-		{"v1 rule default", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "foobar",
-			Rules: []Rule{
-				Rule{
-					Name:          "first",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"critical", "high"},
-					Category:      "dos",
-					Action:        ActionDefault,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v1 rule allow", version.Number{6, 1, 0, ""}, Entry{
-			Name: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "two",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1"},
-					Host:          HostClient,
-					VendorIds:     []string{"id1", "id2"},
-					Severities:    []string{"informational"},
-					Category:      "brute-force",
-					Action:        ActionAllow,
-					PacketCapture: SinglePacket,
-				},
-			},
-		}},
-		{"v1 rule alert", version.Number{6, 1, 0, ""}, Entry{
-			Name: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "three",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1"},
-					Host:          HostServer,
-					VendorIds:     []string{"id3", "id1", "id2"},
-					Severities:    []string{"any"},
-					Category:      "exploit-kit",
-					Action:        ActionAlert,
-					PacketCapture: ExtendedCapture,
-				},
-			},
-		}},
-		{"v1 rule block", version.Number{6, 1, 0, ""}, Entry{
-			Name: "blah",
-			Rules: []Rule{
-				Rule{
-					Name:          "four",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"any"},
-					Category:      "phishing",
-					Action:        ActionBlock,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v1 exception default", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "first",
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-					TimeInterval:  42,
-				},
-			},
-		}},
-		{"v1 exception allow", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "two",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-					TimeThreshold: 512,
-					ExemptIps:     []string{"192.168.55.44"},
-				},
-			},
-		}},
-		{"v1 exception alert", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "three",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-					TimeTrackBy:   TrackBySource,
-				},
-			},
-		}},
-		{"v1 exception drop", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionDrop,
-					TimeInterval:  42,
-					TimeThreshold: 1024,
-					TimeTrackBy:   TrackByDestination,
-				},
-			},
-		}},
-		{"v1 exception drop all", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionDropAll,
-				},
-			},
-		}},
-		{"v1 exception reset client", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetClient,
-				},
-			},
-		}},
-		{"v1 exception reset server", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetServer,
-				},
-			},
-		}},
-		{"v1 exception reset both", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetBoth,
-				},
-			},
-		}},
-		{"v1 exception block ip", version.Number{6, 1, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:            "four",
-					PacketCapture:   Disable,
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySource,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-		{"v2 rule default", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "first",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"critical", "high"},
-					Category:      "dos",
-					Action:        ActionDefault,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v2 rule allow", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "two",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1"},
-					Host:          HostClient,
-					VendorIds:     []string{"id1", "id2"},
-					Severities:    []string{"informational"},
-					Category:      "brute-force",
-					Action:        ActionAllow,
-					PacketCapture: SinglePacket,
-				},
-			},
-		}},
-		{"v2 rule alert", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "three",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1"},
-					Host:          HostServer,
-					VendorIds:     []string{"id3", "id1", "id2"},
-					Severities:    []string{"any"},
-					Category:      "exploit-kit",
-					Action:        ActionAlert,
-					PacketCapture: ExtendedCapture,
-				},
-			},
-		}},
-		{"v2 rule drop", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "four",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"any"},
-					Category:      "phishing",
-					Action:        ActionDrop,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v2 rule reset client", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "four",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"any"},
-					Category:      "phishing",
-					Action:        ActionResetClient,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v2 rule reset server", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "four",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"any"},
-					Category:      "phishing",
-					Action:        ActionResetServer,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v2 rule reset both", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:          "four",
-					ThreatName:    "some threat",
-					Cves:          []string{"cve1", "cve2"},
-					Host:          HostAny,
-					VendorIds:     []string{"any"},
-					Severities:    []string{"any"},
-					Category:      "phishing",
-					Action:        ActionResetBoth,
-					PacketCapture: Disable,
-				},
-			},
-		}},
-		{"v2 rule block ip", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Rules: []Rule{
-				Rule{
-					Name:            "four",
-					ThreatName:      "some threat",
-					Cves:            []string{"cve1", "cve2"},
-					Host:            HostAny,
-					VendorIds:       []string{"any"},
-					Severities:      []string{"any"},
-					Category:        "phishing",
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySource,
-					BlockIpDuration: 42,
-					PacketCapture:   Disable,
-				},
-			},
-		}},
-		{"v2 exception default", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "first",
-					PacketCapture: Disable,
-					Action:        ActionDefault,
-					TimeInterval:  42,
-				},
-			},
-		}},
-		{"v2 exception allow", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "two",
-					PacketCapture: SinglePacket,
-					Action:        ActionAllow,
-					TimeThreshold: 512,
-					ExemptIps:     []string{"192.168.55.44"},
-				},
-			},
-		}},
-		{"v2 exception alert", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "three",
-					PacketCapture: ExtendedCapture,
-					Action:        ActionAlert,
-					TimeTrackBy:   TrackBySource,
-				},
-			},
-		}},
-		{"v2 exception drop", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionDrop,
-					TimeInterval:  42,
-					TimeThreshold: 1024,
-					TimeTrackBy:   TrackByDestination,
-				},
-			},
-		}},
-		{"v2 exception reset client", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetClient,
-				},
-			},
-		}},
-		{"v2 exception reset server", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetServer,
-				},
-			},
-		}},
-		{"v2 exception reset both", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:          "four",
-					PacketCapture: Disable,
-					Action:        ActionResetBoth,
-				},
-			},
-		}},
-		{"v2 exception block ip", version.Number{7, 0, 0, ""}, Entry{
-			Name: "foo",
-			Exceptions: []Exception{
-				Exception{
-					Name:            "four",
-					PacketCapture:   Disable,
-					Action:          ActionBlockIp,
-					BlockIpTrackBy:  TrackBySource,
-					BlockIpDuration: 42,
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/profile/security/wildfire/const.go b/objs/profile/security/wildfire/const.go
deleted file mode 100644
index 24ad4bf9..00000000
--- a/objs/profile/security/wildfire/const.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package wildfire
-
-// Valid values for Rule.Direction.
-const (
-	DirectionUpload   = "upload"
-	DirectionDownload = "download"
-	DirectionBoth     = "both"
-)
-
-// Valid values for Rule.Analysis.
-const (
-	AnalysisPublicCloud  = "public-cloud"
-	AnalysisPrivateCloud = "private-cloud"
-)
-
-const (
-	singular = "wildfire analysis security profile"
-	plural   = "wildfire analysis security profiles"
-)
diff --git a/objs/profile/security/wildfire/doc.go b/objs/profile/security/wildfire/doc.go
deleted file mode 100644
index 198351d7..00000000
--- a/objs/profile/security/wildfire/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-/*
-Package wildfire is the client.Object.WildfireAnalysisProfile namespace.
-
-Wildfire analysis profiles are available in PAN-OS 7.0+.
-
-Normalized object:  Entry
-*/
-package wildfire
diff --git a/objs/profile/security/wildfire/entry.go b/objs/profile/security/wildfire/entry.go
deleted file mode 100644
index a20f5d17..00000000
--- a/objs/profile/security/wildfire/entry.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package wildfire
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// Wildfire analysis security profile.
-//
-// PAN-OS 7.0+
-type Entry struct {
-	Name        string
-	Description string
-	Rules       []Rule
-}
-
-type Rule struct {
-	Name         string
-	Applications []string // ordered
-	FileTypes    []string // ordered
-	Direction    string
-	Analysis     string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	if s.Rules == nil {
-		o.Rules = nil
-	} else {
-		o.Rules = make([]Rule, 0, len(s.Rules))
-		for _, x := range s.Rules {
-			item := Rule{
-				Name:      x.Name,
-				Direction: x.Direction,
-				Analysis:  x.Analysis,
-			}
-			if x.Applications != nil {
-				item.Applications = make([]string, len(x.Applications))
-				copy(item.Applications, x.Applications)
-			}
-			if x.FileTypes != nil {
-				item.FileTypes = make([]string, len(x.FileTypes))
-				copy(item.FileTypes, x.FileTypes)
-			}
-			o.Rules = append(o.Rules, item)
-		}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-	}
-
-	if o.Rules != nil {
-		rules := make([]Rule, 0, len(o.Rules.Entries))
-		for _, v := range o.Rules.Entries {
-			r := Rule{
-				Name:         v.Name,
-				Applications: util.MemToStr(v.Applications),
-				FileTypes:    util.MemToStr(v.FileTypes),
-				Direction:    v.Direction,
-				Analysis:     v.Analysis,
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = rules
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name  `xml:"entry"`
-	Name        string    `xml:"name,attr"`
-	Description string    `xml:"description,omitempty"`
-	Rules       *rules_v1 `xml:"rules"`
-}
-
-type rules_v1 struct {
-	Entries []rule_v1 `xml:"entry"`
-}
-
-type rule_v1 struct {
-	Name         string           `xml:"name,attr"`
-	Applications *util.MemberType `xml:"application"`
-	FileTypes    *util.MemberType `xml:"file-type"`
-	Direction    string           `xml:"direction,omitempty"`
-	Analysis     string           `xml:"analysis,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-	}
-
-	if len(e.Rules) > 0 {
-		rules := make([]rule_v1, 0, len(e.Rules))
-		for _, er := range e.Rules {
-			r := rule_v1{
-				Name:         er.Name,
-				Applications: util.StrToMem(er.Applications),
-				FileTypes:    util.StrToMem(er.FileTypes),
-				Direction:    er.Direction,
-				Analysis:     er.Analysis,
-			}
-			rules = append(rules, r)
-		}
-		ans.Rules = &rules_v1{Entries: rules}
-	}
-
-	return ans
-}
diff --git a/objs/profile/security/wildfire/funcs.go b/objs/profile/security/wildfire/funcs.go
deleted file mode 100644
index 0281744f..00000000
--- a/objs/profile/security/wildfire/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package wildfire
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/profile/security/wildfire/fw.go b/objs/profile/security/wildfire/fw.go
deleted file mode 100644
index 6bdf34d2..00000000
--- a/objs/profile/security/wildfire/fw.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package wildfire
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.WildfireAnalysisProfile namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"profiles",
-		"wildfire-analysis",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/wildfire/fw_test.go b/objs/profile/security/wildfire/fw_test.go
deleted file mode 100644
index 14e42fdb..00000000
--- a/objs/profile/security/wildfire/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package wildfire
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/wildfire/pano.go b/objs/profile/security/wildfire/pano.go
deleted file mode 100644
index abf63297..00000000
--- a/objs/profile/security/wildfire/pano.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package wildfire
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.WildfireAnalysisProfile namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 8)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"profiles",
-		"wildfire-analysis",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/profile/security/wildfire/pano_test.go b/objs/profile/security/wildfire/pano_test.go
deleted file mode 100644
index f1167071..00000000
--- a/objs/profile/security/wildfire/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package wildfire
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("shared", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("shared", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/profile/security/wildfire/testdata_test.go b/objs/profile/security/wildfire/testdata_test.go
deleted file mode 100644
index 0e3d92f1..00000000
--- a/objs/profile/security/wildfire/testdata_test.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package wildfire
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 no rules", version.Number{7, 0, 0, ""}, Entry{
-			Name:        "t1",
-			Description: "foobar",
-		}},
-		{"v1 with rules", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "t2",
-			Description: "second",
-			Rules: []Rule{
-				Rule{
-					Name:         "rule1",
-					Applications: []string{"app1", "app2"},
-					FileTypes:    []string{"7z"},
-					Direction:    DirectionDownload,
-					Analysis:     AnalysisPublicCloud,
-				},
-				Rule{
-					Name:         "rule2",
-					Applications: []string{"app3"},
-					FileTypes:    []string{"ogg", "gif"},
-					Direction:    DirectionUpload,
-					Analysis:     AnalysisPrivateCloud,
-				},
-			},
-		}},
-	}
-}
diff --git a/objs/srvc/const.go b/objs/srvc/const.go
deleted file mode 100644
index 07e08879..00000000
--- a/objs/srvc/const.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package srvc
-
-// Valid Protocol values
-const (
-	ProtocolTcp  = "tcp"
-	ProtocolUdp  = "udp"
-	ProtocolSctp = "sctp" // 8.1+
-)
-
-const (
-	singular = "service object"
-	plural   = "service objects"
-)
diff --git a/objs/srvc/doc.go b/objs/srvc/doc.go
deleted file mode 100644
index 03b0837c..00000000
--- a/objs/srvc/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package srvc is the client.Objects.Services namespace.
-//
-// Normalized object:  Entry
-package srvc
diff --git a/objs/srvc/entry.go b/objs/srvc/entry.go
deleted file mode 100644
index 070fa5b1..00000000
--- a/objs/srvc/entry.go
+++ /dev/null
@@ -1,278 +0,0 @@
-package srvc
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a service
-// object.
-//
-// Protocol should be either "tcp" or "udp".
-type Entry struct {
-	Name                      string
-	Description               string
-	Protocol                  string
-	SourcePort                string
-	DestinationPort           string
-	Tags                      []string // ordered
-	OverrideSessionTimeout    bool     // 8.1+
-	OverrideTimeout           int      // 8.1+
-	OverrideHalfClosedTimeout int      // 8.1+
-	OverrideTimeWaitTimeout   int      // 8.1+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Protocol = s.Protocol
-	o.SourcePort = s.SourcePort
-	o.DestinationPort = s.DestinationPort
-	if s.Tags == nil {
-		o.Tags = nil
-	} else {
-		o.Tags = make([]string, len(s.Tags))
-		copy(o.Tags, s.Tags)
-	}
-	o.OverrideSessionTimeout = s.OverrideSessionTimeout
-	o.OverrideTimeout = s.OverrideTimeout
-	o.OverrideHalfClosedTimeout = s.OverrideHalfClosedTimeout
-	o.OverrideTimeWaitTimeout = s.OverrideTimeWaitTimeout
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Tags:        util.MemToStr(o.Tags),
-	}
-	switch {
-	case o.TcpProto != nil:
-		ans.Protocol = ProtocolTcp
-		ans.SourcePort = o.TcpProto.SourcePort
-		ans.DestinationPort = o.TcpProto.DestinationPort
-	case o.UdpProto != nil:
-		ans.Protocol = ProtocolUdp
-		ans.SourcePort = o.UdpProto.SourcePort
-		ans.DestinationPort = o.UdpProto.DestinationPort
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	TcpProto    *protoDef        `xml:"protocol>tcp"`
-	UdpProto    *protoDef        `xml:"protocol>udp"`
-	Description string           `xml:"description,omitempty"`
-	Tags        *util.MemberType `xml:"tag"`
-}
-
-type protoDef struct {
-	SourcePort      string `xml:"source-port,omitempty"`
-	DestinationPort string `xml:"port"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.StrToMem(e.Tags),
-	}
-	switch e.Protocol {
-	case ProtocolTcp:
-		ans.TcpProto = &protoDef{
-			e.SourcePort,
-			e.DestinationPort,
-		}
-	case ProtocolUdp:
-		ans.UdpProto = &protoDef{
-			e.SourcePort,
-			e.DestinationPort,
-		}
-	}
-
-	return ans
-}
-
-// 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Tags:        util.MemToStr(o.Tags),
-	}
-
-	switch {
-	case o.TcpProto != nil:
-		ans.Protocol = ProtocolTcp
-		ans.SourcePort = o.TcpProto.SourcePort
-		ans.DestinationPort = o.TcpProto.DestinationPort
-		if o.TcpProto.Override != nil && o.TcpProto.Override.Yes != nil {
-			ans.OverrideSessionTimeout = true
-			ans.OverrideTimeout = o.TcpProto.Override.Yes.OverrideTimeout
-			ans.OverrideHalfClosedTimeout = o.TcpProto.Override.Yes.OverrideHalfClosedTimeout
-			ans.OverrideTimeWaitTimeout = o.TcpProto.Override.Yes.OverrideTimeWaitTimeout
-		}
-	case o.UdpProto != nil:
-		ans.Protocol = ProtocolUdp
-		ans.SourcePort = o.UdpProto.SourcePort
-		ans.DestinationPort = o.UdpProto.DestinationPort
-		if o.UdpProto.Override != nil && o.UdpProto.Override.Yes != nil {
-			ans.OverrideSessionTimeout = true
-			ans.OverrideTimeout = o.UdpProto.Override.Yes.OverrideTimeout
-		}
-	case o.SctpProto != nil:
-		ans.Protocol = ProtocolSctp
-		ans.SourcePort = o.SctpProto.SourcePort
-		ans.DestinationPort = o.SctpProto.DestinationPort
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	TcpProto    *tcpProto        `xml:"protocol>tcp"`
-	UdpProto    *udpProto        `xml:"protocol>udp"`
-	SctpProto   *protoDef        `xml:"protocol>sctp"`
-	Description string           `xml:"description,omitempty"`
-	Tags        *util.MemberType `xml:"tag"`
-}
-
-type tcpProto struct {
-	SourcePort      string       `xml:"source-port,omitempty"`
-	DestinationPort string       `xml:"port"`
-	Override        *tcpOverride `xml:"override"`
-}
-
-type tcpOverride struct {
-	No  *string         `xml:"no"`
-	Yes *yesTcpOverride `xml:"yes"`
-}
-
-type yesTcpOverride struct {
-	OverrideTimeout           int `xml:"timeout,omitempty"`
-	OverrideHalfClosedTimeout int `xml:"halfclose-timeout,omitempty"`
-	OverrideTimeWaitTimeout   int `xml:"timewait-timeout,omitempty"`
-}
-
-type udpProto struct {
-	SourcePort      string       `xml:"source-port,omitempty"`
-	DestinationPort string       `xml:"port"`
-	Override        *udpOverride `xml:"override"`
-}
-
-type udpOverride struct {
-	No  *string         `xml:"no"`
-	Yes *yesUdpOverride `xml:"yes"`
-}
-
-type yesUdpOverride struct {
-	OverrideTimeout int `xml:"timeout,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-		Tags:        util.StrToMem(e.Tags),
-	}
-
-	switch e.Protocol {
-	case ProtocolTcp:
-		ans.TcpProto = &tcpProto{
-			SourcePort:      e.SourcePort,
-			DestinationPort: e.DestinationPort,
-		}
-		if e.OverrideSessionTimeout {
-			ans.TcpProto.Override = &tcpOverride{
-				Yes: &yesTcpOverride{
-					OverrideTimeout:           e.OverrideTimeout,
-					OverrideHalfClosedTimeout: e.OverrideHalfClosedTimeout,
-					OverrideTimeWaitTimeout:   e.OverrideTimeWaitTimeout,
-				},
-			}
-		}
-	case ProtocolUdp:
-		ans.UdpProto = &udpProto{
-			SourcePort:      e.SourcePort,
-			DestinationPort: e.DestinationPort,
-		}
-		if e.OverrideSessionTimeout {
-			ans.UdpProto.Override = &udpOverride{
-				Yes: &yesUdpOverride{
-					OverrideTimeout: e.OverrideTimeout,
-				},
-			}
-		}
-	case ProtocolSctp:
-		ans.SctpProto = &protoDef{
-			SourcePort:      e.SourcePort,
-			DestinationPort: e.DestinationPort,
-		}
-	}
-
-	return ans
-}
diff --git a/objs/srvc/funcs.go b/objs/srvc/funcs.go
deleted file mode 100644
index cac5f518..00000000
--- a/objs/srvc/funcs.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package srvc
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PredefinedNamespace returns an initialized namespace.
-func PredefinedNamespace(client util.XapiClient) *Predefined {
-	return &Predefined{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular:   singular,
-				Plural:     plural,
-				Client:     client,
-				Predefined: true,
-			},
-		},
-	}
-}
diff --git a/objs/srvc/fw.go b/objs/srvc/fw.go
deleted file mode 100644
index 4ee15f5f..00000000
--- a/objs/srvc/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package srvc
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.Services namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"service",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/srvc/fw_test.go b/objs/srvc/fw_test.go
deleted file mode 100644
index fd5403f2..00000000
--- a/objs/srvc/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package srvc
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/srvc/pano.go b/objs/srvc/pano.go
deleted file mode 100644
index f8206773..00000000
--- a/objs/srvc/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package srvc
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Services namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"service",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/srvc/pano_test.go b/objs/srvc/pano_test.go
deleted file mode 100644
index e2bab253..00000000
--- a/objs/srvc/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package srvc
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/srvc/predefined.go b/objs/srvc/predefined.go
deleted file mode 100644
index f59ffb03..00000000
--- a/objs/srvc/predefined.go
+++ /dev/null
@@ -1,70 +0,0 @@
-package srvc
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Predefined is the client.Predefined.Service namespace.
-type Predefined struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Predefined) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Predefined) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Predefined) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Predefined) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Predefined) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Predefined) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-func (c *Predefined) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Predefined) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"service",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Predefined) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/srvc/testdata_test.go b/objs/srvc/testdata_test.go
deleted file mode 100644
index e4b87f51..00000000
--- a/objs/srvc/testdata_test.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package srvc
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 tcp service no source port no tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "tcp1",
-			Description:     "my service",
-			Protocol:        "tcp",
-			DestinationPort: "1234",
-		}},
-		{"v1 tcp service no source port with tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "tcp2",
-			Description:     "my service",
-			Protocol:        "tcp",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v1 tcp service with source port no tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "tcp3",
-			Description:     "my service",
-			Protocol:        "tcp",
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-		}},
-		{"v1 tcp service with source port with tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "tcp4",
-			Description:     "my service",
-			Protocol:        "tcp",
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v1 udp service no source port no tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "udp1",
-			Description:     "my service",
-			Protocol:        "udp",
-			DestinationPort: "1234",
-		}},
-		{"v1 udp service no source port with tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "udp2",
-			Description:     "my service",
-			Protocol:        "udp",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v1 udp service with source port no tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "udp3",
-			Description:     "my service",
-			Protocol:        "udp",
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-		}},
-		{"v1 udp service with source port with tag", version.Number{7, 1, 0, ""}, Entry{
-			Name:            "udp4",
-			Description:     "my service",
-			Protocol:        "udp",
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v2 tcp service no source port no tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "tcp1",
-			Description:     "my service",
-			Protocol:        ProtocolTcp,
-			DestinationPort: "1234",
-		}},
-		{"v2 tcp service no source port with tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "tcp2",
-			Description:     "my service",
-			Protocol:        ProtocolTcp,
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v2 tcp service with source port no tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "tcp3",
-			Description:     "my service",
-			Protocol:        ProtocolTcp,
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-		}},
-		{"v2 tcp service with source port with tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "tcp4",
-			Description:     "my service",
-			Protocol:        ProtocolTcp,
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v2 tcp service with override", version.Number{8, 1, 0, ""}, Entry{
-			Name:                      "tcp5",
-			Description:               "my service",
-			Protocol:                  ProtocolTcp,
-			SourcePort:                "1025",
-			DestinationPort:           "1234",
-			Tags:                      []string{"tag1", "tag2"},
-			OverrideSessionTimeout:    true,
-			OverrideTimeout:           50,
-			OverrideHalfClosedTimeout: 60,
-			OverrideTimeWaitTimeout:   70,
-		}},
-		{"v2 udp service no source port no tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "udp1",
-			Description:     "my service",
-			Protocol:        ProtocolUdp,
-			DestinationPort: "1234",
-		}},
-		{"v2 udp service no source port with tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "udp2",
-			Description:     "my service",
-			Protocol:        ProtocolUdp,
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v2 udp service with source port no tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "udp3",
-			Description:     "my service",
-			Protocol:        ProtocolUdp,
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-		}},
-		{"v2 udp service with source port with tag", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "udp4",
-			Description:     "my service",
-			Protocol:        ProtocolUdp,
-			SourcePort:      "1025",
-			DestinationPort: "1234",
-			Tags:            []string{"tag1", "tag2"},
-		}},
-		{"v2 udp service with override", version.Number{8, 1, 0, ""}, Entry{
-			Name:                   "udp4",
-			Description:            "my service",
-			Protocol:               ProtocolUdp,
-			SourcePort:             "1025",
-			DestinationPort:        "1234",
-			Tags:                   []string{"tag1", "tag2"},
-			OverrideSessionTimeout: true,
-			OverrideTimeout:        42,
-		}},
-		{"v2 sctp service", version.Number{8, 1, 0, ""}, Entry{
-			Name:            "sctp1",
-			Description:     "my service",
-			Protocol:        ProtocolSctp,
-			SourcePort:      "1234",
-			DestinationPort: "5678",
-			Tags:            []string{"my", "tags"},
-		}},
-	}
-}
diff --git a/objs/srvcgrp/const.go b/objs/srvcgrp/const.go
deleted file mode 100644
index 9aebca95..00000000
--- a/objs/srvcgrp/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package srvcgrp
-
-const (
-	singular = "service group"
-	plural   = "service groups"
-)
diff --git a/objs/srvcgrp/doc.go b/objs/srvcgrp/doc.go
deleted file mode 100644
index 9c14d21b..00000000
--- a/objs/srvcgrp/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package srvcgrp is the client.Objects.ServiceGroup namespace.
-
-Normalized object:  Entry
-*/
-package srvcgrp
diff --git a/objs/srvcgrp/entry.go b/objs/srvcgrp/entry.go
deleted file mode 100644
index c4136a03..00000000
--- a/objs/srvcgrp/entry.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package srvcgrp
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a service
-// group.
-type Entry struct {
-	Name     string
-	Services []string // unordered
-	Tags     []string // ordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	if s.Services == nil {
-		o.Services = nil
-	} else {
-		o.Services = make([]string, len(s.Services))
-		copy(o.Services, s.Services)
-	}
-	if s.Tags == nil {
-		o.Tags = nil
-	} else {
-		o.Tags = make([]string, len(s.Tags))
-		copy(o.Tags, s.Tags)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:     o.Name,
-		Services: util.MemToStr(o.Services),
-		Tags:     util.MemToStr(o.Tags),
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name         `xml:"entry"`
-	Name     string           `xml:"name,attr"`
-	Services *util.MemberType `xml:"members"`
-	Tags     *util.MemberType `xml:"tag"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:     e.Name,
-		Services: util.StrToMem(e.Services),
-		Tags:     util.StrToMem(e.Tags),
-	}
-
-	return ans
-}
diff --git a/objs/srvcgrp/funcs.go b/objs/srvcgrp/funcs.go
deleted file mode 100644
index 857002ca..00000000
--- a/objs/srvcgrp/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package srvcgrp
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/srvcgrp/fw.go b/objs/srvcgrp/fw.go
deleted file mode 100644
index 5d3e1acb..00000000
--- a/objs/srvcgrp/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package srvcgrp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.ServiceGroup namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"service-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/srvcgrp/fw_test.go b/objs/srvcgrp/fw_test.go
deleted file mode 100644
index 3ec0c7b5..00000000
--- a/objs/srvcgrp/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package srvcgrp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/srvcgrp/pano.go b/objs/srvcgrp/pano.go
deleted file mode 100644
index a28fc672..00000000
--- a/objs/srvcgrp/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package srvcgrp
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.ServiceGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"service-group",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/srvcgrp/pano_test.go b/objs/srvcgrp/pano_test.go
deleted file mode 100644
index d9ee3e78..00000000
--- a/objs/srvcgrp/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package srvcgrp
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my dg", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my dg", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/srvcgrp/testdata_test.go b/objs/srvcgrp/testdata_test.go
deleted file mode 100644
index aab10dbb..00000000
--- a/objs/srvcgrp/testdata_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package srvcgrp
-
-type testCase struct {
-	desc string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test no services", Entry{
-			Name: "one",
-			Tags: []string{"one", "two"},
-		}},
-		{"test one service", Entry{
-			Name:     "two",
-			Services: []string{"svc1"},
-			Tags:     []string{"single"},
-		}},
-		{"test two services", Entry{
-			Name:     "three",
-			Services: []string{"svc1", "svc2"},
-		}},
-	}
-}
diff --git a/objs/tags/const.go b/objs/tags/const.go
deleted file mode 100644
index caa3bfdf..00000000
--- a/objs/tags/const.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package tags
-
-// These are the color constants you can use in Entry.SetColor().  Note that
-// each version of PANOS has added colors, so if you are looking for maximum
-// compatibility, only use the first 16 colors (17 including None).
-const (
-	None = iota
-	Red
-	Green
-	Blue
-	Yellow
-	Copper
-	Orange
-	Purple
-	Gray
-	LightGreen
-	Cyan
-	LightGray
-	BlueGray
-	Lime
-	Black
-	Gold
-	Brown
-	Olive
-	_
-	Maroon
-	RedOrange
-	YellowOrange
-	ForestGreen
-	TurquoiseBlue
-	AzureBlue
-	CeruleanBlue
-	MidnightBlue
-	MediumBlue
-	CobaltBlue
-	VioletBlue
-	BlueViolet
-	MediumViolet
-	MediumRose
-	Lavender
-	Orchid
-	Thistle
-	Peach
-	Salmon
-	Magenta
-	RedViolet
-	Mahogany
-	BurntSienna
-	Chestnut
-)
-
-const (
-	singular = "tag"
-	plural   = "tags"
-)
diff --git a/objs/tags/doc.go b/objs/tags/doc.go
deleted file mode 100644
index 2a028a05..00000000
--- a/objs/tags/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package tags is the client.Objects.Tags namespace.
-//
-// Normalized object:  Entry
-package tags
diff --git a/objs/tags/entry.go b/objs/tags/entry.go
deleted file mode 100644
index 18efdbaf..00000000
--- a/objs/tags/entry.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package tags
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of an
-// administrative tag.  Note that colors should be set to a string
-// such as `color5` or `color13`.  If you want to set a color using the
-// color name (e.g. - "red"), use the SetColor function.
-type Entry struct {
-	Name    string
-	Color   string
-	Comment string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Color = s.Color
-	o.Comment = s.Comment
-}
-
-// SetColor takes a color constant (e.g. - Olive) and converts it to a color
-// enum (e.g. - "color17").
-//
-// Note that color availability varies according to version:
-//
-// * 6.1 - 7.0:  None - Brown
-// * 7.1 - 8.0:  None - Olive
-// * 8.1:  None - Chestnut
-func (o *Entry) SetColor(v int) {
-	if v == 0 {
-		o.Color = ""
-	} else {
-		o.Color = fmt.Sprintf("color%d", v)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:    o.Name,
-		Color:   o.Color,
-		Comment: o.Comment,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Color   string   `xml:"color,omitempty"`
-	Comment string   `xml:"comments,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:    e.Name,
-		Color:   e.Color,
-		Comment: e.Comment,
-	}
-
-	return ans
-}
diff --git a/objs/tags/funcs.go b/objs/tags/funcs.go
deleted file mode 100644
index 653c08b3..00000000
--- a/objs/tags/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package tags
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/objs/tags/fw.go b/objs/tags/fw.go
deleted file mode 100644
index 9aeb72d5..00000000
--- a/objs/tags/fw.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package tags
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Objects.Tags namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"tag",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/tags/fw_test.go b/objs/tags/fw_test.go
deleted file mode 100644
index febaac8e..00000000
--- a/objs/tags/fw_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package tags
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/tags/pano.go b/objs/tags/pano.go
deleted file mode 100644
index 021e11f2..00000000
--- a/objs/tags/pano.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package tags
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Objects.Tags namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(dg string, e ...Entry) error {
-	return c.ns.Set(c.pather(dg), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg string, e Entry) error {
-	return c.ns.Edit(c.pather(dg), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(dg string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg), names, nErr)
-}
-
-func (c *Panorama) pather(dg string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, v)
-	}
-}
-
-func (c *Panorama) xpath(dg string, vals []string) ([]string, error) {
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		"tag",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/objs/tags/pano_test.go b/objs/tags/pano_test.go
deleted file mode 100644
index 51c4cea2..00000000
--- a/objs/tags/pano_test.go
+++ /dev/null
@@ -1,34 +0,0 @@
-package tags
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/objs/tags/testdata_test.go b/objs/tags/testdata_test.go
deleted file mode 100644
index 793eee11..00000000
--- a/objs/tags/testdata_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package tags
-
-type testCase struct {
-	desc string
-	vsys string
-	conf Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"test with all fields", "", Entry{
-			Name:    "one",
-			Color:   "color1",
-			Comment: "first test",
-		}},
-		{"test no color", "", Entry{
-			Name:    "two",
-			Comment: "second test",
-		}},
-		{"test no comment", "vsys1", Entry{
-			Name:  "three",
-			Color: "color3",
-		}},
-		{"test no color or comment", "vsys2", Entry{
-			Name: "four",
-		}},
-	}
-}
diff --git a/pano.go b/pano.go
deleted file mode 100644
index 7161c6ee..00000000
--- a/pano.go
+++ /dev/null
@@ -1,230 +0,0 @@
-package pango
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-	"time"
-
-	// Various namespace imports.
-	"github.com/PaloAltoNetworks/pango/dev"
-	"github.com/PaloAltoNetworks/pango/licen"
-	"github.com/PaloAltoNetworks/pango/netw"
-	"github.com/PaloAltoNetworks/pango/objs"
-	"github.com/PaloAltoNetworks/pango/pnrm"
-	"github.com/PaloAltoNetworks/pango/poli"
-	"github.com/PaloAltoNetworks/pango/predefined"
-	"github.com/PaloAltoNetworks/pango/userid"
-	"github.com/PaloAltoNetworks/pango/vsys"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is a panorama specific client, providing version safe functions
-// for the PAN-OS Xpath API methods.  After creating the object, invoke
-// Initialize() to prepare it for use.
-//
-// It has the following namespaces:
-//      * Licensing
-//      * UserId
-type Panorama struct {
-	Client
-
-	// Namespaces
-	Predefined *predefined.Panorama
-	Device     *dev.Panorama
-	Licensing  *licen.Licen
-	UserId     *userid.UserId
-	Panorama   *pnrm.Panorama
-	Objects    *objs.PanoObjs
-	Policies   *poli.Panorama
-	Network    *netw.Panorama
-	Vsys       *vsys.Panorama
-}
-
-// Initialize does some initial setup of the Panorama connection, retrieves
-// the API key if it was not already present, then performs "show system
-// info" to get the PAN-OS version.  The full results are saved into the
-// client's SystemInfo map.
-//
-// If not specified, the following is assumed:
-//  * Protocol: https
-//  * Port: (unspecified)
-//  * Timeout: 10
-//  * Logging: LogAction | LogUid
-func (c *Panorama) Initialize() error {
-	if len(c.rb) == 0 {
-		var e error
-
-		if e = c.initCon(); e != nil {
-			return e
-		} else if e = c.initApiKey(); e != nil {
-			return e
-		} else if e = c.initSystemInfo(); e != nil {
-			return e
-		}
-		c.initPlugins()
-	} else {
-		c.Hostname = "localhost"
-		c.ApiKey = "password"
-	}
-	c.initNamespaces()
-
-	return nil
-}
-
-// InitializeUsing does Initialize(), but takes in a filename that contains
-// fallback authentication credentials if they aren't specified.
-//
-// The order of preference for auth / connection settings is:
-//
-// * explicitly set
-// * environment variable (set chkenv to true to enable this)
-// * json file
-func (c *Panorama) InitializeUsing(filename string, chkenv bool) error {
-	c.CheckEnvironment = chkenv
-	c.credsFile = filename
-
-	return c.Initialize()
-}
-
-// CreateVmAuthKey creates a VM auth key to bootstrap a VM-Series firewall.
-//
-// VM auth keys are only valid for the number of hours specified.
-func (c *Panorama) CreateVmAuthKey(hours int) (VmAuthKey, error) {
-	clock, err := c.Clock()
-	if err != nil {
-		c.LogOp("(op) Failed to get/parse system time: %s", err)
-	}
-
-	type ak_req struct {
-		XMLName  xml.Name `xml:"request"`
-		Duration int      `xml:"bootstrap>vm-auth-key>generate>lifetime"`
-	}
-
-	type ak_resp struct {
-		Msg string `xml:"result"`
-	}
-
-	req := ak_req{Duration: hours}
-	ans := ak_resp{}
-
-	c.LogOp("(op) generating a vm auth code")
-	if b, err := c.Op(req, "", nil, &ans); err != nil {
-		return VmAuthKey{}, err
-	} else if ans.Msg == "" {
-		return VmAuthKey{}, fmt.Errorf("No msg: %s", b)
-	} else if !strings.HasPrefix(ans.Msg, "VM auth key ") {
-		return VmAuthKey{}, fmt.Errorf("Wrong resp prefix: %s", b)
-	}
-
-	tokens := strings.Fields(ans.Msg)
-	if len(tokens) != 9 {
-		return VmAuthKey{}, fmt.Errorf("Got %d of 9 fields from: %s", len(tokens), ans.Msg)
-	}
-
-	key := VmAuthKey{
-		AuthKey: tokens[3],
-		Expiry:  strings.Join(tokens[7:], " "),
-	}
-	key.ParseExpires(clock)
-
-	return key, nil
-}
-
-// GetVmAuthKeys gets the list of VM auth keys.
-func (c *Panorama) GetVmAuthKeys() ([]VmAuthKey, error) {
-	clock, err := c.Clock()
-	if err != nil {
-		c.LogOp("(op) Failed to get/parse system time: %s", err)
-	}
-
-	type l_req struct {
-		XMLName xml.Name `xml:"request"`
-		Msg     string   `xml:"bootstrap>vm-auth-key>show"`
-	}
-
-	type l_resp struct {
-		List []VmAuthKey `xml:"result>bootstrap-vm-auth-keys>entry"`
-	}
-
-	req := l_req{}
-	ans := l_resp{}
-
-	c.LogOp("(op) listing vm auth codes")
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		return nil, err
-	}
-
-	for i := range ans.List {
-		ans.List[i].ParseExpires(clock)
-	}
-
-	return ans.List, nil
-}
-
-// RemoveVmAuthKey revokes a VM auth key.
-func (c *Panorama) RevokeVmAuthKey(key string) error {
-	type rreq struct {
-		XMLName xml.Name `xml:"request"`
-		Key     string   `xml:"bootstrap>vm-auth-key>revoke>vm-auth-key"`
-	}
-
-	req := rreq{
-		Key: key,
-	}
-
-	c.LogOp("(op) revoking vm auth code: %s", key)
-
-	_, err := c.Op(req, "", nil, nil)
-	return err
-}
-
-/** Public structs **/
-
-// VmAuthKey is a VM auth key paired with when it expires.
-//
-// The Expiry field is the string returned from PAN-OS, while the Expires
-// field is an attempt at parsing the Expiry field.
-type VmAuthKey struct {
-	AuthKey string `xml:"vm-auth-key"`
-	Expiry  string `xml:"expiry-time"`
-	Expires time.Time
-}
-
-// ParseExpires sets Expires from the Expiry field.
-//
-// Since PAN-OS does not output timezone information with the expirations,
-// the current PAN-OS time is retrieved, which does contain timezone
-// information.  Then in the string parsing for Expires, the location
-// information of the system clock is applied.
-func (o *VmAuthKey) ParseExpires(clock time.Time) {
-	if t, err := time.ParseInLocation(util.PanosTimeWithoutTimezoneFormat, o.Expiry, clock.Location()); err == nil {
-		o.Expires = t
-	}
-}
-
-/** Private functions **/
-
-func (c *Panorama) initNamespaces() {
-	c.Predefined = predefined.PanoramaNamespace(c)
-
-	c.Device = dev.PanoramaNamespace(c)
-
-	c.Licensing = &licen.Licen{}
-	c.Licensing.Initialize(c)
-
-	c.UserId = &userid.UserId{}
-	c.UserId.Initialize(c)
-
-	c.Panorama = pnrm.PanoramaNamespace(c)
-
-	c.Objects = &objs.PanoObjs{}
-	c.Objects.Initialize(c)
-
-	c.Policies = poli.PanoramaNamespace(c)
-
-	c.Network = netw.PanoramaNamespace(c)
-
-	c.Vsys = vsys.PanoramaNamespace(c)
-}
diff --git a/panosplugin/cloudwatch/config.go b/panosplugin/cloudwatch/config.go
deleted file mode 100644
index 3edec8b9..00000000
--- a/panosplugin/cloudwatch/config.go
+++ /dev/null
@@ -1,98 +0,0 @@
-package cloudwatch
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Config is a normalized, version independent representation of an
-// AWS CloudWatch config.
-//
-// PAN-OS 9.0+
-type Config struct {
-	Enabled        bool
-	Namespace      string
-	UpdateInterval int
-}
-
-// Copy copies the information from source Config `s` to this object.
-func (o *Config) Copy(s Config) {
-	o.Enabled = s.Enabled
-	o.Namespace = s.Namespace
-	o.UpdateInterval = s.UpdateInterval
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Config) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return "", nil, err
-	}
-
-	return "", fn(o), nil
-}
-
-type normalizer interface {
-	Names() []string
-	Normalize() []Config
-}
-
-type container_v1 struct {
-	Answer []config_v1 `xml:"aws-cloudwatch"`
-}
-
-func (o *container_v1) Normalize() []Config {
-	ans := make([]Config, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	return nil
-}
-
-type config_v1 struct {
-	XMLName        xml.Name `xml:"aws-cloudwatch"`
-	Enabled        string   `xml:"enabled"`
-	Namespace      string   `xml:"name,omitempty"`
-	UpdateInterval int      `xml:"timeout,omitempty"`
-}
-
-func (e *config_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type localConfig_v1 config_v1
-	ans := localConfig_v1{
-		Namespace:      "VMseries",
-		UpdateInterval: 5,
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = config_v1(ans)
-	return nil
-}
-
-func (o *config_v1) normalize() Config {
-	ans := Config{
-		Enabled:        util.AsBool(o.Enabled),
-		Namespace:      o.Namespace,
-		UpdateInterval: o.UpdateInterval,
-	}
-
-	return ans
-}
-
-func specify_v1(e Config) interface{} {
-	ans := config_v1{
-		Enabled:        util.YesNo(e.Enabled),
-		Namespace:      e.Namespace,
-		UpdateInterval: e.UpdateInterval,
-	}
-
-	return ans
-}
diff --git a/panosplugin/cloudwatch/const.go b/panosplugin/cloudwatch/const.go
deleted file mode 100644
index ab996911..00000000
--- a/panosplugin/cloudwatch/const.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package cloudwatch
-
-const (
-	singular = "aws cloudwatch"
-)
diff --git a/panosplugin/cloudwatch/doc.go b/panosplugin/cloudwatch/doc.go
deleted file mode 100644
index ac1183ab..00000000
--- a/panosplugin/cloudwatch/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package cloudwatch is the client.PanosPlugin.AwsCloudWatch namespace.
-
-PAN-OS 9.0+
-
-Normalized object: Config
-*/
-
-package cloudwatch
diff --git a/panosplugin/cloudwatch/funcs.go b/panosplugin/cloudwatch/funcs.go
deleted file mode 100644
index 0bc84520..00000000
--- a/panosplugin/cloudwatch/funcs.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package cloudwatch
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-func versioning(pkgs []plugin.Info) (normalizer, func(Config) interface{}, error) {
-	pluginName := "vm_series"
-
-	for _, pkg := range pkgs {
-		// There seem to be a _lot_ of vm_series plugins around, both versioned and
-		// unversioned.  So just do a prefix search for one that's installed for now.
-		if strings.HasPrefix(pkg.Name, pluginName) {
-			if pkg.Installed != "yes" {
-				continue
-			}
-
-			// As mentioned above, not sure if there are versioning requirements on this
-			// just yet, so just comment version checking out until we know for sure.
-
-			/*
-				if !strings.HasPrefix(pkg.Version, "1.") {
-					return nil, nil, fmt.Errorf("need %q plugin version 1, but %q is installed", pluginName, pkg.Version)
-				}
-			*/
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("plugin %q not found", pluginName)
-}
-
-func specifier(e Config) []namespace.PluginSpecifier {
-	return []namespace.PluginSpecifier{e}
-}
-
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Config, error) {
-	if err != nil {
-		return Config{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/panosplugin/cloudwatch/fw.go b/panosplugin/cloudwatch/fw.go
deleted file mode 100644
index 58f80b70..00000000
--- a/panosplugin/cloudwatch/fw.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package cloudwatch
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Plugin.AwsCloudWatch namespace.
-type Firewall struct {
-	ns *namespace.Plugin
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get() (Config, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Config{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show() (Config, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Config{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(), "", ans)
-	return first(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e Config) error {
-	return c.ns.Set(c.pather(), specifier(e))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(e Config) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the config.
-func (c *Firewall) Delete() error {
-	return c.ns.Delete(c.pather(), nil, nil)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"deviceconfig",
-		"plugins",
-		"vm_series",
-		"aws-cloudwatch",
-	}, nil
-}
-
-func (c *Firewall) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/panosplugin/cloudwatch/fw_test.go b/panosplugin/cloudwatch/fw_test.go
deleted file mode 100644
index 25bc7c42..00000000
--- a/panosplugin/cloudwatch/fw_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package cloudwatch
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get()
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/panosplugin/cloudwatch/testdata_test.go b/panosplugin/cloudwatch/testdata_test.go
deleted file mode 100644
index b5a37869..00000000
--- a/panosplugin/cloudwatch/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package cloudwatch
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Config
-}
-
-func getTests() []tc {
-	return []tc{
-		{
-			"basic config",
-			plugin.Info{Name: "vm_series", Installed: "yes", Version: "1.0.0"},
-			Config{
-				Enabled:        true,
-				Namespace:      "ns",
-				UpdateInterval: 42,
-			},
-		},
-	}
-}
diff --git a/panosplugin/fw.go b/panosplugin/fw.go
deleted file mode 100644
index e17be8de..00000000
--- a/panosplugin/fw.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package panosplugin
-
-import (
-	"github.com/PaloAltoNetworks/pango/panosplugin/cloudwatch"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-type Firewall struct {
-	AwsCloudWatch *cloudwatch.Firewall
-}
-
-func FirewallNamespace(x util.XapiClient) *Firewall {
-	return &Firewall{
-		AwsCloudWatch: cloudwatch.FirewallNamespace(x),
-	}
-}
diff --git a/pnrm/dg/const.go b/pnrm/dg/const.go
deleted file mode 100644
index e40382b3..00000000
--- a/pnrm/dg/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package dg
-
-const (
-	singular = "device group"
-	plural   = "device groups"
-)
diff --git a/pnrm/dg/doc.go b/pnrm/dg/doc.go
deleted file mode 100644
index 8c3890a5..00000000
--- a/pnrm/dg/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package dg is the client.Panorama.DeviceGroup namespace.
-
-Normalized object: Entry
-*/
-package dg
diff --git a/pnrm/dg/entry.go b/pnrm/dg/entry.go
deleted file mode 100644
index 6cbb69b7..00000000
--- a/pnrm/dg/entry.go
+++ /dev/null
@@ -1,322 +0,0 @@
-package dg
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a device group.
-//
-// Devices is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name        string
-	Description string
-	Devices     map[string][]string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source's Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Devices = util.CopyTargets(s.Devices)
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Devices:     util.VsysEntToMap(o.Devices),
-	}
-
-	ans.raw = make(map[string]string)
-
-	if o.Address != nil {
-		ans.raw["address"] = util.CleanRawXml(o.Address.Text)
-	}
-	if o.AddressGroup != nil {
-		ans.raw["addressGroup"] = util.CleanRawXml(o.AddressGroup.Text)
-	}
-	if o.Application != nil {
-		ans.raw["application"] = util.CleanRawXml(o.Application.Text)
-	}
-	if o.ApplicationFilter != nil {
-		ans.raw["applicationFilter"] = util.CleanRawXml(o.ApplicationFilter.Text)
-	}
-	if o.ApplicationGroup != nil {
-		ans.raw["applicationGroup"] = util.CleanRawXml(o.ApplicationGroup.Text)
-	}
-	if o.ApplicationStatus != nil {
-		ans.raw["applicationStatus"] = util.CleanRawXml(o.ApplicationStatus.Text)
-	}
-	if o.ApplicationTag != nil {
-		ans.raw["applicationTag"] = util.CleanRawXml(o.ApplicationTag.Text)
-	}
-	if o.AuthenticationObject != nil {
-		ans.raw["authenticationObject"] = util.CleanRawXml(o.AuthenticationObject.Text)
-	}
-	if o.AuthorizationCode != nil {
-		ans.raw["authorizationCode"] = util.CleanRawXml(o.AuthorizationCode.Text)
-	}
-	if o.DynamicUserGroup != nil {
-		ans.raw["dynamicUserGroup"] = util.CleanRawXml(o.DynamicUserGroup.Text)
-	}
-	if o.EmailScheduler != nil {
-		ans.raw["emailScheduler"] = util.CleanRawXml(o.EmailScheduler.Text)
-	}
-	if o.Edl != nil {
-		ans.raw["edl"] = util.CleanRawXml(o.Edl.Text)
-	}
-	if o.LogSettings != nil {
-		ans.raw["logSettings"] = util.CleanRawXml(o.LogSettings.Text)
-	}
-	if o.MasterDevice != nil {
-		ans.raw["masterDevice"] = util.CleanRawXml(o.MasterDevice.Text)
-	}
-	if o.PdfSummaryReport != nil {
-		ans.raw["pdfSummaryReport"] = util.CleanRawXml(o.PdfSummaryReport.Text)
-	}
-	if o.PostRulebase != nil {
-		ans.raw["postRulebase"] = util.CleanRawXml(o.PostRulebase.Text)
-	}
-	if o.PreRulebase != nil {
-		ans.raw["preRulebase"] = util.CleanRawXml(o.PreRulebase.Text)
-	}
-	if o.ProfileGroup != nil {
-		ans.raw["profileGroup"] = util.CleanRawXml(o.ProfileGroup.Text)
-	}
-	if o.Profiles != nil {
-		ans.raw["profiles"] = util.CleanRawXml(o.Profiles.Text)
-	}
-	if o.Region != nil {
-		ans.raw["region"] = util.CleanRawXml(o.Region.Text)
-	}
-	if o.ReportGroup != nil {
-		ans.raw["reportGroup"] = util.CleanRawXml(o.ReportGroup.Text)
-	}
-	if o.Reports != nil {
-		ans.raw["reports"] = util.CleanRawXml(o.Reports.Text)
-	}
-	if o.Schedule != nil {
-		ans.raw["schedule"] = util.CleanRawXml(o.Schedule.Text)
-	}
-	if o.Service != nil {
-		ans.raw["service"] = util.CleanRawXml(o.Service.Text)
-	}
-	if o.ServiceGroup != nil {
-		ans.raw["serviceGroup"] = util.CleanRawXml(o.ServiceGroup.Text)
-	}
-	if o.Tag != nil {
-		ans.raw["tag"] = util.CleanRawXml(o.Tag.Text)
-	}
-	if o.Threats != nil {
-		ans.raw["threats"] = util.CleanRawXml(o.Threats.Text)
-	}
-	if o.ToSwVersion != nil {
-		ans.raw["toSwVersion"] = util.CleanRawXml(o.ToSwVersion.Text)
-	}
-
-	if len(ans.raw) == 0 {
-		ans.raw = nil
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name            `xml:"entry"`
-	Name        string              `xml:"name,attr"`
-	Description string              `xml:"description,omitempty"`
-	Devices     *util.VsysEntryType `xml:"devices"`
-
-	Address              *util.RawXml `xml:"address"`
-	AddressGroup         *util.RawXml `xml:"address-group"`
-	Application          *util.RawXml `xml:"application"`
-	ApplicationFilter    *util.RawXml `xml:"application-filter"`
-	ApplicationGroup     *util.RawXml `xml:"application-group"`
-	ApplicationStatus    *util.RawXml `xml:"application-status"`
-	ApplicationTag       *util.RawXml `xml:"application-tag"`
-	AuthenticationObject *util.RawXml `xml:"authentication-object"`
-	AuthorizationCode    *util.RawXml `xml:"authorization-code"`
-	DynamicUserGroup     *util.RawXml `xml:"dynamic-user-group"`
-	EmailScheduler       *util.RawXml `xml:"email-scheduler"`
-	Edl                  *util.RawXml `xml:"external-list"`
-	LogSettings          *util.RawXml `xml:"log-settings"`
-	MasterDevice         *util.RawXml `xml:"master-device"`
-	PdfSummaryReport     *util.RawXml `xml:"pdf-summary-report"`
-	PostRulebase         *util.RawXml `xml:"post-rulebase"`
-	PreRulebase          *util.RawXml `xml:"pre-rulebase"`
-	ProfileGroup         *util.RawXml `xml:"profile-group"`
-	Profiles             *util.RawXml `xml:"profiles"`
-	Region               *util.RawXml `xml:"region"`
-	ReportGroup          *util.RawXml `xml:"report-group"`
-	Reports              *util.RawXml `xml:"reports"`
-	Schedule             *util.RawXml `xml:"schedule"`
-	Service              *util.RawXml `xml:"service"`
-	ServiceGroup         *util.RawXml `xml:"service-group"`
-	Tag                  *util.RawXml `xml:"tag"`
-	Threats              *util.RawXml `xml:"threats"`
-	ToSwVersion          *util.RawXml `xml:"to-sw-version"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Devices:     util.MapToVsysEnt(e.Devices),
-	}
-
-	if t, p := e.raw["address"]; p {
-		ans.Address = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["addressGroup"]; p {
-		ans.AddressGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["application"]; p {
-		ans.Application = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["applicationFilter"]; p {
-		ans.ApplicationFilter = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["applicationGroup"]; p {
-		ans.ApplicationGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["applicationStatus"]; p {
-		ans.ApplicationStatus = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["applicationTag"]; p {
-		ans.ApplicationTag = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["authenticationObject"]; p {
-		ans.AuthenticationObject = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["authorizationCode"]; p {
-		ans.AuthorizationCode = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["dynamicUserGroup"]; p {
-		ans.DynamicUserGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["emailScheduler"]; p {
-		ans.EmailScheduler = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["edl"]; p {
-		ans.Edl = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["logSettings"]; p {
-		ans.LogSettings = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["masterDevice"]; p {
-		ans.MasterDevice = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["pdfSummaryReport"]; p {
-		ans.PdfSummaryReport = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["postRulebase"]; p {
-		ans.PostRulebase = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["preRulebase"]; p {
-		ans.PreRulebase = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["profileGroup"]; p {
-		ans.ProfileGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["profiles"]; p {
-		ans.Profiles = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["region"]; p {
-		ans.Region = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["reportGroup"]; p {
-		ans.ReportGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["reports"]; p {
-		ans.Reports = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["schedule"]; p {
-		ans.Schedule = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["service"]; p {
-		ans.Service = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["serviceGroup"]; p {
-		ans.ServiceGroup = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["tag"]; p {
-		ans.Tag = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["threats"]; p {
-		ans.Threats = &util.RawXml{t}
-	}
-
-	if t, p := e.raw["toSwVersion"]; p {
-		ans.ToSwVersion = &util.RawXml{t}
-	}
-
-	return ans
-}
diff --git a/pnrm/dg/funcs.go b/pnrm/dg/funcs.go
deleted file mode 100644
index 01b4449a..00000000
--- a/pnrm/dg/funcs.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package dg
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/dg/pano.go b/pnrm/dg/pano.go
deleted file mode 100644
index 2afeb182..00000000
--- a/pnrm/dg/pano.go
+++ /dev/null
@@ -1,269 +0,0 @@
-package dg
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.DeviceGroup namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-/*
-SetDeviceVsys performs a SET to add specific vsys from a device to device
-group g.
-
-If you want all vsys to be included, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The device group can be either a string or an Entry object.
-*/
-func (c *Panorama) SetDeviceVsys(g interface{}, d string, vsys []string) error {
-	names, err := toNames([]interface{}{g})
-	if err != nil {
-		return err
-	}
-
-	c.ns.Client.LogAction("(set) device vsys in device group: %s", names[0])
-
-	path, err := c.xpath(names)
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices")
-	m := util.MapToVsysEnt(map[string][]string{d: vsys})
-
-	_, err = c.ns.Client.Set(path, m.Entries[0], nil, nil)
-	return err
-}
-
-/*
-EditDeviceVsys performs an EDIT to add specific vsys from a device to device
-group g.
-
-If you want all vsys to be included, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The device group can be either a string or an Entry object.
-*/
-func (c *Panorama) EditDeviceVsys(g interface{}, d string, vsys []string) error {
-	names, err := toNames([]interface{}{g})
-	if err != nil {
-		return err
-	}
-
-	c.ns.Client.LogAction("(set) device vsys in device group: %s", names[0])
-
-	path, err := c.xpath(names)
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-	m := util.MapToVsysEnt(map[string][]string{d: vsys})
-
-	_, err = c.ns.Client.Edit(path, m.Entries[0], nil, nil)
-	return err
-}
-
-/*
-DeleteDeviceVsys performs a DELETE to remove specific vsys from device d from
-device group g.
-
-If you want all vsys to be removed, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The device group can be either a string or an Entry object.
-*/
-func (c *Panorama) DeleteDeviceVsys(g interface{}, d string, vsys []string) error {
-	names, err := toNames([]interface{}{g})
-	if err != nil {
-		return err
-	}
-
-	c.ns.Client.LogAction("(delete) device vsys from device group: %s", names[0])
-
-	path := make([]string, 0, 9)
-	p, err := c.xpath(names)
-	if err != nil {
-		return err
-	}
-	path = append(path, p...)
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-	if len(vsys) > 0 {
-		path = append(path, "vsys", util.AsEntryXpath(vsys))
-	}
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetParents returns a map where the keys are the device group's name and
-// the value is the parent for that device group.
-//
-// An empty parent value means that the parent is the "shared" device group.
-func (c *Panorama) GetParents() (map[string]string, error) {
-	req := dgpReq{}
-	ans := dgpResp{}
-
-	c.ns.Client.LogOp("(op) retrieving device group parents")
-	if _, err := c.ns.Client.Op(req, "", nil, &ans); err != nil {
-		return nil, err
-	}
-
-	return ans.results(), nil
-}
-
-// AssignParent sets a device group's parent to `parent`.
-//
-// An empty string for the parent will move the device group to the
-// top level (shared).
-//
-// This operation results in a job being submitted to the backend, which this
-// function will block until the move is completed.
-func (c *Panorama) AssignParent(child, parent string) error {
-
-	req := apReq{
-		Info: apInfo{
-			Child:  child,
-			Parent: parent,
-		},
-	}
-	ans := util.JobResponse{}
-
-	c.ns.Client.LogOp("(op) assigning group %q new parent: %s", child, parent)
-	if _, err := c.ns.Client.Op(req, "", nil, &ans); err != nil {
-		return err
-	}
-
-	return c.ns.Client.WaitForJob(ans.Id, 0, nil, nil)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"device-group",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
-
-// Device group hierarchy structs.
-type dgpReq struct {
-	XMLName xml.Name `xml:"show"`
-	Cmd     string   `xml:"dg-hierarchy"`
-}
-
-type dgpResp struct {
-	Result *dgHierarchy `xml:"result>dg-hierarchy"`
-}
-
-func (o *dgpResp) results() map[string]string {
-	ans := make(map[string]string)
-
-	if o.Result != nil {
-		for _, v := range o.Result.Info {
-			ans[v.Name] = ""
-			v.results(ans)
-		}
-	}
-
-	return ans
-}
-
-type dgHierarchy struct {
-	Info []dghInfo `xml:"dg"`
-}
-
-type dghInfo struct {
-	Name     string    `xml:"name,attr"`
-	Children []dghInfo `xml:"dg"`
-}
-
-func (o *dghInfo) results(ans map[string]string) {
-	for _, v := range o.Children {
-		ans[v.Name] = o.Name
-		v.results(ans)
-	}
-}
-
-type apReq struct {
-	XMLName xml.Name `xml:"request"`
-	Info    apInfo   `xml:"move-dg>entry"`
-}
-
-type apInfo struct {
-	Child  string `xml:"name,attr"`
-	Parent string `xml:"new-parent-dg,omitempty"`
-}
diff --git a/pnrm/dg/pano_test.go b/pnrm/dg/pano_test.go
deleted file mode 100644
index c3851f8c..00000000
--- a/pnrm/dg/pano_test.go
+++ /dev/null
@@ -1,105 +0,0 @@
-package dg
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestDevices(t *testing.T) {
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	mc.Version = version.Number{10, 0, 0, ""}
-	mc.AddResp(`
-<entry name="foo">
-    <description>war</description>
-    <devices>
-        <entry name="first"/>
-        <entry name="second"/>
-        <entry name="third">
-            <vsys>
-                <entry name="vsys2"/>
-                <entry name="vsys3"/>
-            </vsys>
-        </entry>
-        <entry name="fourth"/>
-    </devices>
-</entry>`)
-
-	obj, err := ns.Get("foo")
-	if err != nil {
-		t.Fatalf("Error in get: %s", err)
-	}
-	if obj.Name != "foo" {
-		t.Fatalf("Name is not foo, but %q", obj.Name)
-	}
-	if obj.Description != "war" {
-		t.Fatalf("Description is %q, not war", obj.Description)
-	}
-	if len(obj.Devices) != 4 {
-		t.Fatalf("Devices is len %d, not 4", len(obj.Devices))
-	}
-
-	val, ok := obj.Devices["first"]
-	if !ok {
-		t.Fatalf("first not in devices")
-	} else if val != nil {
-		t.Fatalf("first val is not nil")
-	}
-
-	val, ok = obj.Devices["second"]
-	if !ok {
-		t.Fatalf("second not in devices")
-	} else if val != nil {
-		t.Fatalf("second val is not nil")
-	}
-
-	val, ok = obj.Devices["third"]
-	if !ok {
-		t.Fatalf("third not in devices")
-	} else if len(val) != 2 {
-		t.Fatalf("third vsys list is %#v not [vsys2, vsys3]", val)
-	} else if val[0] != "vsys2" && val[1] != "vsys2" {
-		t.Errorf("vsys2 not in val: %#v", val)
-	} else if val[0] != "vsys3" && val[1] != "vsys3" {
-		t.Errorf("vsys3 not in val: %#v", val)
-	}
-
-	val, ok = obj.Devices["fourth"]
-	if !ok {
-		t.Fatalf("fourth not in devices")
-	} else if val != nil {
-		t.Fatalf("fourth val is not nil")
-	}
-
-}
diff --git a/pnrm/dg/testdata_test.go b/pnrm/dg/testdata_test.go
deleted file mode 100644
index 73728dd5..00000000
--- a/pnrm/dg/testdata_test.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package dg
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 basic", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "one",
-			Description: "my description",
-			Devices: map[string][]string{
-				"01234": []string{"vsys1", "vsys2"},
-				"234":   nil,
-			},
-		}},
-		{"v1 with raw", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "two",
-			Description: "raw fields",
-			raw: map[string]string{
-				"address":              "address",
-				"addressGroup":         "addressGroup",
-				"application":          "application",
-				"applicationFilter":    "applicationFilter",
-				"applicationGroup":     "applicationGroup",
-				"applicationStatus":    "applicationStatus",
-				"applicationTag":       "applicationTag",
-				"authenticationObject": "authenticationObject",
-				"authorizationCode":    "authorizationCode",
-				"dynamicUserGroup":     "dynamicUserGroup",
-				"emailScheduler":       "emailScheduler",
-				"edl":                  "edl",
-				"logSettings":          "logSettings",
-				"masterDevice":         "masterDevice",
-				"pdfSummaryReport":     "pdfSummaryReport",
-				"postRulebase":         "postRulebase",
-				"preRulebase":          "preRulebase",
-				"profileGroup":         "profileGroup",
-				"profiles":             "profiles",
-				"region":               "region",
-				"reportGroup":          "reportGroup",
-				"reports":              "reports",
-				"schedule":             "schedule",
-				"service":              "service",
-				"serviceGroup":         "serviceGroup",
-				"tag":                  "tag",
-				"threats":              "threats",
-				"toSwVersion":          "toSwVersion",
-			},
-		}},
-	}
-}
diff --git a/pnrm/pano.go b/pnrm/pano.go
deleted file mode 100644
index e0b75b5f..00000000
--- a/pnrm/pano.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
-Package pnrm is the client.Panorama namespace.
-*/
-package pnrm
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	"github.com/PaloAltoNetworks/pango/pnrm/dg"
-	"github.com/PaloAltoNetworks/pango/pnrm/plugins/gcp/account"
-	"github.com/PaloAltoNetworks/pango/pnrm/plugins/gcp/gke/cluster"
-	"github.com/PaloAltoNetworks/pango/pnrm/plugins/gcp/gke/cluster/group"
-	"github.com/PaloAltoNetworks/pango/pnrm/plugins/swfwlicense/bootstrapdef"
-	"github.com/PaloAltoNetworks/pango/pnrm/plugins/swfwlicense/manager"
-	"github.com/PaloAltoNetworks/pango/pnrm/template"
-	"github.com/PaloAltoNetworks/pango/pnrm/template/stack"
-	"github.com/PaloAltoNetworks/pango/pnrm/template/variable"
-)
-
-// Panorama is the panorama.Panorama namespace.
-type Panorama struct {
-	DeviceGroup                *dg.Panorama
-	GcpAccount                 *account.Panorama
-	GkeCluster                 *cluster.Panorama
-	GkeClusterGroup            *group.Panorama
-	LicenseBootstrapDefinition *bootstrapdef.Panorama
-	LicenseManager             *manager.Panorama
-	Template                   *template.Panorama
-	TemplateStack              *stack.Panorama
-	TemplateVariable           *variable.Panorama
-}
-
-func PanoramaNamespace(x util.XapiClient) *Panorama {
-	return &Panorama{
-		DeviceGroup:                dg.PanoramaNamespace(x),
-		GcpAccount:                 account.PanoramaNamespace(x),
-		GkeCluster:                 cluster.PanoramaNamespace(x),
-		GkeClusterGroup:            group.PanoramaNamespace(x),
-		LicenseBootstrapDefinition: bootstrapdef.PanoramaNamespace(x),
-		LicenseManager:             manager.PanoramaNamespace(x),
-		Template:                   template.PanoramaNamespace(x),
-		TemplateStack:              stack.PanoramaNamespace(x),
-		TemplateVariable:           variable.PanoramaNamespace(x),
-	}
-}
diff --git a/pnrm/plugins/gcp/account/const.go b/pnrm/plugins/gcp/account/const.go
deleted file mode 100644
index 11aa08f4..00000000
--- a/pnrm/plugins/gcp/account/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package account
-
-// Valid ProjectType values.
-const (
-	Project = "gcp"
-	Gke     = "gke"
-)
-
-const (
-	singular = "gcp account"
-	plural   = "gcp accounts"
-)
diff --git a/pnrm/plugins/gcp/account/doc.go b/pnrm/plugins/gcp/account/doc.go
deleted file mode 100644
index 0e08e7eb..00000000
--- a/pnrm/plugins/gcp/account/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package account is the client.Panorama.GcpAccount namespace.
-
-Normalized object:  Entry
-*/
-package account
diff --git a/pnrm/plugins/gcp/account/entry.go b/pnrm/plugins/gcp/account/entry.go
deleted file mode 100644
index fd7bcef5..00000000
--- a/pnrm/plugins/gcp/account/entry.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package account
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-// Entry is a normalized, version independent representation of GCP account credentials.
-//
-// Note:  GCP Plugin v1.0
-type Entry struct {
-	Name                         string
-	Description                  string
-	ProjectId                    string
-	ServiceAccountCredentialType string
-	CredentialFile               string // encrypted
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.ProjectId = s.ProjectId
-	o.ServiceAccountCredentialType = s.ServiceAccountCredentialType
-	o.CredentialFile = s.CredentialFile
-}
-
-/** Structs / functions for this namespace. **/
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-func (o Entry) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return o.Name, nil, err
-	}
-
-	return o.Name, fn(o), nil
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		ProjectId:   o.ProjectId,
-	}
-
-	if o.Type.Gcp != nil {
-		ans.ServiceAccountCredentialType = Project
-		ans.CredentialFile = o.Type.Gcp.CredentialFile
-	} else if o.Type.Gke != nil {
-		ans.ServiceAccountCredentialType = Gke
-		ans.CredentialFile = o.Type.Gke.CredentialFile
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Type        actType  `xml:"type"`
-	ProjectId   string   `xml:"project-id"`
-	Description string   `xml:"description,omitempty"`
-}
-
-type actType struct {
-	Gke *creds `xml:"gke"`
-	Gcp *creds `xml:"gcp"`
-}
-
-type creds struct {
-	CredentialFile string `xml:"file"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		ProjectId:   e.ProjectId,
-	}
-
-	switch e.ServiceAccountCredentialType {
-	case Project:
-		ans.Type.Gcp = &creds{
-			CredentialFile: e.CredentialFile,
-		}
-	case Gke:
-		ans.Type.Gke = &creds{
-			CredentialFile: e.CredentialFile,
-		}
-	}
-
-	return ans
-}
diff --git a/pnrm/plugins/gcp/account/funcs.go b/pnrm/plugins/gcp/account/funcs.go
deleted file mode 100644
index 136f0b29..00000000
--- a/pnrm/plugins/gcp/account/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package account
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-func versioning(pkgs []plugin.Info) (normalizer, func(Entry) interface{}, error) {
-	name := "gcp"
-
-	for _, pkg := range pkgs {
-		if pkg.Name == name {
-			if pkg.Installed != "yes" {
-				return nil, nil, fmt.Errorf("Plugin not installed: %s", name)
-			}
-			if !strings.HasPrefix(pkg.Version, "1.") {
-				return nil, nil, fmt.Errorf("Need %q plugin version 1, but %q is installed", name, pkg.Version)
-			}
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("Plugin %q not found", name)
-}
-
-func specifier(e ...Entry) []namespace.PluginSpecifier {
-	ans := make([]namespace.PluginSpecifier, 0, len(e))
-
-	var val namespace.PluginSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/gcp/account/pano.go b/pnrm/plugins/gcp/account/pano.go
deleted file mode 100644
index db813d28..00000000
--- a/pnrm/plugins/gcp/account/pano.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package account
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.GcpAccount namespace.
-type Panorama struct {
-	ns *namespace.Plugin
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"plugins",
-		"gcp",
-		"setup",
-		"service-act-credentials",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/pnrm/plugins/gcp/account/pano_test.go b/pnrm/plugins/gcp/account/pano_test.go
deleted file mode 100644
index 777755ac..00000000
--- a/pnrm/plugins/gcp/account/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package account
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/plugins/gcp/account/testdata_test.go b/pnrm/plugins/gcp/account/testdata_test.go
deleted file mode 100644
index be5a4451..00000000
--- a/pnrm/plugins/gcp/account/testdata_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package account
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"basic project", plugin.Info{Name: "gcp", Installed: "yes", Version: "1.0.0"}, Entry{
-			Name:                         "creds",
-			ProjectId:                    "my projectid",
-			Description:                  "some desc",
-			ServiceAccountCredentialType: Project,
-			CredentialFile:               "file contents",
-		}},
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/const.go b/pnrm/plugins/gcp/gke/cluster/const.go
deleted file mode 100644
index 4c94b194..00000000
--- a/pnrm/plugins/gcp/gke/cluster/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package cluster
-
-const (
-	singular = "gke cluster"
-	plural   = "gke clusters"
-)
diff --git a/pnrm/plugins/gcp/gke/cluster/doc.go b/pnrm/plugins/gcp/gke/cluster/doc.go
deleted file mode 100644
index 00ddf423..00000000
--- a/pnrm/plugins/gcp/gke/cluster/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package cluster is the client.Panorama.GkeCluster namespace.
-
-Normalized object:  Entry
-*/
-package cluster
diff --git a/pnrm/plugins/gcp/gke/cluster/entry.go b/pnrm/plugins/gcp/gke/cluster/entry.go
deleted file mode 100644
index 7f12d171..00000000
--- a/pnrm/plugins/gcp/gke/cluster/entry.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package cluster
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-// Entry is a normalized, version independent representation of a GKE cluster.
-type Entry struct {
-	Name              string
-	GcpZone           string
-	ClusterCredential string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.GcpZone = s.GcpZone
-	o.ClusterCredential = s.ClusterCredential
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return o.Name, nil, err
-	}
-
-	return o.Name, fn(o), nil
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:              o.Name,
-		GcpZone:           o.GcpZone,
-		ClusterCredential: o.ClusterCredential,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName           xml.Name `xml:"entry"`
-	Name              string   `xml:"name,attr"`
-	GcpZone           string   `xml:"gke-zone"`
-	ClusterCredential string   `xml:"gke-creds"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:              e.Name,
-		GcpZone:           e.GcpZone,
-		ClusterCredential: e.ClusterCredential,
-	}
-
-	return ans
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/funcs.go b/pnrm/plugins/gcp/gke/cluster/funcs.go
deleted file mode 100644
index edb052bc..00000000
--- a/pnrm/plugins/gcp/gke/cluster/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package cluster
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-func versioning(pkgs []plugin.Info) (normalizer, func(Entry) interface{}, error) {
-	name := "gcp"
-
-	for _, pkg := range pkgs {
-		if pkg.Name == name {
-			if pkg.Installed != "yes" {
-				return nil, nil, fmt.Errorf("Plugin not installed: %s", name)
-			}
-			if !strings.HasPrefix(pkg.Version, "1.") {
-				return nil, nil, fmt.Errorf("Need %q plugin version 1, but %q is installed", name, pkg.Version)
-			}
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("Plugin %q not found", name)
-}
-
-func specifier(e ...Entry) []namespace.PluginSpecifier {
-	ans := make([]namespace.PluginSpecifier, 0, len(e))
-
-	var val namespace.PluginSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/const.go b/pnrm/plugins/gcp/gke/cluster/group/const.go
deleted file mode 100644
index 17553693..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package group
-
-const (
-	singular = "gke cluster group"
-	plural   = "gke cluster groups"
-)
diff --git a/pnrm/plugins/gcp/gke/cluster/group/doc.go b/pnrm/plugins/gcp/gke/cluster/group/doc.go
deleted file mode 100644
index 8de533a5..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package group is the client.Panorama.GkeClusterGroup namespace.
-
-Normalized object:  Entry
-*/
-package group
diff --git a/pnrm/plugins/gcp/gke/cluster/group/entry.go b/pnrm/plugins/gcp/gke/cluster/group/entry.go
deleted file mode 100644
index 00696aa0..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/entry.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-// Entry is a normalized, version independent representation of a GKE cluster group.
-type Entry struct {
-	Name                 string
-	Description          string
-	GcpProjectCredential string
-	DeviceGroup          string
-	TemplateStack        string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.GcpProjectCredential = s.GcpProjectCredential
-	o.DeviceGroup = s.DeviceGroup
-	o.TemplateStack = s.TemplateStack
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return o.Name, nil, err
-	}
-
-	return o.Name, fn(o), nil
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Description:          o.Description,
-		GcpProjectCredential: o.GcpProjectCredential,
-		DeviceGroup:          o.DeviceGroup,
-		TemplateStack:        o.TemplateStack,
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name `xml:"entry"`
-	Name                 string   `xml:"name,attr"`
-	Description          string   `xml:"description,omitempty"`
-	GcpProjectCredential string   `xml:"gcp-creds"`
-	DeviceGroup          string   `xml:"device-group"`
-	TemplateStack        string   `xml:"template-stack"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		Description:          e.Description,
-		GcpProjectCredential: e.GcpProjectCredential,
-		DeviceGroup:          e.DeviceGroup,
-		TemplateStack:        e.TemplateStack,
-	}
-
-	return ans
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/funcs.go b/pnrm/plugins/gcp/gke/cluster/group/funcs.go
deleted file mode 100644
index bcbcd576..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/funcs.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package group
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-func versioning(pkgs []plugin.Info) (normalizer, func(Entry) interface{}, error) {
-	name := "gcp"
-
-	for _, pkg := range pkgs {
-		if pkg.Name == name {
-			if pkg.Installed != "yes" {
-				return nil, nil, fmt.Errorf("Plugin not installed: %s", name)
-			}
-			if !strings.HasPrefix(pkg.Version, "1.") {
-				return nil, nil, fmt.Errorf("Need %q plugin version 1, but %q is installed", name, pkg.Version)
-			}
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("Plugin %q not found", name)
-}
-
-func specifier(e ...Entry) []namespace.PluginSpecifier {
-	ans := make([]namespace.PluginSpecifier, 0, len(e))
-
-	var val namespace.PluginSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/pano.go b/pnrm/plugins/gcp/gke/cluster/group/pano.go
deleted file mode 100644
index fedae170..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/pano.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package group
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.GkeClusterGroup namespace.
-type Panorama struct {
-	ns *namespace.Plugin
-}
-
-// ShowPortMapping returns the service port mappings.
-func (c *Panorama) ShowPortMapping(group interface{}) ([]map[string]string, error) {
-	var name string
-
-	switch v := group.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return nil, fmt.Errorf("Unknown type sent to show port mapping: %s", v)
-	}
-	c.ns.Client.LogOp("(op) showing gke port mappings for %q", name)
-
-	req := pmReq_v1{Group: name}
-	var ans pmContainer_v1
-
-	if _, err := c.ns.Client.Op(req, "", nil, &ans); err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"plugins",
-		"gcp",
-		"gke",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/pano_test.go b/pnrm/plugins/gcp/gke/cluster/group/pano_test.go
deleted file mode 100644
index cea6bc87..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package group
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/portmap.go b/pnrm/plugins/gcp/gke/cluster/group/portmap.go
deleted file mode 100644
index 1c208fe6..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/portmap.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package group
-
-import (
-	"encoding/xml"
-)
-
-/** Structs / functions for this namespace. **/
-
-/*
-type normalizer interface {
-    Normalize() []map[string] string
-}
-*/
-
-type pmContainer_v1 struct {
-	Group cGroup `xml:"result>port-maps>entry"`
-}
-
-func (o *pmContainer_v1) Normalize() []map[string]string {
-	if len(o.Group.Clusters) == 0 {
-		return nil
-	}
-
-	lenAns := 0
-	for i := range o.Group.Clusters {
-		lenAns += len(o.Group.Clusters[i].Services)
-	}
-
-	ans := make([]map[string]string, 0, lenAns)
-	for i := range o.Group.Clusters {
-		cName := o.Group.Clusters[i].ClusterName
-		for j := range o.Group.Clusters[i].Services {
-			ans = append(ans, map[string]string{
-				"cluster-name":     cName,
-				"namespace":        o.Group.Clusters[i].Services[j].Namespace,
-				"service":          o.Group.Clusters[i].Services[j].Service,
-				"external-lb-port": o.Group.Clusters[i].Services[j].ExternalLbPort,
-				"internal-lb-port": o.Group.Clusters[i].Services[j].InternalLbPort,
-				"target-port":      o.Group.Clusters[i].Services[j].TargetPort,
-				"target-protocol":  o.Group.Clusters[i].Services[j].TargetProtocol,
-				"dup-np":           o.Group.Clusters[i].Services[j].DupNp,
-			})
-		}
-	}
-
-	return ans
-}
-
-type cGroup struct {
-	GroupName string    `xml:"name,attr"`
-	Clusters  []cluster `xml:"gke-clusters>entry"`
-}
-
-type cluster struct {
-	ClusterName string    `xml:"name,attr"`
-	Services    []service `xml:"service>entry"`
-}
-
-type service struct {
-	XMLName        xml.Name `xml:"entry"`
-	Namespace      string   `xml:"namespace"`
-	Service        string   `xml:"name,attr"`
-	ExternalLbPort string   `xml:"port"`
-	InternalLbPort string   `xml:"ilb-port"`
-	TargetPort     string   `xml:"target-port"`
-	TargetProtocol string   `xml:"protocol"`
-	DupNp          string   `xml:"dup-np"`
-}
-
-type pmReq_v1 struct {
-	XMLName xml.Name `xml:"show"`
-	Group   string   `xml:"plugins>gcp>port-map>gke>name"`
-	Cmd     string   `xml:"plugins>gcp>port-map>gke>service"`
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/group/testdata_test.go b/pnrm/plugins/gcp/gke/cluster/group/testdata_test.go
deleted file mode 100644
index 22626374..00000000
--- a/pnrm/plugins/gcp/gke/cluster/group/testdata_test.go
+++ /dev/null
@@ -1,23 +0,0 @@
-package group
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"basic check", plugin.Info{Name: "gcp", Installed: "yes", Version: "1.0.0"}, Entry{
-			Name:                 "v1",
-			Description:          "test",
-			DeviceGroup:          "dev group",
-			TemplateStack:        "my-stack",
-			GcpProjectCredential: "my creds",
-		}},
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/pano.go b/pnrm/plugins/gcp/gke/cluster/pano.go
deleted file mode 100644
index 2c210cbf..00000000
--- a/pnrm/plugins/gcp/gke/cluster/pano.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package cluster
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.GkeCluster namespace.
-type Panorama struct {
-	ns *namespace.Plugin
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(group string) ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Get, c.pather(group), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(group string) ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Show, c.pather(group), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(group, name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(group), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(group, name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(group), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(group string) ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Get, c.pather(group), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(group string) ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Show, c.pather(group), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(group string, e ...Entry) error {
-	return c.ns.Set(c.pather(group), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(group string, e Entry) error {
-	return c.ns.Edit(c.pather(group), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(group string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(group), names, nErr)
-}
-
-func (c *Panorama) pather(group string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(group, v)
-	}
-}
-
-func (c *Panorama) xpath(group string, vals []string) ([]string, error) {
-	if group == "" {
-		return nil, fmt.Errorf("group must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"plugins",
-		"gcp",
-		"gke",
-		util.AsEntryXpath([]string{group}),
-		"gke-cluster",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/pano_test.go b/pnrm/plugins/gcp/gke/cluster/pano_test.go
deleted file mode 100644
index d9d957f1..00000000
--- a/pnrm/plugins/gcp/gke/cluster/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package cluster
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my cluster group", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my cluster group", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/plugins/gcp/gke/cluster/testdata_test.go b/pnrm/plugins/gcp/gke/cluster/testdata_test.go
deleted file mode 100644
index 907cc0f4..00000000
--- a/pnrm/plugins/gcp/gke/cluster/testdata_test.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package cluster
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"basic check", plugin.Info{Name: "gcp", Installed: "yes", Version: "1.0.0"}, Entry{
-			Name:              "v1",
-			GcpZone:           "us-west1",
-			ClusterCredential: "my creds",
-		}},
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/const.go b/pnrm/plugins/swfwlicense/bootstrapdef/const.go
deleted file mode 100644
index fa27fb9a..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/const.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package bootstrapdef
-
-// constants singular and plural used for logging mechanism
-const (
-	singular = "bootstrap definition"
-	plural   = "bootstrap definitions"
-)
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/doc.go b/pnrm/plugins/swfwlicense/bootstrapdef/doc.go
deleted file mode 100644
index f8d9c37f..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package bootstrapdef is the client.Panorama.LicenseBootstrapDefinition namespace.
-
-This package deals with all aspects of the Bootstrap Definitions in the Software Firewall Licensing plugin.
-
-Normalized object: Entry
-*/
-
-package bootstrapdef
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/entry.go b/pnrm/plugins/swfwlicense/bootstrapdef/entry.go
deleted file mode 100644
index 8cbcb65d..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/entry.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package bootstrapdef
-
-import (
-	"encoding/xml"
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-// Version Independent Data Structure
-type Entry struct {
-	Name        string
-	Description string
-	Authcode    string
-}
-
-// normalizer interface refers to container_v1
-type normalizer interface {
-	Names() []string
-	Normalize() []Entry
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Authcode = s.Authcode
-}
-
-func (o Entry) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return o.Name, nil, err
-	}
-
-	return o.Name, fn(o), nil
-}
-
-// type container_v1 contains Answer which is a slice of entry_v1 from the XML entry.
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-// Normalize function that returns a slice of Entry taking each item in the slice from the Answer array in the
-// container_v1 struct
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-// Names function that returns a slice of String containing all the Name fields  from the entries in the Answer array
-// in the container_v1 struct
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-// entry_v1 data structure from XML
-type entry_v1 struct {
-	XMLName     xml.Name `xml:"entry"`
-	Name        string   `xml:"name,attr"`
-	Description string   `xml:"description,omitempty"`
-	Authcode    string   `xml:"authcode"`
-}
-
-// entry_v1 function normalize returns version independent Entry
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Authcode:    o.Authcode,
-	}
-
-	return ans
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Authcode:    e.Authcode,
-	}
-
-	return ans
-}
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/funcs.go b/pnrm/plugins/swfwlicense/bootstrapdef/funcs.go
deleted file mode 100644
index d3db71f1..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/funcs.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package bootstrapdef
-
-import (
-	"fmt"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-	"strings"
-)
-
-// checks version of the install plugins and returns a normalizer "container" struct depending of the version installed.
-func versioning(pkgs []plugin.Info) (normalizer, func(Entry) interface{}, error) {
-	pluginName := "sw_fw_license"
-
-	for _, pkg := range pkgs {
-		if pkg.Name == pluginName {
-			if pkg.Installed != "yes" {
-				return nil, nil, fmt.Errorf("plugin not installed: %s", pluginName)
-			}
-			if !strings.HasPrefix(pkg.Version, "1.") {
-				return nil, nil, fmt.Errorf("need %q plugin version 1, but %q is installed", pluginName, pkg.Version)
-			}
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("plugin %q not found", pluginName)
-}
-
-func specifier(e ...Entry) []namespace.PluginSpecifier {
-	ans := make([]namespace.PluginSpecifier, 0, len(e))
-
-	var val namespace.PluginSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-// returns the container struct from the versioning function dependent of plugin version
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/pano.go b/pnrm/plugins/swfwlicense/bootstrapdef/pano.go
deleted file mode 100644
index 06d577a9..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/pano.go
+++ /dev/null
@@ -1,109 +0,0 @@
-package bootstrapdef
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama namespace.
-type Panorama struct {
-	ns *namespace.Plugin
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"plugins",
-		"sw_fw_license",
-		"bootstrap-definition",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/pano_test.go b/pnrm/plugins/swfwlicense/bootstrapdef/pano_test.go
deleted file mode 100644
index decec87c..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package bootstrapdef
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/bootstrapdef/testdata_test.go b/pnrm/plugins/swfwlicense/bootstrapdef/testdata_test.go
deleted file mode 100644
index fd4bc33e..00000000
--- a/pnrm/plugins/swfwlicense/bootstrapdef/testdata_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package bootstrapdef
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{
-			"basic project",
-			plugin.Info{Name: "sw_fw_license", Installed: "yes", Version: "1.0.0"},
-			Entry{Name: "bootstrapdef",
-				Description: "some desc",
-				Authcode:    "abcdefg",
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/manager/const.go b/pnrm/plugins/swfwlicense/manager/const.go
deleted file mode 100644
index a740b04b..00000000
--- a/pnrm/plugins/swfwlicense/manager/const.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package manager
-
-// constants singular and plural used for logging mechanism
-const (
-	singular = "license manager"
-	plural   = "license managers"
-)
diff --git a/pnrm/plugins/swfwlicense/manager/doc.go b/pnrm/plugins/swfwlicense/manager/doc.go
deleted file mode 100644
index eeae6584..00000000
--- a/pnrm/plugins/swfwlicense/manager/doc.go
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
-Package manager is the client.Panorama.LicenseManager namespace.
-
-This package deals with all aspects of the License Managers in the Software Firewall Licensing plugin.
-
-Normalized object: Entry
-*/
-
-package manager
diff --git a/pnrm/plugins/swfwlicense/manager/entry.go b/pnrm/plugins/swfwlicense/manager/entry.go
deleted file mode 100644
index 11422f3d..00000000
--- a/pnrm/plugins/swfwlicense/manager/entry.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package manager
-
-import (
-	"encoding/xml"
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-// Version Independent Data Structure
-type Entry struct {
-	Name                string
-	Description         string
-	DeviceGroup         string
-	TemplateStack       string
-	BootstrapDefinition string
-	AutoDeactivate      int
-}
-
-// normalizer interface refers to container_v1
-type normalizer interface {
-	Names() []string
-	Normalize() []Entry
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.DeviceGroup = s.DeviceGroup
-	o.TemplateStack = s.TemplateStack
-	o.BootstrapDefinition = s.BootstrapDefinition
-	o.AutoDeactivate = s.AutoDeactivate
-}
-
-func (o Entry) Specify(list []plugin.Info) (string, interface{}, error) {
-	_, fn, err := versioning(list)
-	if err != nil {
-		return o.Name, nil, err
-	}
-
-	return o.Name, fn(o), nil
-}
-
-// type container_v1 contains Answer which is a slice of entry_v1 from the XML entry.
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-// Normalize function that returns a slice of Entry taking each item in the slice from the Answer array in the
-// container_v1 struct
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-// Names function that returns a slice of String containing all the Name fields  from the entries in the Answer array
-// in the container_v1 struct
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-// entry_v1 data structure from XML
-type entry_v1 struct {
-	XMLName             xml.Name `xml:"entry"`
-	Name                string   `xml:"name,attr"`
-	Description         string   `xml:"description,omitempty"`
-	DeviceGroup         string   `xml:"device-group"`
-	TemplateStack       string   `xml:"template-stack"`
-	BootstrapDefinition string   `xml:"bootstrap-definition"`
-	AutoDeactivate      int      `xml:"auto-deactivate"`
-}
-
-// entry_v1 function normalize returns version independent Entry
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                o.Name,
-		Description:         o.Description,
-		DeviceGroup:         o.DeviceGroup,
-		TemplateStack:       o.TemplateStack,
-		BootstrapDefinition: o.BootstrapDefinition,
-		AutoDeactivate:      o.AutoDeactivate,
-	}
-
-	return ans
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                e.Name,
-		Description:         e.Description,
-		DeviceGroup:         e.DeviceGroup,
-		TemplateStack:       e.TemplateStack,
-		BootstrapDefinition: e.BootstrapDefinition,
-		AutoDeactivate:      e.AutoDeactivate,
-	}
-
-	return ans
-}
diff --git a/pnrm/plugins/swfwlicense/manager/funcs.go b/pnrm/plugins/swfwlicense/manager/funcs.go
deleted file mode 100644
index e95a7b69..00000000
--- a/pnrm/plugins/swfwlicense/manager/funcs.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package manager
-
-import (
-	"fmt"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-	"strings"
-)
-
-// checks version of the install plugins and returns a normalizer "container" struct depending of the version installed.
-func versioning(pkgs []plugin.Info) (normalizer, func(Entry) interface{}, error) {
-	pluginName := "sw_fw_license"
-
-	for _, pkg := range pkgs {
-		if pkg.Name == pluginName {
-			if pkg.Installed != "yes" {
-				return nil, nil, fmt.Errorf("plugin not installed: %s", pluginName)
-			}
-			if !strings.HasPrefix(pkg.Version, "1.") {
-				return nil, nil, fmt.Errorf("need %q plugin version 1, but %q is installed", pluginName, pkg.Version)
-			}
-			return &container_v1{}, specify_v1, nil
-		}
-	}
-
-	return nil, nil, fmt.Errorf("plugin %q not found", pluginName)
-}
-
-func specifier(e ...Entry) []namespace.PluginSpecifier {
-	ans := make([]namespace.PluginSpecifier, 0, len(e))
-
-	var val namespace.PluginSpecifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-// returns the container struct from the versioning function dependent of plugin version
-func container(pkgs []plugin.Info) (normalizer, error) {
-	r, _, err := versioning(pkgs)
-	return r, err
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Plugin{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/manager/pano.go b/pnrm/plugins/swfwlicense/manager/pano.go
deleted file mode 100644
index 1ea57f79..00000000
--- a/pnrm/plugins/swfwlicense/manager/pano.go
+++ /dev/null
@@ -1,128 +0,0 @@
-package manager
-
-import (
-	"encoding/xml"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama namespace.
-type Panorama struct {
-	ns *namespace.Plugin
-}
-
-// GetBootstrapParams for specific manager and returns a string of the bootstrap parameters and an error if needed
-func (c *Panorama) GetBootstrapParams(licensemgr string) (string, error) {
-	type requestStruct struct {
-		XMLName    xml.Name `xml:"request"`
-		LicenseMgr string   `xml:"plugins>sw_fw_license>bootstrap-parameters>license-manager"`
-	}
-
-	type resultStruct struct {
-		BootstrapParams string `xml:"result>bootstrap-parameters"`
-	}
-
-	var result resultStruct
-
-	c.ns.Client.LogOp("(op) request license manager bootstrap parameters for " + licensemgr)
-	_, err := c.ns.Client.Op(requestStruct{LicenseMgr: licensemgr}, "", nil, &result)
-	return result.BootstrapParams, err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return Entry{}, err
-	}
-	err = c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans, err := c.container()
-	if err != nil {
-		return nil, err
-	}
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"plugins",
-		"sw_fw_license",
-		"license-manager",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() (normalizer, error) {
-	return container(c.ns.Client.Plugins())
-}
diff --git a/pnrm/plugins/swfwlicense/manager/pano_test.go b/pnrm/plugins/swfwlicense/manager/pano_test.go
deleted file mode 100644
index 351b4e4c..00000000
--- a/pnrm/plugins/swfwlicense/manager/pano_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package manager
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Plugin = []plugin.Info{tc.plugin}
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/plugins/swfwlicense/manager/testdata_test.go b/pnrm/plugins/swfwlicense/manager/testdata_test.go
deleted file mode 100644
index 4dbb84d4..00000000
--- a/pnrm/plugins/swfwlicense/manager/testdata_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package manager
-
-import (
-	"github.com/PaloAltoNetworks/pango/plugin"
-)
-
-type tc struct {
-	desc   string
-	plugin plugin.Info
-	conf   Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{
-			"basic project",
-			plugin.Info{Name: "sw_fw_license", Installed: "yes", Version: "1.0.0"},
-			Entry{
-				Name:                "licmanager",
-				Description:         "some desc",
-				DeviceGroup:         "dg",
-				TemplateStack:       "ts",
-				BootstrapDefinition: "bsdef",
-				AutoDeactivate:      5,
-			},
-		},
-	}
-}
diff --git a/pnrm/template/const.go b/pnrm/template/const.go
deleted file mode 100644
index 610c5adf..00000000
--- a/pnrm/template/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package template
-
-const (
-	singular = "template"
-	plural   = "templates"
-)
diff --git a/pnrm/template/doc.go b/pnrm/template/doc.go
deleted file mode 100644
index fb19e2f3..00000000
--- a/pnrm/template/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package template is the client.Panorama.Template namespace.
-//
-// Normalized object:  Entry
-package template
diff --git a/pnrm/template/entry.go b/pnrm/template/entry.go
deleted file mode 100644
index 692d2714..00000000
--- a/pnrm/template/entry.go
+++ /dev/null
@@ -1,322 +0,0 @@
-package template
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a template.
-//
-// Devices is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name           string
-	Description    string
-	DefaultVsys    string
-	MultiVsys      bool
-	Mode           string
-	VpnDisableMode bool
-	Devices        map[string][]string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source's Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.DefaultVsys = s.DefaultVsys
-	o.MultiVsys = s.MultiVsys
-	o.Mode = s.Mode
-	o.VpnDisableMode = s.VpnDisableMode
-	if s.Devices == nil {
-		o.Devices = nil
-	} else {
-		o.Devices = make(map[string][]string)
-		for key, list := range s.Devices {
-			if list == nil {
-				o.Devices[key] = nil
-			} else {
-				o.Devices[key] = make([]string, len(list))
-				copy(o.Devices[key], list)
-			}
-		}
-	}
-}
-
-// SetConfTree sets the conf internal variable such that the XML contains
-// the mandatory "/config" subelement tree.
-//
-// If a template is missing this, then it does not behave properly when
-// referenced from a template stack.
-func (o *Entry) SetConfTree() {
-	if _, present := o.raw["conf"]; !present {
-		if o.raw == nil {
-			o.raw = make(map[string]string)
-		}
-		o.raw["conf"] = "<devices><entry name='localhost.localdomain'><vsys><entry name='vsys1' /></vsys></entry></devices>"
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Devices:     util.VsysEntToMap(o.Devices),
-	}
-
-	if o.Settings != nil {
-		ans.MultiVsys = util.AsBool(o.Settings.MultiVsys)
-		ans.Mode = o.Settings.Mode
-		ans.VpnDisableMode = util.AsBool(o.Settings.VpnDisableMode)
-	}
-
-	raw := make(map[string]string)
-
-	if o.Config != nil {
-		raw["conf"] = util.CleanRawXml(o.Config.Text)
-	}
-
-	if len(raw) > 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name            `xml:"entry"`
-	Name        string              `xml:"name,attr"`
-	Description string              `xml:"description,omitempty"`
-	Devices     *util.VsysEntryType `xml:"devices"`
-	Settings    *settings_v1        `xml:"settings"`
-	Config      *util.RawXml        `xml:"config"`
-}
-
-type settings_v1 struct {
-	MultiVsys      string `xml:"multi-vsys"`
-	Mode           string `xml:"operational-mode,omitempty"`
-	VpnDisableMode string `xml:"vpn-disable-mode"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Devices:     util.MapToVsysEnt(e.Devices),
-	}
-
-	if e.MultiVsys || e.VpnDisableMode || e.Mode != "" {
-		ans.Settings = &settings_v1{
-			MultiVsys:      util.YesNo(e.MultiVsys),
-			Mode:           e.Mode,
-			VpnDisableMode: util.YesNo(e.VpnDisableMode),
-		}
-	}
-
-	if text, present := e.raw["conf"]; present {
-		ans.Config = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-// PAN-OS 7.0.
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		Devices:     util.VsysEntToMap(o.Devices),
-	}
-
-	if o.Settings != nil {
-		ans.DefaultVsys = o.Settings.DefaultVsys
-	}
-
-	raw := make(map[string]string)
-
-	if o.Config != nil {
-		raw["conf"] = util.CleanRawXml(o.Config.Text)
-	}
-
-	if len(raw) > 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName     xml.Name            `xml:"entry"`
-	Name        string              `xml:"name,attr"`
-	Description string              `xml:"description,omitempty"`
-	Devices     *util.VsysEntryType `xml:"devices"`
-	Settings    *settings_v2        `xml:"settings"`
-	Config      *util.RawXml        `xml:"config"`
-}
-
-type settings_v2 struct {
-	DefaultVsys string `xml:"default-vsys"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:        e.Name,
-		Description: e.Description,
-		Devices:     util.MapToVsysEnt(e.Devices),
-	}
-
-	if e.DefaultVsys != "" {
-		ans.Settings = &settings_v2{e.DefaultVsys}
-	}
-
-	if text, present := e.raw["conf"]; present {
-		ans.Config = &util.RawXml{text}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1.
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		// TODO(gfreeman) - seems like devices are removed in 8.1..?
-		Devices: util.VsysEntToMap(o.Devices),
-	}
-
-	if o.Settings != nil {
-		ans.DefaultVsys = o.Settings.DefaultVsys
-	}
-
-	raw := make(map[string]string)
-
-	if o.Variables != nil {
-		raw["vars"] = util.CleanRawXml(o.Variables.Text)
-	}
-
-	if o.Config != nil {
-		raw["conf"] = util.CleanRawXml(o.Config.Text)
-	}
-
-	if len(raw) > 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName     xml.Name            `xml:"entry"`
-	Name        string              `xml:"name,attr"`
-	Description string              `xml:"description,omitempty"`
-	Devices     *util.VsysEntryType `xml:"devices"`
-	Settings    *settings_v2        `xml:"settings"`
-	Config      *util.RawXml        `xml:"config"`
-	Variables   *util.RawXml        `xml:"variable"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:        e.Name,
-		Description: e.Description,
-		Devices:     util.MapToVsysEnt(e.Devices),
-	}
-
-	if e.DefaultVsys != "" {
-		ans.Settings = &settings_v2{e.DefaultVsys}
-	}
-
-	if text, present := e.raw["conf"]; present {
-		ans.Config = &util.RawXml{text}
-	}
-
-	if text, present := e.raw["vars"]; present {
-		ans.Variables = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/pnrm/template/funcs.go b/pnrm/template/funcs.go
deleted file mode 100644
index 4e2d475f..00000000
--- a/pnrm/template/funcs.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package template
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{7, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/template/pano.go b/pnrm/template/pano.go
deleted file mode 100644
index 0ee4a74f..00000000
--- a/pnrm/template/pano.go
+++ /dev/null
@@ -1,197 +0,0 @@
-package template
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.Template namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-/*
-SetDeviceVsys performs a SET to add specific vsys from a device to
-template t.
-
-If you want all vsys to be included, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The template can be either a string or an Entry object.
-*/
-func (c *Panorama) SetDeviceVsys(t interface{}, d string, vsys []string) error {
-	var name string
-
-	switch v := t.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to set device vsys: %s", v)
-	}
-
-	c.ns.Client.LogAction("(set) device vsys in template: %s", name)
-
-	m := util.MapToVsysEnt(map[string][]string{d: vsys})
-	path, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices")
-
-	_, err = c.ns.Client.Set(path, m.Entries[0], nil, nil)
-	return err
-}
-
-/*
-EditDeviceVsys performs an EDIT to add specific vsys from a device to
-template t.
-
-If you want all vsys to be included, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The template can be either a string or an Entry object.
-*/
-func (c *Panorama) EditDeviceVsys(t interface{}, d string, vsys []string) error {
-	var name string
-
-	switch v := t.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to edit device vsys: %s", v)
-	}
-
-	c.ns.Client.LogAction("(edit) device vsys in template: %s", name)
-
-	m := util.MapToVsysEnt(map[string][]string{d: vsys})
-	path, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-
-	_, err = c.ns.Client.Edit(path, m.Entries[0], nil, nil)
-	return err
-}
-
-/*
-DeleteDeviceVsys performs a DELETE to remove specific vsys from device d from
-template t.
-
-If you want all vsys to be removed, or the device is a virtual firewall, then
-leave the vsys list empty.
-
-The template can be either a string or an Entry object.
-*/
-func (c *Panorama) DeleteDeviceVsys(t interface{}, d string, vsys []string) error {
-	var name string
-
-	switch v := t.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to delete device vsys: %s", v)
-	}
-
-	c.ns.Client.LogAction("(delete) device vsys from template: %s", name)
-
-	path := make([]string, 0, 9)
-	prefix, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, prefix...)
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-	if len(vsys) > 0 {
-		path = append(path, "vsys", util.AsEntryXpath(vsys))
-	}
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"template",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/pnrm/template/pano_test.go b/pnrm/template/pano_test.go
deleted file mode 100644
index e12b787f..00000000
--- a/pnrm/template/pano_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package template
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestNormalization(t *testing.T) {
-	testCases := []struct {
-		desc    string
-		version version.Number
-		conf    Entry
-	}{
-		{"v1 test one", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "one",
-			Description: "my description",
-			raw: map[string]string{
-				"conf": "conf",
-			},
-		}},
-		{"v1 test two", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "two",
-			Description: "with devices",
-			MultiVsys:   true,
-			Devices: map[string][]string{
-				"001234": nil,
-				"998765": {"vsys3", "vsys5"},
-			},
-			raw: map[string]string{
-				"conf": "conf",
-			},
-		}},
-		{"v1 test three", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "three",
-			Description: "with one device",
-			Mode:        "normal",
-			Devices: map[string][]string{
-				"001234": nil,
-			},
-			raw: map[string]string{
-				"conf": "conf",
-			},
-		}},
-		{"v1 test four", version.Number{6, 1, 0, ""}, Entry{
-			Name:           "four",
-			Description:    "with one device",
-			Mode:           "normal",
-			MultiVsys:      true,
-			VpnDisableMode: true,
-			Devices: map[string][]string{
-				"001234": nil,
-			},
-			raw: map[string]string{
-				"conf": "conf",
-			},
-		}},
-		{"v3 raw test", version.Number{8, 1, 0, ""}, Entry{
-			Name:        "v3 full",
-			Description: "v3 desc",
-			DefaultVsys: "vsys3",
-			raw: map[string]string{
-				"conf": "conf",
-				"vars": "vars",
-			},
-		}},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/template/stack/const.go b/pnrm/template/stack/const.go
deleted file mode 100644
index fd6e19e6..00000000
--- a/pnrm/template/stack/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package stack
-
-const (
-	singular = "template stack"
-	plural   = "template stacks"
-)
diff --git a/pnrm/template/stack/doc.go b/pnrm/template/stack/doc.go
deleted file mode 100644
index 8fadde8b..00000000
--- a/pnrm/template/stack/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package stack is the client.Panorama.TemplateStack namespace.
-//
-// Normalized object:  Entry
-package stack
diff --git a/pnrm/template/stack/entry.go b/pnrm/template/stack/entry.go
deleted file mode 100644
index 77a94104..00000000
--- a/pnrm/template/stack/entry.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package stack
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a template stack.
-//
-// Devices is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name        string
-	Description string
-	DefaultVsys string
-	Templates   []string
-	Devices     []string
-
-	raw map[string]string
-}
-
-// Copy copies the information from source's Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.DefaultVsys = s.DefaultVsys
-	if s.Templates == nil {
-		o.Templates = nil
-	} else {
-		o.Templates = make([]string, len(s.Templates))
-		copy(o.Templates, s.Templates)
-	}
-	if s.Devices == nil {
-		o.Devices = nil
-	} else {
-		o.Devices = make([]string, len(s.Devices))
-		copy(o.Devices, s.Devices)
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:        o.Name,
-		Description: o.Description,
-		DefaultVsys: o.DefaultVsys,
-		Templates:   util.MemToStr(o.Templates),
-		Devices:     util.EntToStr(o.Devices),
-	}
-
-	raw := make(map[string]string)
-
-	if o.Variables != nil {
-		raw["var"] = util.CleanRawXml(o.Variables.Text)
-	}
-
-	if o.Config != nil {
-		raw["conf"] = util.CleanRawXml(o.Config.Text)
-	}
-
-	if len(raw) > 0 {
-		ans.raw = raw
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName     xml.Name         `xml:"entry"`
-	Name        string           `xml:"name,attr"`
-	Description string           `xml:"description,omitempty"`
-	DefaultVsys string           `xml:"settings>default-vsys,omitempty"`
-	Templates   *util.MemberType `xml:"templates"`
-	Devices     *util.EntryType  `xml:"devices"`
-	Config      *util.RawXml     `xml:"config"`
-	Variables   *util.RawXml     `xml:"variable"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:        e.Name,
-		Description: e.Description,
-		Devices:     util.StrToEnt(e.Devices),
-		Templates:   util.StrToMem(e.Templates),
-		DefaultVsys: e.DefaultVsys,
-	}
-
-	if text, present := e.raw["var"]; present {
-		ans.Variables = &util.RawXml{text}
-	}
-
-	if text, present := e.raw["conf"]; present {
-		ans.Config = &util.RawXml{text}
-	}
-
-	return ans
-}
diff --git a/pnrm/template/stack/funcs.go b/pnrm/template/stack/funcs.go
deleted file mode 100644
index b55c11b4..00000000
--- a/pnrm/template/stack/funcs.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package stack
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/template/stack/pano.go b/pnrm/template/stack/pano.go
deleted file mode 100644
index 5693cfce..00000000
--- a/pnrm/template/stack/pano.go
+++ /dev/null
@@ -1,178 +0,0 @@
-package stack
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.TemplateStack namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-/*
-SetDevice performs a SET to add specific device to template stack st.
-
-The template stack can be either a string or an Entry object.
-*/
-func (c *Panorama) SetDevice(st interface{}, d string) error {
-	var name string
-
-	switch v := st.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to set device: %s", v)
-	}
-
-	c.ns.Client.LogAction("(set) device in template stack: %s", name)
-
-	path, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices")
-
-	_, err = c.ns.Client.Set(path, util.Entry{Value: d}, nil, nil)
-	return err
-}
-
-/*
-EditDevice performs an EDIT to add specific device to template stack st.
-
-The template stack can be either a string or an Entry object.
-*/
-func (c *Panorama) EditDevice(st interface{}, d string) error {
-	var name string
-
-	switch v := st.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to edit device: %s", v)
-	}
-
-	c.ns.Client.LogAction("(edit) device in template stack: %s", name)
-
-	path, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-
-	_, err = c.ns.Client.Edit(path, util.Entry{Value: d}, nil, nil)
-	return err
-}
-
-/*
-DeleteDevice performs a DELETE to remove specific device d from template stack st.
-
-The template stack can be either a string or an Entry object.
-*/
-func (c *Panorama) DeleteDevice(st interface{}, d string) error {
-	var name string
-
-	switch v := st.(type) {
-	case string:
-		name = v
-	case Entry:
-		name = v.Name
-	default:
-		return fmt.Errorf("Unknown type sent to delete device: %s", v)
-	}
-
-	c.ns.Client.LogAction("(delete) device from template stack: %s", name)
-
-	path, err := c.xpath([]string{name})
-	if err != nil {
-		return err
-	}
-	path = append(path, "devices", util.AsEntryXpath([]string{d}))
-
-	_, err = c.ns.Client.Delete(path, nil, nil)
-	return err
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(e Entry) error {
-	return c.ns.Edit(c.pather(), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"template-stack",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/pnrm/template/stack/pano_test.go b/pnrm/template/stack/pano_test.go
deleted file mode 100644
index eb1ffe34..00000000
--- a/pnrm/template/stack/pano_test.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package stack
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestNormalization(t *testing.T) {
-	testCases := []struct {
-		desc    string
-		version version.Number
-		conf    Entry
-	}{
-		{"v1 test one", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "one",
-			Description: "with one device",
-			Devices:     []string{"001234"},
-		}},
-		{"v1 test two", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "two",
-			Description: "with multi device",
-			Templates:   []string{"tem1", "tem2"},
-			Devices:     []string{"001234", "123"},
-		}},
-		{"v1 test three", version.Number{6, 1, 0, ""}, Entry{
-			Name:        "three",
-			Description: "with multi device",
-			Templates:   []string{"tem1", "tem2"},
-			DefaultVsys: "myvsys",
-			raw: map[string]string{
-				"var":  "this is the var data",
-				"conf": "this is conf data",
-			},
-		}},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.Version = tc.version
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/pnrm/template/variable/const.go b/pnrm/template/variable/const.go
deleted file mode 100644
index 1c86e5bd..00000000
--- a/pnrm/template/variable/const.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package variable
-
-// These are the constants for the Type field.
-const (
-	TypeIpNetmask = "ip-netmask"
-	TypeIpRange   = "ip-range"
-	TypeFqdn      = "fqdn"
-	TypeGroupId   = "group-id"
-	TypeInterface = "interface"
-)
-
-const (
-	singular = "template variable"
-	plural   = "template variables"
-)
diff --git a/pnrm/template/variable/doc.go b/pnrm/template/variable/doc.go
deleted file mode 100644
index a12beef5..00000000
--- a/pnrm/template/variable/doc.go
+++ /dev/null
@@ -1,4 +0,0 @@
-// Package variable is the client.Panorama.TemplateVariable namespace.
-//
-// Normalized object:  Entry
-package variable
diff --git a/pnrm/template/variable/entry.go b/pnrm/template/variable/entry.go
deleted file mode 100644
index 6f410c66..00000000
--- a/pnrm/template/variable/entry.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package variable
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a template
-// variable.
-//
-// Template variables are a new addition to PAN-OS 8.1.
-type Entry struct {
-	Name  string
-	Type  string
-	Value string
-}
-
-// Copy copies the information from source's Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Type = s.Type
-	o.Value = s.Value
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: o.Name,
-	}
-
-	if o.IpNetmask != "" {
-		ans.Type = TypeIpNetmask
-		ans.Value = o.IpNetmask
-	} else if o.IpRange != "" {
-		ans.Type = TypeIpRange
-		ans.Value = o.IpRange
-	} else if o.Fqdn != "" {
-		ans.Type = TypeFqdn
-		ans.Value = o.Fqdn
-	} else if o.GroupId != "" {
-		ans.Type = TypeGroupId
-		ans.Value = o.GroupId
-	} else if o.Interface != "" {
-		ans.Type = TypeInterface
-		ans.Value = o.Interface
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName   xml.Name `xml:"entry"`
-	Name      string   `xml:"name,attr"`
-	IpNetmask string   `xml:"type>ip-netmask,omitempty"`
-	IpRange   string   `xml:"type>ip-range,omitempty"`
-	Fqdn      string   `xml:"type>fqdn,omitempty"`
-	GroupId   string   `xml:"type>group-id,omitempty"`
-	Interface string   `xml:"type>interface,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	switch e.Type {
-	case TypeIpNetmask:
-		ans.IpNetmask = e.Value
-	case TypeIpRange:
-		ans.IpRange = e.Value
-	case TypeFqdn:
-		ans.Fqdn = e.Value
-	case TypeGroupId:
-		ans.GroupId = e.Value
-	case TypeInterface:
-		ans.Interface = e.Value
-	}
-
-	return ans
-}
diff --git a/pnrm/template/variable/funcs.go b/pnrm/template/variable/funcs.go
deleted file mode 100644
index ade796f2..00000000
--- a/pnrm/template/variable/funcs.go
+++ /dev/null
@@ -1,75 +0,0 @@
-package variable
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/pnrm/template/variable/pano.go b/pnrm/template/variable/pano.go
deleted file mode 100644
index 7704b44e..00000000
--- a/pnrm/template/variable/pano.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package variable
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Panorama.TemplateVariable namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs a SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve configuration for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve configuration for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve all objects configured.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(tmpl, ts string, e Entry) error {
-	return c.ns.Edit(c.pather(tmpl, ts), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 7)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"variable",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/pnrm/template/variable/pano_test.go b/pnrm/template/variable/pano_test.go
deleted file mode 100644
index d4e35b92..00000000
--- a/pnrm/template/variable/pano_test.go
+++ /dev/null
@@ -1,63 +0,0 @@
-package variable
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestNormalization(t *testing.T) {
-	testCases := []struct {
-		desc string
-		conf Entry
-	}{
-		{"ip netmask test", Entry{
-			Name:  "$ipnm1",
-			Type:  TypeIpNetmask,
-			Value: "10.1.1.1/24",
-		}},
-		{"ip range test", Entry{
-			Name:  "$range1",
-			Type:  TypeIpRange,
-			Value: "10.1.1.1-10.1.1.255",
-		}},
-		{"fqdn test", Entry{
-			Name:  "$fqdn1",
-			Type:  TypeFqdn,
-			Value: "example.com",
-		}},
-		{"group id test", Entry{
-			Name:  "$grp1",
-			Type:  TypeGroupId,
-			Value: "42",
-		}},
-		{"interface test", Entry{
-			Name:  "$iface1",
-			Type:  TypeInterface,
-			Value: "ethernet1/1",
-		}},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/decryption/const.go b/poli/decryption/const.go
deleted file mode 100644
index d69552e9..00000000
--- a/poli/decryption/const.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package decryption
-
-// Valid Action values.
-//
-// Decrypt and forward is PAN-OS 8.1+.
-const (
-	ActionNoDecrypt         = "no-decrypt"
-	ActionDecrypt           = "decrypt"
-	ActionDecryptAndForward = "decrypt-and-forward"
-)
-
-// Valid DecryptionType values.
-const (
-	DecryptionTypeSslForwardProxy      = "ssl-forward-proxy"
-	DecryptionTypeSshProxy             = "ssh-proxy"
-	DecryptionTypeSslInboundInspection = "ssl-inbound-inspection"
-)
-
-const (
-	singular = "decryption rule"
-	plural   = "decryption rules"
-)
diff --git a/poli/decryption/doc.go b/poli/decryption/doc.go
deleted file mode 100644
index aaeec78b..00000000
--- a/poli/decryption/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package decryption is the client.Policies.Decryption namespace.
-
-Normalized object:  Entry
-*/
-package decryption
diff --git a/poli/decryption/entry.go b/poli/decryption/entry.go
deleted file mode 100644
index f0a42576..00000000
--- a/poli/decryption/entry.go
+++ /dev/null
@@ -1,789 +0,0 @@
-package decryption
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a decryption
-// rule.
-//
-// Targets is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name                       string
-	Description                string
-	SourceZones                []string // unordered
-	SourceAddresses            []string // unordered
-	NegateSource               bool
-	SourceUsers                []string // unordered
-	DestinationZones           []string // unordered
-	DestinationAddresses       []string // unordered
-	NegateDestination          bool
-	Tags                       []string // ordered
-	Disabled                   bool
-	Services                   []string // unordered
-	UrlCategories              []string
-	Action                     string
-	DecryptionType             string
-	SslCertificate             string
-	DecryptionProfile          string
-	Targets                    map[string][]string
-	NegateTarget               bool
-	ForwardingProfile          string   // PAN-OS 8.1+
-	Uuid                       string   // PAN-OS 9.0+
-	GroupTag                   string   // PAN-OS 9.0+
-	SourceHips                 []string // PAN-OS 10.0+
-	DestinationHips            []string // PAN-OS 10.0+
-	LogSuccessfulTlsHandshakes bool     // PAN-OS 10.0+
-	LogFailedTlsHandshakes     bool     // PAN-OS 10.0+
-	LogSetting                 string   // PAN-OS 10.0+
-	SslCertificates            []string // PAN-OS 10.2+, unordered
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name and Uuid fields relate to the identify of this object, they are not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.SourceZones = util.CopyStringSlice(s.SourceZones)
-	o.SourceAddresses = util.CopyStringSlice(s.SourceAddresses)
-	o.NegateSource = s.NegateSource
-	o.SourceUsers = util.CopyStringSlice(s.SourceUsers)
-	o.DestinationZones = util.CopyStringSlice(s.DestinationZones)
-	o.DestinationAddresses = util.CopyStringSlice(s.DestinationAddresses)
-	o.NegateDestination = s.NegateDestination
-	o.Tags = util.CopyStringSlice(s.Tags)
-	o.Disabled = s.Disabled
-	o.Services = util.CopyStringSlice(s.Services)
-	o.UrlCategories = util.CopyStringSlice(s.UrlCategories)
-	o.Action = s.Action
-	o.DecryptionType = s.DecryptionType
-	o.SslCertificate = s.SslCertificate
-	o.DecryptionProfile = s.DecryptionProfile
-	o.ForwardingProfile = s.ForwardingProfile
-	o.GroupTag = s.GroupTag
-	o.SourceHips = util.CopyStringSlice(s.SourceHips)
-	o.DestinationHips = util.CopyStringSlice(s.DestinationHips)
-	o.LogSuccessfulTlsHandshakes = s.LogSuccessfulTlsHandshakes
-	o.LogFailedTlsHandshakes = s.LogFailedTlsHandshakes
-	o.LogSetting = s.LogSetting
-	o.Targets = util.CopyTargets(s.Targets)
-	o.NegateTarget = s.NegateTarget
-	o.SslCertificates = util.CopyStringSlice(o.SslCertificates)
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Description:          o.Description,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Tags:                 util.MemToStr(o.Tags),
-		Disabled:             util.AsBool(o.Disabled),
-		Services:             util.MemToStr(o.Services),
-		UrlCategories:        util.MemToStr(o.UrlCategories),
-		Action:               o.Action,
-		DecryptionProfile:    o.DecryptionProfile,
-	}
-
-	switch {
-	case o.Type.SslForwardProxy != nil:
-		ans.DecryptionType = DecryptionTypeSslForwardProxy
-	case o.Type.SshProxy != nil:
-		ans.DecryptionType = DecryptionTypeSshProxy
-	case o.Type.SslCertificate != "":
-		ans.DecryptionType = DecryptionTypeSslInboundInspection
-		ans.SslCertificate = o.Type.SslCertificate
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Description          string           `xml:"description,omitempty"`
-	SourceZones          *util.MemberType `xml:"from"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Tags                 *util.MemberType `xml:"tag"`
-	Disabled             string           `xml:"disabled"`
-	Services             *util.MemberType `xml:"service"`
-	UrlCategories        *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	Type                 dType            `xml:"type"`
-	DecryptionProfile    string           `xml:"profile,omitempty"`
-	TargetInfo           *targetInfo      `xml:"target"`
-}
-
-type dType struct {
-	SslForwardProxy *string `xml:"ssl-forward-proxy"`
-	SshProxy        *string `xml:"ssh-proxy"`
-	SslCertificate  string  `xml:"ssl-inbound-inspection,omitempty"`
-}
-
-type targetInfo struct {
-	Targets      *util.VsysEntryType `xml:"devices"`
-	NegateTarget string              `xml:"negate,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		Description:          e.Description,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Tags:                 util.StrToMem(e.Tags),
-		Disabled:             util.YesNo(e.Disabled),
-		Services:             util.StrToMem(e.Services),
-		UrlCategories:        util.StrToMem(e.UrlCategories),
-		Action:               e.Action,
-		DecryptionProfile:    e.DecryptionProfile,
-	}
-
-	s := ""
-	switch e.DecryptionType {
-	case DecryptionTypeSslForwardProxy:
-		ans.Type.SslForwardProxy = &s
-	case DecryptionTypeSshProxy:
-		ans.Type.SshProxy = &s
-	case DecryptionTypeSslInboundInspection:
-		ans.Type.SslCertificate = e.SslCertificate
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Description:          o.Description,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Tags:                 util.MemToStr(o.Tags),
-		Disabled:             util.AsBool(o.Disabled),
-		Services:             util.MemToStr(o.Services),
-		UrlCategories:        util.MemToStr(o.UrlCategories),
-		Action:               o.Action,
-		DecryptionProfile:    o.DecryptionProfile,
-		ForwardingProfile:    o.ForwardingProfile,
-	}
-
-	switch {
-	case o.Type.SslForwardProxy != nil:
-		ans.DecryptionType = DecryptionTypeSslForwardProxy
-	case o.Type.SshProxy != nil:
-		ans.DecryptionType = DecryptionTypeSshProxy
-	case o.Type.SslCertificate != "":
-		ans.DecryptionType = DecryptionTypeSslInboundInspection
-		ans.SslCertificate = o.Type.SslCertificate
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Description          string           `xml:"description,omitempty"`
-	SourceZones          *util.MemberType `xml:"from"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Tags                 *util.MemberType `xml:"tag"`
-	Disabled             string           `xml:"disabled"`
-	Services             *util.MemberType `xml:"service"`
-	UrlCategories        *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	Type                 dType            `xml:"type"`
-	DecryptionProfile    string           `xml:"profile,omitempty"`
-	ForwardingProfile    string           `xml:"forwarding-profile,omitempty"`
-	TargetInfo           *targetInfo      `xml:"target"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                 e.Name,
-		Description:          e.Description,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Tags:                 util.StrToMem(e.Tags),
-		Disabled:             util.YesNo(e.Disabled),
-		Services:             util.StrToMem(e.Services),
-		UrlCategories:        util.StrToMem(e.UrlCategories),
-		Action:               e.Action,
-		DecryptionProfile:    e.DecryptionProfile,
-		ForwardingProfile:    e.ForwardingProfile,
-	}
-
-	s := ""
-	switch e.DecryptionType {
-	case DecryptionTypeSslForwardProxy:
-		ans.Type.SslForwardProxy = &s
-	case DecryptionTypeSshProxy:
-		ans.Type.SshProxy = &s
-	case DecryptionTypeSslInboundInspection:
-		ans.Type.SslCertificate = e.SslCertificate
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Uuid:                 o.Uuid,
-		Description:          o.Description,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Tags:                 util.MemToStr(o.Tags),
-		Disabled:             util.AsBool(o.Disabled),
-		Services:             util.MemToStr(o.Services),
-		UrlCategories:        util.MemToStr(o.UrlCategories),
-		Action:               o.Action,
-		DecryptionProfile:    o.DecryptionProfile,
-		ForwardingProfile:    o.ForwardingProfile,
-		GroupTag:             o.GroupTag,
-	}
-
-	switch {
-	case o.Type.SslForwardProxy != nil:
-		ans.DecryptionType = DecryptionTypeSslForwardProxy
-	case o.Type.SshProxy != nil:
-		ans.DecryptionType = DecryptionTypeSshProxy
-	case o.Type.SslCertificate != "":
-		ans.DecryptionType = DecryptionTypeSslInboundInspection
-		ans.SslCertificate = o.Type.SslCertificate
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Uuid                 string           `xml:"uuid,attr,omitempty"`
-	Description          string           `xml:"description,omitempty"`
-	SourceZones          *util.MemberType `xml:"from"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Tags                 *util.MemberType `xml:"tag"`
-	Disabled             string           `xml:"disabled"`
-	Services             *util.MemberType `xml:"service"`
-	UrlCategories        *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	Type                 dType            `xml:"type"`
-	DecryptionProfile    string           `xml:"profile,omitempty"`
-	ForwardingProfile    string           `xml:"forwarding-profile,omitempty"`
-	GroupTag             string           `xml:"group-tag,omitempty"`
-	TargetInfo           *targetInfo      `xml:"target"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                 e.Name,
-		Uuid:                 e.Uuid,
-		Description:          e.Description,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Tags:                 util.StrToMem(e.Tags),
-		Disabled:             util.YesNo(e.Disabled),
-		Services:             util.StrToMem(e.Services),
-		UrlCategories:        util.StrToMem(e.UrlCategories),
-		Action:               e.Action,
-		DecryptionProfile:    e.DecryptionProfile,
-		ForwardingProfile:    e.ForwardingProfile,
-		GroupTag:             e.GroupTag,
-	}
-
-	s := ""
-	switch e.DecryptionType {
-	case DecryptionTypeSslForwardProxy:
-		ans.Type.SslForwardProxy = &s
-	case DecryptionTypeSshProxy:
-		ans.Type.SshProxy = &s
-	case DecryptionTypeSslInboundInspection:
-		ans.Type.SslCertificate = e.SslCertificate
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-
-	return ans
-}
-
-// PAN-OS 10.0
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                       o.Name,
-		Uuid:                       o.Uuid,
-		Description:                o.Description,
-		SourceZones:                util.MemToStr(o.SourceZones),
-		SourceAddresses:            util.MemToStr(o.SourceAddresses),
-		NegateSource:               util.AsBool(o.NegateSource),
-		SourceUsers:                util.MemToStr(o.SourceUsers),
-		DestinationZones:           util.MemToStr(o.DestinationZones),
-		DestinationAddresses:       util.MemToStr(o.DestinationAddresses),
-		NegateDestination:          util.AsBool(o.NegateDestination),
-		Tags:                       util.MemToStr(o.Tags),
-		Disabled:                   util.AsBool(o.Disabled),
-		Services:                   util.MemToStr(o.Services),
-		UrlCategories:              util.MemToStr(o.UrlCategories),
-		Action:                     o.Action,
-		DecryptionProfile:          o.DecryptionProfile,
-		ForwardingProfile:          o.ForwardingProfile,
-		GroupTag:                   o.GroupTag,
-		SourceHips:                 util.MemToStr(o.SourceHips),
-		DestinationHips:            util.MemToStr(o.DestinationHips),
-		LogSuccessfulTlsHandshakes: util.AsBool(o.LogSuccessfulTlsHandshakes),
-		LogFailedTlsHandshakes:     util.AsBool(o.LogFailedTlsHandshakes),
-		LogSetting:                 o.LogSetting,
-	}
-
-	switch {
-	case o.Type.SslForwardProxy != nil:
-		ans.DecryptionType = DecryptionTypeSslForwardProxy
-	case o.Type.SshProxy != nil:
-		ans.DecryptionType = DecryptionTypeSshProxy
-	case o.Type.SslCertificate != "":
-		ans.DecryptionType = DecryptionTypeSslInboundInspection
-		ans.SslCertificate = o.Type.SslCertificate
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName                    xml.Name         `xml:"entry"`
-	Name                       string           `xml:"name,attr"`
-	Uuid                       string           `xml:"uuid,attr,omitempty"`
-	Description                string           `xml:"description,omitempty"`
-	SourceZones                *util.MemberType `xml:"from"`
-	SourceAddresses            *util.MemberType `xml:"source"`
-	NegateSource               string           `xml:"negate-source"`
-	SourceUsers                *util.MemberType `xml:"source-user"`
-	DestinationZones           *util.MemberType `xml:"to"`
-	DestinationAddresses       *util.MemberType `xml:"destination"`
-	NegateDestination          string           `xml:"negate-destination"`
-	Tags                       *util.MemberType `xml:"tag"`
-	Disabled                   string           `xml:"disabled"`
-	Services                   *util.MemberType `xml:"service"`
-	UrlCategories              *util.MemberType `xml:"category"`
-	Action                     string           `xml:"action"`
-	Type                       dType            `xml:"type"`
-	DecryptionProfile          string           `xml:"profile,omitempty"`
-	ForwardingProfile          string           `xml:"forwarding-profile,omitempty"`
-	GroupTag                   string           `xml:"group-tag,omitempty"`
-	SourceHips                 *util.MemberType `xml:"source-hip"`
-	DestinationHips            *util.MemberType `xml:"destination-hip"`
-	LogSuccessfulTlsHandshakes string           `xml:"log-success"`
-	LogFailedTlsHandshakes     string           `xml:"log-fail"`
-	LogSetting                 string           `xml:"log-setting,omitempty"`
-	TargetInfo                 *targetInfo      `xml:"target"`
-}
-
-func (e *entry_v4) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v4
-	ans := local{
-		LogFailedTlsHandshakes: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v4(ans)
-	return nil
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                       e.Name,
-		Uuid:                       e.Uuid,
-		Description:                e.Description,
-		SourceZones:                util.StrToMem(e.SourceZones),
-		SourceAddresses:            util.StrToMem(e.SourceAddresses),
-		NegateSource:               util.YesNo(e.NegateSource),
-		SourceUsers:                util.StrToMem(e.SourceUsers),
-		DestinationZones:           util.StrToMem(e.DestinationZones),
-		DestinationAddresses:       util.StrToMem(e.DestinationAddresses),
-		NegateDestination:          util.YesNo(e.NegateDestination),
-		Tags:                       util.StrToMem(e.Tags),
-		Disabled:                   util.YesNo(e.Disabled),
-		Services:                   util.StrToMem(e.Services),
-		UrlCategories:              util.StrToMem(e.UrlCategories),
-		Action:                     e.Action,
-		DecryptionProfile:          e.DecryptionProfile,
-		ForwardingProfile:          e.ForwardingProfile,
-		GroupTag:                   e.GroupTag,
-		SourceHips:                 util.StrToMem(e.SourceHips),
-		DestinationHips:            util.StrToMem(e.DestinationHips),
-		LogSuccessfulTlsHandshakes: util.YesNo(e.LogSuccessfulTlsHandshakes),
-		LogFailedTlsHandshakes:     util.YesNo(e.LogFailedTlsHandshakes),
-		LogSetting:                 e.LogSetting,
-	}
-
-	s := ""
-	switch e.DecryptionType {
-	case DecryptionTypeSslForwardProxy:
-		ans.Type.SslForwardProxy = &s
-	case DecryptionTypeSshProxy:
-		ans.Type.SshProxy = &s
-	case DecryptionTypeSslInboundInspection:
-		ans.Type.SslCertificate = e.SslCertificate
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-
-	return ans
-}
-
-// PAN-OS 10.2
-type container_v5 struct {
-	Answer []entry_v5 `xml:"entry"`
-}
-
-func (o *container_v5) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v5) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v5) normalize() Entry {
-	ans := Entry{
-		Name:                       o.Name,
-		Uuid:                       o.Uuid,
-		Description:                o.Description,
-		SourceZones:                util.MemToStr(o.SourceZones),
-		SourceAddresses:            util.MemToStr(o.SourceAddresses),
-		NegateSource:               util.AsBool(o.NegateSource),
-		SourceUsers:                util.MemToStr(o.SourceUsers),
-		DestinationZones:           util.MemToStr(o.DestinationZones),
-		DestinationAddresses:       util.MemToStr(o.DestinationAddresses),
-		NegateDestination:          util.AsBool(o.NegateDestination),
-		Tags:                       util.MemToStr(o.Tags),
-		Disabled:                   util.AsBool(o.Disabled),
-		Services:                   util.MemToStr(o.Services),
-		UrlCategories:              util.MemToStr(o.UrlCategories),
-		Action:                     o.Action,
-		DecryptionProfile:          o.DecryptionProfile,
-		ForwardingProfile:          o.ForwardingProfile,
-		GroupTag:                   o.GroupTag,
-		SourceHips:                 util.MemToStr(o.SourceHips),
-		DestinationHips:            util.MemToStr(o.DestinationHips),
-		LogSuccessfulTlsHandshakes: util.AsBool(o.LogSuccessfulTlsHandshakes),
-		LogFailedTlsHandshakes:     util.AsBool(o.LogFailedTlsHandshakes),
-		LogSetting:                 o.LogSetting,
-	}
-
-	switch {
-	case o.Type.SslForwardProxy != nil:
-		ans.DecryptionType = DecryptionTypeSslForwardProxy
-	case o.Type.SshProxy != nil:
-		ans.DecryptionType = DecryptionTypeSshProxy
-	case o.Type.SslCertificates != nil:
-		ans.DecryptionType = DecryptionTypeSslInboundInspection
-		ans.SslCertificates = util.MemToStr(o.Type.SslCertificates)
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	return ans
-}
-
-type entry_v5 struct {
-	XMLName                    xml.Name         `xml:"entry"`
-	Name                       string           `xml:"name,attr"`
-	Uuid                       string           `xml:"uuid,attr,omitempty"`
-	Description                string           `xml:"description,omitempty"`
-	SourceZones                *util.MemberType `xml:"from"`
-	SourceAddresses            *util.MemberType `xml:"source"`
-	NegateSource               string           `xml:"negate-source"`
-	SourceUsers                *util.MemberType `xml:"source-user"`
-	DestinationZones           *util.MemberType `xml:"to"`
-	DestinationAddresses       *util.MemberType `xml:"destination"`
-	NegateDestination          string           `xml:"negate-destination"`
-	Tags                       *util.MemberType `xml:"tag"`
-	Disabled                   string           `xml:"disabled"`
-	Services                   *util.MemberType `xml:"service"`
-	UrlCategories              *util.MemberType `xml:"category"`
-	Action                     string           `xml:"action"`
-	Type                       dType_v2         `xml:"type"`
-	DecryptionProfile          string           `xml:"profile,omitempty"`
-	ForwardingProfile          string           `xml:"forwarding-profile,omitempty"`
-	GroupTag                   string           `xml:"group-tag,omitempty"`
-	SourceHips                 *util.MemberType `xml:"source-hip"`
-	DestinationHips            *util.MemberType `xml:"destination-hip"`
-	LogSuccessfulTlsHandshakes string           `xml:"log-success"`
-	LogFailedTlsHandshakes     string           `xml:"log-fail"`
-	LogSetting                 string           `xml:"log-setting,omitempty"`
-	TargetInfo                 *targetInfo      `xml:"target"`
-}
-
-type dType_v2 struct {
-	SslForwardProxy *string          `xml:"ssl-forward-proxy"`
-	SshProxy        *string          `xml:"ssh-proxy"`
-	SslCertificates *util.MemberType `xml:"ssl-inbound-inspection>certificates"`
-}
-
-func (e *entry_v5) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v5
-	ans := local{
-		LogFailedTlsHandshakes: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v5(ans)
-	return nil
-}
-
-func specify_v5(e Entry) interface{} {
-	ans := entry_v5{
-		Name:                       e.Name,
-		Uuid:                       e.Uuid,
-		Description:                e.Description,
-		SourceZones:                util.StrToMem(e.SourceZones),
-		SourceAddresses:            util.StrToMem(e.SourceAddresses),
-		NegateSource:               util.YesNo(e.NegateSource),
-		SourceUsers:                util.StrToMem(e.SourceUsers),
-		DestinationZones:           util.StrToMem(e.DestinationZones),
-		DestinationAddresses:       util.StrToMem(e.DestinationAddresses),
-		NegateDestination:          util.YesNo(e.NegateDestination),
-		Tags:                       util.StrToMem(e.Tags),
-		Disabled:                   util.YesNo(e.Disabled),
-		Services:                   util.StrToMem(e.Services),
-		UrlCategories:              util.StrToMem(e.UrlCategories),
-		Action:                     e.Action,
-		DecryptionProfile:          e.DecryptionProfile,
-		ForwardingProfile:          e.ForwardingProfile,
-		GroupTag:                   e.GroupTag,
-		SourceHips:                 util.StrToMem(e.SourceHips),
-		DestinationHips:            util.StrToMem(e.DestinationHips),
-		LogSuccessfulTlsHandshakes: util.YesNo(e.LogSuccessfulTlsHandshakes),
-		LogFailedTlsHandshakes:     util.YesNo(e.LogFailedTlsHandshakes),
-		LogSetting:                 e.LogSetting,
-	}
-
-	s := ""
-	switch e.DecryptionType {
-	case DecryptionTypeSslForwardProxy:
-		ans.Type.SslForwardProxy = &s
-	case DecryptionTypeSshProxy:
-		ans.Type.SshProxy = &s
-	case DecryptionTypeSslInboundInspection:
-		ans.Type.SslCertificates = util.StrToMem(e.SslCertificates)
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-
-	return ans
-}
diff --git a/poli/decryption/funcs.go b/poli/decryption/funcs.go
deleted file mode 100644
index cbffc027..00000000
--- a/poli/decryption/funcs.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package decryption
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 2, 0, ""}) {
-		return &container_v5{}, specify_v5
-	} else if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-func RulesMatch(a, b Entry) bool {
-	return a.Name == b.Name &&
-		a.Description == b.Description &&
-		util.UnorderedListsMatch(a.SourceZones, b.SourceZones) &&
-		util.UnorderedListsMatch(a.SourceAddresses, b.SourceAddresses) &&
-		a.NegateSource == b.NegateSource &&
-		util.UnorderedListsMatch(a.SourceUsers, b.SourceUsers) &&
-		util.UnorderedListsMatch(a.DestinationZones, b.DestinationZones) &&
-		util.UnorderedListsMatch(a.DestinationAddresses, b.DestinationAddresses) &&
-		a.NegateDestination == b.NegateDestination &&
-		util.OrderedListsMatch(a.Tags, b.Tags) &&
-		a.Disabled == b.Disabled &&
-		util.UnorderedListsMatch(a.Services, b.Services) &&
-		util.UnorderedListsMatch(a.UrlCategories, b.UrlCategories) &&
-		a.Action == b.Action &&
-		a.DecryptionType == b.DecryptionType &&
-		a.SslCertificate == b.SslCertificate &&
-		a.DecryptionProfile == b.DecryptionProfile &&
-		util.TargetsMatch(a.Targets, b.Targets) &&
-		a.NegateTarget == b.NegateTarget &&
-		a.ForwardingProfile == b.ForwardingProfile &&
-		// Don't compare UUID
-		a.GroupTag == b.GroupTag &&
-		util.UnorderedListsMatch(a.SourceHips, b.SourceHips) &&
-		util.UnorderedListsMatch(a.DestinationHips, b.DestinationHips) &&
-		a.LogSuccessfulTlsHandshakes == b.LogSuccessfulTlsHandshakes &&
-		a.LogFailedTlsHandshakes == b.LogFailedTlsHandshakes &&
-		a.LogSetting == b.LogSetting
-}
diff --git a/poli/decryption/fw.go b/poli/decryption/fw.go
deleted file mode 100644
index a787efc9..00000000
--- a/poli/decryption/fw.go
+++ /dev/null
@@ -1,304 +0,0 @@
-package decryption
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Policies.PolicyBasedForwarding namespace.
-type Firewall struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(vsys)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(vsys, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(vsys, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(vsys, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(vsys, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(vsys, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vsys), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vsys, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vsys, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of rules somewhere in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vsys)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vsys), lister, movement, rule, names)
-}
-
-// HitCount gets the rule hit count for the given rules.
-//
-// If the rules param is nil, then the hit count for all rules is returned.
-func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error) {
-	return c.ns.HitCount("decryption", vsys, rules)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Firewall) SetAuditComment(vsys, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(vsys), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(vsys), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(vsys), rule, direction, nlogs, skip)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	} else if vsys == "shared" {
-		return nil, fmt.Errorf("vsys must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-		util.AsEntryXpath([]string{vsys}),
-		"rulebase",
-		"decryption",
-		"rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/decryption/fw_test.go b/poli/decryption/fw_test.go
deleted file mode 100644
index b7c5afc0..00000000
--- a/poli/decryption/fw_test.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package decryption
-
-import (
-	"reflect"
-	"strings"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestNotPresent(t *testing.T) {
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	mc.Version = version.Number{10, 2, 0, ""}
-	mc.AddResp("")
-
-	elm := Entry{
-		Name:                   "rule1",
-		Uuid:                   "uuid123",
-		GroupTag:               "tag123",
-		Description:            "blah",
-		DestinationHips:        []string{"dst2", "dst1"},
-		LogFailedTlsHandshakes: true,
-		LogSetting:             "my log setting",
-	}
-
-	err := ns.Set("vsys1", elm)
-	if err != nil {
-		t.Fatalf("Failed set: %s", err)
-	}
-
-	if strings.Contains(mc.Elm, "ssl-inbound-inspection") {
-		t.Fatalf("Contains ssl-inbound-inspection")
-	}
-}
diff --git a/poli/decryption/pano.go b/poli/decryption/pano.go
deleted file mode 100644
index 2ecb2d9b..00000000
--- a/poli/decryption/pano.go
+++ /dev/null
@@ -1,299 +0,0 @@
-package decryption
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Policies.Security namespace.
-//
-// The "dg" param in these functions is the device group.
-//
-// The "base" param in these functions should be one of the rulebase
-// constants in the "util" package.
-type Panorama struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg, base), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg, base), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve information for all objects.
-func (c *Panorama) GetAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(dg, base)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(dg, base, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(dg, base, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(dg, base, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(dg, base, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(dg, base, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *Panorama) Set(dg, base string, e ...Entry) error {
-	err := c.ns.Set(c.pather(dg, base), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(dg, base, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(dg, base, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg, base string, e Entry) error {
-	return c.ns.Edit(c.pather(dg, base), e)
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *Panorama) Delete(dg, base string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg, base), names, nErr)
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// MoveGroup moves a logical group of rules somewhere in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(dg, base)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(dg, base), lister, movement, rule, names)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(dg, base), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(dg, base), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(dg, base), rule, direction, nlogs, skip)
-}
-
-func (c *Panorama) pather(dg, base string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, base, v)
-	}
-}
-
-func (c *Panorama) xpath(dg, base string, vals []string) ([]string, error) {
-	if err := util.ValidateRulebase(dg, base); err != nil {
-		return nil, err
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		base,
-		"decryption",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/decryption/pano_test.go b/poli/decryption/pano_test.go
deleted file mode 100644
index 717466f2..00000000
--- a/poli/decryption/pano_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package decryption
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			if tc.base == "" {
-				t.Skip()
-			}
-			mc.AddResp("")
-			err := ns.Set("my group", tc.base, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my group", tc.base, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/decryption/testdata_test.go b/poli/decryption/testdata_test.go
deleted file mode 100644
index a990508b..00000000
--- a/poli/decryption/testdata_test.go
+++ /dev/null
@@ -1,479 +0,0 @@
-package decryption
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version version.Number
-	desc    string
-	base    string
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{7, 0, 0, ""}, "empty rule", util.PreRulebase, Entry{
-			Name:        "rule1",
-			Description: "blah",
-		}},
-		{version.Number{7, 0, 0, ""}, "basic rule", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{7, 0, 0, ""}, "rule negate source", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			NegateSource:         true,
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSshProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{7, 0, 0, ""}, "rule negate destination", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificate:       "my cert",
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{7, 0, 0, ""}, "rule disabled", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{8, 1, 0, ""}, "empty rule", util.PreRulebase, Entry{
-			Name:        "rule1",
-			Description: "blah",
-		}},
-		{version.Number{8, 1, 0, ""}, "basic rule", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{8, 1, 0, ""}, "rule negate source", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			NegateSource:         true,
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSshProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{8, 1, 0, ""}, "rule negate destination", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificate:       "my cert",
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{8, 1, 0, ""}, "rule disabled", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{8, 1, 0, ""}, "rule with logfwd", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-			ForwardingProfile:    "forwarding profile",
-		}},
-		{version.Number{9, 0, 0, ""}, "empty rule", util.PreRulebase, Entry{
-			Name:        "rule1",
-			Uuid:        "uuid123",
-			GroupTag:    "tag123",
-			Description: "blah",
-		}},
-		{version.Number{9, 0, 0, ""}, "basic rule", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{9, 0, 0, ""}, "rule negate source", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			NegateSource:         true,
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSshProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{9, 0, 0, ""}, "rule negate destination", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificate:       "my cert",
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{9, 0, 0, ""}, "rule disabled", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{9, 0, 0, ""}, "rule with logfwd", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-			ForwardingProfile:    "forwarding profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "empty rule", util.PreRulebase, Entry{
-			Name:        "rule1",
-			Uuid:        "uuid123",
-			GroupTag:    "tag123",
-			Description: "blah",
-		}},
-		{version.Number{10, 0, 0, ""}, "basic rule", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule negate source", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			NegateSource:         true,
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSshProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule negate destination", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificate:       "my cert",
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule disabled", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with logfwd", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-			ForwardingProfile:    "forwarding profile",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with source hips and successful tls logging", util.PreRulebase, Entry{
-			Name:                       "rule1",
-			Uuid:                       "uuid123",
-			GroupTag:                   "tag123",
-			Description:                "blah",
-			SourceHips:                 []string{"src1"},
-			LogSuccessfulTlsHandshakes: true,
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with failed handshakes and log setting", util.PreRulebase, Entry{
-			Name:                   "rule1",
-			Uuid:                   "uuid123",
-			GroupTag:               "tag123",
-			Description:            "blah",
-			DestinationHips:        []string{"dst2", "dst1"},
-			LogFailedTlsHandshakes: true,
-			LogSetting:             "my log setting",
-		}},
-		{version.Number{10, 2, 0, ""}, "empty rule", util.PreRulebase, Entry{
-			Name:        "rule1",
-			Uuid:        "uuid123",
-			GroupTag:    "tag123",
-			Description: "blah",
-		}},
-		{version.Number{10, 2, 0, ""}, "basic rule", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 2, 0, ""}, "rule negate source", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			NegateSource:         true,
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSshProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 2, 0, ""}, "rule negate destination", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificates:      []string{"my cert"},
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 2, 0, ""}, "rule disabled", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-		}},
-		{version.Number{10, 2, 0, ""}, "rule with logfwd", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslForwardProxy,
-			DecryptionProfile:    "decryption profile",
-			ForwardingProfile:    "forwarding profile",
-		}},
-		{version.Number{10, 2, 0, ""}, "rule with source hips and successful tls logging", util.PreRulebase, Entry{
-			Name:                       "rule1",
-			Uuid:                       "uuid123",
-			GroupTag:                   "tag123",
-			Description:                "blah",
-			SourceHips:                 []string{"src1"},
-			LogSuccessfulTlsHandshakes: true,
-		}},
-		{version.Number{10, 2, 0, ""}, "rule with failed handshakes and log setting", util.PreRulebase, Entry{
-			Name:                   "rule1",
-			Uuid:                   "uuid123",
-			GroupTag:               "tag123",
-			Description:            "blah",
-			DestinationHips:        []string{"dst2", "dst1"},
-			LogFailedTlsHandshakes: true,
-			LogSetting:             "my log setting",
-		}},
-		{version.Number{10, 2, 0, ""}, "multi decryption cert", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Description:          "blah",
-			SourceZones:          []string{"zone1", "zone2"},
-			SourceAddresses:      []string{"addy1", "grp1"},
-			SourceUsers:          []string{"user2", "user1"},
-			DestinationZones:     []string{"dst1", "dst2"},
-			DestinationAddresses: []string{"da3", "da2"},
-			NegateDestination:    true,
-			Tags:                 []string{"t3", "t2", "t1"},
-			Services:             []string{"any"},
-			UrlCategories:        []string{"url1", "url2"},
-			Action:               ActionNoDecrypt,
-			DecryptionType:       DecryptionTypeSslInboundInspection,
-			SslCertificates:      []string{"my cert", "cert2"},
-			DecryptionProfile:    "decryption profile",
-		}},
-	}
-}
diff --git a/poli/doc.go b/poli/doc.go
deleted file mode 100644
index f15cd930..00000000
--- a/poli/doc.go
+++ /dev/null
@@ -1,2 +0,0 @@
-// Package poli is the client.Policies namespace.
-package poli
diff --git a/poli/fw.go b/poli/fw.go
deleted file mode 100644
index 34d69f4c..00000000
--- a/poli/fw.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package poli
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	"github.com/PaloAltoNetworks/pango/poli/decryption"
-	"github.com/PaloAltoNetworks/pango/poli/nat"
-	"github.com/PaloAltoNetworks/pango/poli/pbf"
-	"github.com/PaloAltoNetworks/pango/poli/security"
-)
-
-// Firewall is the client.Policies namespace.
-type Firewall struct {
-	Decryption            *decryption.Firewall
-	Nat                   *nat.Firewall
-	PolicyBasedForwarding *pbf.Firewall
-	Security              *security.Firewall
-}
-
-func FirewallNamespace(x util.XapiClient) *Firewall {
-	return &Firewall{
-		Decryption:            decryption.FirewallNamespace(x),
-		Nat:                   nat.FirewallNamespace(x),
-		PolicyBasedForwarding: pbf.FirewallNamespace(x),
-		Security:              security.FirewallNamespace(x),
-	}
-}
diff --git a/poli/nat/const.go b/poli/nat/const.go
deleted file mode 100644
index 395fac16..00000000
--- a/poli/nat/const.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package nat
-
-// Values for Entry.SatType.
-const (
-	DynamicIpAndPort = "dynamic-ip-and-port"
-	DynamicIp        = "dynamic-ip"
-	StaticIp         = "static-ip"
-)
-
-// Values for Entry.SatAddressType.
-const (
-	InterfaceAddress  = "interface-address"
-	TranslatedAddress = "translated-address"
-)
-
-// None is a valid value for both Entry.SatType and Entry.SatAddressType.
-const None = "none"
-
-// These are the valid settings for Entry.SatFallbackIpType.
-const (
-	Ip         = "ip"
-	FloatingIp = "floating"
-)
-
-// These are valid settings for DatType.
-const (
-	DatTypeStatic  = "destination-translation"
-	DatTypeDynamic = "dynamic-destination-translation"
-)
-
-// Valid values for the Type value.
-const (
-	TypeIpv4  = "ipv4"
-	TypeNat64 = "nat64"
-	TypeNptv6 = "nptv6"
-)
-
-const (
-	singular = "nat rule"
-	plural   = "nat rules"
-)
diff --git a/poli/nat/doc.go b/poli/nat/doc.go
deleted file mode 100644
index 1450f8fb..00000000
--- a/poli/nat/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package nat is the client.Policies.Nat namespace.
-
-Normalized object:  Entry
-*/
-package nat
diff --git a/poli/nat/entry.go b/poli/nat/entry.go
deleted file mode 100644
index d98828af..00000000
--- a/poli/nat/entry.go
+++ /dev/null
@@ -1,838 +0,0 @@
-package nat
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a NAT
-// policy.  The prefix "Sat" stands for "Source Address Translation" while
-// the prefix "Dat" stands for "Destination Address Translation".
-//
-// Targets is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-//
-// The following Sat params are linked:
-//
-// SatType = nat.DynamicIpAndPort && SatAddressType = nat.TranslatedAddress:
-//
-//      * SatTranslatedAddresses
-//
-// SatType = nat.DynamicIpAndPort && SatAddressType = nat.InterfaceAddress:
-//
-//      * SatInterface
-//      * SatIpAddress
-//
-// For ALL SatType = nat.DynamicIp:
-//
-//      * SatTranslatedAddresses
-//
-// For ALL SatType = nat.DynamicIp and SatFallbackType = nat.InterfaceAddress:
-//
-//      * SatFallbackInterface
-//
-// SatType = nat.DynamicIp && SatFallbackType = nat.InterfaceAddress && SatFallbackIpType = nat.Ip:
-//
-//      * SatFallbackIpAddress
-//
-// SatType = nat.DynamicIp && SatFallbackType = nat.InterfaceAddress && SatFallbackIpType = nat.FloatingIp:
-//
-//      * SatFallbackIpAddress
-//
-// SatType = nat.DynamicIp and SatFallbackType = nat.TranslatedAddress:
-//
-//      * SatFallbackTranslatedAddresses
-//
-// SatType = nat.StaticIp:
-//
-//      * SatStaticTranslatedAddress
-//      * SatStaticBiDirectional
-//
-// If both DatAddress and DatPort are unintialized, then no destination
-// address translation will be enabled; setting DatType by itself is not
-// good enough.
-type Entry struct {
-	Name                           string
-	Description                    string
-	Type                           string
-	SourceZones                    []string // unordered
-	DestinationZone                string
-	ToInterface                    string
-	Service                        string
-	SourceAddresses                []string // unordered
-	DestinationAddresses           []string // unordered
-	SatType                        string
-	SatAddressType                 string
-	SatTranslatedAddresses         []string // unordered
-	SatInterface                   string
-	SatIpAddress                   string
-	SatFallbackType                string
-	SatFallbackTranslatedAddresses []string // unordered
-	SatFallbackInterface           string
-	SatFallbackIpType              string
-	SatFallbackIpAddress           string
-	SatStaticTranslatedAddress     string
-	SatStaticBiDirectional         bool
-	DatType                        string
-	DatAddress                     string
-	DatPort                        int
-	DatDynamicDistribution         string // 8.1+
-	Disabled                       bool
-	Targets                        map[string][]string
-	NegateTarget                   bool
-	Tags                           []string // ordered
-	Uuid                           string   // 9.0+
-	GroupTag                       string   // 9.0+
-}
-
-// Defaults sets params with uninitialized values to their GUI default setting.
-//
-// The defaults are as follows:
-//      * Type: "ipv4"
-//      * ToInterface: "any"
-//      * Service: "any"
-//      * SourceAddresses: ["any"]
-//      * DestinationAddresses: ["any"]
-//      * SatType: None
-//      * DatType: DatTypeStatic
-func (o *Entry) Defaults() {
-	if o.Type == "" {
-		o.Type = "ipv4"
-	}
-
-	if o.ToInterface == "" {
-		o.ToInterface = "any"
-	}
-
-	if o.Service == "" {
-		o.Service = "any"
-	}
-
-	if len(o.SourceAddresses) == 0 {
-		o.SourceAddresses = []string{"any"}
-	}
-
-	if len(o.DestinationAddresses) == 0 {
-		o.DestinationAddresses = []string{"any"}
-	}
-
-	if o.SatType == "" {
-		o.SatType = None
-	}
-
-	if o.DatType == "" {
-		o.DatType = DatTypeStatic
-	}
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name and UUID fields relates to the identity of this object, this fields
-// are not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Type = s.Type
-	o.SourceZones = util.CopyStringSlice(s.SourceZones)
-	o.DestinationZone = s.DestinationZone
-	o.ToInterface = s.ToInterface
-	o.Service = s.Service
-	o.SourceAddresses = util.CopyStringSlice(s.SourceAddresses)
-	o.DestinationAddresses = util.CopyStringSlice(s.DestinationAddresses)
-	o.SatType = s.SatType
-	o.SatAddressType = s.SatAddressType
-	o.SatTranslatedAddresses = util.CopyStringSlice(s.SatTranslatedAddresses)
-	o.SatInterface = s.SatInterface
-	o.SatIpAddress = s.SatIpAddress
-	o.SatFallbackType = s.SatFallbackType
-	o.SatFallbackTranslatedAddresses = util.CopyStringSlice(s.SatFallbackTranslatedAddresses)
-	o.SatFallbackInterface = s.SatFallbackInterface
-	o.SatFallbackIpType = s.SatFallbackIpType
-	o.SatFallbackIpAddress = s.SatFallbackIpAddress
-	o.SatStaticTranslatedAddress = s.SatStaticTranslatedAddress
-	o.SatStaticBiDirectional = s.SatStaticBiDirectional
-	o.DatAddress = s.DatAddress
-	o.DatPort = s.DatPort
-	o.Disabled = s.Disabled
-	o.Targets = util.CopyTargets(s.Targets)
-	o.NegateTarget = s.NegateTarget
-	o.Tags = util.CopyStringSlice(s.Tags)
-	o.DatType = s.DatType
-	o.DatDynamicDistribution = s.DatDynamicDistribution
-	o.GroupTag = s.GroupTag
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Description:          o.Description,
-		Type:                 o.Type,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZone:      o.DestinationZone,
-		ToInterface:          o.ToInterface,
-		Service:              o.Service,
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		Disabled:             util.AsBool(o.Disabled),
-		Tags:                 util.MemToStr(o.Tags),
-	}
-
-	if o.Sat == nil {
-		ans.SatType = None
-	} else {
-		switch {
-		case o.Sat.Diap != nil:
-			ans.SatType = DynamicIpAndPort
-			if o.Sat.Diap.InterfaceAddress != nil {
-				ans.SatAddressType = InterfaceAddress
-				ans.SatInterface = o.Sat.Diap.InterfaceAddress.Interface
-				ans.SatIpAddress = o.Sat.Diap.InterfaceAddress.Ip
-			} else {
-				ans.SatAddressType = TranslatedAddress
-				ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Diap.TranslatedAddress)
-			}
-		case o.Sat.Di != nil:
-			ans.SatType = DynamicIp
-			ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Di.TranslatedAddress)
-			if o.Sat.Di.Fallback == nil {
-				ans.SatFallbackType = None
-			} else if o.Sat.Di.Fallback.TranslatedAddress != nil {
-				ans.SatFallbackType = TranslatedAddress
-				ans.SatFallbackTranslatedAddresses = util.MemToStr(o.Sat.Di.Fallback.TranslatedAddress)
-			} else if o.Sat.Di.Fallback.InterfaceAddress != nil {
-				ans.SatFallbackType = InterfaceAddress
-				ans.SatFallbackInterface = o.Sat.Di.Fallback.InterfaceAddress.Interface
-				if o.Sat.Di.Fallback.InterfaceAddress.Ip != "" {
-					ans.SatFallbackIpType = Ip
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.Ip
-				} else if o.Sat.Di.Fallback.InterfaceAddress.FloatingIp != "" {
-					ans.SatFallbackIpType = FloatingIp
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.FloatingIp
-				}
-			}
-		case o.Sat.Static != nil:
-			ans.SatType = StaticIp
-			ans.SatStaticTranslatedAddress = o.Sat.Static.Address
-			ans.SatStaticBiDirectional = util.AsBool(o.Sat.Static.BiDirectional)
-		}
-	}
-
-	if o.Dat != nil {
-		ans.DatType = DatTypeStatic
-		ans.DatAddress = o.Dat.Address
-		ans.DatPort = o.Dat.Port
-	}
-
-	if o.Target != nil {
-		ans.Targets = util.VsysEntToMap(o.Target.Targets)
-		ans.NegateTarget = util.AsBool(o.Target.NegateTarget)
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Description          string           `xml:"description"`
-	Type                 string           `xml:"nat-type"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZone      string           `xml:"to>member"`
-	ToInterface          string           `xml:"to-interface"`
-	Service              string           `xml:"service"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	Sat                  *srcXlate        `xml:"source-translation"`
-	Dat                  *dstXlate        `xml:"destination-translation"`
-	Disabled             string           `xml:"disabled"`
-	Target               *targetInfo      `xml:"target"`
-	Tags                 *util.MemberType `xml:"tag"`
-}
-
-type dstXlate struct {
-	Address      string `xml:"translated-address,omitempty"`
-	Port         int    `xml:"translated-port,omitempty"`
-	Distribution string `xml:"distribution,omitempty"`
-}
-
-type srcXlate struct {
-	Diap   *srcXlateDiap   `xml:"dynamic-ip-and-port"`
-	Di     *srcXlateDi     `xml:"dynamic-ip"`
-	Static *srcXlateStatic `xml:"static-ip"`
-}
-
-type srcXlateDiap struct {
-	TranslatedAddress *util.MemberType `xml:"translated-address"`
-	InterfaceAddress  *srcXlateDiapIa  `xml:"interface-address"`
-}
-
-type srcXlateDiapIa struct {
-	Interface string `xml:"interface"`
-	Ip        string `xml:"ip,omitempty"`
-}
-
-type srcXlateDi struct {
-	TranslatedAddress *util.MemberType `xml:"translated-address"`
-	Fallback          *fallback        `xml:"fallback"`
-}
-
-type fallback struct {
-	TranslatedAddress *util.MemberType `xml:"translated-address"`
-	InterfaceAddress  *fallbackIface   `xml:"interface-address"`
-}
-
-type fallbackIface struct {
-	Ip         string `xml:"ip,omitempty"`
-	Interface  string `xml:"interface,omitempty"`
-	FloatingIp string `xml:"floating-ip,omitempty"`
-}
-
-type srcXlateStatic struct {
-	Address       string `xml:"translated-address"`
-	BiDirectional string `xml:"bi-directional"`
-}
-
-type targetInfo struct {
-	Targets      *util.VsysEntryType `xml:"devices"`
-	NegateTarget string              `xml:"negate,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		Description:          e.Description,
-		Type:                 e.Type,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZone:      e.DestinationZone,
-		ToInterface:          e.ToInterface,
-		Service:              e.Service,
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		Disabled:             util.YesNo(e.Disabled),
-		Tags:                 util.StrToMem(e.Tags),
-	}
-
-	var sv *srcXlate
-	switch e.SatType {
-	case DynamicIpAndPort:
-		sv = &srcXlate{
-			Diap: &srcXlateDiap{},
-		}
-		switch e.SatAddressType {
-		case TranslatedAddress:
-			sv.Diap.TranslatedAddress = util.StrToMem(e.SatTranslatedAddresses)
-		case InterfaceAddress:
-			sv.Diap.InterfaceAddress = &srcXlateDiapIa{
-				Interface: e.SatInterface,
-				Ip:        e.SatIpAddress,
-			}
-		}
-	case DynamicIp:
-		sv = &srcXlate{
-			Di: &srcXlateDi{
-				TranslatedAddress: util.StrToMem(e.SatTranslatedAddresses),
-			},
-		}
-		switch e.SatFallbackType {
-		case InterfaceAddress:
-			sv.Di.Fallback = &fallback{
-				InterfaceAddress: &fallbackIface{
-					Interface: e.SatFallbackInterface,
-				},
-			}
-			switch e.SatFallbackIpType {
-			case Ip:
-				sv.Di.Fallback.InterfaceAddress.Ip = e.SatFallbackIpAddress
-			case FloatingIp:
-				sv.Di.Fallback.InterfaceAddress.FloatingIp = e.SatFallbackIpAddress
-			}
-		case TranslatedAddress:
-			sv.Di.Fallback = &fallback{TranslatedAddress: util.StrToMem(e.SatFallbackTranslatedAddresses)}
-		}
-	case StaticIp:
-		sv = &srcXlate{
-			Static: &srcXlateStatic{
-				e.SatStaticTranslatedAddress,
-				util.YesNo(e.SatStaticBiDirectional),
-			},
-		}
-	}
-	ans.Sat = sv
-
-	if e.DatType == DatTypeStatic {
-		if e.DatAddress != "" || e.DatPort != 0 {
-			ans.Dat = &dstXlate{
-				e.DatAddress,
-				e.DatPort,
-				"",
-			}
-		}
-	}
-
-	if len(e.Targets) != 0 || e.NegateTarget {
-		ans.Target = &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 8.1
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Description:          o.Description,
-		Type:                 o.Type,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZone:      o.DestinationZone,
-		ToInterface:          o.ToInterface,
-		Service:              o.Service,
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		Disabled:             util.AsBool(o.Disabled),
-		Tags:                 util.MemToStr(o.Tags),
-	}
-
-	if o.Sat == nil {
-		ans.SatType = None
-	} else {
-		switch {
-		case o.Sat.Diap != nil:
-			ans.SatType = DynamicIpAndPort
-			if o.Sat.Diap.InterfaceAddress != nil {
-				ans.SatAddressType = InterfaceAddress
-				ans.SatInterface = o.Sat.Diap.InterfaceAddress.Interface
-				ans.SatIpAddress = o.Sat.Diap.InterfaceAddress.Ip
-			} else {
-				ans.SatAddressType = TranslatedAddress
-				ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Diap.TranslatedAddress)
-			}
-		case o.Sat.Di != nil:
-			ans.SatType = DynamicIp
-			ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Di.TranslatedAddress)
-			if o.Sat.Di.Fallback == nil {
-				ans.SatFallbackType = None
-			} else if o.Sat.Di.Fallback.TranslatedAddress != nil {
-				ans.SatFallbackType = TranslatedAddress
-				ans.SatFallbackTranslatedAddresses = util.MemToStr(o.Sat.Di.Fallback.TranslatedAddress)
-			} else if o.Sat.Di.Fallback.InterfaceAddress != nil {
-				ans.SatFallbackType = InterfaceAddress
-				ans.SatFallbackInterface = o.Sat.Di.Fallback.InterfaceAddress.Interface
-				if o.Sat.Di.Fallback.InterfaceAddress.Ip != "" {
-					ans.SatFallbackIpType = Ip
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.Ip
-				} else if o.Sat.Di.Fallback.InterfaceAddress.FloatingIp != "" {
-					ans.SatFallbackIpType = FloatingIp
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.FloatingIp
-				}
-			}
-		case o.Sat.Static != nil:
-			ans.SatType = StaticIp
-			ans.SatStaticTranslatedAddress = o.Sat.Static.Address
-			ans.SatStaticBiDirectional = util.AsBool(o.Sat.Static.BiDirectional)
-		}
-	}
-
-	if o.Dat != nil {
-		ans.DatType = DatTypeStatic
-		ans.DatAddress = o.Dat.Address
-		ans.DatPort = o.Dat.Port
-	}
-
-	if o.DatDynamic != nil {
-		ans.DatType = DatTypeDynamic
-		ans.DatAddress = o.DatDynamic.Address
-		ans.DatPort = o.DatDynamic.Port
-		ans.DatDynamicDistribution = o.DatDynamic.Distribution
-	}
-
-	if o.Target != nil {
-		ans.Targets = util.VsysEntToMap(o.Target.Targets)
-		ans.NegateTarget = util.AsBool(o.Target.NegateTarget)
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Description          string           `xml:"description"`
-	Type                 string           `xml:"nat-type"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZone      string           `xml:"to>member"`
-	ToInterface          string           `xml:"to-interface"`
-	Service              string           `xml:"service"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	Sat                  *srcXlate        `xml:"source-translation"`
-	Dat                  *dstXlate        `xml:"destination-translation"`
-	DatDynamic           *dstXlate        `xml:"dynamic-destination-translation"`
-	Disabled             string           `xml:"disabled"`
-	Target               *targetInfo      `xml:"target"`
-	Tags                 *util.MemberType `xml:"tag"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                 e.Name,
-		Description:          e.Description,
-		Type:                 e.Type,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZone:      e.DestinationZone,
-		ToInterface:          e.ToInterface,
-		Service:              e.Service,
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		Disabled:             util.YesNo(e.Disabled),
-		Tags:                 util.StrToMem(e.Tags),
-	}
-
-	var sv *srcXlate
-	switch e.SatType {
-	case DynamicIpAndPort:
-		sv = &srcXlate{
-			Diap: &srcXlateDiap{},
-		}
-		switch e.SatAddressType {
-		case TranslatedAddress:
-			sv.Diap.TranslatedAddress = util.StrToMem(e.SatTranslatedAddresses)
-		case InterfaceAddress:
-			sv.Diap.InterfaceAddress = &srcXlateDiapIa{
-				Interface: e.SatInterface,
-				Ip:        e.SatIpAddress,
-			}
-		}
-	case DynamicIp:
-		sv = &srcXlate{
-			Di: &srcXlateDi{
-				TranslatedAddress: util.StrToMem(e.SatTranslatedAddresses),
-			},
-		}
-		switch e.SatFallbackType {
-		case InterfaceAddress:
-			sv.Di.Fallback = &fallback{
-				InterfaceAddress: &fallbackIface{
-					Interface: e.SatFallbackInterface,
-				},
-			}
-			switch e.SatFallbackIpType {
-			case Ip:
-				sv.Di.Fallback.InterfaceAddress.Ip = e.SatFallbackIpAddress
-			case FloatingIp:
-				sv.Di.Fallback.InterfaceAddress.FloatingIp = e.SatFallbackIpAddress
-			}
-		case TranslatedAddress:
-			sv.Di.Fallback = &fallback{TranslatedAddress: util.StrToMem(e.SatFallbackTranslatedAddresses)}
-		}
-	case StaticIp:
-		sv = &srcXlate{
-			Static: &srcXlateStatic{
-				e.SatStaticTranslatedAddress,
-				util.YesNo(e.SatStaticBiDirectional),
-			},
-		}
-	}
-	ans.Sat = sv
-
-	if e.DatType == DatTypeStatic {
-		if e.DatAddress != "" || e.DatPort != 0 {
-			ans.Dat = &dstXlate{
-				e.DatAddress,
-				e.DatPort,
-				"",
-			}
-		}
-	} else if e.DatType == DatTypeDynamic {
-		if e.DatAddress != "" || e.DatPort != 0 || e.DatDynamicDistribution != "" {
-			ans.DatDynamic = &dstXlate{
-				e.DatAddress,
-				e.DatPort,
-				e.DatDynamicDistribution,
-			}
-		}
-	}
-
-	if len(e.Targets) != 0 || e.NegateTarget {
-		ans.Target = &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Uuid:                 o.Uuid,
-		Description:          o.Description,
-		Type:                 o.Type,
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZone:      o.DestinationZone,
-		ToInterface:          o.ToInterface,
-		Service:              o.Service,
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		Disabled:             util.AsBool(o.Disabled),
-		Tags:                 util.MemToStr(o.Tags),
-		GroupTag:             o.GroupTag,
-	}
-
-	if o.Sat == nil {
-		ans.SatType = None
-	} else {
-		switch {
-		case o.Sat.Diap != nil:
-			ans.SatType = DynamicIpAndPort
-			if o.Sat.Diap.InterfaceAddress != nil {
-				ans.SatAddressType = InterfaceAddress
-				ans.SatInterface = o.Sat.Diap.InterfaceAddress.Interface
-				ans.SatIpAddress = o.Sat.Diap.InterfaceAddress.Ip
-			} else {
-				ans.SatAddressType = TranslatedAddress
-				ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Diap.TranslatedAddress)
-			}
-		case o.Sat.Di != nil:
-			ans.SatType = DynamicIp
-			ans.SatTranslatedAddresses = util.MemToStr(o.Sat.Di.TranslatedAddress)
-			if o.Sat.Di.Fallback == nil {
-				ans.SatFallbackType = None
-			} else if o.Sat.Di.Fallback.TranslatedAddress != nil {
-				ans.SatFallbackType = TranslatedAddress
-				ans.SatFallbackTranslatedAddresses = util.MemToStr(o.Sat.Di.Fallback.TranslatedAddress)
-			} else if o.Sat.Di.Fallback.InterfaceAddress != nil {
-				ans.SatFallbackType = InterfaceAddress
-				ans.SatFallbackInterface = o.Sat.Di.Fallback.InterfaceAddress.Interface
-				if o.Sat.Di.Fallback.InterfaceAddress.Ip != "" {
-					ans.SatFallbackIpType = Ip
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.Ip
-				} else if o.Sat.Di.Fallback.InterfaceAddress.FloatingIp != "" {
-					ans.SatFallbackIpType = FloatingIp
-					ans.SatFallbackIpAddress = o.Sat.Di.Fallback.InterfaceAddress.FloatingIp
-				}
-			}
-		case o.Sat.Static != nil:
-			ans.SatType = StaticIp
-			ans.SatStaticTranslatedAddress = o.Sat.Static.Address
-			ans.SatStaticBiDirectional = util.AsBool(o.Sat.Static.BiDirectional)
-		}
-	}
-
-	if o.Dat != nil {
-		ans.DatType = DatTypeStatic
-		ans.DatAddress = o.Dat.Address
-		ans.DatPort = o.Dat.Port
-	}
-
-	if o.DatDynamic != nil {
-		ans.DatType = DatTypeDynamic
-		ans.DatAddress = o.DatDynamic.Address
-		ans.DatPort = o.DatDynamic.Port
-		ans.DatDynamicDistribution = o.DatDynamic.Distribution
-	}
-
-	if o.Target != nil {
-		ans.Targets = util.VsysEntToMap(o.Target.Targets)
-		ans.NegateTarget = util.AsBool(o.Target.NegateTarget)
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Uuid                 string           `xml:"uuid,attr,omitempty"`
-	GroupTag             string           `xml:"group-tag,omitempty"`
-	Name                 string           `xml:"name,attr"`
-	Description          string           `xml:"description"`
-	Type                 string           `xml:"nat-type"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZone      string           `xml:"to>member"`
-	ToInterface          string           `xml:"to-interface"`
-	Service              string           `xml:"service"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	Sat                  *srcXlate        `xml:"source-translation"`
-	Dat                  *dstXlate        `xml:"destination-translation"`
-	DatDynamic           *dstXlate        `xml:"dynamic-destination-translation"`
-	Disabled             string           `xml:"disabled"`
-	Target               *targetInfo      `xml:"target"`
-	Tags                 *util.MemberType `xml:"tag"`
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                 e.Name,
-		Uuid:                 e.Uuid,
-		GroupTag:             e.GroupTag,
-		Description:          e.Description,
-		Type:                 e.Type,
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZone:      e.DestinationZone,
-		ToInterface:          e.ToInterface,
-		Service:              e.Service,
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		Disabled:             util.YesNo(e.Disabled),
-		Tags:                 util.StrToMem(e.Tags),
-	}
-
-	var sv *srcXlate
-	switch e.SatType {
-	case DynamicIpAndPort:
-		sv = &srcXlate{
-			Diap: &srcXlateDiap{},
-		}
-		switch e.SatAddressType {
-		case TranslatedAddress:
-			sv.Diap.TranslatedAddress = util.StrToMem(e.SatTranslatedAddresses)
-		case InterfaceAddress:
-			sv.Diap.InterfaceAddress = &srcXlateDiapIa{
-				Interface: e.SatInterface,
-				Ip:        e.SatIpAddress,
-			}
-		}
-	case DynamicIp:
-		sv = &srcXlate{
-			Di: &srcXlateDi{
-				TranslatedAddress: util.StrToMem(e.SatTranslatedAddresses),
-			},
-		}
-		switch e.SatFallbackType {
-		case InterfaceAddress:
-			sv.Di.Fallback = &fallback{
-				InterfaceAddress: &fallbackIface{
-					Interface: e.SatFallbackInterface,
-				},
-			}
-			switch e.SatFallbackIpType {
-			case Ip:
-				sv.Di.Fallback.InterfaceAddress.Ip = e.SatFallbackIpAddress
-			case FloatingIp:
-				sv.Di.Fallback.InterfaceAddress.FloatingIp = e.SatFallbackIpAddress
-			}
-		case TranslatedAddress:
-			sv.Di.Fallback = &fallback{TranslatedAddress: util.StrToMem(e.SatFallbackTranslatedAddresses)}
-		}
-	case StaticIp:
-		sv = &srcXlate{
-			Static: &srcXlateStatic{
-				e.SatStaticTranslatedAddress,
-				util.YesNo(e.SatStaticBiDirectional),
-			},
-		}
-	}
-	ans.Sat = sv
-
-	if e.DatType == DatTypeStatic {
-		if e.DatAddress != "" || e.DatPort != 0 {
-			ans.Dat = &dstXlate{
-				e.DatAddress,
-				e.DatPort,
-				"",
-			}
-		}
-	} else if e.DatType == DatTypeDynamic {
-		if e.DatAddress != "" || e.DatPort != 0 || e.DatDynamicDistribution != "" {
-			ans.DatDynamic = &dstXlate{
-				e.DatAddress,
-				e.DatPort,
-				e.DatDynamicDistribution,
-			}
-		}
-	}
-
-	if len(e.Targets) != 0 || e.NegateTarget {
-		ans.Target = &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-	}
-
-	return ans
-}
diff --git a/poli/nat/funcs.go b/poli/nat/funcs.go
deleted file mode 100644
index cbd00904..00000000
--- a/poli/nat/funcs.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package nat
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{8, 1, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-func RulesMatch(a, b Entry) bool {
-	return a.Name == b.Name &&
-		a.Description == b.Description &&
-		a.Type == b.Type &&
-		util.UnorderedListsMatch(a.SourceZones, b.SourceZones) &&
-		a.DestinationZone == b.DestinationZone &&
-		a.ToInterface == b.ToInterface &&
-		a.Service == b.Service &&
-		util.UnorderedListsMatch(a.SourceAddresses, b.SourceAddresses) &&
-		util.UnorderedListsMatch(a.DestinationAddresses, b.DestinationAddresses) &&
-		a.SatType == b.SatType &&
-		a.SatAddressType == b.SatAddressType &&
-		util.UnorderedListsMatch(a.SatTranslatedAddresses, b.SatTranslatedAddresses) &&
-		a.SatInterface == b.SatInterface &&
-		a.SatIpAddress == b.SatIpAddress &&
-		a.SatFallbackType == b.SatFallbackType &&
-		util.UnorderedListsMatch(a.SatFallbackTranslatedAddresses, b.SatFallbackTranslatedAddresses) &&
-		a.SatFallbackInterface == b.SatFallbackInterface &&
-		a.SatFallbackIpType == b.SatFallbackIpType &&
-		a.SatFallbackIpAddress == b.SatFallbackIpAddress &&
-		a.SatStaticTranslatedAddress == b.SatStaticTranslatedAddress &&
-		a.SatStaticBiDirectional == b.SatStaticBiDirectional &&
-		a.DatType == b.DatType &&
-		a.DatAddress == b.DatAddress &&
-		a.DatPort == b.DatPort &&
-		a.DatDynamicDistribution == b.DatDynamicDistribution &&
-		a.Disabled == b.Disabled &&
-		util.TargetsMatch(a.Targets, b.Targets) &&
-		a.NegateTarget == b.NegateTarget &&
-		util.OrderedListsMatch(a.Tags, b.Tags)
-}
diff --git a/poli/nat/fw.go b/poli/nat/fw.go
deleted file mode 100644
index 1512bcf1..00000000
--- a/poli/nat/fw.go
+++ /dev/null
@@ -1,304 +0,0 @@
-package nat
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Policies.Nat namespace.
-type Firewall struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(vsys)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(vsys, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(vsys, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(vsys, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(vsys, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(vsys, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vsys), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vsys, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vsys, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// MoveGroup moves a logical group of NAT rules somewhere
-// in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vsys)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vsys), lister, movement, rule, names)
-}
-
-// HitCount gets the rule hit count for the given rules.
-//
-// If the rules param is nil, then the hit count for all rules is returned.
-func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error) {
-	return c.ns.HitCount("nat", vsys, rules)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Firewall) SetAuditComment(vsys, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(vsys), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(vsys), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(vsys), rule, direction, nlogs, skip)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "shared" {
-		return nil, fmt.Errorf("vsys cannot be 'shared'")
-	} else if vsys == "" {
-		vsys = "vsys1"
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"rulebase",
-		"nat",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/nat/fw_test.go b/poli/nat/fw_test.go
deleted file mode 100644
index e7026f34..00000000
--- a/poli/nat/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package nat
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys2", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys2", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/nat/pano.go b/poli/nat/pano.go
deleted file mode 100644
index b8fd042a..00000000
--- a/poli/nat/pano.go
+++ /dev/null
@@ -1,300 +0,0 @@
-package nat
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Policies.Nat namespace.
-//
-// The "dg" param in these functions is the device group.
-//
-// The "base" param in these functions should be one of the rulebase
-// constants in the "util" package.
-type Panorama struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg, base), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg, base), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve information for all objects.
-func (c *Panorama) GetAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(dg, base)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(dg, base, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(dg, base, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(dg, base, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(dg, base, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(dg, base, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *Panorama) Set(dg, base string, e ...Entry) error {
-	err := c.ns.Set(c.pather(dg, base), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(dg, base, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(dg, base, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg, base string, e Entry) error {
-	return c.ns.Edit(c.pather(dg, base), e)
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *Panorama) Delete(dg, base string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg, base), names, nErr)
-}
-
-// MoveGroup moves a logical group of NAT rules
-// somewhere in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(dg, base)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(dg, base), lister, movement, rule, names)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(dg, base), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(dg, base), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(dg, base), rule, direction, nlogs, skip)
-}
-
-func (c *Panorama) pather(dg, base string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, base, v)
-	}
-}
-
-func (c *Panorama) xpath(dg, base string, vals []string) ([]string, error) {
-	if err := util.ValidateRulebase(dg, base); err != nil {
-		return nil, err
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		base,
-		"nat",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/nat/pano_test.go b/poli/nat/pano_test.go
deleted file mode 100644
index e0362cb9..00000000
--- a/poli/nat/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package nat
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my group", util.PostRulebase, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my group", util.PostRulebase, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/nat/testdata_test.go b/poli/nat/testdata_test.go
deleted file mode 100644
index 07cd7936..00000000
--- a/poli/nat/testdata_test.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package nat
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	version version.Number
-	desc    string
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{version.Number{5, 0, 0, ""}, "dst only", Entry{
-			Name:                 "nat policy",
-			Description:          "my nat policy",
-			Type:                 "ipv4",
-			SourceZones:          []string{"zone1", "zone2"},
-			DestinationZone:      "zone3",
-			ToInterface:          "ethernet1/7",
-			Service:              "myService",
-			SourceAddresses:      []string{"any"},
-			DestinationAddresses: []string{"any"},
-			SatType:              None,
-			DatType:              DatTypeStatic,
-			DatAddress:           "10.5.1.1",
-			DatPort:              1234,
-			Tags:                 []string{"tag1", "tag2"},
-		}},
-		{version.Number{5, 0, 0, ""}, "dynamic ip and port with translated address", Entry{
-			Name:                   "nat policy",
-			Description:            "my nat policy",
-			Type:                   "ipv4",
-			SourceZones:            []string{"zone3"},
-			DestinationZone:        "zone4",
-			ToInterface:            "any",
-			Service:                "any",
-			SourceAddresses:        []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			SatType:                DynamicIpAndPort,
-			SatAddressType:         TranslatedAddress,
-			SatTranslatedAddresses: []string{"10.3.1.1", "10.3.2.1"},
-		}},
-		{version.Number{5, 0, 0, ""}, "dynamic ip with interface address fallback", Entry{
-			Name:                   "nat policy",
-			Description:            "my nat policy",
-			Type:                   "ipv4",
-			SourceZones:            []string{"zone3"},
-			DestinationZone:        "zone4",
-			ToInterface:            "any",
-			Service:                "any",
-			SourceAddresses:        []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			SatType:                DynamicIp,
-			SatTranslatedAddresses: []string{"10.5.5.5", "10.6.6.6"},
-			SatFallbackType:        InterfaceAddress,
-			SatFallbackInterface:   "ethernet1/7",
-			SatFallbackIpType:      Ip,
-			SatFallbackIpAddress:   "10.10.10.10",
-		}},
-		{version.Number{5, 0, 0, ""}, "static ip with target", Entry{
-			Name:                       "nat policy",
-			Description:                "my nat policy",
-			Type:                       "ipv4",
-			SourceZones:                []string{"zone3"},
-			DestinationZone:            "zone4",
-			ToInterface:                "any",
-			Service:                    "any",
-			SourceAddresses:            []string{"any"},
-			DestinationAddresses:       []string{"any"},
-			SatType:                    StaticIp,
-			SatStaticTranslatedAddress: "10.5.5.5",
-			SatStaticBiDirectional:     true,
-			Targets: map[string][]string{
-				"fw1": nil,
-				"fw2": {"vsys2", "vsys3"},
-			},
-			NegateTarget: true,
-		}},
-		{version.Number{8, 1, 0, ""}, "v2 normal dat", Entry{
-			Name:                 "nat policy",
-			Description:          "my nat policy",
-			Type:                 "ipv4",
-			SourceZones:          []string{"zone1", "zone2"},
-			DestinationZone:      "zone3",
-			ToInterface:          "ethernet1/7",
-			Service:              "myService",
-			SourceAddresses:      []string{"any"},
-			DestinationAddresses: []string{"any"},
-			SatType:              None,
-			DatType:              DatTypeStatic,
-			DatAddress:           "10.5.1.1",
-			DatPort:              1234,
-			Tags:                 []string{"tag1", "tag2"},
-		}},
-		{version.Number{8, 1, 0, ""}, "v2 dynamic dat", Entry{
-			Name:                   "nat policy",
-			Description:            "my nat policy",
-			Type:                   "ipv4",
-			SourceZones:            []string{"zone1", "zone2"},
-			DestinationZone:        "zone3",
-			ToInterface:            "ethernet1/7",
-			Service:                "myService",
-			SourceAddresses:        []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			SatType:                None,
-			DatType:                DatTypeDynamic,
-			DatAddress:             "my fqdn object",
-			DatPort:                1234,
-			DatDynamicDistribution: "round-robin",
-			Tags:                   []string{"tag1", "tag2"},
-		}},
-		{version.Number{9, 0, 0, ""}, "v3 normal dat", Entry{
-			Name:                 "nat policy",
-			Description:          "my nat policy",
-			Type:                 "ipv4",
-			SourceZones:          []string{"zone1", "zone2"},
-			DestinationZone:      "zone3",
-			ToInterface:          "ethernet1/7",
-			Service:              "myService",
-			SourceAddresses:      []string{"any"},
-			DestinationAddresses: []string{"any"},
-			SatType:              None,
-			DatType:              DatTypeStatic,
-			DatAddress:           "10.5.1.1",
-			DatPort:              1234,
-			Tags:                 []string{"tag1", "tag2"},
-		}},
-		{version.Number{9, 0, 0, ""}, "v3 dynamic dat", Entry{
-			Name:                   "nat policy",
-			Description:            "my nat policy",
-			Type:                   "ipv4",
-			SourceZones:            []string{"zone1", "zone2"},
-			DestinationZone:        "zone3",
-			ToInterface:            "ethernet1/7",
-			Service:                "myService",
-			SourceAddresses:        []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			SatType:                None,
-			DatType:                DatTypeDynamic,
-			DatAddress:             "my fqdn object",
-			DatPort:                1234,
-			DatDynamicDistribution: "round-robin",
-			Tags:                   []string{"tag1", "tag2"},
-		}},
-		{version.Number{9, 0, 0, ""}, "v3 dst only", Entry{
-			Name:                 "nat policy",
-			Description:          "my nat policy",
-			Type:                 "ipv4",
-			SourceZones:          []string{"zone1", "zone2"},
-			DestinationZone:      "zone3",
-			ToInterface:          "ethernet1/7",
-			Service:              "myService",
-			SourceAddresses:      []string{"any"},
-			DestinationAddresses: []string{"any"},
-			SatType:              None,
-			DatType:              DatTypeStatic,
-			DatAddress:           "10.5.1.1",
-			DatPort:              1234,
-			Tags:                 []string{"tag1", "tag2"},
-		}},
-		{version.Number{9, 0, 0, ""}, "v3 group tag and uuid", Entry{
-			Name:                 "nat policy",
-			Uuid:                 "123-45-6789",
-			GroupTag:             "myGroupTag",
-			Description:          "my nat policy",
-			Type:                 "ipv4",
-			SourceZones:          []string{"zone1", "zone2"},
-			DestinationZone:      "zone3",
-			ToInterface:          "ethernet1/7",
-			Service:              "myService",
-			SourceAddresses:      []string{"any"},
-			DestinationAddresses: []string{"any"},
-			SatType:              None,
-			DatType:              DatTypeStatic,
-			DatAddress:           "10.5.1.1",
-			DatPort:              1234,
-			Tags:                 []string{"tag1", "tag2"},
-		}},
-	}
-}
diff --git a/poli/pano.go b/poli/pano.go
deleted file mode 100644
index 350e97e5..00000000
--- a/poli/pano.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package poli
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-
-	"github.com/PaloAltoNetworks/pango/poli/decryption"
-	"github.com/PaloAltoNetworks/pango/poli/nat"
-	"github.com/PaloAltoNetworks/pango/poli/pbf"
-	"github.com/PaloAltoNetworks/pango/poli/security"
-)
-
-// Panorama is the client.Policies namespace.
-type Panorama struct {
-	Decryption            *decryption.Panorama
-	Nat                   *nat.Panorama
-	PolicyBasedForwarding *pbf.Panorama
-	Security              *security.Panorama
-}
-
-func PanoramaNamespace(x util.XapiClient) *Panorama {
-	return &Panorama{
-		Decryption:            decryption.PanoramaNamespace(x),
-		Nat:                   nat.PanoramaNamespace(x),
-		PolicyBasedForwarding: pbf.PanoramaNamespace(x),
-		Security:              security.PanoramaNamespace(x),
-	}
-}
diff --git a/poli/pbf/const.go b/poli/pbf/const.go
deleted file mode 100644
index 879e4e41..00000000
--- a/poli/pbf/const.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package pbf
-
-// Valid FromType values.
-const (
-	FromTypeZone      = "zone"
-	FromTypeInterface = "interface"
-)
-
-// Valid ForwardNextHopType values.
-const (
-	ForwardNextHopTypeIpAddress = "ip-address"
-	ForwardNextHopTypeFqdn      = "fqdn"
-)
-
-// Valid Action values.
-const (
-	ActionForward     = "forward"
-	ActionVsysForward = "forward-to-vsys"
-	ActionDiscard     = "discard"
-	ActionNoPbf       = "no-pbf"
-)
-
-const (
-	singular = "policy based forwarding rule"
-	plural   = "policy based forwarding rules"
-)
diff --git a/poli/pbf/doc.go b/poli/pbf/doc.go
deleted file mode 100644
index 34fa0474..00000000
--- a/poli/pbf/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package pbf is the client.Policies.PolicyBasedForwarding namespace.
-
-Normalized object:  Entry
-*/
-package pbf
diff --git a/poli/pbf/entry.go b/poli/pbf/entry.go
deleted file mode 100644
index 8ccad597..00000000
--- a/poli/pbf/entry.go
+++ /dev/null
@@ -1,516 +0,0 @@
-package pbf
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a policy
-// based forwarding rule.
-//
-// Targets is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name                               string
-	Description                        string
-	Tags                               []string // ordered
-	FromType                           string
-	FromValues                         []string // unordered
-	SourceAddresses                    []string // unordered
-	SourceUsers                        []string // unordered
-	NegateSource                       bool
-	DestinationAddresses               []string // unordered
-	NegateDestination                  bool
-	Applications                       []string // unordered
-	Services                           []string // unordered
-	Schedule                           string
-	Disabled                           bool
-	Action                             string
-	ForwardVsys                        string
-	ForwardEgressInterface             string
-	ForwardNextHopType                 string
-	ForwardNextHopValue                string
-	ForwardMonitorProfile              string
-	ForwardMonitorIpAddress            string
-	ForwardMonitorDisableIfUnreachable bool
-	EnableEnforceSymmetricReturn       bool
-	SymmetricReturnAddresses           []string // ordered
-	ActiveActiveDeviceBinding          string
-	Targets                            map[string][]string
-	NegateTarget                       bool
-	Uuid                               string // 9.0+
-	GroupTag                           string // 9.0+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name and Uuid fields relates to the identify of this object, they are not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Description = s.Description
-	o.Tags = util.CopyStringSlice(s.Tags)
-	o.FromType = s.FromType
-	o.FromValues = util.CopyStringSlice(s.FromValues)
-	o.SourceAddresses = util.CopyStringSlice(s.SourceAddresses)
-	o.SourceUsers = util.CopyStringSlice(s.SourceUsers)
-	o.NegateSource = s.NegateSource
-	o.DestinationAddresses = util.CopyStringSlice(s.DestinationAddresses)
-	o.NegateDestination = s.NegateDestination
-	o.Applications = util.CopyStringSlice(s.Applications)
-	o.Services = util.CopyStringSlice(s.Services)
-	o.Schedule = s.Schedule
-	o.Disabled = s.Disabled
-	o.Action = s.Action
-	o.ForwardVsys = s.ForwardVsys
-	o.ForwardEgressInterface = s.ForwardEgressInterface
-	o.ForwardNextHopType = s.ForwardNextHopType
-	o.ForwardNextHopValue = s.ForwardNextHopValue
-	o.ForwardMonitorProfile = s.ForwardMonitorProfile
-	o.ForwardMonitorIpAddress = s.ForwardMonitorIpAddress
-	o.ForwardMonitorDisableIfUnreachable = s.ForwardMonitorDisableIfUnreachable
-	o.EnableEnforceSymmetricReturn = s.EnableEnforceSymmetricReturn
-	o.SymmetricReturnAddresses = util.CopyStringSlice(s.SymmetricReturnAddresses)
-	o.ActiveActiveDeviceBinding = s.ActiveActiveDeviceBinding
-	o.Targets = util.CopyTargets(s.Targets)
-	o.NegateTarget = s.NegateTarget
-	o.GroupTag = s.GroupTag
-}
-
-/** Structs / functions for this namespace. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                      o.Name,
-		SourceAddresses:           util.MemToStr(o.SourceAddresses),
-		SourceUsers:               util.MemToStr(o.SourceUsers),
-		NegateSource:              util.AsBool(o.NegateSource),
-		DestinationAddresses:      util.MemToStr(o.DestinationAddresses),
-		NegateDestination:         util.AsBool(o.NegateDestination),
-		Applications:              util.MemToStr(o.Applications),
-		Services:                  util.MemToStr(o.Services),
-		Schedule:                  o.Schedule,
-		Tags:                      util.MemToStr(o.Tags),
-		Disabled:                  util.AsBool(o.Disabled),
-		Description:               o.Description,
-		ActiveActiveDeviceBinding: o.ActiveActiveDeviceBinding,
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	switch {
-	case o.FromZones != nil:
-		ans.FromType = FromTypeZone
-		ans.FromValues = util.MemToStr(o.FromZones)
-	case o.FromInterfaces != nil:
-		ans.FromType = FromTypeInterface
-		ans.FromValues = util.MemToStr(o.FromInterfaces)
-	}
-
-	switch {
-	case o.Action.Forward != nil:
-		ans.Action = ActionForward
-		ans.ForwardEgressInterface = o.Action.Forward.ForwardEgressInterface
-
-		if o.Action.Forward.NextHop != nil {
-			if o.Action.Forward.NextHop.IpAddress != "" {
-				ans.ForwardNextHopType = ForwardNextHopTypeIpAddress
-				ans.ForwardNextHopValue = o.Action.Forward.NextHop.IpAddress
-			}
-		}
-
-		if o.Action.Forward.Monitor != nil {
-			ans.ForwardMonitorProfile = o.Action.Forward.Monitor.ForwardMonitorProfile
-			ans.ForwardMonitorIpAddress = o.Action.Forward.Monitor.ForwardMonitorIpAddress
-			ans.ForwardMonitorDisableIfUnreachable = util.AsBool(o.Action.Forward.Monitor.ForwardMonitorDisableIfUnreachable)
-		}
-	case o.Action.ForwardVsys != nil:
-		ans.Action = ActionVsysForward
-		ans.ForwardVsys = *o.Action.ForwardVsys
-	case o.Action.Discard != nil:
-		ans.Action = ActionDiscard
-	case o.Action.NoPbf != nil:
-		ans.Action = ActionNoPbf
-	}
-
-	if o.Symmetric != nil {
-		ans.EnableEnforceSymmetricReturn = util.AsBool(o.Symmetric.EnableEnforceSymmetricReturn)
-		ans.SymmetricReturnAddresses = util.EntToStr(o.Symmetric.SymmetricReturnAddresses)
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName                   xml.Name         `xml:"entry"`
-	Name                      string           `xml:"name,attr"`
-	FromZones                 *util.MemberType `xml:"from>zone"`
-	FromInterfaces            *util.MemberType `xml:"from>interface"`
-	SourceAddresses           *util.MemberType `xml:"source"`
-	SourceUsers               *util.MemberType `xml:"source-user"`
-	NegateSource              string           `xml:"negate-source"`
-	DestinationAddresses      *util.MemberType `xml:"destination"`
-	NegateDestination         string           `xml:"negate-destination"`
-	Applications              *util.MemberType `xml:"application"`
-	Services                  *util.MemberType `xml:"service"`
-	Schedule                  string           `xml:"schedule,omitempty"`
-	Tags                      *util.MemberType `xml:"tag"`
-	Disabled                  string           `xml:"disabled"`
-	Description               string           `xml:"description,omitempty"`
-	Action                    act_v1           `xml:"action"`
-	Symmetric                 *sym             `xml:"enforce-symmetric-return"`
-	ActiveActiveDeviceBinding string           `xml:"active-active-device-binding,omitempty"`
-	TargetInfo                *targetInfo      `xml:"target"`
-}
-
-type act_v1 struct {
-	Forward     *fwd_v1 `xml:"forward"`
-	ForwardVsys *string `xml:"forward-to-vsys"`
-	Discard     *string `xml:"discard"`
-	NoPbf       *string `xml:"no-pbf"`
-}
-
-type fwd_v1 struct {
-	ForwardEgressInterface string      `xml:"egress-interface"`
-	NextHop                *nextHop_v1 `xml:"nexthop"`
-	Monitor                *fwdMonitor `xml:"monitor"`
-}
-
-type nextHop_v1 struct {
-	IpAddress string `xml:"ip-address,omitempty"`
-}
-
-type fwdMonitor struct {
-	ForwardMonitorProfile              string `xml:"profile"`
-	ForwardMonitorIpAddress            string `xml:"ip-address,omitempty"`
-	ForwardMonitorDisableIfUnreachable string `xml:"disable-if-unreachable"`
-}
-
-type sym struct {
-	EnableEnforceSymmetricReturn string          `xml:"enabled"`
-	SymmetricReturnAddresses     *util.EntryType `xml:"nexthop-address-list"`
-}
-
-type targetInfo struct {
-	Targets      *util.VsysEntryType `xml:"devices"`
-	NegateTarget string              `xml:"negate,omitempty"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                      e.Name,
-		SourceAddresses:           util.StrToMem(e.SourceAddresses),
-		SourceUsers:               util.StrToMem(e.SourceUsers),
-		NegateSource:              util.YesNo(e.NegateSource),
-		DestinationAddresses:      util.StrToMem(e.DestinationAddresses),
-		NegateDestination:         util.YesNo(e.NegateDestination),
-		Applications:              util.StrToMem(e.Applications),
-		Services:                  util.StrToMem(e.Services),
-		Schedule:                  e.Schedule,
-		Tags:                      util.StrToMem(e.Tags),
-		Disabled:                  util.YesNo(e.Disabled),
-		Description:               e.Description,
-		ActiveActiveDeviceBinding: e.ActiveActiveDeviceBinding,
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		ans.TargetInfo = &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-	}
-
-	switch e.FromType {
-	case FromTypeZone:
-		ans.FromZones = util.StrToMem(e.FromValues)
-	case FromTypeInterface:
-		ans.FromInterfaces = util.StrToMem(e.FromValues)
-	}
-
-	switch e.Action {
-	case ActionForward:
-		ans.Action.Forward = &fwd_v1{
-			ForwardEgressInterface: e.ForwardEgressInterface,
-		}
-
-		switch e.ForwardNextHopType {
-		case ForwardNextHopTypeIpAddress:
-			ans.Action.Forward.NextHop = &nextHop_v1{
-				IpAddress: e.ForwardNextHopValue,
-			}
-		}
-
-		if e.ForwardMonitorProfile != "" || e.ForwardMonitorIpAddress != "" || e.ForwardMonitorDisableIfUnreachable {
-			ans.Action.Forward.Monitor = &fwdMonitor{
-				ForwardMonitorProfile:              e.ForwardMonitorProfile,
-				ForwardMonitorIpAddress:            e.ForwardMonitorIpAddress,
-				ForwardMonitorDisableIfUnreachable: util.YesNo(e.ForwardMonitorDisableIfUnreachable),
-			}
-		}
-	case ActionVsysForward:
-		ans.Action.ForwardVsys = &e.ForwardVsys
-	case ActionDiscard:
-		s := ""
-		ans.Action.Discard = &s
-	case ActionNoPbf:
-		s := ""
-		ans.Action.NoPbf = &s
-	}
-
-	if e.EnableEnforceSymmetricReturn || len(e.SymmetricReturnAddresses) > 0 {
-		ans.Symmetric = &sym{
-			EnableEnforceSymmetricReturn: util.YesNo(e.EnableEnforceSymmetricReturn),
-			SymmetricReturnAddresses:     util.StrToEnt(e.SymmetricReturnAddresses),
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                      o.Name,
-		SourceAddresses:           util.MemToStr(o.SourceAddresses),
-		SourceUsers:               util.MemToStr(o.SourceUsers),
-		NegateSource:              util.AsBool(o.NegateSource),
-		DestinationAddresses:      util.MemToStr(o.DestinationAddresses),
-		NegateDestination:         util.AsBool(o.NegateDestination),
-		Applications:              util.MemToStr(o.Applications),
-		Services:                  util.MemToStr(o.Services),
-		Schedule:                  o.Schedule,
-		Tags:                      util.MemToStr(o.Tags),
-		Disabled:                  util.AsBool(o.Disabled),
-		Description:               o.Description,
-		ActiveActiveDeviceBinding: o.ActiveActiveDeviceBinding,
-		Uuid:                      o.Uuid,
-		GroupTag:                  o.GroupTag,
-	}
-
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-
-	switch {
-	case o.FromZones != nil:
-		ans.FromType = FromTypeZone
-		ans.FromValues = util.MemToStr(o.FromZones)
-	case o.FromInterfaces != nil:
-		ans.FromType = FromTypeInterface
-		ans.FromValues = util.MemToStr(o.FromInterfaces)
-	}
-
-	switch {
-	case o.Action.Forward != nil:
-		ans.Action = ActionForward
-		ans.ForwardEgressInterface = o.Action.Forward.ForwardEgressInterface
-
-		if o.Action.Forward.NextHop != nil {
-			if o.Action.Forward.NextHop.IpAddress != "" {
-				ans.ForwardNextHopType = ForwardNextHopTypeIpAddress
-				ans.ForwardNextHopValue = o.Action.Forward.NextHop.IpAddress
-			} else if o.Action.Forward.NextHop.Fqdn != "" {
-				ans.ForwardNextHopType = ForwardNextHopTypeFqdn
-				ans.ForwardNextHopValue = o.Action.Forward.NextHop.Fqdn
-			}
-		}
-
-		if o.Action.Forward.Monitor != nil {
-			ans.ForwardMonitorProfile = o.Action.Forward.Monitor.ForwardMonitorProfile
-			ans.ForwardMonitorIpAddress = o.Action.Forward.Monitor.ForwardMonitorIpAddress
-			ans.ForwardMonitorDisableIfUnreachable = util.AsBool(o.Action.Forward.Monitor.ForwardMonitorDisableIfUnreachable)
-		}
-	case o.Action.ForwardVsys != nil:
-		ans.Action = ActionVsysForward
-		ans.ForwardVsys = *o.Action.ForwardVsys
-	case o.Action.Discard != nil:
-		ans.Action = ActionDiscard
-	case o.Action.NoPbf != nil:
-		ans.Action = ActionNoPbf
-	}
-
-	if o.Symmetric != nil {
-		ans.EnableEnforceSymmetricReturn = util.AsBool(o.Symmetric.EnableEnforceSymmetricReturn)
-		ans.SymmetricReturnAddresses = util.EntToStr(o.Symmetric.SymmetricReturnAddresses)
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName                   xml.Name         `xml:"entry"`
-	Name                      string           `xml:"name,attr"`
-	Uuid                      string           `xml:"uuid,attr,omitempty"`
-	GroupTag                  string           `xml:"group-tag,omitempty"`
-	FromZones                 *util.MemberType `xml:"from>zone"`
-	FromInterfaces            *util.MemberType `xml:"from>interface"`
-	SourceAddresses           *util.MemberType `xml:"source"`
-	SourceUsers               *util.MemberType `xml:"source-user"`
-	NegateSource              string           `xml:"negate-source"`
-	DestinationAddresses      *util.MemberType `xml:"destination"`
-	NegateDestination         string           `xml:"negate-destination"`
-	Applications              *util.MemberType `xml:"application"`
-	Services                  *util.MemberType `xml:"service"`
-	Schedule                  string           `xml:"schedule,omitempty"`
-	Tags                      *util.MemberType `xml:"tag"`
-	Disabled                  string           `xml:"disabled"`
-	Description               string           `xml:"description,omitempty"`
-	Action                    act_v2           `xml:"action"`
-	Symmetric                 *sym             `xml:"enforce-symmetric-return"`
-	ActiveActiveDeviceBinding string           `xml:"active-active-device-binding,omitempty"`
-	TargetInfo                *targetInfo      `xml:"target"`
-}
-
-type act_v2 struct {
-	Forward     *fwd_v2 `xml:"forward"`
-	ForwardVsys *string `xml:"forward-to-vsys"`
-	Discard     *string `xml:"discard"`
-	NoPbf       *string `xml:"no-pbf"`
-}
-
-type fwd_v2 struct {
-	ForwardEgressInterface string      `xml:"egress-interface"`
-	NextHop                *nextHop_v2 `xml:"nexthop"`
-	Monitor                *fwdMonitor `xml:"monitor"`
-}
-
-type nextHop_v2 struct {
-	IpAddress string `xml:"ip-address,omitempty"`
-	Fqdn      string `xml:"fqdn,omitempty"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                      e.Name,
-		SourceAddresses:           util.StrToMem(e.SourceAddresses),
-		SourceUsers:               util.StrToMem(e.SourceUsers),
-		NegateSource:              util.YesNo(e.NegateSource),
-		DestinationAddresses:      util.StrToMem(e.DestinationAddresses),
-		NegateDestination:         util.YesNo(e.NegateDestination),
-		Applications:              util.StrToMem(e.Applications),
-		Services:                  util.StrToMem(e.Services),
-		Schedule:                  e.Schedule,
-		Tags:                      util.StrToMem(e.Tags),
-		Disabled:                  util.YesNo(e.Disabled),
-		Description:               e.Description,
-		ActiveActiveDeviceBinding: e.ActiveActiveDeviceBinding,
-		Uuid:                      e.Uuid,
-		GroupTag:                  e.GroupTag,
-	}
-
-	if e.Targets != nil || e.NegateTarget {
-		ans.TargetInfo = &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-	}
-
-	switch e.FromType {
-	case FromTypeZone:
-		ans.FromZones = util.StrToMem(e.FromValues)
-	case FromTypeInterface:
-		ans.FromInterfaces = util.StrToMem(e.FromValues)
-	}
-
-	switch e.Action {
-	case ActionForward:
-		ans.Action.Forward = &fwd_v2{
-			ForwardEgressInterface: e.ForwardEgressInterface,
-		}
-
-		switch e.ForwardNextHopType {
-		case ForwardNextHopTypeIpAddress:
-			ans.Action.Forward.NextHop = &nextHop_v2{
-				IpAddress: e.ForwardNextHopValue,
-			}
-		case ForwardNextHopTypeFqdn:
-			ans.Action.Forward.NextHop = &nextHop_v2{
-				Fqdn: e.ForwardNextHopValue,
-			}
-		}
-
-		if e.ForwardMonitorProfile != "" || e.ForwardMonitorIpAddress != "" || e.ForwardMonitorDisableIfUnreachable {
-			ans.Action.Forward.Monitor = &fwdMonitor{
-				ForwardMonitorProfile:              e.ForwardMonitorProfile,
-				ForwardMonitorIpAddress:            e.ForwardMonitorIpAddress,
-				ForwardMonitorDisableIfUnreachable: util.YesNo(e.ForwardMonitorDisableIfUnreachable),
-			}
-		}
-	case ActionVsysForward:
-		ans.Action.ForwardVsys = &e.ForwardVsys
-	case ActionDiscard:
-		s := ""
-		ans.Action.Discard = &s
-	case ActionNoPbf:
-		s := ""
-		ans.Action.NoPbf = &s
-	}
-
-	if e.EnableEnforceSymmetricReturn || len(e.SymmetricReturnAddresses) > 0 {
-		ans.Symmetric = &sym{
-			EnableEnforceSymmetricReturn: util.YesNo(e.EnableEnforceSymmetricReturn),
-			SymmetricReturnAddresses:     util.StrToEnt(e.SymmetricReturnAddresses),
-		}
-	}
-
-	return ans
-}
diff --git a/poli/pbf/funcs.go b/poli/pbf/funcs.go
deleted file mode 100644
index 5c047772..00000000
--- a/poli/pbf/funcs.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package pbf
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-func RulesMatch(a, b Entry) bool {
-	return a.Name == b.Name &&
-		a.Description == b.Description &&
-		util.OrderedListsMatch(a.Tags, b.Tags) &&
-		a.FromType == b.FromType &&
-		util.UnorderedListsMatch(a.FromValues, b.FromValues) &&
-		util.UnorderedListsMatch(a.SourceAddresses, b.SourceAddresses) &&
-		util.UnorderedListsMatch(a.SourceUsers, b.SourceUsers) &&
-		a.NegateSource == b.NegateSource &&
-		util.UnorderedListsMatch(a.DestinationAddresses, b.DestinationAddresses) &&
-		a.NegateDestination == b.NegateDestination &&
-		util.UnorderedListsMatch(a.Applications, b.Applications) &&
-		util.UnorderedListsMatch(a.Services, b.Services) &&
-		a.Schedule == b.Schedule &&
-		a.Disabled == b.Disabled &&
-		a.Action == b.Action &&
-		a.ForwardVsys == b.ForwardVsys &&
-		a.ForwardEgressInterface == b.ForwardEgressInterface &&
-		a.ForwardNextHopType == b.ForwardNextHopType &&
-		a.ForwardNextHopValue == b.ForwardNextHopValue &&
-		a.ForwardMonitorProfile == b.ForwardMonitorProfile &&
-		a.ForwardMonitorIpAddress == b.ForwardMonitorIpAddress &&
-		a.ForwardMonitorDisableIfUnreachable == b.ForwardMonitorDisableIfUnreachable &&
-		a.EnableEnforceSymmetricReturn == b.EnableEnforceSymmetricReturn &&
-		util.OrderedListsMatch(a.SymmetricReturnAddresses, b.SymmetricReturnAddresses) &&
-		a.ActiveActiveDeviceBinding == b.ActiveActiveDeviceBinding &&
-		util.TargetsMatch(a.Targets, b.Targets) &&
-		// Don't compare UUID.
-		a.NegateTarget == b.NegateTarget
-}
diff --git a/poli/pbf/fw.go b/poli/pbf/fw.go
deleted file mode 100644
index 4c0c8337..00000000
--- a/poli/pbf/fw.go
+++ /dev/null
@@ -1,304 +0,0 @@
-package pbf
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Policies.PolicyBasedForwarding namespace.
-type Firewall struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(vsys)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(vsys, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(vsys, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(vsys, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(vsys, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(vsys, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vsys), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vsys, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vsys, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// MoveGroup moves a logical group of policy based forwarding rules somewhere
-// in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vsys)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vsys), lister, movement, rule, names)
-}
-
-// HitCount gets the rule hit count for the given rules.
-//
-// If the rules param is nil, then the hit count for all rules is returned.
-func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error) {
-	return c.ns.HitCount("pbf", vsys, rules)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Firewall) SetAuditComment(vsys, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(vsys), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(vsys), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(vsys), rule, direction, nlogs, skip)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "shared" {
-		return nil, fmt.Errorf("vsys cannot be 'shared'")
-	} else if vsys == "" {
-		return nil, fmt.Errorf("vsys must be specified")
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.VsysXpathPrefix(vsys)...)
-	ans = append(ans,
-		"rulebase",
-		"pbf",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/pbf/fw_test.go b/poli/pbf/fw_test.go
deleted file mode 100644
index c888c08d..00000000
--- a/poli/pbf/fw_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package pbf
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("vsys1", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("vsys1", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/pbf/pano.go b/poli/pbf/pano.go
deleted file mode 100644
index 774d2a98..00000000
--- a/poli/pbf/pano.go
+++ /dev/null
@@ -1,300 +0,0 @@
-package pbf
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Policies.PolicyBasedForwarding namespace.
-//
-// The "dg" param in these functions is the device group.
-//
-// The "base" param in these functions should be one of the rulebase
-// constants in the "util" package.
-type Panorama struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg, base), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg, base), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve information for all objects.
-func (c *Panorama) GetAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(dg, base)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(dg, base, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(dg, base, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(dg, base, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(dg, base, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(dg, base, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *Panorama) Set(dg, base string, e ...Entry) error {
-	err := c.ns.Set(c.pather(dg, base), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(dg, base, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(dg, base, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg, base string, e Entry) error {
-	return c.ns.Edit(c.pather(dg, base), e)
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *Panorama) Delete(dg, base string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg, base), names, nErr)
-}
-
-// MoveGroup moves a logical group of policy based forwarding rules
-// somewhere in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(dg, base)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(dg, base), lister, movement, rule, names)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(dg, base), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(dg, base), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(dg, base), rule, direction, nlogs, skip)
-}
-
-func (c *Panorama) pather(dg, base string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, base, v)
-	}
-}
-
-func (c *Panorama) xpath(dg, base string, vals []string) ([]string, error) {
-	if err := util.ValidateRulebase(dg, base); err != nil {
-		return nil, err
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		base,
-		"pbf",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/pbf/pano_test.go b/poli/pbf/pano_test.go
deleted file mode 100644
index be3816f8..00000000
--- a/poli/pbf/pano_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package pbf
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my device group", "pre-rulebase", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my device group", "pre-rulebase", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				}
-				if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/poli/pbf/testdata_test.go b/poli/pbf/testdata_test.go
deleted file mode 100644
index 5a123082..00000000
--- a/poli/pbf/testdata_test.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package pbf
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type tc struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []tc {
-	return []tc{
-		{"v1 from interface nopbf no symmetric", version.Number{7, 1, 0, ""}, Entry{
-			Name:                      "v1",
-			Description:               "my desc",
-			Tags:                      []string{"tag1", "tag2"},
-			FromType:                  FromTypeInterface,
-			FromValues:                []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:           []string{"any"},
-			SourceUsers:               []string{"user1", "user2"},
-			NegateSource:              true,
-			DestinationAddresses:      []string{"dest1", "dest2"},
-			NegateDestination:         true,
-			Applications:              []string{"app1", "app2"},
-			Services:                  []string{"s1", "s2"},
-			Schedule:                  "my schedule",
-			Disabled:                  true,
-			Action:                    ActionNoPbf,
-			ActiveActiveDeviceBinding: "1",
-			Targets: map[string][]string{
-				"serial1": {"vsys1", "vsys2"},
-				"serial2": nil,
-			},
-		}},
-		{"v1 from interface discard with symmetric", version.Number{7, 1, 0, ""}, Entry{
-			Name:                         "v1",
-			Description:                  "my desc",
-			Tags:                         []string{"tag1", "tag2"},
-			FromType:                     FromTypeInterface,
-			FromValues:                   []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:              []string{"any"},
-			SourceUsers:                  []string{"user1", "user2"},
-			NegateSource:                 true,
-			DestinationAddresses:         []string{"dest1", "dest2"},
-			NegateDestination:            true,
-			Applications:                 []string{"app1", "app2"},
-			Services:                     []string{"s1", "s2"},
-			Schedule:                     "my schedule",
-			Disabled:                     true,
-			Action:                       ActionDiscard,
-			EnableEnforceSymmetricReturn: true,
-			SymmetricReturnAddresses:     []string{"10.1.1.1", "10.2.2.2"},
-			ActiveActiveDeviceBinding:    "both",
-		}},
-		{"v1 from interface to vsys no symmetric", version.Number{7, 1, 0, ""}, Entry{
-			Name:                 "v1",
-			Description:          "my desc",
-			Tags:                 []string{"tag1", "tag2"},
-			FromType:             FromTypeInterface,
-			FromValues:           []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:      []string{"any"},
-			SourceUsers:          []string{"any"},
-			DestinationAddresses: []string{"any"},
-			Applications:         []string{"app"},
-			Services:             []string{"s1", "s2"},
-			Schedule:             "my schedule",
-			Disabled:             true,
-			Action:               ActionVsysForward,
-			ForwardVsys:          "vsys2",
-		}},
-		{"v1 forward", version.Number{7, 1, 0, ""}, Entry{
-			Name:                   "v1",
-			Description:            "my desc",
-			FromType:               FromTypeInterface,
-			FromValues:             []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:        []string{"any"},
-			SourceUsers:            []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			Applications:           []string{"app"},
-			Services:               []string{"application-default"},
-			Action:                 ActionForward,
-			ForwardEgressInterface: "ethernet1/5",
-		}},
-		{"v1 forward no nexthop with monitor", version.Number{7, 1, 0, ""}, Entry{
-			Name:                               "v1",
-			Description:                        "my desc",
-			FromType:                           FromTypeInterface,
-			FromValues:                         []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:                    []string{"any"},
-			SourceUsers:                        []string{"any"},
-			DestinationAddresses:               []string{"any"},
-			Applications:                       []string{"app"},
-			Services:                           []string{"application-default"},
-			Action:                             ActionForward,
-			ForwardEgressInterface:             "ethernet1/5",
-			ForwardMonitorProfile:              "mon-prof",
-			ForwardMonitorIpAddress:            "10.5.15.155",
-			ForwardMonitorDisableIfUnreachable: true,
-		}},
-		{"v1 forward ip nexthop", version.Number{7, 1, 0, ""}, Entry{
-			Name:                   "v1",
-			Description:            "my desc",
-			FromType:               FromTypeInterface,
-			FromValues:             []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:        []string{"any"},
-			SourceUsers:            []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			Applications:           []string{"app"},
-			Services:               []string{"application-default"},
-			Action:                 ActionForward,
-			ForwardEgressInterface: "ethernet1/5",
-			ForwardNextHopType:     ForwardNextHopTypeIpAddress,
-			ForwardNextHopValue:    "10.6.16.166",
-		}},
-		{"v2 from interface nopbf no symmetric", version.Number{9, 0, 0, ""}, Entry{
-			Name:                      "v2",
-			Description:               "my desc",
-			Tags:                      []string{"tag1", "tag2"},
-			FromType:                  FromTypeInterface,
-			FromValues:                []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:           []string{"any"},
-			SourceUsers:               []string{"user1", "user2"},
-			NegateSource:              true,
-			DestinationAddresses:      []string{"dest1", "dest2"},
-			NegateDestination:         true,
-			Applications:              []string{"app1", "app2"},
-			Services:                  []string{"s1", "s2"},
-			Schedule:                  "my schedule",
-			Disabled:                  true,
-			Action:                    ActionNoPbf,
-			ActiveActiveDeviceBinding: "1",
-			Targets: map[string][]string{
-				"serial1": {"vsys1", "vsys2"},
-				"serial2": nil,
-			},
-		}},
-		{"v2 from interface discard with symmetric", version.Number{9, 0, 0, ""}, Entry{
-			Name:                         "v2",
-			Description:                  "my desc",
-			Tags:                         []string{"tag1", "tag2"},
-			FromType:                     FromTypeInterface,
-			FromValues:                   []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:              []string{"any"},
-			SourceUsers:                  []string{"user1", "user2"},
-			NegateSource:                 true,
-			DestinationAddresses:         []string{"dest1", "dest2"},
-			NegateDestination:            true,
-			Applications:                 []string{"app1", "app2"},
-			Services:                     []string{"s1", "s2"},
-			Schedule:                     "my schedule",
-			Disabled:                     true,
-			Action:                       ActionDiscard,
-			EnableEnforceSymmetricReturn: true,
-			SymmetricReturnAddresses:     []string{"10.1.1.1", "10.2.2.2"},
-			ActiveActiveDeviceBinding:    "both",
-		}},
-		{"v2 from interface to vsys no symmetric", version.Number{9, 0, 0, ""}, Entry{
-			Name:                 "v2",
-			Description:          "my desc",
-			Tags:                 []string{"tag1", "tag2"},
-			FromType:             FromTypeInterface,
-			FromValues:           []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:      []string{"any"},
-			SourceUsers:          []string{"any"},
-			DestinationAddresses: []string{"any"},
-			Applications:         []string{"app"},
-			Services:             []string{"s1", "s2"},
-			Schedule:             "my schedule",
-			Disabled:             true,
-			Action:               ActionVsysForward,
-			ForwardVsys:          "vsys2",
-		}},
-		{"v2 forward", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "v2",
-			Description:            "my desc",
-			FromType:               FromTypeInterface,
-			FromValues:             []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:        []string{"any"},
-			SourceUsers:            []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			Applications:           []string{"app"},
-			Services:               []string{"application-default"},
-			Action:                 ActionForward,
-			ForwardEgressInterface: "ethernet1/5",
-		}},
-		{"v2 forward no nexthop with monitor", version.Number{9, 0, 0, ""}, Entry{
-			Name:                               "v2",
-			Description:                        "my desc",
-			FromType:                           FromTypeInterface,
-			FromValues:                         []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:                    []string{"any"},
-			SourceUsers:                        []string{"any"},
-			DestinationAddresses:               []string{"any"},
-			Applications:                       []string{"app"},
-			Services:                           []string{"application-default"},
-			Action:                             ActionForward,
-			ForwardEgressInterface:             "ethernet1/5",
-			ForwardMonitorProfile:              "mon-prof",
-			ForwardMonitorIpAddress:            "10.5.15.155",
-			ForwardMonitorDisableIfUnreachable: true,
-		}},
-		{"v2 forward ip nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "v2",
-			Description:            "my desc",
-			FromType:               FromTypeInterface,
-			FromValues:             []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:        []string{"any"},
-			SourceUsers:            []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			Applications:           []string{"app"},
-			Services:               []string{"application-default"},
-			Action:                 ActionForward,
-			ForwardEgressInterface: "ethernet1/5",
-			ForwardNextHopType:     ForwardNextHopTypeIpAddress,
-			ForwardNextHopValue:    "10.6.16.166",
-		}},
-		{"v2 forward fqdn nexthop", version.Number{9, 0, 0, ""}, Entry{
-			Name:                   "v2",
-			Uuid:                   "aaaa-bb-ccccc",
-			GroupTag:               "myGroupTag",
-			Description:            "my desc",
-			FromType:               FromTypeInterface,
-			FromValues:             []string{"ethernet1/1", "ethernet1/2"},
-			SourceAddresses:        []string{"any"},
-			SourceUsers:            []string{"any"},
-			DestinationAddresses:   []string{"any"},
-			Applications:           []string{"app"},
-			Services:               []string{"application-default"},
-			Action:                 ActionForward,
-			ForwardEgressInterface: "ethernet1/5",
-			ForwardNextHopType:     ForwardNextHopTypeFqdn,
-			ForwardNextHopValue:    "host.example.com",
-		}},
-	}
-}
diff --git a/poli/security/const.go b/poli/security/const.go
deleted file mode 100644
index ef0d2f75..00000000
--- a/poli/security/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package security
-
-const (
-	singular = "security rule"
-	plural   = "security rules"
-)
diff --git a/poli/security/doc.go b/poli/security/doc.go
deleted file mode 100644
index c47ea093..00000000
--- a/poli/security/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package security is the client.Policies.Security namespace.
-
-Normalized object:  Entry
-*/
-package security
diff --git a/poli/security/entry.go b/poli/security/entry.go
deleted file mode 100644
index dc77f3c6..00000000
--- a/poli/security/entry.go
+++ /dev/null
@@ -1,881 +0,0 @@
-package security
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a security
-// rule.
-//
-// Targets is a map where the key is the serial number of the target device and
-// the value is a list of specific vsys on that device.  The list of vsys is
-// nil if all vsys on that device should be included or if the device is a
-// virtual firewall (and thus only has vsys1).
-type Entry struct {
-	Name                            string
-	Type                            string
-	Description                     string
-	Tags                            []string // ordered
-	SourceZones                     []string // unordered
-	SourceAddresses                 []string // unordered
-	NegateSource                    bool
-	SourceUsers                     []string // unordered
-	HipProfiles                     []string // unordered
-	DestinationZones                []string // unordered
-	DestinationAddresses            []string // unordered
-	NegateDestination               bool
-	Applications                    []string // unordered
-	Services                        []string // unordered
-	Categories                      []string // unordered
-	Action                          string
-	LogSetting                      string
-	LogStart                        bool
-	LogEnd                          bool
-	Disabled                        bool
-	Schedule                        string
-	IcmpUnreachable                 bool
-	DisableServerResponseInspection bool
-	Group                           string
-	Targets                         map[string][]string
-	NegateTarget                    bool
-	Virus                           string
-	Spyware                         string
-	Vulnerability                   string
-	UrlFiltering                    string
-	FileBlocking                    string
-	WildFireAnalysis                string
-	DataFiltering                   string
-	GroupTag                        string   // PAN-OS 9.0+
-	Uuid                            string   // PAN-OS 9.0+
-	SourceDevices                   []string // PAN-OS 10.0+
-	DestinationDevices              []string // PAN-OS 10.0+
-}
-
-// Defaults sets params with uninitialized values to their GUI default setting.
-//
-// The defaults are as follows:
-//   - Type: "universal"
-//   - SourceZones: ["any"]
-//   - SourceAddresses: ["any"]
-//   - SourceUsers: ["any"]
-//   - DestinationZones: ["any"]
-//   - DestinationAddresses: ["any"]
-//   - Applications: ["any"]
-//   - Services: ["application-default"]
-//   - Categories: ["any"]
-//   - Action: "allow"
-//   - LogEnd: true
-func (o *Entry) Defaults() {
-	if o.Type == "" {
-		o.Type = "universal"
-	}
-
-	if len(o.SourceZones) == 0 {
-		o.SourceZones = []string{"any"}
-	}
-
-	if len(o.DestinationZones) == 0 {
-		o.DestinationZones = []string{"any"}
-	}
-
-	if len(o.SourceAddresses) == 0 {
-		o.SourceAddresses = []string{"any"}
-	}
-
-	if len(o.SourceUsers) == 0 {
-		o.SourceUsers = []string{"any"}
-	}
-
-	if len(o.DestinationAddresses) == 0 {
-		o.DestinationAddresses = []string{"any"}
-	}
-
-	if len(o.Applications) == 0 {
-		o.Applications = []string{"any"}
-	}
-
-	if len(o.Services) == 0 {
-		o.Services = []string{"application-default"}
-	}
-
-	if len(o.Categories) == 0 {
-		o.Categories = []string{"any"}
-	}
-
-	if o.Action == "" {
-		o.Action = "allow"
-	}
-
-	if !o.LogEnd {
-		o.LogEnd = true
-	}
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name and Uuid fields relate to the identify of this object, they are not copied.
-func (o *Entry) Copy(s Entry) {
-	o.Type = s.Type
-	o.Description = s.Description
-	o.Tags = util.CopyStringSlice(s.Tags)
-	o.SourceZones = util.CopyStringSlice(s.SourceZones)
-	o.SourceAddresses = util.CopyStringSlice(s.SourceAddresses)
-	o.NegateSource = s.NegateSource
-	o.SourceUsers = util.CopyStringSlice(s.SourceUsers)
-	o.HipProfiles = util.CopyStringSlice(s.HipProfiles)
-	o.DestinationZones = util.CopyStringSlice(s.DestinationZones)
-	o.DestinationAddresses = util.CopyStringSlice(s.DestinationAddresses)
-	o.NegateDestination = s.NegateDestination
-	o.Applications = util.CopyStringSlice(s.Applications)
-	o.Services = util.CopyStringSlice(s.Services)
-	o.Categories = util.CopyStringSlice(s.Categories)
-	o.Action = s.Action
-	o.LogSetting = s.LogSetting
-	o.LogStart = s.LogStart
-	o.LogEnd = s.LogEnd
-	o.Disabled = s.Disabled
-	o.Schedule = s.Schedule
-	o.IcmpUnreachable = s.IcmpUnreachable
-	o.DisableServerResponseInspection = s.DisableServerResponseInspection
-	o.Group = s.Group
-	o.Targets = util.CopyTargets(s.Targets)
-	o.NegateTarget = s.NegateTarget
-	o.Virus = s.Virus
-	o.Spyware = s.Spyware
-	o.Vulnerability = s.Vulnerability
-	o.UrlFiltering = s.UrlFiltering
-	o.FileBlocking = s.FileBlocking
-	o.WildFireAnalysis = s.WildFireAnalysis
-	o.DataFiltering = s.DataFiltering
-	o.GroupTag = s.GroupTag
-	o.SourceDevices = util.CopyStringSlice(s.SourceDevices)
-	o.DestinationDevices = util.CopyStringSlice(s.DestinationDevices)
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Type:                 o.Type,
-		Description:          o.Description,
-		Tags:                 util.MemToStr(o.Tags),
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		HipProfiles:          util.MemToStr(o.HipProfiles),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Applications:         util.MemToStr(o.Applications),
-		Services:             util.MemToStr(o.Services),
-		Categories:           util.MemToStr(o.Categories),
-		Action:               o.Action,
-		LogSetting:           o.LogSetting,
-		LogStart:             util.AsBool(o.LogStart),
-		LogEnd:               util.AsBool(o.LogEnd),
-		Disabled:             util.AsBool(o.Disabled),
-		Schedule:             o.Schedule,
-		IcmpUnreachable:      util.AsBool(o.IcmpUnreachable),
-	}
-	if o.Options != nil {
-		ans.DisableServerResponseInspection = util.AsBool(o.Options.DisableServerResponseInspection)
-	}
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-	if o.ProfileSettings != nil {
-		ans.Group = util.MemToOneStr(o.ProfileSettings.Group)
-		if o.ProfileSettings.Profiles != nil {
-			ans.Virus = util.MemToOneStr(o.ProfileSettings.Profiles.Virus)
-			ans.Spyware = util.MemToOneStr(o.ProfileSettings.Profiles.Spyware)
-			ans.Vulnerability = util.MemToOneStr(o.ProfileSettings.Profiles.Vulnerability)
-			ans.UrlFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.UrlFiltering)
-			ans.FileBlocking = util.MemToOneStr(o.ProfileSettings.Profiles.FileBlocking)
-			ans.WildFireAnalysis = util.MemToOneStr(o.ProfileSettings.Profiles.WildFireAnalysis)
-			ans.DataFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.DataFiltering)
-		}
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Type                 string           `xml:"rule-type,omitempty"`
-	Description          string           `xml:"description,omitempty"`
-	Tags                 *util.MemberType `xml:"tag"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	HipProfiles          *util.MemberType `xml:"hip-profiles"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Applications         *util.MemberType `xml:"application"`
-	Services             *util.MemberType `xml:"service"`
-	Categories           *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	LogSetting           string           `xml:"log-setting,omitempty"`
-	LogStart             string           `xml:"log-start"`
-	LogEnd               string           `xml:"log-end"`
-	Disabled             string           `xml:"disabled"`
-	Schedule             string           `xml:"schedule,omitempty"`
-	IcmpUnreachable      string           `xml:"icmp-unreachable"`
-	Options              *secOptions      `xml:"option"`
-	TargetInfo           *targetInfo      `xml:"target"`
-	ProfileSettings      *profileSettings `xml:"profile-setting"`
-}
-
-func (e *entry_v1) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v1
-	ans := local{
-		LogEnd: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v1(ans)
-	return nil
-}
-
-type secOptions struct {
-	DisableServerResponseInspection string `xml:"disable-server-response-inspection,omitempty"`
-}
-
-type targetInfo struct {
-	Targets      *util.VsysEntryType `xml:"devices"`
-	NegateTarget string              `xml:"negate,omitempty"`
-}
-
-type profileSettings struct {
-	Group    *util.MemberType        `xml:"group"`
-	Profiles *profileSettingsProfile `xml:"profiles"`
-}
-
-type profileSettingsProfile struct {
-	Virus            *util.MemberType `xml:"virus"`
-	Spyware          *util.MemberType `xml:"spyware"`
-	Vulnerability    *util.MemberType `xml:"vulnerability"`
-	UrlFiltering     *util.MemberType `xml:"url-filtering"`
-	FileBlocking     *util.MemberType `xml:"file-blocking"`
-	WildFireAnalysis *util.MemberType `xml:"wildfire-analysis"`
-	DataFiltering    *util.MemberType `xml:"data-filtering"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:                 e.Name,
-		Type:                 e.Type,
-		Description:          e.Description,
-		Tags:                 util.StrToMem(e.Tags),
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		HipProfiles:          util.StrToMem(e.HipProfiles),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Applications:         util.StrToMem(e.Applications),
-		Services:             util.StrToMem(e.Services),
-		Categories:           util.StrToMem(e.Categories),
-		Action:               e.Action,
-		LogSetting:           e.LogSetting,
-		LogStart:             util.YesNo(e.LogStart),
-		LogEnd:               util.YesNo(e.LogEnd),
-		Disabled:             util.YesNo(e.Disabled),
-		Schedule:             e.Schedule,
-		IcmpUnreachable:      util.YesNo(e.IcmpUnreachable),
-		Options:              &secOptions{util.YesNo(e.DisableServerResponseInspection)},
-	}
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-	gs := e.Virus != "" || e.Spyware != "" || e.Vulnerability != "" || e.UrlFiltering != "" || e.FileBlocking != "" || e.WildFireAnalysis != "" || e.DataFiltering != ""
-	if e.Group != "" || gs {
-		ps := &profileSettings{
-			Group: util.OneStrToMem(e.Group),
-		}
-		if gs {
-			ps.Profiles = &profileSettingsProfile{
-				util.OneStrToMem(e.Virus),
-				util.OneStrToMem(e.Spyware),
-				util.OneStrToMem(e.Vulnerability),
-				util.OneStrToMem(e.UrlFiltering),
-				util.OneStrToMem(e.FileBlocking),
-				util.OneStrToMem(e.WildFireAnalysis),
-				util.OneStrToMem(e.DataFiltering),
-			}
-		}
-		ans.ProfileSettings = ps
-	}
-
-	return ans
-}
-
-// PAN-OS 9.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Uuid:                 o.Uuid,
-		Type:                 o.Type,
-		Description:          o.Description,
-		Tags:                 util.MemToStr(o.Tags),
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		HipProfiles:          util.MemToStr(o.HipProfiles),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Applications:         util.MemToStr(o.Applications),
-		Services:             util.MemToStr(o.Services),
-		Categories:           util.MemToStr(o.Categories),
-		Action:               o.Action,
-		LogSetting:           o.LogSetting,
-		LogStart:             util.AsBool(o.LogStart),
-		LogEnd:               util.AsBool(o.LogEnd),
-		Disabled:             util.AsBool(o.Disabled),
-		Schedule:             o.Schedule,
-		IcmpUnreachable:      util.AsBool(o.IcmpUnreachable),
-		GroupTag:             o.GroupTag,
-	}
-	if o.Options != nil {
-		ans.DisableServerResponseInspection = util.AsBool(o.Options.DisableServerResponseInspection)
-	}
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-	if o.ProfileSettings != nil {
-		ans.Group = util.MemToOneStr(o.ProfileSettings.Group)
-		if o.ProfileSettings.Profiles != nil {
-			ans.Virus = util.MemToOneStr(o.ProfileSettings.Profiles.Virus)
-			ans.Spyware = util.MemToOneStr(o.ProfileSettings.Profiles.Spyware)
-			ans.Vulnerability = util.MemToOneStr(o.ProfileSettings.Profiles.Vulnerability)
-			ans.UrlFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.UrlFiltering)
-			ans.FileBlocking = util.MemToOneStr(o.ProfileSettings.Profiles.FileBlocking)
-			ans.WildFireAnalysis = util.MemToOneStr(o.ProfileSettings.Profiles.WildFireAnalysis)
-			ans.DataFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.DataFiltering)
-		}
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Uuid                 string           `xml:"uuid,attr,omitempty"`
-	Type                 string           `xml:"rule-type,omitempty"`
-	Description          string           `xml:"description,omitempty"`
-	Tags                 *util.MemberType `xml:"tag"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	HipProfiles          *util.MemberType `xml:"hip-profiles"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Applications         *util.MemberType `xml:"application"`
-	Services             *util.MemberType `xml:"service"`
-	Categories           *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	LogSetting           string           `xml:"log-setting,omitempty"`
-	LogStart             string           `xml:"log-start"`
-	LogEnd               string           `xml:"log-end"`
-	Disabled             string           `xml:"disabled"`
-	Schedule             string           `xml:"schedule,omitempty"`
-	IcmpUnreachable      string           `xml:"icmp-unreachable"`
-	Options              *secOptions      `xml:"option"`
-	TargetInfo           *targetInfo      `xml:"target"`
-	ProfileSettings      *profileSettings `xml:"profile-setting"`
-	GroupTag             string           `xml:"group-tag,omitempty"`
-}
-
-func (e *entry_v2) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v2
-	ans := local{
-		LogEnd: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v2(ans)
-	return nil
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name:                 e.Name,
-		Uuid:                 e.Uuid,
-		Type:                 e.Type,
-		Description:          e.Description,
-		Tags:                 util.StrToMem(e.Tags),
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		HipProfiles:          util.StrToMem(e.HipProfiles),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Applications:         util.StrToMem(e.Applications),
-		Services:             util.StrToMem(e.Services),
-		Categories:           util.StrToMem(e.Categories),
-		Action:               e.Action,
-		LogSetting:           e.LogSetting,
-		LogStart:             util.YesNo(e.LogStart),
-		LogEnd:               util.YesNo(e.LogEnd),
-		Disabled:             util.YesNo(e.Disabled),
-		Schedule:             e.Schedule,
-		IcmpUnreachable:      util.YesNo(e.IcmpUnreachable),
-		Options:              &secOptions{util.YesNo(e.DisableServerResponseInspection)},
-		GroupTag:             e.GroupTag,
-	}
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-	gs := e.Virus != "" || e.Spyware != "" || e.Vulnerability != "" || e.UrlFiltering != "" || e.FileBlocking != "" || e.WildFireAnalysis != "" || e.DataFiltering != ""
-	if e.Group != "" || gs {
-		ps := &profileSettings{
-			Group: util.OneStrToMem(e.Group),
-		}
-		if gs {
-			ps.Profiles = &profileSettingsProfile{
-				util.OneStrToMem(e.Virus),
-				util.OneStrToMem(e.Spyware),
-				util.OneStrToMem(e.Vulnerability),
-				util.OneStrToMem(e.UrlFiltering),
-				util.OneStrToMem(e.FileBlocking),
-				util.OneStrToMem(e.WildFireAnalysis),
-				util.OneStrToMem(e.DataFiltering),
-			}
-		}
-		ans.ProfileSettings = ps
-	}
-
-	return ans
-}
-
-// PAN-OS 10.0
-type container_v3 struct {
-	Answer []entry_v3 `xml:"entry"`
-}
-
-func (o *container_v3) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v3) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v3) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Uuid:                 o.Uuid,
-		Type:                 o.Type,
-		Description:          o.Description,
-		Tags:                 util.MemToStr(o.Tags),
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		HipProfiles:          util.MemToStr(o.HipProfiles),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Applications:         util.MemToStr(o.Applications),
-		Services:             util.MemToStr(o.Services),
-		Categories:           util.MemToStr(o.Categories),
-		Action:               o.Action,
-		LogSetting:           o.LogSetting,
-		LogStart:             util.AsBool(o.LogStart),
-		LogEnd:               util.AsBool(o.LogEnd),
-		Disabled:             util.AsBool(o.Disabled),
-		Schedule:             o.Schedule,
-		IcmpUnreachable:      util.AsBool(o.IcmpUnreachable),
-		GroupTag:             o.GroupTag,
-		SourceDevices:        util.MemToStr(o.SourceDevices),
-		DestinationDevices:   util.MemToStr(o.DestinationDevices),
-	}
-	if o.Options != nil {
-		ans.DisableServerResponseInspection = util.AsBool(o.Options.DisableServerResponseInspection)
-	}
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-	if o.ProfileSettings != nil {
-		ans.Group = util.MemToOneStr(o.ProfileSettings.Group)
-		if o.ProfileSettings.Profiles != nil {
-			ans.Virus = util.MemToOneStr(o.ProfileSettings.Profiles.Virus)
-			ans.Spyware = util.MemToOneStr(o.ProfileSettings.Profiles.Spyware)
-			ans.Vulnerability = util.MemToOneStr(o.ProfileSettings.Profiles.Vulnerability)
-			ans.UrlFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.UrlFiltering)
-			ans.FileBlocking = util.MemToOneStr(o.ProfileSettings.Profiles.FileBlocking)
-			ans.WildFireAnalysis = util.MemToOneStr(o.ProfileSettings.Profiles.WildFireAnalysis)
-			ans.DataFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.DataFiltering)
-		}
-	}
-
-	return ans
-}
-
-type entry_v3 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Uuid                 string           `xml:"uuid,attr,omitempty"`
-	Type                 string           `xml:"rule-type,omitempty"`
-	Description          string           `xml:"description,omitempty"`
-	Tags                 *util.MemberType `xml:"tag"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	HipProfiles          *util.MemberType `xml:"hip-profiles"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Applications         *util.MemberType `xml:"application"`
-	Services             *util.MemberType `xml:"service"`
-	Categories           *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	LogSetting           string           `xml:"log-setting,omitempty"`
-	LogStart             string           `xml:"log-start"`
-	LogEnd               string           `xml:"log-end"`
-	Disabled             string           `xml:"disabled"`
-	Schedule             string           `xml:"schedule,omitempty"`
-	IcmpUnreachable      string           `xml:"icmp-unreachable"`
-	Options              *secOptions      `xml:"option"`
-	TargetInfo           *targetInfo      `xml:"target"`
-	ProfileSettings      *profileSettings `xml:"profile-setting"`
-	GroupTag             string           `xml:"group-tag,omitempty"`
-	SourceDevices        *util.MemberType `xml:"source-hip"`
-	DestinationDevices   *util.MemberType `xml:"destination-hip"`
-}
-
-func (e *entry_v3) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v3
-	ans := local{
-		LogEnd: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v3(ans)
-	return nil
-}
-
-func specify_v3(e Entry) interface{} {
-	ans := entry_v3{
-		Name:                 e.Name,
-		Uuid:                 e.Uuid,
-		Type:                 e.Type,
-		Description:          e.Description,
-		Tags:                 util.StrToMem(e.Tags),
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		HipProfiles:          util.StrToMem(e.HipProfiles),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Applications:         util.StrToMem(e.Applications),
-		Services:             util.StrToMem(e.Services),
-		Categories:           util.StrToMem(e.Categories),
-		Action:               e.Action,
-		LogSetting:           e.LogSetting,
-		LogStart:             util.YesNo(e.LogStart),
-		LogEnd:               util.YesNo(e.LogEnd),
-		Disabled:             util.YesNo(e.Disabled),
-		Schedule:             e.Schedule,
-		IcmpUnreachable:      util.YesNo(e.IcmpUnreachable),
-		Options:              &secOptions{util.YesNo(e.DisableServerResponseInspection)},
-		GroupTag:             e.GroupTag,
-		SourceDevices:        util.StrToMem(e.SourceDevices),
-		DestinationDevices:   util.StrToMem(e.DestinationDevices),
-	}
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-	gs := e.Virus != "" || e.Spyware != "" || e.Vulnerability != "" || e.UrlFiltering != "" || e.FileBlocking != "" || e.WildFireAnalysis != "" || e.DataFiltering != ""
-	if e.Group != "" || gs {
-		ps := &profileSettings{
-			Group: util.OneStrToMem(e.Group),
-		}
-		if gs {
-			ps.Profiles = &profileSettingsProfile{
-				util.OneStrToMem(e.Virus),
-				util.OneStrToMem(e.Spyware),
-				util.OneStrToMem(e.Vulnerability),
-				util.OneStrToMem(e.UrlFiltering),
-				util.OneStrToMem(e.FileBlocking),
-				util.OneStrToMem(e.WildFireAnalysis),
-				util.OneStrToMem(e.DataFiltering),
-			}
-		}
-		ans.ProfileSettings = ps
-	}
-
-	return ans
-}
-
-// PAN-OS 10.1.5
-type container_v4 struct {
-	Answer []entry_v4 `xml:"entry"`
-}
-
-func (o *container_v4) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v4) Normalize() []Entry {
-	arr := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		arr = append(arr, o.Answer[i].normalize())
-	}
-	return arr
-}
-
-func (o *entry_v4) normalize() Entry {
-	ans := Entry{
-		Name:                 o.Name,
-		Uuid:                 o.Uuid,
-		Type:                 o.Type,
-		Description:          o.Description,
-		Tags:                 util.MemToStr(o.Tags),
-		SourceZones:          util.MemToStr(o.SourceZones),
-		DestinationZones:     util.MemToStr(o.DestinationZones),
-		SourceAddresses:      util.MemToStr(o.SourceAddresses),
-		NegateSource:         util.AsBool(o.NegateSource),
-		SourceUsers:          util.MemToStr(o.SourceUsers),
-		DestinationAddresses: util.MemToStr(o.DestinationAddresses),
-		NegateDestination:    util.AsBool(o.NegateDestination),
-		Applications:         util.MemToStr(o.Applications),
-		Services:             util.MemToStr(o.Services),
-		Categories:           util.MemToStr(o.Categories),
-		Action:               o.Action,
-		LogSetting:           o.LogSetting,
-		LogStart:             util.AsBool(o.LogStart),
-		LogEnd:               util.AsBool(o.LogEnd),
-		Disabled:             util.AsBool(o.Disabled),
-		Schedule:             o.Schedule,
-		IcmpUnreachable:      util.AsBool(o.IcmpUnreachable),
-		GroupTag:             o.GroupTag,
-		SourceDevices:        util.MemToStr(o.SourceDevices),
-		DestinationDevices:   util.MemToStr(o.DestinationDevices),
-	}
-	if o.Options != nil {
-		ans.DisableServerResponseInspection = util.AsBool(o.Options.DisableServerResponseInspection)
-	}
-	if o.TargetInfo != nil {
-		ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget)
-		ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets)
-	}
-	if o.ProfileSettings != nil {
-		ans.Group = util.MemToOneStr(o.ProfileSettings.Group)
-		if o.ProfileSettings.Profiles != nil {
-			ans.Virus = util.MemToOneStr(o.ProfileSettings.Profiles.Virus)
-			ans.Spyware = util.MemToOneStr(o.ProfileSettings.Profiles.Spyware)
-			ans.Vulnerability = util.MemToOneStr(o.ProfileSettings.Profiles.Vulnerability)
-			ans.UrlFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.UrlFiltering)
-			ans.FileBlocking = util.MemToOneStr(o.ProfileSettings.Profiles.FileBlocking)
-			ans.WildFireAnalysis = util.MemToOneStr(o.ProfileSettings.Profiles.WildFireAnalysis)
-			ans.DataFiltering = util.MemToOneStr(o.ProfileSettings.Profiles.DataFiltering)
-		}
-	}
-
-	return ans
-}
-
-type entry_v4 struct {
-	XMLName              xml.Name         `xml:"entry"`
-	Name                 string           `xml:"name,attr"`
-	Uuid                 string           `xml:"uuid,attr,omitempty"`
-	Type                 string           `xml:"rule-type,omitempty"`
-	Description          string           `xml:"description,omitempty"`
-	Tags                 *util.MemberType `xml:"tag"`
-	SourceZones          *util.MemberType `xml:"from"`
-	DestinationZones     *util.MemberType `xml:"to"`
-	SourceAddresses      *util.MemberType `xml:"source"`
-	NegateSource         string           `xml:"negate-source"`
-	SourceUsers          *util.MemberType `xml:"source-user"`
-	DestinationAddresses *util.MemberType `xml:"destination"`
-	NegateDestination    string           `xml:"negate-destination"`
-	Applications         *util.MemberType `xml:"application"`
-	Services             *util.MemberType `xml:"service"`
-	Categories           *util.MemberType `xml:"category"`
-	Action               string           `xml:"action"`
-	LogSetting           string           `xml:"log-setting,omitempty"`
-	LogStart             string           `xml:"log-start"`
-	LogEnd               string           `xml:"log-end"`
-	Disabled             string           `xml:"disabled"`
-	Schedule             string           `xml:"schedule,omitempty"`
-	IcmpUnreachable      string           `xml:"icmp-unreachable"`
-	Options              *secOptions      `xml:"option"`
-	TargetInfo           *targetInfo      `xml:"target"`
-	ProfileSettings      *profileSettings `xml:"profile-setting"`
-	GroupTag             string           `xml:"group-tag,omitempty"`
-	SourceDevices        *util.MemberType `xml:"source-hip"`
-	DestinationDevices   *util.MemberType `xml:"destination-hip"`
-}
-
-func (e *entry_v4) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-	type local entry_v4
-	ans := local{
-		LogEnd: util.YesNo(true),
-	}
-	if err := d.DecodeElement(&ans, &start); err != nil {
-		return err
-	}
-	*e = entry_v4(ans)
-	return nil
-}
-
-func specify_v4(e Entry) interface{} {
-	ans := entry_v4{
-		Name:                 e.Name,
-		Uuid:                 e.Uuid,
-		Type:                 e.Type,
-		Description:          e.Description,
-		Tags:                 util.StrToMem(e.Tags),
-		SourceZones:          util.StrToMem(e.SourceZones),
-		DestinationZones:     util.StrToMem(e.DestinationZones),
-		SourceAddresses:      util.StrToMem(e.SourceAddresses),
-		NegateSource:         util.YesNo(e.NegateSource),
-		SourceUsers:          util.StrToMem(e.SourceUsers),
-		DestinationAddresses: util.StrToMem(e.DestinationAddresses),
-		NegateDestination:    util.YesNo(e.NegateDestination),
-		Applications:         util.StrToMem(e.Applications),
-		Services:             util.StrToMem(e.Services),
-		Categories:           util.StrToMem(e.Categories),
-		Action:               e.Action,
-		LogSetting:           e.LogSetting,
-		LogStart:             util.YesNo(e.LogStart),
-		LogEnd:               util.YesNo(e.LogEnd),
-		Disabled:             util.YesNo(e.Disabled),
-		Schedule:             e.Schedule,
-		IcmpUnreachable:      util.YesNo(e.IcmpUnreachable),
-		Options:              &secOptions{util.YesNo(e.DisableServerResponseInspection)},
-		GroupTag:             e.GroupTag,
-		SourceDevices:        util.StrToMem(e.SourceDevices),
-		DestinationDevices:   util.StrToMem(e.DestinationDevices),
-	}
-	if e.Targets != nil || e.NegateTarget {
-		nfo := &targetInfo{
-			Targets:      util.MapToVsysEnt(e.Targets),
-			NegateTarget: util.YesNo(e.NegateTarget),
-		}
-		ans.TargetInfo = nfo
-	}
-	gs := e.Virus != "" || e.Spyware != "" || e.Vulnerability != "" || e.UrlFiltering != "" || e.FileBlocking != "" || e.WildFireAnalysis != "" || e.DataFiltering != ""
-	if e.Group != "" || gs {
-		ps := &profileSettings{
-			Group: util.OneStrToMem(e.Group),
-		}
-		if gs {
-			ps.Profiles = &profileSettingsProfile{
-				util.OneStrToMem(e.Virus),
-				util.OneStrToMem(e.Spyware),
-				util.OneStrToMem(e.Vulnerability),
-				util.OneStrToMem(e.UrlFiltering),
-				util.OneStrToMem(e.FileBlocking),
-				util.OneStrToMem(e.WildFireAnalysis),
-				util.OneStrToMem(e.DataFiltering),
-			}
-		}
-		ans.ProfileSettings = ps
-	}
-
-	return ans
-}
diff --git a/poli/security/funcs.go b/poli/security/funcs.go
deleted file mode 100644
index 0ad8cf9c..00000000
--- a/poli/security/funcs.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package security
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 1, 5, ""}) {
-		return &container_v4{}, specify_v4
-	} else if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v3{}, specify_v3
-	} else if v.Gte(version.Number{9, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Policy{
-			Standard: namespace.Standard{
-				Common: namespace.Common{
-					Singular: singular,
-					Plural:   plural,
-					Client:   client,
-				},
-			},
-		},
-	}
-}
-
-func RulesMatch(a, b Entry) bool {
-	return a.Name == b.Name &&
-		a.Type == b.Type &&
-		a.Description == b.Description &&
-		util.OrderedListsMatch(a.Tags, b.Tags) &&
-		util.UnorderedListsMatch(a.SourceZones, b.SourceZones) &&
-		util.UnorderedListsMatch(a.SourceAddresses, b.SourceAddresses) &&
-		a.NegateSource == b.NegateSource &&
-		util.UnorderedListsMatch(a.SourceUsers, b.SourceUsers) &&
-		util.UnorderedListsMatch(a.HipProfiles, b.HipProfiles) &&
-		util.UnorderedListsMatch(a.DestinationZones, b.DestinationZones) &&
-		util.UnorderedListsMatch(a.DestinationAddresses, b.DestinationAddresses) &&
-		a.NegateDestination == b.NegateDestination &&
-		util.UnorderedListsMatch(a.Applications, b.Applications) &&
-		util.UnorderedListsMatch(a.Services, b.Services) &&
-		util.UnorderedListsMatch(a.Categories, b.Categories) &&
-		a.Action == b.Action &&
-		a.LogSetting == b.LogSetting &&
-		a.LogStart == b.LogStart &&
-		a.LogEnd == b.LogEnd &&
-		a.Disabled == b.Disabled &&
-		a.Schedule == b.Schedule &&
-		a.IcmpUnreachable == b.IcmpUnreachable &&
-		a.DisableServerResponseInspection == b.DisableServerResponseInspection &&
-		a.Group == b.Group &&
-		util.TargetsMatch(a.Targets, b.Targets) &&
-		a.NegateTarget == b.NegateTarget &&
-		a.Virus == b.Virus &&
-		a.Spyware == b.Spyware &&
-		a.Vulnerability == b.Vulnerability &&
-		a.UrlFiltering == b.UrlFiltering &&
-		a.FileBlocking == b.FileBlocking &&
-		a.WildFireAnalysis == b.WildFireAnalysis &&
-		a.DataFiltering == b.DataFiltering &&
-		// Don't compare UUID.
-		a.GroupTag == b.GroupTag &&
-		util.UnorderedListsMatch(a.SourceDevices, b.SourceDevices) &&
-		util.UnorderedListsMatch(a.DestinationDevices, b.DestinationDevices)
-}
diff --git a/poli/security/fw.go b/poli/security/fw.go
deleted file mode 100644
index 64d0981b..00000000
--- a/poli/security/fw.go
+++ /dev/null
@@ -1,393 +0,0 @@
-package security
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Policies.PolicyBasedForwarding namespace.
-type Firewall struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(vsys), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(vsys string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(vsys), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(vsys)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(vsys, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(vsys, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(vsys, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(vsys, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(vsys, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(vsys, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(vsys), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(vsys), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(vsys string, e ...Entry) error {
-	err := c.ns.Set(c.pather(vsys), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(vsys, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(vsys, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// VerifiableSet behaves like Set(), except policies with LogEnd as true
-// will first be created with LogEnd as false, and then a second Set() is
-// performed which will do LogEnd as true.
-//
-// NOTE:  Custom XML unmarshaling is now implemented, making this function
-// unnecessary.
-//
-// This is due to the unique
-// combination of being a boolean value that is true by default, the XML
-// returned from querying the rule details will omit the LogEnd setting,
-// which will be interpreted as false, when in fact it is true.  We can
-// get around this by setting the value to a non-standard value, then back
-// again, in which case it will properly show up in the returned XML.
-func (c *Firewall) VerifiableSet(vsys string, e ...Entry) error {
-	c.ns.Client.LogAction("(set) performing verifiable set")
-	again := make([]Entry, 0, len(e))
-
-	for i := range e {
-		if e[i].LogEnd {
-			again = append(again, e[i])
-			e[i].LogEnd = false
-		}
-	}
-
-	if err := c.Set(vsys, e...); err != nil {
-		return err
-	}
-
-	if len(again) == 0 {
-		return nil
-	}
-
-	return c.Set(vsys, again...)
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Firewall) Edit(vsys string, e Entry) error {
-	return c.ns.Edit(c.pather(vsys), e)
-}
-
-// VerifiableEdit behaves like Edit(), except policies with LogEnd as true
-// will first be created with LogEnd as false, and then a second Set() is
-// performed which will do LogEnd as true.
-//
-// NOTE:  Custom XML unmarshaling is now implemented, making this function
-// unnecessary.
-//
-// This is due to the unique
-// combination of being a boolean value that is true by default, the XML
-// returned from querying the rule details will omit the LogEnd setting,
-// which will be interpreted as false, when in fact it is true.  We can
-// get around this by setting the value to a non-standard value, then back
-// again, in which case it will properly show up in the returned XML.
-func (c *Firewall) VerifiableEdit(vsys string, e ...Entry) error {
-	var err error
-
-	c.ns.Client.LogAction("(edit) performing verifiable edit")
-	again := make([]Entry, 0, len(e))
-
-	for i := range e {
-		if e[i].LogEnd {
-			again = append(again, e[i])
-			e[i].LogEnd = false
-		}
-		if err = c.Edit(vsys, e[i]); err != nil {
-			return err
-		}
-	}
-
-	if len(again) == 0 {
-		return nil
-	}
-
-	// It's ok to do a SET following an EDIT because we are guaranteed
-	// to not have stray or conflicting config, so use SET since it
-	// supports bulk operations.
-	return c.Set(vsys, again...)
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(vsys string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(vsys), names, nErr)
-}
-
-// DeleteAll removes all security policies from the specified vsys.
-func (c *Firewall) DeleteAll(vsys string) error {
-	c.ns.Client.LogAction("(delete) all security policies")
-	list, err := c.GetList(vsys)
-	if err != nil || len(list) == 0 {
-		return err
-	}
-	li := make([]interface{}, len(list))
-	for i := range list {
-		li[i] = list[i]
-	}
-	return c.Delete(vsys, li...)
-}
-
-// MoveGroup moves a logical group of security rules somewhere in relation
-// to another security policy.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(vsys)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(vsys), lister, movement, rule, names)
-}
-
-// HitCount gets the rule hit count for the given rules.
-//
-// If the rules param is nil, then the hit count for all rules is returned.
-func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error) {
-	return c.ns.HitCount("security", vsys, rules)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Firewall) SetAuditComment(vsys, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(vsys), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(vsys), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(vsys), rule, direction, nlogs, skip)
-}
-
-func (c *Firewall) pather(vsys string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(vsys, v)
-	}
-}
-
-func (c *Firewall) xpath(vsys string, vals []string) ([]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	} else if vsys == "shared" {
-		return nil, fmt.Errorf("vsys must be specified")
-	}
-
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-		util.AsEntryXpath([]string{vsys}),
-		"rulebase",
-		"security",
-		"rules",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/security/fw_test.go b/poli/security/fw_test.go
deleted file mode 100644
index 6a672f14..00000000
--- a/poli/security/fw_test.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package security
-
-import (
-	"fmt"
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestLogEndMissingIsTrue(t *testing.T) {
-	versions := []version.Number{
-		{6, 1, 0, ""},
-		{9, 0, 0, ""},
-		{10, 0, 0, ""},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	mc.AddResp(`
-<entry name="foo">
-    <description>Hello world</description>
-</entry>
-`)
-	for _, v := range versions {
-		t.Run(fmt.Sprintf("version %s", v), func(t *testing.T) {
-			mc.Version = v
-			r, err := ns.Get("vsys1", "foo")
-			if err != nil {
-				t.Errorf("Error in get: %s", err)
-			} else if r.Description != "Hello world" {
-				t.Errorf("Description is wrong: %s", r.Description)
-			} else if !r.LogEnd {
-				t.Errorf("LogEnd is not enabled")
-			}
-		})
-	}
-}
-
-func TestHipProfilesIsAbsent(t *testing.T) {
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	mc.Version = version.Number{10, 1, 5, ""}
-	mc.AddResp("")
-
-	elm := Entry{
-		Name:                 "rule1",
-		Type:                 "universal",
-		SourceZones:          []string{"sz1", "sz2"},
-		SourceAddresses:      []string{"sa1", "sa2"},
-		SourceUsers:          []string{"su1", "su2"},
-		DestinationZones:     []string{"dz1", "dz2"},
-		HipProfiles:          []string{"hip1", "hip2"},
-		DestinationAddresses: []string{"da1", "da2"},
-		Applications:         []string{"app1"},
-		Services:             []string{"s2", "s1"},
-		Categories:           []string{"cat1"},
-		Action:               "allow",
-		LogEnd:               true,
-		SourceDevices:        []string{"src2", "src1"},
-		DestinationDevices:   []string{"dstDev"},
-	}
-
-	err := ns.Set("vsys1", elm)
-	if err != nil {
-		t.Fatalf("Failed set: %s", err)
-	}
-	mc.AddResp(mc.Elm)
-	r, err := ns.Get("vsys1", elm.Name)
-	if err != nil {
-		t.Fatalf("Failed get: %s", err)
-	}
-	if len(r.HipProfiles) != 0 {
-		t.Fatalf("HipProfiles has data and shouldn't")
-	}
-}
diff --git a/poli/security/pano.go b/poli/security/pano.go
deleted file mode 100644
index 1424bb39..00000000
--- a/poli/security/pano.go
+++ /dev/null
@@ -1,388 +0,0 @@
-package security
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/audit"
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Policies.Security namespace.
-//
-// The "dg" param in these functions is the device group.
-//
-// The "base" param in these functions should be one of the rulebase
-// constants in the "util" package.
-type Panorama struct {
-	ns *namespace.Policy
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(dg, base), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(dg, base string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(dg, base), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve information for all objects.
-func (c *Panorama) GetAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-/*
-ConfigureRules configures the given rules on PAN-OS.
-
-It does a mass SET if it can, but will EDIT any rules that are present but
-differ from what is given.
-
-Audit comments are applied only for rules which are either SET or EDIT'ed.
-
-If isPolicy is true, then any rules not explicitly present in the rules param will
-be deleted.
-
-Params move and oRule are for moving the group into place after configuration.
-
-Any rule name that appears in prevRules but not in the rules param will be deleted.
-*/
-func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error {
-	var err error
-	setRules := make([]Entry, 0, len(rules))
-	editRules := make([]Entry, 0, len(rules))
-
-	curRules, err := c.GetAll(dg, base)
-	if err != nil {
-		return err
-	}
-
-	// Determine which can be set and which can must be edited.
-	for _, x := range rules {
-		var found bool
-		for _, live := range curRules {
-			if x.Name == live.Name {
-				found = true
-				if !RulesMatch(x, live) {
-					editRules = append(editRules, x)
-				}
-				break
-			}
-		}
-		if !found {
-			setRules = append(setRules, x)
-		}
-	}
-
-	// Set all rules.
-	if len(setRules) > 0 {
-		if err = c.Set(dg, base, setRules...); err != nil {
-			return err
-		}
-		// Configure audit comments for each set rule.
-		for _, x := range setRules {
-			if comment := auditComments[x.Name]; comment != "" {
-				if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	// Edit each rule one by one.
-	for _, x := range editRules {
-		if err = c.Edit(dg, base, x); err != nil {
-			return err
-		}
-		// Configure the audit comment for each edited rule.
-		if comment := auditComments[x.Name]; comment != "" {
-			if err = c.SetAuditComment(dg, base, x.Name, comment); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Move the group into place.
-	if err = c.MoveGroup(dg, base, move, oRule, rules...); err != nil {
-		return err
-	}
-
-	// Delete rules removed from the group.
-	if len(prevNames) != 0 {
-		rmList := make([]interface{}, 0, len(prevNames))
-		for _, name := range prevNames {
-			var found bool
-			for _, x := range rules {
-				if x.Name == name {
-					found = true
-					break
-				}
-			}
-			if !found {
-				rmList = append(rmList, name)
-			}
-		}
-
-		if len(rmList) != 0 {
-			if err = c.Delete(dg, base, rmList...); err != nil {
-				return err
-			}
-		}
-	}
-
-	// Optional: If this is a policy, delete everything else.
-	if isPolicy {
-		delRules := make([]interface{}, 0, len(curRules))
-		for _, cur := range curRules {
-			var found bool
-			for _, x := range rules {
-				if x.Name == cur.Name {
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				delRules = append(delRules, cur.Name)
-			}
-		}
-
-		if len(delRules) != 0 {
-			if err = c.Delete(dg, base, delRules...); err != nil {
-				return nil
-			}
-		}
-	}
-
-	return nil
-}
-
-// FromPanosConfig retrieves the object stored in the retrieved config.
-func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.FromPanosConfig(c.pather(dg, base), name, ans)
-	return first(ans, err)
-}
-
-// AllFromPanosConfig retrieves all objects stored in the retrieved config.
-func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.AllFromPanosConfig(c.pather(dg, base), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to create / update one or more objects.
-func (c *Panorama) Set(dg, base string, e ...Entry) error {
-	err := c.ns.Set(c.pather(dg, base), specifier(e...))
-
-	// On error: find the rule that's causing the error if multiple rules
-	// were given.
-	if err != nil && strings.Contains(err.Error(), "rules is invalid") {
-		for i := 0; i < len(e); i++ {
-			if e2 := c.Set(dg, base, e[i]); e2 != nil {
-				return fmt.Errorf("Error with rule %d: %s", i+1, e2)
-			} else {
-				_ = c.Delete(dg, base, e[i])
-			}
-		}
-
-		// Couldn't find it, just return the original error.
-		return err
-	}
-
-	return err
-}
-
-// VerifiableSet behaves like Set(), except policies with LogEnd as true
-// will first be created with LogEnd as false, and then a second Set() is
-// performed which will do LogEnd as true.
-//
-// NOTE:  Custom XML unmarshaling is now implemented, making this function
-// unnecessary.
-//
-// This is due to the unique
-// combination of being a boolean value that is true by default, the XML
-// returned from querying the rule details will omit the LogEnd setting,
-// which will be interpreted as false, when in fact it is true.  We can
-// get around this by setting the value to a non-standard value, then back
-// again, in which case it will properly show up in the returned XML.
-func (c *Panorama) VerifiableSet(dg, base string, e ...Entry) error {
-	c.ns.Client.LogAction("(set) performing verifiable set")
-	again := make([]Entry, 0, len(e))
-
-	for i := range e {
-		if e[i].LogEnd {
-			again = append(again, e[i])
-			e[i].LogEnd = false
-		}
-	}
-
-	if err := c.Set(dg, base, e...); err != nil {
-		return err
-	}
-
-	if len(again) == 0 {
-		return nil
-	}
-
-	return c.Set(dg, base, again...)
-}
-
-// Edit performs EDIT to configure the specified object.
-func (c *Panorama) Edit(dg, base string, e Entry) error {
-	return c.ns.Edit(c.pather(dg, base), e)
-}
-
-// VerifiableEdit behaves like Edit(), except policies with LogEnd as true
-// will first be created with LogEnd as false, and then a second Set() is
-// performed which will do LogEnd as true.
-//
-// NOTE:  Custom XML unmarshaling is now implemented, making this function
-// unnecessary.
-//
-// This is due to the unique
-// combination of being a boolean value that is true by default, the XML
-// returned from querying the rule details will omit the LogEnd setting,
-// which will be interpreted as false, when in fact it is true.  We can
-// get around this by setting the value to a non-standard value, then back
-// again, in which case it will properly show up in the returned XML.
-func (c *Panorama) VerifiableEdit(dg, base string, e ...Entry) error {
-	var err error
-
-	c.ns.Client.LogAction("(edit) performing verifiable edit")
-	again := make([]Entry, 0, len(e))
-
-	for i := range e {
-		if e[i].LogEnd {
-			again = append(again, e[i])
-			e[i].LogEnd = false
-		}
-		if err = c.Edit(dg, base, e[i]); err != nil {
-			return err
-		}
-	}
-
-	if len(again) == 0 {
-		return nil
-	}
-
-	// It's ok to do a SET following an EDIT because we are guaranteed
-	// to not have stray or conflicting config, so use SET since it
-	// supports bulk operations.
-	return c.Set(dg, base, again...)
-}
-
-// Delete removes the given objects.
-//
-// Objects can be a string or an Entry object.
-func (c *Panorama) Delete(dg, base string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(dg, base), names, nErr)
-}
-
-// DeleteAll removes all security policies from the specified dg / rulebase.
-func (c *Panorama) DeleteAll(dg, base string) error {
-	c.ns.Client.LogAction("(delete) all security rules")
-	list, err := c.GetList(dg, base)
-	if err != nil || len(list) == 0 {
-		return err
-	}
-	li := make([]interface{}, len(list))
-	for i := range list {
-		li[i] = list[i]
-	}
-	return c.Delete(dg, base, li...)
-}
-
-// MoveGroup moves a logical group of security rules
-// somewhere in relation to another rule.
-//
-// The `movement` param should be one of the Move constants in the util
-// package.
-//
-// The `rule` param is the other rule the `movement` param is referencing.  If
-// this is an empty string, then the first policy in the group isn't moved
-// anywhere, but all other policies will still be moved to be grouped with the
-// first one.
-func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error {
-	lister := func() ([]string, error) {
-		return c.GetList(dg, base)
-	}
-
-	ei := make([]interface{}, 0, len(e))
-	for i := range e {
-		ei = append(ei, e[i])
-	}
-	names, _ := toNames(ei)
-
-	return c.ns.MoveGroup(c.pather(dg, base), lister, movement, rule, names)
-}
-
-// SetAuditComment sets the audit comment for the given rule.
-func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error {
-	return c.ns.SetAuditComment(c.pather(dg, base), rule, comment)
-}
-
-// CurrentAuditComment returns the current audit comment.
-func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error) {
-	return c.ns.CurrentAuditComment(c.pather(dg, base), rule)
-}
-
-// AuditCommentHistory returns a chunk of historical audit comment logs.
-func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error) {
-	return c.ns.AuditCommentHistory(c.pather(dg, base), rule, direction, nlogs, skip)
-}
-
-func (c *Panorama) pather(dg, base string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(dg, base, v)
-	}
-}
-
-func (c *Panorama) xpath(dg, base string, vals []string) ([]string, error) {
-	if err := util.ValidateRulebase(dg, base); err != nil {
-		return nil, err
-	}
-
-	ans := make([]string, 0, 9)
-	ans = append(ans, util.DeviceGroupXpathPrefix(dg)...)
-	ans = append(ans,
-		base,
-		"security",
-		"rules",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/poli/security/pano_test.go b/poli/security/pano_test.go
deleted file mode 100644
index 7d7b2df7..00000000
--- a/poli/security/pano_test.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package security
-
-import (
-	"fmt"
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			if tc.base == "" {
-				t.Skip()
-			}
-			mc.AddResp("")
-			err := ns.Set(tc.vsys, tc.base, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.vsys, tc.base, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
-
-func TestPanoLogEndMissingIsTrue(t *testing.T) {
-	versions := []version.Number{
-		{6, 1, 0, ""},
-		{9, 0, 0, ""},
-		{10, 0, 0, ""},
-	}
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	mc.AddResp(`
-<entry name="foo">
-    <description>Hello world</description>
-</entry>
-`)
-	for _, v := range versions {
-		t.Run(fmt.Sprintf("version %s", v), func(t *testing.T) {
-			mc.Version = v
-			r, err := ns.Get("dg", util.PreRulebase, "foo")
-			if err != nil {
-				t.Errorf("Error in get: %s", err)
-			} else if r.Description != "Hello world" {
-				t.Errorf("Description is wrong: %s", r.Description)
-			} else if !r.LogEnd {
-				t.Errorf("LogEnd is not enabled")
-			}
-		})
-	}
-}
diff --git a/poli/security/testdata_test.go b/poli/security/testdata_test.go
deleted file mode 100644
index ea18b961..00000000
--- a/poli/security/testdata_test.go
+++ /dev/null
@@ -1,380 +0,0 @@
-package security
-
-import (
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	version version.Number
-	desc    string
-	vsys    string
-	base    string
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{version.Number{6, 1, 0, ""}, "basic rule", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{6, 1, 0, ""}, "prerulebase rule", "vsys2", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{6, 1, 0, ""}, "postrulebase rule with target", "vsys3", util.PostRulebase, Entry{
-			Name: "rule3",
-			Targets: map[string][]string{
-				"fw1": nil,
-				"fw2": {"vsys2", "vsys3"},
-			},
-			NegateTarget:         true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{9, 0, 0, ""}, "basic rule", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{9, 0, 0, ""}, "rule with uuid", "", "", Entry{
-			Name:                 "rule1",
-			Uuid:                 "123-456-78",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{9, 0, 0, ""}, "prerulebase rule", "vsys2", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{9, 0, 0, ""}, "postrulebase rule with target", "vsys3", util.PostRulebase, Entry{
-			Name: "rule3",
-			Targets: map[string][]string{
-				"fw1": nil,
-				"fw2": {"vsys2", "vsys3"},
-			},
-			NegateTarget:         true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{9, 0, 0, ""}, "rule with group tag", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-			GroupTag:             "oneTime",
-		}},
-		{version.Number{10, 0, 0, ""}, "basic rule", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with uuid", "", "", Entry{
-			Name:                 "rule1",
-			Uuid:                 "123-456-78",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with source and dest devices", "", "", Entry{
-			Name:                 "rule1",
-			SourceDevices:        []string{"src1", "wu tang"},
-			DestinationDevices:   []string{"dest1", "clan"},
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 0, 0, ""}, "prerulebase rule", "vsys2", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{10, 0, 0, ""}, "postrulebase rule with target", "vsys3", util.PostRulebase, Entry{
-			Name: "rule3",
-			Targets: map[string][]string{
-				"fw1": nil,
-				"fw2": {"vsys2", "vsys3"},
-			},
-			NegateTarget:         true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with group tag", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-			GroupTag:             "oneTime",
-		}},
-		{version.Number{10, 0, 0, ""}, "rule with source and dst devices", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			HipProfiles:          []string{"hp3", "hp2", "hp1"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-			SourceDevices:        []string{"src2", "src1"},
-			DestinationDevices:   []string{"dstDev"},
-		}},
-		{version.Number{10, 1, 5, ""}, "basic rule", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 1, 5, ""}, "rule with uuid", "", "", Entry{
-			Name:                 "rule1",
-			Uuid:                 "123-456-78",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{10, 1, 5, ""}, "rule with source and dest devices", "", "", Entry{
-			Name:                 "rule1",
-			SourceDevices:        []string{"src1", "wu tang"},
-			DestinationDevices:   []string{"dest1", "clan"},
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 1, 5, ""}, "prerulebase rule", "vsys2", util.PreRulebase, Entry{
-			Name:                 "rule2",
-			Disabled:             true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-		}},
-		{version.Number{10, 1, 5, ""}, "postrulebase rule with target", "vsys3", util.PostRulebase, Entry{
-			Name: "rule3",
-			Targets: map[string][]string{
-				"fw1": nil,
-				"fw2": {"vsys2", "vsys3"},
-			},
-			NegateTarget:         true,
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               false,
-		}},
-		{version.Number{10, 1, 5, ""}, "rule with group tag", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-			GroupTag:             "oneTime",
-		}},
-		{version.Number{10, 1, 5, ""}, "rule with source and dst devices", "", "", Entry{
-			Name:                 "rule1",
-			Type:                 "universal",
-			SourceZones:          []string{"sz1", "sz2"},
-			SourceAddresses:      []string{"sa1", "sa2"},
-			SourceUsers:          []string{"su1", "su2"},
-			DestinationZones:     []string{"dz1", "dz2"},
-			DestinationAddresses: []string{"da1", "da2"},
-			Applications:         []string{"app1"},
-			Services:             []string{"s2", "s1"},
-			Categories:           []string{"cat1"},
-			Action:               "allow",
-			LogEnd:               true,
-			SourceDevices:        []string{"src2", "src1"},
-			DestinationDevices:   []string{"dstDev"},
-		}},
-	}
-}
diff --git a/predefined/dlp/filetype/const.go b/predefined/dlp/filetype/const.go
deleted file mode 100644
index 2e87302b..00000000
--- a/predefined/dlp/filetype/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package filetype
-
-const (
-	singular = "dlp file type"
-	plural   = "tdb file types"
-)
diff --git a/predefined/dlp/filetype/doc.go b/predefined/dlp/filetype/doc.go
deleted file mode 100644
index ae41c1d2..00000000
--- a/predefined/dlp/filetype/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package filetype is the client.Predefined.DlpFileType namespace.
-
-Normalized object:  Entry
-*/
-package filetype
diff --git a/predefined/dlp/filetype/entry.go b/predefined/dlp/filetype/entry.go
deleted file mode 100644
index 53383a08..00000000
--- a/predefined/dlp/filetype/entry.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package filetype
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// DLP file type.
-type Entry struct {
-	Name       string
-	Properties []Property
-}
-
-type Property struct {
-	Name  string
-	Label string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	if s.Properties == nil {
-		o.Properties = nil
-	} else {
-		o.Properties = make([]Property, 0, len(s.Properties))
-		for _, x := range s.Properties {
-			o.Properties = append(o.Properties, Property{
-				Name:  x.Name,
-				Label: x.Label,
-			})
-		}
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName  xml.Name `xml:"entry"`
-	Name     string   `xml:"name,attr"`
-	Property *prop    `xml:"file-property"`
-}
-
-type prop struct {
-	Entries []propEntry `xml:"entry"`
-}
-
-type propEntry struct {
-	Name  string `xml:"name,attr"`
-	Label string `xml:"label"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if len(e.Properties) > 0 {
-		list := make([]propEntry, 0, len(e.Properties))
-		for _, x := range e.Properties {
-			list = append(list, propEntry{
-				Name:  x.Name,
-				Label: x.Label,
-			})
-		}
-		ans.Property = &prop{Entries: list}
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: e.Name,
-	}
-
-	if e.Property != nil {
-		ans.Properties = make([]Property, 0, len(e.Property.Entries))
-		for _, x := range e.Property.Entries {
-			ans.Properties = append(ans.Properties, Property{
-				Name:  x.Name,
-				Label: x.Label,
-			})
-		}
-	}
-
-	return ans
-}
diff --git a/predefined/dlp/filetype/funcs.go b/predefined/dlp/filetype/funcs.go
deleted file mode 100644
index 4215a254..00000000
--- a/predefined/dlp/filetype/funcs.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package filetype
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/predefined/dlp/filetype/fw.go b/predefined/dlp/filetype/fw.go
deleted file mode 100644
index d6b31f3c..00000000
--- a/predefined/dlp/filetype/fw.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package filetype
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Predefined.TdbFileType namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Firewall) set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"dlp-file-property",
-		"file-type",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/dlp/filetype/fw_test.go b/predefined/dlp/filetype/fw_test.go
deleted file mode 100644
index 1838ccd7..00000000
--- a/predefined/dlp/filetype/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package filetype
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/dlp/filetype/pano.go b/predefined/dlp/filetype/pano.go
deleted file mode 100644
index 1caa7bc1..00000000
--- a/predefined/dlp/filetype/pano.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package filetype
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Predefined.TdbFileType namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Panorama) set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"dlp-file-property",
-		"file-type",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/dlp/filetype/pano_test.go b/predefined/dlp/filetype/pano_test.go
deleted file mode 100644
index 8d8e4ab4..00000000
--- a/predefined/dlp/filetype/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package filetype
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/dlp/filetype/testdata_test.go b/predefined/dlp/filetype/testdata_test.go
deleted file mode 100644
index d9b8addf..00000000
--- a/predefined/dlp/filetype/testdata_test.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package filetype
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 no ident", version.Number{6, 1, 0, ""}, Entry{
-			Name: "pdf",
-			Properties: []Property{
-				Property{
-					Name:  "panav-rsp-pdf-dlp-title",
-					Label: "Title",
-				},
-				Property{
-					Name:  "panav-rsp-pdf-dlp-author",
-					Label: "Author",
-				},
-			},
-		}},
-	}
-}
diff --git a/predefined/fw.go b/predefined/fw.go
deleted file mode 100644
index 8b5c3284..00000000
--- a/predefined/fw.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package predefined
-
-import (
-	"github.com/PaloAltoNetworks/pango/objs/app"
-	"github.com/PaloAltoNetworks/pango/objs/srvc"
-	dlpft "github.com/PaloAltoNetworks/pango/predefined/dlp/filetype"
-	tdbft "github.com/PaloAltoNetworks/pango/predefined/tdb/filetype"
-	"github.com/PaloAltoNetworks/pango/predefined/threat"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-type Firewall struct {
-	Application *app.Predefined
-	DlpFileType *dlpft.Firewall
-	Services    *srvc.Predefined
-	TdbFileType *tdbft.Firewall
-	Threat      *threat.Firewall
-}
-
-func FirewallNamespace(x util.XapiClient) *Firewall {
-	return &Firewall{
-		Application: app.PredefinedNamespace(x),
-		DlpFileType: dlpft.FirewallNamespace(x),
-		Services:    srvc.PredefinedNamespace(x),
-		TdbFileType: tdbft.FirewallNamespace(x),
-		Threat:      threat.FirewallNamespace(x),
-	}
-}
diff --git a/predefined/pano.go b/predefined/pano.go
deleted file mode 100644
index c1525993..00000000
--- a/predefined/pano.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package predefined
-
-import (
-	"github.com/PaloAltoNetworks/pango/objs/app"
-	"github.com/PaloAltoNetworks/pango/objs/srvc"
-	dlpft "github.com/PaloAltoNetworks/pango/predefined/dlp/filetype"
-	tdbft "github.com/PaloAltoNetworks/pango/predefined/tdb/filetype"
-	"github.com/PaloAltoNetworks/pango/predefined/threat"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-type Panorama struct {
-	Application *app.Predefined
-	DlpFileType *dlpft.Panorama
-	Services    *srvc.Predefined
-	TdbFileType *tdbft.Panorama
-	Threat      *threat.Panorama
-}
-
-func PanoramaNamespace(x util.XapiClient) *Panorama {
-	return &Panorama{
-		Application: app.PredefinedNamespace(x),
-		DlpFileType: dlpft.PanoramaNamespace(x),
-		Services:    srvc.PredefinedNamespace(x),
-		TdbFileType: tdbft.PanoramaNamespace(x),
-		Threat:      threat.PanoramaNamespace(x),
-	}
-}
diff --git a/predefined/tdb/filetype/const.go b/predefined/tdb/filetype/const.go
deleted file mode 100644
index 31904b16..00000000
--- a/predefined/tdb/filetype/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package filetype
-
-const (
-	singular = "tdb file type"
-	plural   = "tdb file types"
-)
diff --git a/predefined/tdb/filetype/doc.go b/predefined/tdb/filetype/doc.go
deleted file mode 100644
index e1d74096..00000000
--- a/predefined/tdb/filetype/doc.go
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
-Package filetype is the client.Predefined.TdbFileType namespace.
-
-Normalized object:  Entry
-*/
-package filetype
diff --git a/predefined/tdb/filetype/entry.go b/predefined/tdb/filetype/entry.go
deleted file mode 100644
index 7e05c317..00000000
--- a/predefined/tdb/filetype/entry.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package filetype
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// threat.
-type Entry struct {
-	Name          string
-	Id            int
-	ThreatName    string
-	FullName      string
-	DataIdent     bool
-	FileTypeIdent bool
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.ThreatName = s.ThreatName
-	o.Id = s.Id
-	o.ThreatName = s.ThreatName
-	o.FullName = s.FullName
-	o.DataIdent = s.DataIdent
-	o.FileTypeIdent = s.FileTypeIdent
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName       xml.Name `xml:"entry"`
-	Name          string   `xml:"name,attr"`
-	Id            int      `xml:"id,attr"`
-	DataIdent     string   `xml:"data-ident,omitempty"`
-	FileTypeIdent string   `xml:"file-type-ident"`
-	ThreatName    string   `xml:"threat-name,omitempty"`
-	FullName      string   `xml:"full-name"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:          e.Name,
-		Id:            e.Id,
-		FileTypeIdent: util.YesNo(e.FileTypeIdent),
-		ThreatName:    e.ThreatName,
-		FullName:      e.FullName,
-	}
-
-	if e.DataIdent {
-		ans.DataIdent = "yes"
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:          e.Name,
-		Id:            e.Id,
-		DataIdent:     util.AsBool(e.DataIdent),
-		FileTypeIdent: util.AsBool(e.FileTypeIdent),
-		ThreatName:    e.ThreatName,
-		FullName:      e.FullName,
-	}
-
-	return ans
-}
diff --git a/predefined/tdb/filetype/funcs.go b/predefined/tdb/filetype/funcs.go
deleted file mode 100644
index e56fdc10..00000000
--- a/predefined/tdb/filetype/funcs.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package filetype
-
-import (
-	"fmt"
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func finder(ans normalizer, re *regexp.Regexp, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	all := ans.Normalize()
-	if re == nil {
-		return all, nil
-	}
-
-	filtered := make([]Entry, 0, len(all))
-	for _, x := range all {
-		if re.MatchString(x.FullName) {
-			filtered = append(filtered, x)
-		}
-	}
-
-	return filtered, nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/predefined/tdb/filetype/fw.go b/predefined/tdb/filetype/fw.go
deleted file mode 100644
index a0e5e804..00000000
--- a/predefined/tdb/filetype/fw.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package filetype
-
-import (
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Predefined.TdbFileType namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetMatches performs GET to retrieve a list of objects whose full
-// name matches the given regex.
-func (c *Firewall) GetMatches(expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return finder(ans, re, err)
-}
-
-// ShowMatches performs SHOW to retrieve a list of objects whose full
-// name matches the given regex.
-func (c *Firewall) ShowMatches(expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return finder(ans, re, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Firewall) set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"tdb",
-		"file-type",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/tdb/filetype/fw_test.go b/predefined/tdb/filetype/fw_test.go
deleted file mode 100644
index 1838ccd7..00000000
--- a/predefined/tdb/filetype/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package filetype
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/tdb/filetype/pano.go b/predefined/tdb/filetype/pano.go
deleted file mode 100644
index 60866e18..00000000
--- a/predefined/tdb/filetype/pano.go
+++ /dev/null
@@ -1,96 +0,0 @@
-package filetype
-
-import (
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Predefined.TdbFileType namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetMatches performs GET to retrieve a list of objects whose full
-// name matches the given regex.
-func (c *Panorama) GetMatches(expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Get, c.pather(), ans)
-	return finder(ans, re, err)
-}
-
-// ShowMatches performs SHOW to retrieve a list of objects whose full
-// name matches the given regex.
-func (c *Panorama) ShowMatches(expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Show, c.pather(), ans)
-	return finder(ans, re, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Panorama) set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-func (c *Panorama) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Panorama) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"predefined",
-		"tdb",
-		"file-type",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/tdb/filetype/pano_test.go b/predefined/tdb/filetype/pano_test.go
deleted file mode 100644
index 8d8e4ab4..00000000
--- a/predefined/tdb/filetype/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package filetype
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/tdb/filetype/testdata_test.go b/predefined/tdb/filetype/testdata_test.go
deleted file mode 100644
index 669eca60..00000000
--- a/predefined/tdb/filetype/testdata_test.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package filetype
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 no ident", version.Number{6, 1, 0, ""}, Entry{
-			Name:          "pdf",
-			Id:            1,
-			FileTypeIdent: true,
-			ThreatName:    "Adobe Portable Document Format (PDF)",
-			FullName:      "Portable Document Format",
-		}},
-		{"v1 with ident", version.Number{6, 1, 0, ""}, Entry{
-			Name:          "doc",
-			Id:            5,
-			DataIdent:     true,
-			FileTypeIdent: true,
-			ThreatName:    "Microsoft Word DOC",
-			FullName:      "Microsoft Word 97-2004",
-		}},
-		{"v1 no file type ident or threat name", version.Number{6, 1, 0, ""}, Entry{
-			Name:      "text/html",
-			Id:        35,
-			DataIdent: true,
-			FullName:  "TEXT/HTML",
-		}},
-	}
-}
diff --git a/predefined/threat/const.go b/predefined/threat/const.go
deleted file mode 100644
index 33e50ba0..00000000
--- a/predefined/threat/const.go
+++ /dev/null
@@ -1,12 +0,0 @@
-package threat
-
-// Valid threat types.
-const (
-	Vulnerability = "vulnerability"
-	PhoneHome     = "phone-home"
-)
-
-const (
-	singular = "predefined threat"
-	plural   = "predefined threats"
-)
diff --git a/predefined/threat/doc.go b/predefined/threat/doc.go
deleted file mode 100644
index e130a7ce..00000000
--- a/predefined/threat/doc.go
+++ /dev/null
@@ -1,10 +0,0 @@
-/*
-Package threat is the ngfw.Predefined.Threat namespace.
-
-The functions in these namespaces all take a "tt" param.  This is
-the "threat type," and the values for this are the constants in this
-namespace.
-
-Normalized object:  Entry
-*/
-package threat
diff --git a/predefined/threat/entry.go b/predefined/threat/entry.go
deleted file mode 100644
index 99664a5f..00000000
--- a/predefined/threat/entry.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package threat
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a
-// threat.
-type Entry struct {
-	Name       string
-	ThreatName string
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	o.ThreatName = s.ThreatName
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName    xml.Name `xml:"entry"`
-	Name       string   `xml:"name,attr"`
-	ThreatName string   `xml:"threatname"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name:       e.Name,
-		ThreatName: e.ThreatName,
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name:       e.Name,
-		ThreatName: e.ThreatName,
-	}
-
-	return ans
-}
diff --git a/predefined/threat/funcs.go b/predefined/threat/funcs.go
deleted file mode 100644
index b6c58f47..00000000
--- a/predefined/threat/funcs.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package threat
-
-import (
-	"fmt"
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	return &container_v1{}, specify_v1
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func finder(ans normalizer, re *regexp.Regexp, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	all := ans.Normalize()
-	if re == nil {
-		return all, nil
-	}
-
-	filtered := make([]Entry, 0, len(all))
-	for _, x := range all {
-		if re.MatchString(x.ThreatName) {
-			filtered = append(filtered, x)
-		}
-	}
-
-	return filtered, nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/predefined/threat/fw.go b/predefined/threat/fw.go
deleted file mode 100644
index cd84ea06..00000000
--- a/predefined/threat/fw.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package threat
-
-import (
-	"fmt"
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Predefined.Threat namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList(tt string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tt), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList(tt string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tt), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(tt, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tt), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(tt, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tt), name, ans)
-	return first(ans, err)
-}
-
-// GetThreats performs a GET to retrieve a list of objects whose
-// threat name matches the given regex.
-func (c *Firewall) GetThreats(tt, expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Get, c.pather(tt), ans)
-	return finder(ans, re, err)
-}
-
-// ShowThreats performs a SHOW to retrieve a list of objects whose
-// threat name matches the given regex.
-func (c *Firewall) ShowThreats(tt, expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Show, c.pather(tt), ans)
-	return finder(ans, re, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Firewall) set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-func (c *Firewall) pather(tt string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tt, v)
-	}
-}
-
-func (c *Firewall) xpath(tt string, vals []string) ([]string, error) {
-	switch tt {
-	case Vulnerability, PhoneHome:
-	default:
-		return nil, fmt.Errorf("invalid threat type: %s", tt)
-	}
-
-	return []string{
-		"config",
-		"predefined",
-		"threats",
-		tt,
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/threat/fw_test.go b/predefined/threat/fw_test.go
deleted file mode 100644
index c16bc59c..00000000
--- a/predefined/threat/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package threat
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.tt, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tt, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/threat/pano.go b/predefined/threat/pano.go
deleted file mode 100644
index d8f81d0e..00000000
--- a/predefined/threat/pano.go
+++ /dev/null
@@ -1,103 +0,0 @@
-package threat
-
-import (
-	"fmt"
-	"regexp"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Predefined.Threat namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tt string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tt), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tt string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tt), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tt, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tt), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tt, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tt), name, ans)
-	return first(ans, err)
-}
-
-// GetThreats performs a GET to retrieve a list of objects whose
-// threat name matches the given regex.
-func (c *Panorama) GetThreats(tt, expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Get, c.pather(tt), ans)
-	return finder(ans, re, err)
-}
-
-// ShowThreats performs a SHOW to retrieve a list of objects whose
-// threat name matches the given regex.
-func (c *Panorama) ShowThreats(tt, expr string) ([]Entry, error) {
-	var err error
-	var re *regexp.Regexp
-	if expr != "" {
-		re, err = regexp.Compile(expr)
-		if err != nil {
-			return nil, err
-		}
-	}
-	ans := c.container()
-	err = c.ns.Objects(util.Show, c.pather(tt), ans)
-	return finder(ans, re, err)
-}
-
-// Making this private so we can still do unit tests.
-func (c *Panorama) set(vsys string, e ...Entry) error {
-	return c.ns.Set(c.pather(vsys), specifier(e...))
-}
-
-func (c *Panorama) pather(tt string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tt, v)
-	}
-}
-
-func (c *Panorama) xpath(tt string, vals []string) ([]string, error) {
-	switch tt {
-	case Vulnerability, PhoneHome:
-	default:
-		return nil, fmt.Errorf("invalid threat type: %s", tt)
-	}
-
-	return []string{
-		"config",
-		"predefined",
-		"threats",
-		tt,
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/predefined/threat/pano_test.go b/predefined/threat/pano_test.go
deleted file mode 100644
index f19a6114..00000000
--- a/predefined/threat/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package threat
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.set(tc.tt, tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.tt, tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/predefined/threat/testdata_test.go b/predefined/threat/testdata_test.go
deleted file mode 100644
index 031c8878..00000000
--- a/predefined/threat/testdata_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package threat
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	tt      string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 vulnerability basic", Vulnerability, version.Number{6, 1, 0, ""}, Entry{
-			Name:       "12345",
-			ThreatName: "Fake threat",
-		}},
-		{"v1 phone home basic", PhoneHome, version.Number{6, 1, 0, ""}, Entry{
-			Name:       "12345",
-			ThreatName: "Fake threat",
-		}},
-	}
-}
diff --git a/testdata/testdata.go b/testdata/testdata.go
deleted file mode 100644
index 9607e1e9..00000000
--- a/testdata/testdata.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package testdata
-
-import (
-	"encoding/xml"
-	"fmt"
-	"time"
-
-	"github.com/PaloAltoNetworks/pango/plugin"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type Response struct {
-	Raw   []byte
-	Error error
-}
-
-type MockClient struct {
-	// Variables for response.
-	Resp          []Response
-	Called        int
-	Version       version.Number
-	Plugin        []plugin.Info
-	PasswordHash  string
-	UnimportError error
-
-	// Variables saved from the mock client's invocation.
-	Function      string
-	Imports       []string
-	Unimports     []string
-	Path          string
-	Elm           string
-	Template      string
-	TemplateStack string
-	Vsys          string
-	Extras        interface{}
-}
-
-func (c *MockClient) String() string                       { return "mock" }
-func (c *MockClient) Versioning() version.Number           { return c.Version }
-func (c *MockClient) Plugins() []plugin.Info               { return c.Plugin }
-func (c *MockClient) LogAction(f string, a ...interface{}) {}
-func (c *MockClient) LogQuery(f string, a ...interface{})  {}
-func (c *MockClient) LogOp(f string, a ...interface{})     {}
-func (c *MockClient) LogUid(f string, a ...interface{})    {}
-func (c *MockClient) LogLog(f string, a ...interface{})    {}
-func (c *MockClient) LogExport(f string, a ...interface{}) {}
-func (c *MockClient) LogImport(f string, a ...interface{}) {}
-func (c *MockClient) Clock() (time.Time, error)            { return time.Now(), nil }
-func (c *MockClient) Commit(d interface{}, e string, f interface{}) (uint, []byte, error) {
-	return 0, nil, nil
-}
-func (c *MockClient) PositionFirstEntity(d int, e, f string, g, h []string) error { return nil }
-func (c *MockClient) ConfigTree() *util.XmlNode                                   { return nil }
-
-func (c *MockClient) Op(req interface{}, vsys string, extras interface{}, ans interface{}) ([]byte, error) {
-	c.Function = "op"
-	if err := c.SetElm(req); err != nil {
-		return nil, err
-	}
-	c.Vsys = vsys
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Show(path interface{}, extras interface{}, ans interface{}) ([]byte, error) {
-	c.Function = "show"
-	c.Path = util.AsXpath(path)
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Get(path interface{}, extras interface{}, ans interface{}) ([]byte, error) {
-	c.Function = "get"
-	c.Path = util.AsXpath(path)
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Delete(path interface{}, extras interface{}, ans interface{}) ([]byte, error) {
-	c.Function = "delete"
-	c.Path = util.AsXpath(path)
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Set(path, elm, extras, ans interface{}) ([]byte, error) {
-	c.Function = "set"
-	if err := c.SetElm(elm); err != nil {
-		return nil, err
-	}
-	c.Path = util.AsXpath(path)
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Edit(path, elm, extras, ans interface{}) ([]byte, error) {
-	c.Function = "edit"
-	if err := c.SetElm(elm); err != nil {
-		return nil, err
-	}
-	c.Path = util.AsXpath(path)
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Move(path interface{}, where, dst string, extras, ans interface{}) ([]byte, error) {
-	return nil, nil
-}
-
-func (c *MockClient) Uid(cmd interface{}, vsys string, extras, resp interface{}) ([]byte, error) {
-	c.Function = "uid"
-	if err := c.SetElm(cmd); err != nil {
-		return nil, err
-	}
-	c.Vsys = vsys
-	c.Extras = extras
-
-	return c.finalize(resp)
-}
-
-func (c *MockClient) Log(logType, action, query, dir string, nlogs, skip int, extras, ans interface{}) ([]byte, error) {
-	c.Function = "log"
-	c.Extras = extras
-
-	return c.finalize(ans)
-}
-
-func (c *MockClient) Import(cat, content, filename, fp string, timeout time.Duration, extras, ans interface{}) ([]byte, error) {
-	c.Function = "import"
-	c.Extras = extras
-
-	b, err := c.finalize(ans)
-	return b, err
-}
-
-func (c *MockClient) Export(category string, timeout time.Duration, extras, ans interface{}) (string, []byte, error) {
-	c.Function = "export"
-	c.Extras = extras
-
-	b, err := c.finalize(ans)
-	return "", b, err
-}
-
-func (c *MockClient) EntryListUsing(fn util.Retriever, path []string) ([]string, error) {
-	c.Path = util.AsXpath(path)
-	return nil, nil
-}
-
-func (c *MockClient) MemberListUsing(fn util.Retriever, path []string) ([]string, error) {
-	c.Path = util.AsXpath(path)
-	return nil, nil
-}
-
-func (c *MockClient) RequestPasswordHash(a string) (string, error) { return c.PasswordHash, nil }
-
-func (c *MockClient) finalize(resp interface{}) ([]byte, error) {
-	ans := c.Resp[c.Called%len(c.Resp)]
-	c.Called++
-
-	if resp == nil {
-		return ans.Raw, ans.Error
-	}
-
-	if err := xml.Unmarshal(ans.Raw, resp); err != nil {
-		return nil, err
-	}
-
-	return ans.Raw, ans.Error
-}
-
-func (c *MockClient) SetElm(e interface{}) error {
-	if e == nil {
-		return nil
-	}
-
-	rb, err := xml.Marshal(e)
-	if err != nil {
-		return err
-	}
-
-	c.Elm = string(rb)
-	return nil
-}
-
-func (c *MockClient) VsysImport(ns, tmpl, ts, vsys string, names []string) error {
-	c.Template = tmpl
-	c.TemplateStack = ts
-	c.Vsys = vsys
-	c.Imports = names
-
-	return nil
-}
-
-func (c *MockClient) VsysUnimport(ns, tmpl, ts string, names []string) error {
-	c.Template = tmpl
-	c.TemplateStack = ts
-	c.Unimports = names
-
-	return c.UnimportError
-}
-
-func (c *MockClient) WaitForJob(a uint, d time.Duration, extras, resp interface{}) error {
-	c.Extras = extras
-	_, err := c.finalize(resp)
-	return err
-}
-
-func (c *MockClient) WaitForLogs(a uint, t1, t2 time.Duration, ans interface{}) ([]byte, error) {
-	return c.finalize(ans)
-}
-
-func (c *MockClient) AddResp(val string) {
-	c.Resp = append(c.Resp, Response{
-		[]byte(fmt.Sprintf("<response><result>%s</result></response>", val)), nil,
-	})
-}
-
-func (c *MockClient) Reset() {
-	c.Resp = nil
-	c.Called = 0
-
-	c.Function = ""
-	c.Imports = []string{}
-	c.Unimports = []string{}
-	c.Path = ""
-	c.Elm = ""
-	c.Template = ""
-	c.TemplateStack = ""
-	c.Vsys = ""
-	c.Extras = nil
-}
-
-const (
-	ApiKeyXml  = "<response><result><key>secret</key></result></response>"
-	LicenseXml = `<response><result><licenses>
-    <entry>
-        <feature>Feature 1</feature>
-        <description>License for feature</description>
-        <serial>012345</serial>
-        <issued>sometime</issued>
-        <expires>never</expires>
-        <expired>N/A</expired>
-    </entry>
-    <entry>
-        <feature>Feature 2</feature>
-        <description>License for another feature</description>
-        <serial>012345</serial>
-        <issued>sometime</issued>
-        <expires>never</expires>
-        <expired>N/A</expired>
-    </entry>
-    </licenses></result></response>`
-	UserIdXml = `<response><result>
-    <entry ip="10.1.1.1">
-        <tag>
-            <member>one</member>
-            <member>five</member>
-            <member>seven</member>
-        </tag>
-    </entry>
-    <entry ip="10.2.2.2">
-        <tag>
-            <member>one</member>
-            <member>two</member>
-            <member>three</member>
-            <member>four</member>
-            <member>five</member>
-            <member>six</member>
-            <member>seven</member>
-        </tag>
-    </entry>
-    </result></response>`
-)
diff --git a/userid/doc.go b/userid/doc.go
deleted file mode 100644
index 7861dc7c..00000000
--- a/userid/doc.go
+++ /dev/null
@@ -1,8 +0,0 @@
-// Package userid is the client.UserId namespace, for interacting with the
-// User-ID API.  This includes login/logout of a user, user/group mappings,
-// and dynamic address group tags.
-//
-// Various features of User-ID API are supported across all versions of PANOS
-// for the firewall, but User-ID API for Panorama was only added to PANOS
-// version 8.0.
-package userid
diff --git a/userid/groups.go b/userid/groups.go
deleted file mode 100644
index f35679e5..00000000
--- a/userid/groups.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package userid
-
-import (
-	"bytes"
-	"encoding/xml"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-/*
-GetGroups returns the list of groups defined.
-
-The style param can be used to limit the groups returned to the specified kind.  If
-style is an empty string, all groups are returned.
-
-The vsys will default to "vsys1" if left as an empty string.
-*/
-func (c *UserId) GetGroups(style, vsys string) ([]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-	req := groupListReq{}
-	if style != "" {
-		req.Style.Entry = &util.Entry{Value: style}
-	}
-	c.con.LogOp("(op) getting %q groups", style)
-
-	resp := groupResp{}
-
-	_, err := c.con.Op(req, vsys, nil, &resp)
-	if err != nil {
-		return nil, err
-	}
-
-	lines := strings.Split(resp.Result.Text, "\n")
-	ans := make([]string, 0, len(lines))
-	for _, line := range lines {
-		val := strings.TrimSpace(line)
-		if val == "" {
-			continue
-		} else if strings.HasPrefix(val, "Total: ") {
-			break
-		}
-		ans = append(ans, val)
-	}
-
-	return ans, nil
-}
-
-/*
-Examples of things returned from PAN-OS when getting group members:
-
-<response status="success"><result>User group 'static_group' does not exist or does not have members
-]]></result></response>
-
-<response status="success"><result><![CDATA[
-
-source type: xmlapi
-
-[1     ] sg21
-[2     ] sg22
-
-]]></result></response>
-*/
-
-/*
-GetGroupsMembers returns the list of users in the given group.
-
-The vsys will default to "vsys1" if left as an empty string.
-*/
-func (c *UserId) GetGroupMembers(group, vsys string) ([]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-	req := groupMembersReq{Group: group}
-	c.con.LogOp("(op) getting group members: %s", group)
-
-	resp := groupResp{}
-
-	b, err := c.con.Op(req, vsys, nil, &resp)
-	if err != nil {
-		if bytes.Contains(b, []byte("does not exist or does not have members")) {
-			return nil, nil
-		}
-		return nil, err
-	}
-
-	lines := strings.Split(resp.Result.Text, "\n")
-	ans := make([]string, 0, len(lines))
-	for _, line := range lines {
-		tokens := strings.Split(line, "]")
-		if len(tokens) == 2 {
-			ans = append(ans, strings.TrimSpace(tokens[1]))
-		}
-	}
-
-	return ans, nil
-}
-
-type groupListReq struct {
-	XMLName xml.Name       `xml:"show"`
-	Style   groupListStyle `xml:"user>group>list"`
-}
-
-type groupListStyle struct {
-	Entry *util.Entry `xml:"entry"`
-}
-
-type groupResp struct {
-	XMLName xml.Name       `xml:"response"`
-	Result  util.CdataText `xml:"result"`
-}
-
-type groupMembersReq struct {
-	XMLName xml.Name `xml:"show"`
-	Group   string   `xml:"user>group>name"`
-}
diff --git a/userid/groups_test.go b/userid/groups_test.go
deleted file mode 100644
index ad147d0d..00000000
--- a/userid/groups_test.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package userid
-
-import (
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestGetGroups(t *testing.T) {
-	testCases := []struct {
-		desc   string
-		groups []string
-		body   string
-	}{
-		{"no groups", nil, `<response status="success"><result><![CDATA[
-
-Total: 0
-* : Custom Group
-
-]]></result></response>`},
-		{"with groups", []string{"malicious_users", "foo users"}, `<response status="success"><result><![CDATA[
-malicious_users 
-foo users 
-
-Total: 2
-* : Custom Group
-
-]]></result></response>`},
-	}
-
-	mc := &testdata.MockClient{}
-	mc.Resp = make([]testdata.Response, 0, len(testCases))
-	u := &UserId{}
-	u.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			i := mc.Called
-			mc.Resp = append(mc.Resp, testdata.Response{[]byte(tc.body), nil})
-			ans, err := u.GetGroups("", "vsys1")
-			if err != nil || mc.Called == i {
-				t.Errorf("Failed basic checks")
-			} else if len(ans) != len(tc.groups) {
-				t.Errorf("Mismatched groups: expected %#v, got %#v", tc.groups, ans)
-			} else {
-				for j := range ans {
-					if ans[j] != tc.groups[j] {
-						t.Errorf("Mismatched group (%d): expected %s, got %s", i, tc.groups[j], ans[j])
-					}
-				}
-			}
-		})
-	}
-}
-
-func TestGetGroupMembers(t *testing.T) {
-	testCases := []struct {
-		desc  string
-		users []string
-		body  string
-	}{
-		{"no members", nil, `<response status="success"><result><![CDATA[
-
-source type: xmlapi
-Group type: Dynamic
-
-
-]]></result></response>`},
-		{"with members", []string{"london", "elektricity"}, `<response status="success"><result><![CDATA[
-
-source type: xmlapi
-
-[1     ] london
-[2     ] elektricity
-
-]]></result></response>`},
-	}
-
-	mc := &testdata.MockClient{}
-	mc.Resp = make([]testdata.Response, 0, len(testCases))
-	u := &UserId{}
-	u.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			i := mc.Called
-			mc.Resp = append(mc.Resp, testdata.Response{[]byte(tc.body), nil})
-			ans, err := u.GetGroupMembers("foo", "vsys1")
-			if err != nil || mc.Called == i {
-				t.Errorf("Failed basic checks")
-			} else if len(ans) != len(tc.users) {
-				t.Errorf("Mismatched groups: expected %#v, got %#v", tc.users, ans)
-			} else {
-				for j := range ans {
-					if ans[j] != tc.users[j] {
-						t.Errorf("Mismatched group (%d): expected %s, got %s", i, tc.users[j], ans[j])
-					}
-				}
-			}
-		})
-	}
-}
diff --git a/userid/iptags.go b/userid/iptags.go
deleted file mode 100644
index 875a534b..00000000
--- a/userid/iptags.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package userid
-
-import (
-	"encoding/xml"
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// GetIpTags returns the registered IP address / tags for the given vsys.
-//
-// Both the ip and tag params are server-side filters.
-//
-// The vsys param is which vsys these operations should take place in.  If
-// vsys is an empty string, vsys defaults to "vsys1".
-func (c *UserId) GetIpTags(ip, tag, vsys string) (map[string][]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-	c.con.LogOp("(op) getting registered ip addresses - ip:%q tag:%q vsys:%q", ip, tag, vsys)
-	req := c.versioning()
-
-	ans := make(map[string][]string)
-	for {
-		req.FilterOn(ip, tag, len(ans))
-		resp := regResp{}
-
-		_, err := c.con.Op(req, vsys, nil, &resp)
-		if err != nil {
-			return nil, err
-		} else if resp.Msg != nil && resp.Msg.Outfile != "" {
-			return nil, fmt.Errorf("PAN-OS returned %q instead of IP/tag mappings, please upgrade to 8.0+", resp.Msg.Outfile)
-		}
-
-		for i := range resp.Entry {
-			ans[resp.Entry[i].Ip] = resp.Entry[i].Tags
-		}
-
-		if req.ShouldStop(len(resp.Entry)) {
-			break
-		}
-	}
-
-	return ans, nil
-}
-
-/** Internal functions for the UserId struct **/
-
-func (c *UserId) versioning() filterer {
-	v := c.con.Versioning()
-
-	if v.Gte(version.Number{8, 0, 0, ""}) {
-		return &req_v3{}
-	} else if v.Gte(version.Number{6, 1, 0, ""}) {
-		return &req_v2{}
-	} else {
-		return &req_v1{}
-	}
-}
-
-/** Structs / functions for this namespace. **/
-
-type filterer interface {
-	FilterOn(string, string, int)
-	ShouldStop(int) bool
-}
-
-type req_filter struct {
-	Tag *tagFilter `xml:"tag"`
-	Ip  string     `xml:"ip,omitempty"`
-}
-
-type tagFilter struct {
-	Entry tagName `xml:"entry"`
-}
-
-type tagName struct {
-	Name string `xml:"name,attr"`
-}
-
-type req_v1 struct {
-	XMLName xml.Name   `xml:"show"`
-	Filter  req_filter `xml:"object>registered-address"`
-}
-
-func (o *req_v1) FilterOn(ip, tag string, size int) {
-	o.Filter.Ip = ip
-	if tag != "" {
-		o.Filter.Tag = &tagFilter{tagName{tag}}
-	}
-}
-
-func (o *req_v1) ShouldStop(lastCount int) bool {
-	return true
-}
-
-type req_v2 struct {
-	XMLName xml.Name   `xml:"show"`
-	Filter  req_filter `xml:"object>registered-ip"`
-}
-
-func (o *req_v2) FilterOn(ip, tag string, size int) {
-	o.Filter.Ip = ip
-	if tag != "" {
-		o.Filter.Tag = &tagFilter{tagName{tag}}
-	}
-}
-
-func (o *req_v2) ShouldStop(lastCount int) bool {
-	return true
-}
-
-type req_v3 struct {
-	XMLName xml.Name      `xml:"show"`
-	Filter  req_filter_v2 `xml:"object>registered-ip"`
-}
-
-func (o *req_v3) FilterOn(ip, tag string, size int) {
-	o.Filter.Ip = ip
-	if tag != "" {
-		o.Filter.Tag = &tagFilter{tagName{tag}}
-	}
-
-	o.Filter.Limit = 500
-	o.Filter.Start = size + 1
-}
-
-func (o *req_v3) ShouldStop(lastCount int) bool {
-	return lastCount < o.Filter.Limit
-}
-
-type req_filter_v2 struct {
-	Tag   *tagFilter `xml:"tag"`
-	Ip    string     `xml:"ip,omitempty"`
-	Limit int        `xml:"limit"`
-	Start int        `xml:"start-point"`
-}
-
-type regResp struct {
-	Entry []respEntry `xml:"result>entry"`
-	Msg   *msgResp    `xml:"result>msg"`
-}
-
-type respEntry struct {
-	Ip   string   `xml:"ip,attr"`
-	Tags []string `xml:"tag>member"`
-}
-
-type msgResp struct {
-	Outfile string `xml:"line>outfile"`
-}
diff --git a/userid/iptags_test.go b/userid/iptags_test.go
deleted file mode 100644
index 333e080c..00000000
--- a/userid/iptags_test.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package userid
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func TestGetIpTags(t *testing.T) {
-	testCases := []struct {
-		n version.Number
-		r string
-	}{
-		{version.Number{6, 0, 0, ""}, "registered-address"},
-		{version.Number{7, 0, 0, ""}, "registered-ip"},
-	}
-	mc := &testdata.MockClient{Resp: []testdata.Response{
-		testdata.Response{[]byte(testdata.UserIdXml), nil},
-		testdata.Response{[]byte(testdata.UserIdXml), nil},
-	}}
-	u := &UserId{}
-	u.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.r, func(t *testing.T) {
-			mc.Version = tc.n
-			i := mc.Called
-			_, err := u.GetIpTags("", "", "vsys1")
-			if err != nil || mc.Called == i || mc.Vsys != "vsys1" || strings.Index(mc.Elm, tc.r) == -1 {
-				t.Fail()
-			}
-		})
-	}
-}
diff --git a/userid/logins.go b/userid/logins.go
deleted file mode 100644
index 9c12a474..00000000
--- a/userid/logins.go
+++ /dev/null
@@ -1,79 +0,0 @@
-package userid
-
-import (
-	"encoding/xml"
-)
-
-/*
-GetLogins returns a list of IP/user mappings.
-
-If `ip' is not an empty string, filter on the given IP/netmask.
-
-If `lType' is not an empty string and `ip' is specified, then filter on the
-given login type.  This can be any of the following:
-
-* AD - Active directory
-* CP - Captive Portal
-* EDIR - eDirectory
-* GP - Global Protect
-* GP-CLIENTLESSVPN - Global Protect Clientless VPN
-* SSO - SSO
-* SYSLOG - Syslog
-* UIA - User-ID Agent
-* UNKNOWN - Unknown
-* XMLAPI - XML API
-*/
-func (c *UserId) GetLogins(ip, lType, vsys string) ([]LoginInfo, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-
-	c.con.LogOp("(op) getting ip/user mappings - ip:%s vsys:%s", ip, vsys)
-
-	req := &ipUserReq{
-		Data: ipUserData{
-			Ip: ip,
-		},
-	}
-	if ip == "" {
-		req.Data.All = &ipUserAll{
-			Type: lType,
-		}
-	}
-
-	resp := ipUserResp{}
-
-	if _, err := c.con.Op(req, vsys, nil, &resp); err != nil {
-		return nil, err
-	}
-
-	return resp.Entries, nil
-}
-
-type ipUserReq struct {
-	XMLName xml.Name   `xml:"show"`
-	Data    ipUserData `xml:"user>ip-user-mapping"`
-}
-
-type ipUserData struct {
-	All *ipUserAll `xml:"all"`
-	Ip  string     `xml:"ip,omitempty"`
-}
-
-type ipUserAll struct {
-	Type string `xml:"type,omitempty"`
-}
-
-type ipUserResp struct {
-	Entries []LoginInfo `xml:"result>entry"`
-}
-
-// LoginInfo is the structure returned from GetLogins().
-type LoginInfo struct {
-	Ip          string `xml:"ip"`
-	Vsys        string `xml:"vsys"`
-	Type        string `xml:"type"`
-	User        string `xml:"user"`
-	IdleTimeout int    `xml:"idle_timeout"`
-	Timeout     int    `xml:"timeout"`
-}
diff --git a/userid/message.go b/userid/message.go
deleted file mode 100644
index 0efe9e9c..00000000
--- a/userid/message.go
+++ /dev/null
@@ -1,319 +0,0 @@
-package userid
-
-import (
-	"encoding/xml"
-	"fmt"
-	"strings"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-/*
-Message is a user-id message to be sent to PAN-OS.
-
-This can contain multiple actions to be performed, such as
-logging in a user, tagging an IP, or setting group membership.
-*/
-type Message struct {
-	Logins     []Login
-	Logouts    []Logout
-	TagIps     []TagIp
-	UntagIps   []UntagIp
-	Groups     []Group
-	TagUsers   []TagUser
-	UntagUsers []UntagUser
-}
-
-// Login logs a user in. Note that `Timeout` is in Minutes.
-type Login struct {
-	User    string
-	Ip      string
-	Timeout int
-}
-
-// Logout logs a user out.
-type Logout struct {
-	User string
-	Ip   string
-}
-
-// TagIp assigns tags to the specified IP address.
-type TagIp struct {
-	Ip   string
-	Tags []string
-}
-
-// UntagIp removes tags from the specified IP address.
-type UntagIp struct {
-	Ip   string
-	Tags []string
-}
-
-/*
-Group specifies a static user group's members.
-
-Some care is needed when dealing with the groups.  You cannot add or
-remove individual users from a group.  You have to specify the group in its
-entirety each time you want to update group membership.
-*/
-type Group struct {
-	Name  string
-	Users []string
-}
-
-// TagUser assigns tags to the specified user.
-//
-// Note: PAN-OS 9.1+.
-type TagUser struct {
-	User string
-	Tags []UserTag
-}
-
-// UserTag is a tag with an optional timeout.
-//
-// Note: PAN-OS 9.1+.
-type UserTag struct {
-	Tag     string
-	Timeout int
-}
-
-// UntagUser removes tags from the specified user.
-//
-// Note: PAN-OS 9.1+.
-type UntagUser struct {
-	User string
-	Tags []string
-}
-
-type uidResponse struct {
-	XMLName xml.Name `xml:"response"`
-	Payload *payload `xml:"msg>line>uid-response>payload"`
-}
-
-func (o uidResponse) GetError() error {
-	if o.Payload == nil {
-		return nil
-	}
-
-	msgs := make([]string, 0, 10)
-	if o.Payload.TagUser != nil {
-		for _, v := range o.Payload.TagUser.Entries {
-			if v.Message != "" {
-				msgs = append(msgs, fmt.Sprintf("taguser:%s:%q", v.User, v.Message))
-			}
-		}
-	}
-
-	if o.Payload.UntagUser != nil {
-		for _, v := range o.Payload.UntagUser.Entries {
-			if v.Message != "" {
-				msgs = append(msgs, fmt.Sprintf("untaguser:%s:%q", v.User, v.Message))
-			}
-		}
-	}
-
-	if len(msgs) > 0 {
-		return fmt.Errorf(strings.Join(msgs, " | "))
-	}
-
-	return nil
-}
-
-type uid struct {
-	XMLName xml.Name `xml:"uid-message"`
-	Version string   `xml:"version"`
-	Type    string   `xml:"type"`
-	Payload payload  `xml:"payload"`
-}
-
-type payload struct {
-	Login     *loginLogoutSpec  `xml:"login"`
-	Logout    *loginLogoutSpec  `xml:"logout"`
-	TagIp     *tagUntagIpSpec   `xml:"register"`
-	UntagIp   *tagUntagIpSpec   `xml:"unregister"`
-	Group     *groupSpec        `xml:"groups"`
-	TagUser   *tagUntagUserSpec `xml:"register-user"`
-	UntagUser *tagUntagUserSpec `xml:"unregister-user"`
-}
-
-type loginLogoutSpec struct {
-	Entry []inOut `xml:"entry"`
-}
-
-type inOut struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Ip      string   `xml:"ip,attr"`
-	Timeout int      `xml:"timeout,attr,omitempty"`
-}
-
-type tagUntagIpSpec struct {
-	Entry []ipTag `xml:"entry"`
-}
-
-type ipTag struct {
-	XMLName xml.Name `xml:"entry"`
-	Ip      string   `xml:"ip,attr"`
-	Tags    []string `xml:"tag>member"`
-}
-
-type groupSpec struct {
-	Entries []groupDef `xml:"entry"`
-}
-
-type groupDef struct {
-	Name    string         `xml:"name,attr"`
-	Members util.EntryType `xml:"members"`
-}
-
-type tagUntagUserSpec struct {
-	Entries []userTagEntry `xml:"entry"`
-}
-
-type userTagEntry struct {
-	User    string    `xml:"user,attr"`
-	Message string    `xml:"message,attr,omitempty"`
-	Tags    *userTags `xml:"tag"`
-}
-
-type userTags struct {
-	Tags []userTag `xml:"member"`
-}
-
-type userTag struct {
-	Tag     string `xml:",chardata"`
-	Timeout int    `xml:"timeout,attr,omitempty"`
-}
-
-func encode(m *Message) (*uid, string) {
-	var buf strings.Builder
-	if m == nil {
-		return nil, ""
-	}
-
-	msg := uid{
-		Version: "1.0",
-		Type:    "update",
-	}
-
-	// Login users.
-	if len(m.Logins) > 0 {
-		buf.WriteString(fmt.Sprintf(" logins:%d", len(m.Logins)))
-		msg.Payload.Login = &loginLogoutSpec{}
-		msg.Payload.Login.Entry = make([]inOut, 0, len(m.Logins))
-		for i := range m.Logins {
-			x := inOut{
-				Name:    m.Logins[i].User,
-				Ip:      m.Logins[i].Ip,
-				Timeout: m.Logins[i].Timeout,
-			}
-			msg.Payload.Login.Entry = append(msg.Payload.Login.Entry, x)
-		}
-	}
-
-	// Logout users.
-	if len(m.Logouts) > 0 {
-		buf.WriteString(fmt.Sprintf(" logouts:%d", len(m.Logouts)))
-		msg.Payload.Logout = &loginLogoutSpec{}
-		msg.Payload.Logout.Entry = make([]inOut, 0, len(m.Logouts))
-		for i := range m.Logouts {
-			x := inOut{
-				Name: m.Logouts[i].User,
-				Ip:   m.Logouts[i].Ip,
-			}
-			msg.Payload.Logout.Entry = append(msg.Payload.Logout.Entry, x)
-		}
-	}
-
-	// Tag IPs.
-	if len(m.TagIps) > 0 {
-		buf.WriteString(fmt.Sprintf(" tagip:%d", len(m.TagIps)))
-		msg.Payload.TagIp = &tagUntagIpSpec{}
-		msg.Payload.TagIp.Entry = make([]ipTag, 0, len(m.TagIps))
-		for i := range m.TagIps {
-			x := ipTag{
-				Ip:   m.TagIps[i].Ip,
-				Tags: m.TagIps[i].Tags,
-			}
-			msg.Payload.TagIp.Entry = append(msg.Payload.TagIp.Entry, x)
-		}
-	}
-
-	// Remove tags from IPs.
-	if len(m.UntagIps) > 0 {
-		buf.WriteString(fmt.Sprintf(" untagip:%d", len(m.UntagIps)))
-		msg.Payload.UntagIp = &tagUntagIpSpec{}
-		msg.Payload.UntagIp.Entry = make([]ipTag, 0, len(m.UntagIps))
-		for i := range m.UntagIps {
-			x := ipTag{
-				Ip:   m.UntagIps[i].Ip,
-				Tags: m.UntagIps[i].Tags,
-			}
-			msg.Payload.UntagIp.Entry = append(msg.Payload.UntagIp.Entry, x)
-		}
-	}
-
-	// Specify a static group of users.
-	if len(m.Groups) > 0 {
-		buf.WriteString(fmt.Sprintf(" group:%d", len(m.Groups)))
-		msg.Payload.Group = &groupSpec{}
-		msg.Payload.Group.Entries = make([]groupDef, 0, len(m.Groups))
-		for i := range m.Groups {
-			members := util.StrToEnt(m.Groups[i].Users)
-			if members == nil {
-				members = &util.EntryType{}
-			}
-			x := groupDef{
-				Name:    m.Groups[i].Name,
-				Members: *members,
-			}
-			msg.Payload.Group.Entries = append(msg.Payload.Group.Entries, x)
-		}
-	}
-
-	// Tag users.
-	if len(m.TagUsers) > 0 {
-		buf.WriteString(fmt.Sprintf(" taguser:%d", len(m.TagUsers)))
-		msg.Payload.TagUser = &tagUntagUserSpec{}
-		msg.Payload.TagUser.Entries = make([]userTagEntry, 0, len(m.TagUsers))
-		for _, user := range m.TagUsers {
-			tags := make([]userTag, 0, len(user.Tags))
-			for _, val := range user.Tags {
-				tag := userTag{
-					Tag:     val.Tag,
-					Timeout: val.Timeout,
-				}
-				tags = append(tags, tag)
-			}
-			x := userTagEntry{
-				User: user.User,
-				Tags: &userTags{Tags: tags},
-			}
-			msg.Payload.TagUser.Entries = append(msg.Payload.TagUser.Entries, x)
-		}
-	}
-
-	// Untag users.
-	if len(m.UntagUsers) > 0 {
-		buf.WriteString(fmt.Sprintf(" untaguser:%d", len(m.UntagUsers)))
-		msg.Payload.UntagUser = &tagUntagUserSpec{}
-		msg.Payload.UntagUser.Entries = make([]userTagEntry, 0, len(m.UntagUsers))
-		for _, user := range m.UntagUsers {
-			x := userTagEntry{User: user.User}
-			if len(user.Tags) > 0 {
-				tags := make([]userTag, 0, len(user.Tags))
-				for _, val := range user.Tags {
-					tags = append(tags, userTag{Tag: val})
-				}
-				x.Tags = &userTags{tags}
-			}
-			msg.Payload.UntagUser.Entries = append(msg.Payload.UntagUser.Entries, x)
-		}
-	}
-
-	if buf.Len() == 0 {
-		return nil, ""
-	}
-
-	return &msg, buf.String()
-}
diff --git a/userid/userid.go b/userid/userid.go
deleted file mode 100644
index 716b1f02..00000000
--- a/userid/userid.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package userid
-
-import (
-	"bytes"
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// UserId is the client.UserId namespace.
-type UserId struct {
-	con util.XapiClient
-}
-
-// Initialize is invoked on client.Initialize().
-func (c *UserId) Initialize(i util.XapiClient) {
-	c.con = i
-}
-
-/*
-Run executes the given User-Id message.  This allows you to
-perform User-Id operations, such as logging in users, tagging
-IP addresses, and setting group memberhsip.
-
-Please refer to the Message class for the details.
-
-The vsys param is which vsys these operations should take place in.  If
-vsys is an empty string, vsys defaults to "vsys1".
-*/
-func (c *UserId) Run(msg *Message, vsys string) error {
-	req, desc := encode(msg)
-	if req == nil {
-		return nil
-	}
-
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-
-	c.con.LogUid("(userid) running in %s -%s", vsys, desc)
-
-	b, err := c.con.Uid(req, vsys, nil, nil)
-	if bytes.Contains(b, []byte("<uid-response>")) {
-		resp := uidResponse{}
-		if e2 := xml.Unmarshal(b, &resp); e2 == nil {
-			e3 := resp.GetError()
-			if e3 != nil {
-				return e3
-			}
-		}
-	}
-
-	return err
-}
diff --git a/userid/userid_test.go b/userid/userid_test.go
deleted file mode 100644
index 0e115453..00000000
--- a/userid/userid_test.go
+++ /dev/null
@@ -1,81 +0,0 @@
-package userid
-
-import (
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestRun(t *testing.T) {
-	testCases := []struct {
-		desc string
-		vsys string
-		msg  *Message
-	}{
-		{"login and empty vsys", "", &Message{
-			Logins: []Login{
-				{User: "john", Ip: "1.2.3.4"},
-			},
-		}},
-		{"logout and vsys2", "vsys2", &Message{
-			Logouts: []Logout{
-				{User: "jack", Ip: "2.3.4.5"},
-			},
-		}},
-		{"register and vsys3", "vsys3", &Message{
-			TagIps: []TagIp{
-				{Ip: "3.4.5.6", Tags: []string{"one", "two"}},
-			},
-		}},
-		{"unregister and vsys4", "vsys4", &Message{
-			UntagIps: []UntagIp{
-				{Ip: "4.5.6.7", Tags: []string{"three", "four"}},
-			},
-		}},
-		{"group and vsys1", "vsys1", &Message{
-			Groups: []Group{
-				{Name: "mygroup", Users: []string{"john", "doe"}},
-			},
-		}},
-		{"tag user and vsys2", "vsys2", &Message{
-			TagUsers: []TagUser{
-				{
-					User: "mydomain\\jack",
-					Tags: []UserTag{
-						{Tag: "one"},
-						{Tag: "two", Timeout: 60},
-					},
-				},
-			},
-		}},
-		{"untag user and vsys3", "vsys3", &Message{
-			UntagUsers: []UntagUser{
-				{User: "mydomain\\jack", Tags: []string{"one", "two"}},
-			},
-		}},
-	}
-
-	mc := &testdata.MockClient{}
-	mc.Resp = make([]testdata.Response, 0, len(testCases))
-	u := &UserId{}
-	u.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			i := mc.Called
-			mc.Resp = append(mc.Resp, testdata.Response{[]byte(""), nil})
-			err := u.Run(tc.msg, tc.vsys)
-			if err != nil || mc.Called == i {
-				t.Errorf("Failed basic checks")
-			} else {
-				if tc.vsys == "" {
-					if mc.Vsys != "vsys1" {
-						t.Errorf("Vsys is %s, not vsys1", mc.Vsys)
-					}
-				} else if mc.Vsys != tc.vsys {
-					t.Errorf("Vsys is %s, not %s", mc.Vsys, tc.vsys)
-				}
-			}
-		})
-	}
-}
diff --git a/userid/usertags.go b/userid/usertags.go
deleted file mode 100644
index ed9e5d96..00000000
--- a/userid/usertags.go
+++ /dev/null
@@ -1,97 +0,0 @@
-package userid
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-/*
-GetUserTags returns dynamic user tags.
-
-Note:  PAN-OS 9.1+
-
-The user param will filter on just the specified user instead of all users
-and all tags.
-
-If vsys is an empty string, then this function defaults to "vsys1".
-*/
-func (c *UserId) GetUserTags(user, vsys string) (map[string][]string, error) {
-	if vsys == "" {
-		vsys = "vsys1"
-	}
-	c.con.LogOp("(op) getting user tags: user:%q vsys %q", user, vsys)
-
-	req := &gutReq{}
-
-	ans := make(map[string][]string)
-	length := 0
-	for {
-		req.FilterOn(user, length)
-		resp := gutResp{}
-
-		_, err := c.con.Op(req, vsys, nil, &resp)
-		if err != nil {
-			return nil, err
-		}
-
-		for i := range resp.Entry {
-			ans[resp.Entry[i].User] = util.MemToStr(resp.Entry[i].Tags)
-		}
-
-		if req.ShouldStop(len(resp.Entry)) {
-			break
-		}
-
-		length += len(resp.Entry)
-	}
-
-	return ans, nil
-}
-
-type gutReq struct {
-	XMLName xml.Name `xml:"show"`
-	Data    gutData  `xml:"object>registered-user"`
-}
-
-type gutData struct {
-	All  *gutDataAll `xml:"all"`
-	User string      `xml:"user,omitempty"`
-}
-
-type gutDataAll struct {
-	Limit int `xml:"limit"`
-	Start int `xml:"start-point"`
-}
-
-func (o *gutReq) FilterOn(user string, length int) {
-	if user != "" {
-		if o.Data.User == "" {
-			o.Data.User = user
-		}
-	} else {
-		if o.Data.All == nil {
-			o.Data.All = &gutDataAll{
-				Limit: 500,
-			}
-		}
-		o.Data.All.Start = length + 1
-	}
-}
-
-func (o *gutReq) ShouldStop(lastCount int) bool {
-	if o.Data.All == nil {
-		return true
-	}
-
-	return lastCount < o.Data.All.Limit
-}
-
-type gutResp struct {
-	Entry []gutEntry `xml:"result>entry"`
-}
-
-type gutEntry struct {
-	User string           `xml:"user,attr"`
-	Tags *util.MemberType `xml:"tag"`
-}
diff --git a/userid/usertags_test.go b/userid/usertags_test.go
deleted file mode 100644
index ae815e0a..00000000
--- a/userid/usertags_test.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package userid
-
-import (
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestGetUserTags(t *testing.T) {
-	testCases := []struct {
-		desc string
-		data map[string][]string
-		body string
-	}{
-		{
-			"multi user", map[string][]string{
-				"mydomain\\user1": []string{"tag1", "tag2"},
-				"mydomain\\user2": []string{"tag3", "tag4"},
-			}, `<response status="success"><result><entry user="mydomain\user1">
-<tag>
-<member>tag1</member>
-<member>tag2</member>
-</tag>
-</entry>
-<entry user="mydomain\user2">
-<tag>
-<member>tag3</member>
-<member>tag4</member>
-</tag>
-</entry>
-<count>2</count>
-</result></response>`,
-		},
-		{
-			"single user", map[string][]string{
-				"foo\\jack": []string{"one", "two", "three"},
-			}, `
-<response status="success"><result><entry user="foo\jack">
-<tag>
-<member>one</member>
-<member>two</member>
-<member>three</member>
-</tag>
-</entry>
-<count>1</count>
-</result></response>`,
-		},
-	}
-
-	mc := &testdata.MockClient{}
-	mc.Resp = make([]testdata.Response, 0, len(testCases))
-	u := &UserId{}
-	u.Initialize(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			i := mc.Called
-			mc.Resp = append(mc.Resp, testdata.Response{[]byte(tc.body), nil})
-			ans, err := u.GetUserTags("", "vsys1")
-			if err != nil || mc.Called == i {
-				t.Errorf("Failed basic checks")
-			} else if len(ans) != len(tc.data) {
-				t.Errorf("Mismatched data: expected %#v, got %#v", tc.data, ans)
-			} else {
-				for user, eTags := range tc.data {
-					var aTags []string
-					aTags = ans[user]
-					if len(aTags) != len(eTags) {
-						t.Errorf("Mismatched tags for %s: %#v, but got %#v", user, eTags, aTags)
-					} else {
-						for ti := range eTags {
-							if eTags[ti] != aTags[ti] {
-								t.Errorf("Tag %d: wanted %s, got %s", ti, eTags[ti], aTags[ti])
-								break
-							}
-						}
-					}
-				}
-			}
-		})
-	}
-}
diff --git a/vsys/const.go b/vsys/const.go
deleted file mode 100644
index ac3ed3fd..00000000
--- a/vsys/const.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package vsys
-
-const (
-	singular = "vsys"
-	plural   = "vsys"
-)
diff --git a/vsys/doc.go b/vsys/doc.go
deleted file mode 100644
index b5a03cfa..00000000
--- a/vsys/doc.go
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
-Package vsys is the client.Vsys namespace.
-
-For right now, this namespace does not support `Edit()` due to the
-inherent risks with `EDIT` at the vsys level.
-
-For the Panorama struct, this helps discover and manage the vsys
-under a given template or template stack.
-
-Normalized object:  Entry
-*/
-package vsys
diff --git a/vsys/entry.go b/vsys/entry.go
deleted file mode 100644
index 2032da3c..00000000
--- a/vsys/entry.go
+++ /dev/null
@@ -1,222 +0,0 @@
-package vsys
-
-import (
-	"encoding/xml"
-
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-// Entry is a normalized, version independent representation of a Vsys.
-type Entry struct {
-	Name           string
-	NetworkImports *NetworkImports
-}
-
-type NetworkImports struct {
-	Interfaces     []string
-	VirtualRouters []string
-	VirtualWires   []string
-	Vlans          []string
-	LogicalRouters []string // PAN-OS 10.0+
-}
-
-// Copy copies the information from source Entry `s` to this object.  As the
-// Name field relates to the XPATH of this object, this field is not copied.
-func (o *Entry) Copy(s Entry) {
-	if s.NetworkImports == nil {
-		o.NetworkImports = nil
-	} else {
-		o.NetworkImports = &NetworkImports{}
-		if s.NetworkImports.Interfaces != nil {
-			o.NetworkImports.Interfaces = make([]string, len(s.NetworkImports.Interfaces))
-			copy(o.NetworkImports.Interfaces, s.NetworkImports.Interfaces)
-		}
-		if s.NetworkImports.VirtualRouters != nil {
-			o.NetworkImports.VirtualRouters = make([]string, len(s.NetworkImports.VirtualRouters))
-			copy(o.NetworkImports.VirtualRouters, s.NetworkImports.VirtualRouters)
-		}
-		if s.NetworkImports.VirtualWires != nil {
-			o.NetworkImports.VirtualWires = make([]string, len(s.NetworkImports.VirtualWires))
-			copy(o.NetworkImports.VirtualWires, s.NetworkImports.VirtualWires)
-		}
-		if s.NetworkImports.Vlans != nil {
-			o.NetworkImports.Vlans = make([]string, len(s.NetworkImports.Vlans))
-			copy(o.NetworkImports.Vlans, s.NetworkImports.Vlans)
-		}
-		if s.NetworkImports.LogicalRouters != nil {
-			o.NetworkImports.LogicalRouters = make([]string, len(s.NetworkImports.LogicalRouters))
-			copy(o.NetworkImports.LogicalRouters, s.NetworkImports.LogicalRouters)
-		}
-	}
-}
-
-/** Structs / functions for normalization. **/
-
-func (o Entry) Specify(v version.Number) (string, interface{}) {
-	_, fn := versioning(v)
-	return o.Name, fn(o)
-}
-
-type normalizer interface {
-	Normalize() []Entry
-	Names() []string
-}
-
-type container_v1 struct {
-	Answer []entry_v1 `xml:"entry"`
-}
-
-func (o *container_v1) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v1) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v1 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Import  *imp_v1  `xml:"import"`
-}
-
-type imp_v1 struct {
-	Network *impNetwork_v1 `xml:"network"`
-}
-
-type impNetwork_v1 struct {
-	Interfaces     *util.MemberType `xml:"interface"`
-	VirtualRouters *util.MemberType `xml:"virtual-router"`
-	VirtualWires   *util.MemberType `xml:"virtual-wire"`
-	Vlans          *util.MemberType `xml:"vlan"`
-}
-
-func specify_v1(e Entry) interface{} {
-	ans := entry_v1{
-		Name: e.Name,
-	}
-
-	if e.NetworkImports != nil {
-		ans.Import = &imp_v1{
-			Network: &impNetwork_v1{
-				Interfaces:     util.StrToMem(e.NetworkImports.Interfaces),
-				VirtualRouters: util.StrToMem(e.NetworkImports.VirtualRouters),
-				VirtualWires:   util.StrToMem(e.NetworkImports.VirtualWires),
-				Vlans:          util.StrToMem(e.NetworkImports.Vlans),
-			},
-		}
-	}
-
-	return ans
-}
-
-func (e *entry_v1) normalize() Entry {
-	ans := Entry{
-		Name: e.Name,
-	}
-
-	if e.Import != nil {
-		if e.Import.Network != nil {
-			ans.NetworkImports = &NetworkImports{
-				Interfaces:     util.MemToStr(e.Import.Network.Interfaces),
-				VirtualRouters: util.MemToStr(e.Import.Network.VirtualRouters),
-				VirtualWires:   util.MemToStr(e.Import.Network.VirtualWires),
-				Vlans:          util.MemToStr(e.Import.Network.Vlans),
-			}
-		}
-	}
-
-	return ans
-}
-
-// PAN-OS 10.0
-type container_v2 struct {
-	Answer []entry_v2 `xml:"entry"`
-}
-
-func (o *container_v2) Names() []string {
-	ans := make([]string, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].Name)
-	}
-
-	return ans
-}
-
-func (o *container_v2) Normalize() []Entry {
-	ans := make([]Entry, 0, len(o.Answer))
-	for i := range o.Answer {
-		ans = append(ans, o.Answer[i].normalize())
-	}
-
-	return ans
-}
-
-type entry_v2 struct {
-	XMLName xml.Name `xml:"entry"`
-	Name    string   `xml:"name,attr"`
-	Import  *imp_v2  `xml:"import"`
-}
-
-type imp_v2 struct {
-	Network *impNetwork_v2 `xml:"network"`
-}
-
-type impNetwork_v2 struct {
-	Interfaces     *util.MemberType `xml:"interface"`
-	VirtualRouters *util.MemberType `xml:"virtual-router"`
-	VirtualWires   *util.MemberType `xml:"virtual-wire"`
-	Vlans          *util.MemberType `xml:"vlan"`
-	LogicalRouters *util.MemberType `xml:"logical-router"`
-}
-
-func specify_v2(e Entry) interface{} {
-	ans := entry_v2{
-		Name: e.Name,
-	}
-
-	if e.NetworkImports != nil {
-		ans.Import = &imp_v2{
-			Network: &impNetwork_v2{
-				Interfaces:     util.StrToMem(e.NetworkImports.Interfaces),
-				VirtualRouters: util.StrToMem(e.NetworkImports.VirtualRouters),
-				VirtualWires:   util.StrToMem(e.NetworkImports.VirtualWires),
-				Vlans:          util.StrToMem(e.NetworkImports.Vlans),
-				LogicalRouters: util.StrToMem(e.NetworkImports.LogicalRouters),
-			},
-		}
-	}
-
-	return ans
-}
-
-func (e *entry_v2) normalize() Entry {
-	ans := Entry{
-		Name: e.Name,
-	}
-
-	if e.Import != nil {
-		if e.Import.Network != nil {
-			ans.NetworkImports = &NetworkImports{
-				Interfaces:     util.MemToStr(e.Import.Network.Interfaces),
-				VirtualRouters: util.MemToStr(e.Import.Network.VirtualRouters),
-				VirtualWires:   util.MemToStr(e.Import.Network.VirtualWires),
-				Vlans:          util.MemToStr(e.Import.Network.Vlans),
-				LogicalRouters: util.MemToStr(e.Import.Network.LogicalRouters),
-			}
-		}
-	}
-
-	return ans
-}
diff --git a/vsys/funcs.go b/vsys/funcs.go
deleted file mode 100644
index fae07710..00000000
--- a/vsys/funcs.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package vsys
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-func versioning(v version.Number) (normalizer, func(Entry) interface{}) {
-	if v.Gte(version.Number{10, 0, 0, ""}) {
-		return &container_v2{}, specify_v2
-	} else {
-		return &container_v1{}, specify_v1
-	}
-}
-
-func specifier(e ...Entry) []namespace.Specifier {
-	ans := make([]namespace.Specifier, 0, len(e))
-
-	var val namespace.Specifier
-	for _, x := range e {
-		val = x
-		ans = append(ans, val)
-	}
-
-	return ans
-}
-
-func container(v version.Number) normalizer {
-	r, _ := versioning(v)
-	return r
-}
-
-func first(ans normalizer, err error) (Entry, error) {
-	if err != nil {
-		return Entry{}, err
-	}
-
-	return ans.Normalize()[0], nil
-}
-
-func all(ans normalizer, err error) ([]Entry, error) {
-	if err != nil {
-		return nil, err
-	}
-
-	return ans.Normalize(), nil
-}
-
-func toNames(e []interface{}) ([]string, error) {
-	ans := make([]string, len(e))
-	for i := range e {
-		switch v := e[i].(type) {
-		case string:
-			ans[i] = v
-		case Entry:
-			ans[i] = v.Name
-		default:
-			return nil, fmt.Errorf("invalid type: %s", v)
-		}
-	}
-
-	return ans, nil
-}
-
-// FirewallNamespace returns an initialized namespace.
-func FirewallNamespace(client util.XapiClient) *Firewall {
-	return &Firewall{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
-
-// PanoramaNamespace returns an initialized namespace.
-func PanoramaNamespace(client util.XapiClient) *Panorama {
-	return &Panorama{
-		ns: &namespace.Standard{
-			Common: namespace.Common{
-				Singular: singular,
-				Plural:   plural,
-				Client:   client,
-			},
-		},
-	}
-}
diff --git a/vsys/fw.go b/vsys/fw.go
deleted file mode 100644
index 55d04281..00000000
--- a/vsys/fw.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package vsys
-
-import (
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Firewall is the client.Vsys namespace.
-type Firewall struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Firewall) GetList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Firewall) ShowList() ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Firewall) Get(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Firewall) Show(name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Firewall) GetAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Firewall) ShowAll() ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Firewall) Set(e ...Entry) error {
-	return c.ns.Set(c.pather(), specifier(e...))
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Firewall) Delete(e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(), names, nErr)
-}
-
-func (c *Firewall) pather() namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(v)
-	}
-}
-
-func (c *Firewall) xpath(vals []string) ([]string, error) {
-	return []string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-		util.AsEntryXpath(vals),
-	}, nil
-}
-
-func (c *Firewall) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/vsys/fw_test.go b/vsys/fw_test.go
deleted file mode 100644
index 0ab5936f..00000000
--- a/vsys/fw_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package vsys
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestFwNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := FirewallNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set(tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get(tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/vsys/pano.go b/vsys/pano.go
deleted file mode 100644
index 692c2ba1..00000000
--- a/vsys/pano.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package vsys
-
-import (
-	"fmt"
-
-	"github.com/PaloAltoNetworks/pango/namespace"
-	"github.com/PaloAltoNetworks/pango/util"
-)
-
-// Panorama is the client.Vsys namespace.
-type Panorama struct {
-	ns *namespace.Standard
-}
-
-// GetList performs GET to retrieve a list of all objects.
-func (c *Panorama) GetList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Get, c.pather(tmpl, ts), ans)
-}
-
-// ShowList performs SHOW to retrieve a list of all objects.
-func (c *Panorama) ShowList(tmpl, ts string) ([]string, error) {
-	ans := c.container()
-	return c.ns.Listing(util.Show, c.pather(tmpl, ts), ans)
-}
-
-// Get performs GET to retrieve information for the given object.
-func (c *Panorama) Get(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Get, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// Show performs SHOW to retrieve information for the given object.
-func (c *Panorama) Show(tmpl, ts, name string) (Entry, error) {
-	ans := c.container()
-	err := c.ns.Object(util.Show, c.pather(tmpl, ts), name, ans)
-	return first(ans, err)
-}
-
-// GetAll performs GET to retrieve all objects configured.
-func (c *Panorama) GetAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Get, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// ShowAll performs SHOW to retrieve information for all objects.
-func (c *Panorama) ShowAll(tmpl, ts string) ([]Entry, error) {
-	ans := c.container()
-	err := c.ns.Objects(util.Show, c.pather(tmpl, ts), ans)
-	return all(ans, err)
-}
-
-// Set performs SET to configure the specified objects.
-func (c *Panorama) Set(tmpl, ts string, e ...Entry) error {
-	return c.ns.Set(c.pather(tmpl, ts), specifier(e...))
-}
-
-// Delete performs DELETE to remove the specified objects.
-//
-// Objects can be either a string or an Entry object.
-func (c *Panorama) Delete(tmpl, ts string, e ...interface{}) error {
-	names, nErr := toNames(e)
-	return c.ns.Delete(c.pather(tmpl, ts), names, nErr)
-}
-
-func (c *Panorama) pather(tmpl, ts string) namespace.Pather {
-	return func(v []string) ([]string, error) {
-		return c.xpath(tmpl, ts, v)
-	}
-}
-
-func (c *Panorama) xpath(tmpl, ts string, vals []string) ([]string, error) {
-	if tmpl == "" && ts == "" {
-		return nil, fmt.Errorf("tmpl or ts must be specified")
-	}
-
-	ans := make([]string, 0, 10)
-	ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-		util.AsEntryXpath(vals),
-	)
-
-	return ans, nil
-}
-
-func (c *Panorama) container() normalizer {
-	return container(c.ns.Client.Versioning())
-}
diff --git a/vsys/pano_test.go b/vsys/pano_test.go
deleted file mode 100644
index 8cde0fe3..00000000
--- a/vsys/pano_test.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package vsys
-
-import (
-	"reflect"
-	"testing"
-
-	"github.com/PaloAltoNetworks/pango/testdata"
-)
-
-func TestPanoNormalization(t *testing.T) {
-	testCases := getTests()
-
-	mc := &testdata.MockClient{}
-	ns := PanoramaNamespace(mc)
-
-	for _, tc := range testCases {
-		t.Run(tc.desc, func(t *testing.T) {
-			mc.Version = tc.version
-			mc.Reset()
-			mc.AddResp("")
-			err := ns.Set("my template", "", tc.conf)
-			if err != nil {
-				t.Errorf("Error in set: %s", err)
-			} else {
-				mc.AddResp(mc.Elm)
-				r, err := ns.Get("my template", "", tc.conf.Name)
-				if err != nil {
-					t.Errorf("Error in get: %s", err)
-				} else if !reflect.DeepEqual(tc.conf, r) {
-					t.Errorf("%#v != %#v", tc.conf, r)
-				}
-			}
-		})
-	}
-}
diff --git a/vsys/testdata_test.go b/vsys/testdata_test.go
deleted file mode 100644
index 6ae4f8b8..00000000
--- a/vsys/testdata_test.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package vsys
-
-import (
-	"github.com/PaloAltoNetworks/pango/version"
-)
-
-type testCase struct {
-	desc    string
-	version version.Number
-	conf    Entry
-}
-
-func getTests() []testCase {
-	return []testCase{
-		{"v1 empty", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-		}},
-		{"v1 interfaces", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				Interfaces: []string{"ethernet1/1", "ethernet1/2"},
-			},
-		}},
-		{"v1 virtual routers", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				VirtualRouters: []string{"default", "vr2"},
-			},
-		}},
-		{"v1 virtual wires", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				VirtualWires: []string{"vwire1"},
-			},
-		}},
-		{"v1 vlans", version.Number{6, 1, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				Vlans: []string{"vlan1", "vlan3", "vlan2"},
-			},
-		}},
-		{"v2 empty", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-		}},
-		{"v2 interfaces", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				Interfaces: []string{"ethernet1/1", "ethernet1/2"},
-			},
-		}},
-		{"v2 virtual routers", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				VirtualRouters: []string{"default", "vr2"},
-			},
-		}},
-		{"v2 virtual wires", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				VirtualWires: []string{"vwire1"},
-			},
-		}},
-		{"v2 vlans", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				Vlans: []string{"vlan1", "vlan3", "vlan2"},
-			},
-		}},
-		{"v2 logical routers", version.Number{10, 0, 0, ""}, Entry{
-			Name: "one",
-			NetworkImports: &NetworkImports{
-				LogicalRouters: []string{"one", "two"},
-			},
-		}},
-	}
-}
diff --git a/xmlapi/generic.go b/xmlapi/generic.go
deleted file mode 100644
index 26aa227e..00000000
--- a/xmlapi/generic.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package xmlapi
-
-import (
-    "encoding/xml"
-)
-
-type Generic struct {
-    XMLName xml.Name
-    Name *string `xml:"name,attr,omitempty"`
-    Uuid *string `xml:"uuid,attr,omitempty"`
-    Text []byte `xml:",innerxml"`
-    Nodes []Generic `xml:",any"`
-}
diff --git a/xmlapiclient.go b/xmlapiclient.go
deleted file mode 100644
index 6bdee4b6..00000000
--- a/xmlapiclient.go
+++ /dev/null
@@ -1,565 +0,0 @@
-package pango
-
-import (
-    "bytes"
-    "context"
-    "crypto/tls"
-    "encoding/json"
-    "encoding/xml"
-    "fmt"
-    "io"
-    "log"
-    _ "mime"
-    "mime/multipart"
-    "net/http"
-    "net/url"
-    "os"
-    "strings"
-    "strconv"
-
-    "github.com/PaloAltoNetworks/pango/errors"
-    "github.com/PaloAltoNetworks/pango/generic"
-    "github.com/PaloAltoNetworks/pango/plugin"
-    "github.com/PaloAltoNetworks/pango/util"
-    "github.com/PaloAltoNetworks/pango/version"
-    "github.com/PaloAltoNetworks/pango/xmlapi"
-)
-
-// XmlApiClient is an XML API client connection.  If provides wrapper functions
-// for invoking the various PAN-OS API methods.  After creating the client,
-// invoke Setup() followed by Initialize() to prepare it for use.
-type XmlApiClient struct {
-    Hostname string            `json:"hostname"`
-    Username string            `json:"username"`
-    Password string            `json:"password"`
-    ApiKey   string            `json:"api_key"`
-    Protocol string            `json:"protocol"`
-    Port     int              `json:"port"`
-    Target   string            `json:"target"`
-    ApiKeyInRequest bool `json:"api_key_in_request"`
-    Headers  map[string]string `json:"headers"`
-    Logging map[string] bool `json:"logging"`
-
-    // Set to true if you want to check environment variables
-    // for auth and connection properties.
-    CheckEnvironment bool `json:"-"`
-    AuthFile string `json:"-"`
-
-    // HTTP transport options.  Note that the SkipVerifyCertificate setting
-    // is only used if you do not specify a HTTP transport yourself.
-    SkipVerifyCertificate bool            `json:"skip_verify_certificate"`
-    Transport         *http.Transport `json:"-"`
-
-    // Variables determined at runtime.
-    Version        version.Number    `json:"-"`
-    SystemInfo     map[string]string `json:"-"`
-    Plugin         []plugin.Info     `json:"-"`
-
-    // Internal variables.
-    credsFile  string
-    con        *http.Client
-    api_url    string
-    configTree *generic.Xml
-
-    // Variables for testing, response bytes, headers, and response index.
-    testInput []*http.Request
-    testOutput []*http.Response
-    testIndex int
-    authFileContent []byte
-}
-
-func (c *XmlApiClient) Versioning() version.Number { return c.Version }
-
-func (c *XmlApiClient) Plugins() []plugin.Info {
-    return c.Plugin
-}
-
-// Setup does validation and initialization in preparation to start executing API
-// commands against PAN-OS.
-func (c *XmlApiClient) Setup() error {
-    var err error
-
-    // Load up the JSON config file.
-    var json_client XmlApiClient
-    if c.AuthFile != "" {
-        var b []byte
-        if len(c.testOutput) == 0 {
-            b, err = os.ReadFile(c.AuthFile)
-        } else {
-            b = c.authFileContent
-        }
-
-        if err != nil {
-            return err
-        }
-
-        if err = json.Unmarshal(b, &json_client); err != nil {
-            return err
-        }
-    }
-
-    // Hostname.
-    if c.Hostname == "" {
-        if val := os.Getenv("PANOS_HOSTNAME"); c.CheckEnvironment && val != "" {
-            c.Hostname = val
-        } else if json_client.Hostname != "" {
-            c.Hostname = json_client.Hostname
-        }
-    }
-
-	// Username.
-	if c.Username == "" {
-		if val := os.Getenv("PANOS_USERNAME"); c.CheckEnvironment && val != "" {
-			c.Username = val
-		} else {
-			c.Username = json_client.Username
-		}
-	}
-
-	// Password.
-	if c.Password == "" {
-		if val := os.Getenv("PANOS_PASSWORD"); c.CheckEnvironment && val != "" {
-			c.Password = val
-		} else {
-			c.Password = json_client.Password
-		}
-	}
-
-	// API key.
-	if c.ApiKey == "" {
-		if val := os.Getenv("PANOS_API_KEY"); c.CheckEnvironment && val != "" {
-			c.ApiKey = val
-		} else {
-			c.ApiKey = json_client.ApiKey
-		}
-	}
-
-	// Protocol.
-	if c.Protocol == "" {
-		if val := os.Getenv("PANOS_PROTOCOL"); c.CheckEnvironment && val != "" {
-			c.Protocol = val
-		} else if json_client.Protocol != "" {
-			c.Protocol = json_client.Protocol
-		} else {
-			c.Protocol = "https"
-		}
-	}
-	if c.Protocol != "http" && c.Protocol != "https" {
-		return fmt.Errorf("Invalid protocol %q.  Must be \"http\" or \"https\"", c.Protocol)
-	}
-
-	// Port.
-	if c.Port == 0 {
-		if val := os.Getenv("PANOS_PORT"); c.CheckEnvironment && val != "" {
-			if cp, err := strconv.Atoi(val); err != nil {
-				return fmt.Errorf("Failed to parse the env port number: %s", err)
-			} else {
-				c.Port = cp
-			}
-		} else if json_client.Port != 0 {
-			c.Port = json_client.Port
-		}
-	}
-	if c.Port > 65535 {
-		return fmt.Errorf("Port %d is out of bounds", c.Port)
-	}
-
-    // Target.
-	if c.Target == "" {
-		if val := os.Getenv("PANOS_TARGET"); c.CheckEnvironment && val != "" {
-			c.Target = val
-		} else {
-			c.Target = json_client.Target
-		}
-	}
-
-	// Headers.
-	if len(c.Headers) == 0 {
-		if val := os.Getenv("PANOS_HEADERS"); c.CheckEnvironment && val != "" {
-			if err := json.Unmarshal([]byte(val), &c.Headers); err != nil {
-				return err
-			}
-		}
-		if len(c.Headers) == 0 && len(json_client.Headers) > 0 {
-			c.Headers = make(map[string]string)
-			for k, v := range json_client.Headers {
-				c.Headers[k] = v
-			}
-		}
-	}
-
-	// Skip verify cert.
-	if !c.SkipVerifyCertificate {
-		if val := os.Getenv("PANOS_SKIP_VERIFY_CERTIFICATE"); c.CheckEnvironment && val != "" {
-			if vcb, err := strconv.ParseBool(val); err != nil {
-				return err
-			} else if vcb {
-				c.SkipVerifyCertificate = vcb
-			}
-		}
-		if !c.SkipVerifyCertificate && json_client.SkipVerifyCertificate {
-			c.SkipVerifyCertificate = true
-		}
-	}
-
-	// Logging.
-    if len(c.Logging) == 0 {
-        if val := os.Getenv("PANOS_LOGGING"); c.CheckEnvironment && val != "" {
-            ll := strings.Split(val, ",")
-            for _, k := range ll {
-                c.Logging[k] = true
-            }
-        } else if len(json_client.Logging) != 0 {
-            c.Logging = make(map[string] bool)
-            for k, v := range json_client.Logging {
-                c.Logging[k] = v
-            }
-        }
-    }
-    if len(c.Logging) == 0 {
-        c.Logging = map[string] bool{
-            "quiet": true,
-        }
-    }
-
-    // Setup the client.
-	if c.Transport == nil {
-		c.Transport = &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: c.SkipVerifyCertificate,
-			},
-		}
-	}
-	c.con = &http.Client{
-		Transport: c.Transport,
-	}
-
-    // Sanity check.
-    if c.Hostname == "" {
-        return fmt.Errorf("hostname must be specified")
-    }
-    if c.ApiKey == "" && (c.Username == "" && c.Password == "") {
-        return fmt.Errorf("either API key or both username and password must be specified")
-    }
-
-    // Configure the api url.
-	if c.Port == 0 {
-		c.api_url = fmt.Sprintf("%s://%s/api", c.Protocol, c.Hostname)
-	} else {
-		c.api_url = fmt.Sprintf("%s://%s:%d/api", c.Protocol, c.Hostname, c.Port)
-	}
-
-    return nil
-}
-
-// Initialize retrieves the API key if needed then retrieves the system info.
-func (c *XmlApiClient) Initialize(ctx context.Context) error {
-    if c.ApiKey == "" {
-        if err := c.RetrieveApiKey(ctx); err != nil {
-            return err
-        }
-    }
-
-    if err := c.RetrieveSystemInfo(ctx); err != nil {
-        return err
-    }
-
-    return nil
-}
-
-// RetrieveSystemInfo performs "show system info" and saves it SystemInfo.
-func (c *XmlApiClient) RetrieveSystemInfo(ctx context.Context) error {
-    var err error
-
-    type req struct {
-        XMLName xml.Name `xml:"show"`
-        Cmd string `xml:"system>info"`
-    }
-
-    type system struct {
-        Tags []generic.Xml `xml:",any"`
-    }
-
-    type resp struct {
-        System system `xml:"result>system"`
-    }
-
-    cmd := &xmlapi.Op{
-        Command: req{},
-        Target: c.Target,
-    }
-
-    var ans resp
-    if _, _, err = c.Communicate(ctx, cmd, false, &ans); err != nil {
-        return err
-    }
-
-	c.SystemInfo = make(map[string]string, len(ans.System.Tags))
-    for _, t := range ans.System.Tags {
-        if t.TrimmedText == nil {
-            continue
-        }
-        c.SystemInfo[t.XMLName.Local] = *t.TrimmedText
-        if t.XMLName.Local == "sw-version" {
-            c.Version, err = version.New(*t.TrimmedText)
-            if err != nil {
-                return err
-            }
-        }
-    }
-
-    return nil
-}
-
-// RetrieveApiKey refreshes the API key.
-//
-// This function unsets the ApiKey value and thus requires that the Username and Password
-// be specified.
-func (c *XmlApiClient) RetrieveApiKey(ctx context.Context) error {
-	type key_gen_ans struct {
-		Key string `xml:"result>key"`
-	}
-
-    cmd := &xmlapi.KeyGen{
-        Username: c.Username,
-        Password: c.Password,
-    }
-
-    var ans key_gen_ans
-	_, _, err := c.Communicate(ctx, cmd, false, &ans)
-	if err != nil {
-		return err
-	}
-
-	c.ApiKey = ans.Key
-
-	return nil
-}
-
-// RetrievePlugins refreshes the Plugins info from PAN-OS.
-func (c *XmlApiClient) RetrievePlugins(ctx context.Context) error {
-    cmd := &xmlapi.Op{
-        Command: plugin.GetPlugins{},
-    }
-
-    var ans plugin.PackageListing
-    _, _, err := c.Communicate(ctx, cmd, false, &ans)
-    if err != nil {
-        return err
-    }
-
-    c.Plugin = ans.Listing()
-
-    return nil
-}
-
-// GetTarget returns the Target param, used in certain API calls.
-func (c *XmlApiClient) GetTarget() string {
-    return c.Target
-}
-
-// MultiConfig does a "multi-config" type command.
-//
-// Param strict should be true if you want strict transactional support.
-//
-// Note that the error returned from this function is only if there was an error
-// unmarshaling the response into the the multi config response struct.  If the
-// multi config itself failed, then the reason can be found in its results.
-func (c *XmlApiClient) MultiConfig(ctx context.Context, mc *xmlapi.MultiConfig, strict bool, extras url.Values) ([]byte, *http.Response, *xmlapi.MultiConfigResponse, error) {
-    cmd := &xmlapi.Config{
-        Action: "multi-config",
-        Element: mc,
-        StrictTransactional: strict,
-        Target: c.Target,
-    }
-
-    text, httpResp, err := c.Communicate(ctx, cmd, false, nil)
-
-    // If the text is empty, then the err will have a real error we should report to the
-    // invoker.  However, if the text is not empty, then ignore the error and parse the
-    // multi config results using the specialized struct custom designed to handle it.
-    if len(text) == 0 {
-        return text, httpResp, nil, err
-    }
-
-    mcResp, err := xmlapi.NewMultiConfigResponse(text)
-    if err != nil {
-        return text, httpResp, nil, err
-    }
-
-    if !mcResp.Ok() {
-        return text, httpResp, mcResp, mcResp
-    }
-
-    return text, httpResp, mcResp, nil
-}
-
-// RequestPasswordHash requests a password hash of the given string.
-func (c *XmlApiClient) RequestPasswordHash(ctx context.Context, v string) (string, error) {
-	type phash_req struct {
-		XMLName xml.Name `xml:"request"`
-		Val     string   `xml:"password-hash>password"`
-	}
-
-    cmd := &xmlapi.Op{
-        Command: phash_req{
-            Val: v,
-        },
-        Target: c.Target,
-    }
-
-	type phash_ans struct {
-		Hash string `xml:"result>phash"`
-	}
-
-    var ans phash_ans
-	if _, _, err := c.Communicate(ctx, cmd, false, &ans); err != nil {
-		return "", err
-	}
-
-	return ans.Hash, nil
-}
-
-// Communicate sends the given content to PAN-OS.
-//
-// The API key is sent either in the request body or as a header.
-//
-// The timeout for the operation is taken from the context.
-func (c *XmlApiClient) Communicate(ctx context.Context, cmd util.PangoCommand, strip bool, ans interface{}) ([]byte, *http.Response, error) {
-    if cmd == nil {
-        return nil, nil, fmt.Errorf("cmd is nil")
-    }
-
-    data, err := cmd.AsUrlValues()
-    if err != nil {
-        return nil, nil, err
-    }
-
-    if c.ApiKeyInRequest && c.ApiKey != "" && data.Get("key") == "" {
-        data.Set("key", c.ApiKey)
-    }
-
-    req, err := http.NewRequestWithContext(ctx, "POST", c.api_url, strings.NewReader(data.Encode()))
-    if err != nil {
-        return nil, nil, err
-    }
-
-    req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-
-    return c.sendRequest(ctx, req, strip, ans)
-}
-
-// CommunicateFile sends the given file to PAN-OS.
-//
-// The API key is sent either in the request body or as a header.
-//
-// The timeout for the operation is taken from the context.
-func (c *XmlApiClient) CommunicateFile(ctx context.Context, content, filename, fp string, data url.Values, strip bool, ans interface{}) ([]byte, *http.Response, error) {
-    var err error
-
-    if c.ApiKeyInRequest && c.ApiKey != "" && data.Get("key") == "" {
-        data.Set("key", c.ApiKey)
-    }
-
-    //c.logSend(data)
-
-    buf := bytes.Buffer{}
-    w := multipart.NewWriter(&buf)
-
-    for k := range data {
-        w.WriteField(k, data.Get(k))
-    }
-
-    w2, err := w.CreateFormFile(fp, filename)
-    if err != nil {
-        return nil, nil, err
-    }
-
-    if _, err = io.Copy(w2, strings.NewReader(content)); err != nil {
-        return nil, nil, err
-    }
-
-    w.Close()
-
-    req, err := http.NewRequestWithContext(ctx, "POST", c.api_url, &buf)
-    if err != nil {
-        return nil, nil, err
-    }
-
-	req.Header.Set("Content-Type", w.FormDataContentType())
-
-    return c.sendRequest(ctx, req, strip, ans)
-}
-
-//
-// Internal functions.
-//
-
-func (c *XmlApiClient) sendRequest(ctx context.Context, req *http.Request, strip bool, ans interface{}) ([]byte, *http.Response, error) {
-    // Optional: set the API key in the header.
-    if !c.ApiKeyInRequest && c.ApiKey != "" {
-        req.Header.Set("X-PAN-KEY", c.ApiKey)
-    }
-
-    // Configure all user given headers.
-    for k, v := range c.Headers {
-        req.Header.Set(k, v)
-    }
-
-    // Perform the operation.
-    var err error
-    var resp *http.Response
-    if len(c.testOutput) != 0 {
-        c.testInput = append(c.testInput, req)
-        resp = c.testOutput[c.testIndex%len(c.testOutput)]
-        c.testIndex++
-    } else {
-        resp, err = c.con.Do(req)
-    }
-
-    if err != nil {
-        return nil, nil, err
-    }
-
-    // Read in the response.
-    defer resp.Body.Close()
-    body, err := io.ReadAll(resp.Body)
-    if err != nil {
-        return body, resp, err
-    }
-
-    if true {
-        log.Printf("Response = %s", body)
-    }
-
-    // Check the response for errors.
-    if err = errors.Parse(body); err != nil {
-        return body, resp, err
-    }
-
-    if strip {
-        var index int
-        gt := []byte(">")
-        lt := []byte("<")
-
-        // Remove 'response'.
-        index = bytes.Index(body, gt)
-        body = body[index+1:]
-        index = bytes.LastIndex(body, lt)
-        body = body[:index]
-        log.Printf("new body: %q", body)
-    }
-
-    if ans == nil {
-        return body, resp, nil
-    }
-
-    // Optional: unmarshal using the struct passed in.
-    err = xml.Unmarshal(body, ans)
-    if err != nil {
-        return body, resp, fmt.Errorf("err unmarshaling into provided interface: %s", err)
-    }
-
-    return body, resp, nil
-}

From f0c3014aad87bff1f66386a72150347ed3e540b7 Mon Sep 17 00:00:00 2001
From: Migara Ekanayake <2110772+migara@users.noreply.github.com>
Date: Thu, 12 Sep 2024 15:23:32 +0100
Subject: [PATCH 2/4] update docs

---
 LICENSE    | 30 ++++++++++++++++++------------
 README.md  | 53 ++++++++++++++++++++---------------------------------
 SUPPORT.md | 16 ++--------------
 3 files changed, 40 insertions(+), 59 deletions(-)

diff --git a/LICENSE b/LICENSE
index 705898dd..151daf0e 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,15 +1,21 @@
-Distributed under ISC license:
+MIT License
 
-Copyright (c) 2014-2016, Palo Alto Networks Inc.
+Copyright (c) 2020 Palo Alto Networks, inc.
 
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
-SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
-OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
-CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/README.md b/README.md
index cc38da21..ce4ac3b7 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,17 @@
 Palo Alto Networks pango
 ========================
 
+> [!NOTE]  
+> This package is auto-generated via [pan-os-codegen](https://github.com/PaloAltoNetworks/pan-os-codegen)
+
+> [!CAUTION]
+> This software is currently in alpha development stage. It is strongly recommended not to use this package in production environments. If you choose to use it for experimental or developmental purposes, please do so with caution.
+
+
 [![GoDoc](https://godoc.org/github.com/PaloAltoNetworks/pango?status.svg)](https://godoc.org/github.com/PaloAltoNetworks/pango)
-[![Build](https://github.com/PaloAltoNetworks/pango/workflows/Sanity%20Check/badge.svg?branch=master)](https://github.com/PaloAltoNetworks/pango/actions?query=workflow%3A%22Sanity+Check%22)
+[![Build](https://github.com/PaloAltoNetworks/pango/workflows/Sanity%20Check/badge.svg?branch=main)](https://github.com/PaloAltoNetworks/pango/actions?query=workflow%3A%22Sanity+Check%22)
 
-Package pango is a golang cross version mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama).  Versioning support is in place for PANOS 6.1 to 10.0.
+Package pango is a golang cross version mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama).  Versioning support is in place for PANOS 10.1 and above.
 
 Please refer to the godoc reference documentation above to get started.
 
@@ -24,43 +31,23 @@ import (
 func main() {
     var err error
 
-    c := &pango.Firewall{Client: pango.Client{
+    con = &sdk.Client{
         Hostname: "127.0.0.1",
         Username: "admin",
         Password: "admin",
-        Logging: pango.LogAction | pango.LogOp,
-    }}
-    if err = c.Initialize(); err != nil {
+    }
+
+    if err := con.Setup(); err != nil {
+        log.Printf("Failed to setup client: %s", err)
+        return
+    }
+
+    if err := con.Initialize(ctx); err != nil {
         log.Printf("Failed to initialize client: %s", err)
         return
     }
-    log.Printf("Initialize ok")
-}
-```
 
-Initializing the connection creates the API key (if it was not already specified), then performs `show system info` to get the PANOS version.  Once the firewall client connection is created, you can query and configure the Palo Alto Networks device from the functions inside the various namespaces of the client connection.  Namespaces correspond to the various configuration areas available in the GUI.  For example:
+    log.Printf("Initialize ok")
 
-```go
-    err = c.Network.EthernetInterface.Set(...)
-    myPolicies, err := c.Policies.Security.GetList()
+}
 ```
-
-Generally speaking, there are the following functions inside each namespace:
-
-  * `Get()` / `GetList()` / `GetAll()`
-  * `Show()` / `ShowList()` / `ShowAll()`
-  * `Set()`
-  * `Edit()`
-  * `Delete()`
-
-These functions correspond with PANOS `Get`, `Show`, `Set`, `Edit`, and `Delete` API calls.  `Get()`, `Set()`, and `Edit()` take and return normalized, version independent objects.  These version safe objects are typically named `Entry`, which corresponds to how the object is placed in the PANOS XPATH.
-
-Some `Entry` objects have a special function, `Defaults()`.  Invoking this function will initialize the object with some default values.  Each `Entry` that implements `Defaults()` calls out in its documentation what parameters are affected by this, and what the defaults are.
-
-For any version safe object, attempting to configure a parameter that your PANOS doesn't support will be safely ignored in the resultant XML sent to the firewall / Panorama.
-
-
-Using `Edit` Functions
-======================
-
-The PANOS XML API `Edit` command can be used to both create as well as update existing config, however it can also truncate config for the given XPATH.  Due to this, if you want to use `Edit()`, you need to make sure that you perform either a `Get()` or a `Show()` first, make your modification, then invoke `Edit()` using that object.  If you don't do this, you will truncate any sub config.
diff --git a/SUPPORT.md b/SUPPORT.md
index bdab69ae..b67ba409 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -1,15 +1,3 @@
-Community Supported
+# Community Supported
 
-The software and templates in the repo are released under an as-is, best effort,
-support policy. This software should be seen as community supported and Palo
-Alto Networks will contribute our expertise as and when possible. We do not
-provide technical support or help in using or troubleshooting the components of
-the project through our normal support options such as Palo Alto Networks
-support teams, or ASC (Authorized Support Centers) partners and backline support
-options. The underlying product used (the VM-Series firewall) by the scripts or
-templates are still supported, but the support is only for the product
-functionality and not for help in deploying or using the template or script
-itself. Unless explicitly tagged, all projects or work posted in our GitHub
-repository (at https://github.com/PaloAltoNetworks) or sites other than our
-official Downloads page on https://support.paloaltonetworks.com are provided
-under the best effort policy.
+This template/script/solution is released “as-is”, with no warranty and no support. These should be seen as community supported and Palo Alto Networks may contribute its expertise at its discretion. Palo Alto Networks, including through its Authorized Support Centers (ASC) partners and backline support options, will not provide technical support or help in using or troubleshooting this template/script/solution. The underlying product used by this template/script/solution will still be supported in accordance with the product’s applicable support policy and the customer’s entitlements.
\ No newline at end of file

From db91e506c436fb5b868092a060054b0143b034dd Mon Sep 17 00:00:00 2001
From: Migara Ekanayake <2110772+migara@users.noreply.github.com>
Date: Thu, 12 Sep 2024 15:25:15 +0100
Subject: [PATCH 3/4] auto-genereated rc.1

---
 client.go                                     | 2552 ++++++-----------
 device/services/dns/config.go                 |  158 +
 device/services/dns/interfaces.go             |    7 +
 device/services/dns/location.go               |  180 ++
 device/services/dns/service.go                |  175 ++
 device/services/ntp/config.go                 |  538 ++++
 device/services/ntp/interfaces.go             |    7 +
 device/services/ntp/location.go               |  180 ++
 device/services/ntp/service.go                |  174 ++
 discard.go                                    |   18 +
 errors/panos.go                               |   30 +-
 example/main.go                               | 1099 +++++++
 filtering/contains.go                         |   60 +
 filtering/contains_test.go                    |   70 +
 filtering/doc.go                              |   87 +
 filtering/does_not_contain.go                 |   60 +
 filtering/does_not_end_with.go                |   59 +
 filtering/does_not_match_regex.go             |   60 +
 filtering/does_not_start_with.go              |   59 +
 filtering/ends_with.go                        |   59 +
 filtering/equals.go                           |  200 ++
 filtering/greater_than.go                     |  126 +
 filtering/greater_than_or_equal_to.go         |  126 +
 filtering/group.go                            |   86 +
 filtering/group_test.go                       |  358 +++
 filtering/interfaces.go                       |   10 +
 filtering/is_nil.go                           |   47 +
 filtering/is_not_nil.go                       |   47 +
 filtering/less_than.go                        |  126 +
 filtering/less_than_or_equal_to.go            |  126 +
 filtering/matches_regex.go                    |   60 +
 filtering/not_equal_to.go                     |  200 ++
 filtering/operators.go                        |    7 +
 filtering/parse.go                            |  394 +++
 filtering/parse_test.go                       |  968 +++++++
 filtering/starts_with.go                      |   59 +
 filtering/testutils_test.go                   |   18 +
 generic/xml.go                                |   53 +-
 generic/xml_test.go                           |  117 +
 go.mod                                        |   19 +-
 go.sum                                        |   32 +
 logging.go                                    |  196 ++
 logging_test.go                               |   90 +
 network/interface/ethernet/entry.go           | 1823 ++++++++++++
 network/interface/ethernet/interfaces.go      |    7 +
 network/interface/ethernet/location.go        |  606 ++++
 network/interface/ethernet/service.go         |  388 +++
 network/interface/loopback/entry.go           |  339 +++
 network/interface/loopback/interfaces.go      |    7 +
 network/interface/loopback/location.go        |  187 ++
 network/interface/loopback/service.go         |  281 ++
 .../profiles/interface_management/entry.go    |  216 ++
 .../interface_management/interfaces.go        |    7 +
 .../profiles/interface_management/location.go |  187 ++
 .../profiles/interface_management/service.go  |  281 ++
 network/virtual_router/entry.go               | 1262 ++++++++
 network/virtual_router/interfaces.go          |    7 +
 network/virtual_router/location.go            |  187 ++
 network/virtual_router/service.go             |  281 ++
 network/zone/entry.go                         |  355 +++
 network/zone/interfaces.go                    |    7 +
 network/zone/location.go                      |  243 ++
 network/zone/service.go                       |  281 ++
 objects/address/entry.go                      |  230 +-
 objects/address/group/entry.go                |  136 +
 objects/address/group/interfaces.go           |    7 +
 objects/address/group/location.go             |  188 ++
 objects/address/group/service.go              |  281 ++
 objects/address/interfaces.go                 |    4 +-
 objects/address/location.go                   |  271 +-
 objects/address/service.go                    |  571 ++--
 objects/profiles/entry.go                     |  136 +
 objects/profiles/interfaces.go                |    7 +
 objects/profiles/location.go                  |  193 ++
 objects/profiles/service.go                   |  281 ++
 objects/service/entry.go                      |  413 +++
 objects/service/group/entry.go                |  129 +
 objects/service/group/interfaces.go           |    7 +
 objects/service/group/location.go             |  188 ++
 objects/service/group/service.go              |  281 ++
 objects/service/interfaces.go                 |    7 +
 objects/service/location.go                   |  188 ++
 objects/service/service.go                    |  281 ++
 objects/tag/entry.go                          |  156 +
 objects/tag/interfaces.go                     |    7 +
 objects/tag/location.go                       |  188 ++
 objects/tag/service.go                        |  281 ++
 pango_suite_test.go                           |   15 +
 panorama/device_group/entry.go                |  207 ++
 panorama/device_group/interfaces.go           |    7 +
 panorama/device_group/location.go             |   95 +
 panorama/device_group/service.go              |  281 ++
 panorama/template/entry.go                    |  339 +++
 panorama/template/interfaces.go               |    7 +
 panorama/template/location.go                 |   95 +
 panorama/template/service.go                  |  281 ++
 panorama/template_stack/entry.go              |  191 ++
 panorama/template_stack/interfaces.go         |    7 +
 panorama/template_stack/location.go           |   95 +
 panorama/template_stack/service.go            |  281 ++
 panorama/template_variable/entry.go           |  265 ++
 panorama/template_variable/interfaces.go      |    7 +
 panorama/template_variable/location.go        |  105 +
 panorama/template_variable/service.go         |  281 ++
 policies/rules/security/const.go              |    3 +
 policies/rules/security/entry.go              |  525 ++++
 policies/rules/security/interfaces.go         |    7 +
 policies/rules/security/location.go           |  210 ++
 policies/rules/security/service.go            |  862 ++++++
 rule/position.go                              |   70 +
 util/comparison.go                            |   72 +-
 util/location.go                              |    7 +
 util/pangoclient.go                           |   37 +-
 util/pangocommand.go                          |    4 +-
 util/types.go                                 |   23 +
 util/util.go                                  |   43 +-
 xmlapi/addtodata.go                           |   78 +-
 xmlapi/cdatatext.go                           |    2 +-
 xmlapi/commit.go                              |   49 +
 xmlapi/config.go                              |  112 +-
 xmlapi/export.go                              |   43 +
 xmlapi/import.go                              |   31 +
 xmlapi/keygen.go                              |   30 +-
 xmlapi/log.go                                 |   67 +
 xmlapi/multiconfig.go                         |  167 +-
 xmlapi/op.go                                  |   58 +-
 xmlapi/userid.go                              |   50 +
 127 files changed, 23082 insertions(+), 2507 deletions(-)
 create mode 100644 device/services/dns/config.go
 create mode 100644 device/services/dns/interfaces.go
 create mode 100644 device/services/dns/location.go
 create mode 100644 device/services/dns/service.go
 create mode 100644 device/services/ntp/config.go
 create mode 100644 device/services/ntp/interfaces.go
 create mode 100644 device/services/ntp/location.go
 create mode 100644 device/services/ntp/service.go
 create mode 100644 discard.go
 create mode 100644 example/main.go
 create mode 100644 filtering/contains.go
 create mode 100644 filtering/contains_test.go
 create mode 100644 filtering/doc.go
 create mode 100644 filtering/does_not_contain.go
 create mode 100644 filtering/does_not_end_with.go
 create mode 100644 filtering/does_not_match_regex.go
 create mode 100644 filtering/does_not_start_with.go
 create mode 100644 filtering/ends_with.go
 create mode 100644 filtering/equals.go
 create mode 100644 filtering/greater_than.go
 create mode 100644 filtering/greater_than_or_equal_to.go
 create mode 100644 filtering/group.go
 create mode 100644 filtering/group_test.go
 create mode 100644 filtering/interfaces.go
 create mode 100644 filtering/is_nil.go
 create mode 100644 filtering/is_not_nil.go
 create mode 100644 filtering/less_than.go
 create mode 100644 filtering/less_than_or_equal_to.go
 create mode 100644 filtering/matches_regex.go
 create mode 100644 filtering/not_equal_to.go
 create mode 100644 filtering/operators.go
 create mode 100644 filtering/parse.go
 create mode 100644 filtering/parse_test.go
 create mode 100644 filtering/starts_with.go
 create mode 100644 filtering/testutils_test.go
 create mode 100644 generic/xml_test.go
 create mode 100644 go.sum
 create mode 100644 logging.go
 create mode 100644 logging_test.go
 create mode 100644 network/interface/ethernet/entry.go
 create mode 100644 network/interface/ethernet/interfaces.go
 create mode 100644 network/interface/ethernet/location.go
 create mode 100644 network/interface/ethernet/service.go
 create mode 100644 network/interface/loopback/entry.go
 create mode 100644 network/interface/loopback/interfaces.go
 create mode 100644 network/interface/loopback/location.go
 create mode 100644 network/interface/loopback/service.go
 create mode 100644 network/profiles/interface_management/entry.go
 create mode 100644 network/profiles/interface_management/interfaces.go
 create mode 100644 network/profiles/interface_management/location.go
 create mode 100644 network/profiles/interface_management/service.go
 create mode 100644 network/virtual_router/entry.go
 create mode 100644 network/virtual_router/interfaces.go
 create mode 100644 network/virtual_router/location.go
 create mode 100644 network/virtual_router/service.go
 create mode 100644 network/zone/entry.go
 create mode 100644 network/zone/interfaces.go
 create mode 100644 network/zone/location.go
 create mode 100644 network/zone/service.go
 create mode 100644 objects/address/group/entry.go
 create mode 100644 objects/address/group/interfaces.go
 create mode 100644 objects/address/group/location.go
 create mode 100644 objects/address/group/service.go
 create mode 100644 objects/profiles/entry.go
 create mode 100644 objects/profiles/interfaces.go
 create mode 100644 objects/profiles/location.go
 create mode 100644 objects/profiles/service.go
 create mode 100644 objects/service/entry.go
 create mode 100644 objects/service/group/entry.go
 create mode 100644 objects/service/group/interfaces.go
 create mode 100644 objects/service/group/location.go
 create mode 100644 objects/service/group/service.go
 create mode 100644 objects/service/interfaces.go
 create mode 100644 objects/service/location.go
 create mode 100644 objects/service/service.go
 create mode 100644 objects/tag/entry.go
 create mode 100644 objects/tag/interfaces.go
 create mode 100644 objects/tag/location.go
 create mode 100644 objects/tag/service.go
 create mode 100644 pango_suite_test.go
 create mode 100644 panorama/device_group/entry.go
 create mode 100644 panorama/device_group/interfaces.go
 create mode 100644 panorama/device_group/location.go
 create mode 100644 panorama/device_group/service.go
 create mode 100644 panorama/template/entry.go
 create mode 100644 panorama/template/interfaces.go
 create mode 100644 panorama/template/location.go
 create mode 100644 panorama/template/service.go
 create mode 100644 panorama/template_stack/entry.go
 create mode 100644 panorama/template_stack/interfaces.go
 create mode 100644 panorama/template_stack/location.go
 create mode 100644 panorama/template_stack/service.go
 create mode 100644 panorama/template_variable/entry.go
 create mode 100644 panorama/template_variable/interfaces.go
 create mode 100644 panorama/template_variable/location.go
 create mode 100644 panorama/template_variable/service.go
 create mode 100644 policies/rules/security/const.go
 create mode 100644 policies/rules/security/entry.go
 create mode 100644 policies/rules/security/interfaces.go
 create mode 100644 policies/rules/security/location.go
 create mode 100644 policies/rules/security/service.go
 create mode 100644 rule/position.go
 create mode 100644 util/location.go
 create mode 100644 util/types.go
 create mode 100644 xmlapi/commit.go
 create mode 100644 xmlapi/export.go
 create mode 100644 xmlapi/import.go
 create mode 100644 xmlapi/log.go
 create mode 100644 xmlapi/userid.go

diff --git a/client.go b/client.go
index 6a200d3a..bb61a231 100644
--- a/client.go
+++ b/client.go
@@ -2,13 +2,13 @@ package pango
 
 import (
 	"bytes"
+	"context"
 	"crypto/tls"
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
 	"io"
-	"io/ioutil"
-	"log"
+	"log/slog"
 	"mime"
 	"mime/multipart"
 	"net/http"
@@ -19,2098 +19,1242 @@ import (
 	"time"
 
 	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/generic"
 	"github.com/PaloAltoNetworks/pango/plugin"
 	"github.com/PaloAltoNetworks/pango/util"
 	"github.com/PaloAltoNetworks/pango/version"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
 )
 
-// These bit flags control what is logged by client connections.  Of the flags
-// available for use, LogSend and LogReceive will log ALL communication between
-// the connection object and the PAN-OS XML API.  The API key being used for
-// communication will be blanked out, but no other sensitive data will be.  As
-// such, those two flags should be considered for debugging only.  To disable
-// all logging, set the logging level as LogQuiet.
-//
-// As of right now, pango is not officially supported by Palo Alto Networks TAC,
-// however using the API itself via cURL is.  If you run into an issue and you believe
-// it to be a PAN-OS problem, you can enable a cURL output logging style to have pango
-// output an equivalent cURL command to use when interfacing with TAC.
-//
-// If you want to get the cURL command so that you can run it yourself, then set
-// the LogCurlWithPersonalData flag, which will output your real API key, hostname,
-// and any custom headers you have configured the client to send to PAN-OS.
-//
-// The bit-wise flags are as follows:
-//
-//      * LogQuiet: disables all logging
-//      * LogAction: action being performed (Set / Edit / Delete functions)
-//      * LogQuery: queries being run (Get / Show functions)
-//      * LogOp: operation commands (Op functions)
-//      * LogUid: User-Id commands (Uid functions)
-//      * LogLog: log retrieval commands
-//      * LogExport: log export commands
-//      * LogXpath: the resultant xpath
-//      * LogSend: xml docuemnt being sent
-//      * LogReceive: xml responses being received
-//      * LogOsxCurl: output an OSX cURL command for the data being sent in
-//      * LogCurlWithPersonalData: If doing a curl style logging, then include
-//        personal data in the curl command instead of tokens.
-const (
-	LogQuiet = 1 << (iota + 1)
-	LogAction
-	LogQuery
-	LogOp
-	LogUid
-	LogLog
-	LogExport
-	LogImport
-	LogXpath
-	LogSend
-	LogReceive
-	LogOsxCurl
-	LogCurlWithPersonalData
-)
+type LoggingInfo struct {
+	SLogHandler   slog.Handler `json:"-"`
+	LogCategories LogCategory  `json:"-"`
+	LogSymbols    []string     `json:"log_symbols"`
+	LogLevel      slog.Level   `json:"log_level"`
+}
 
-// Client is a generic connector struct.  It provides wrapper functions for
-// invoking the various PAN-OS XPath API methods.  After creating the client,
-// invoke Initialize() to prepare it for use.
-//
-// Many of the functions attached to this struct will take a param named
-// `extras`.  Under normal circumstances this will just be nil, but if you have
-// some extra values you need to send in with your request you can specify them
-// here.
-//
-// Likewise, a lot of these functions will return a slice of bytes.  Under normal
-// circumstances, you don't need to do anything with this, but sometimes you do,
-// so you can find the raw XML returned from PAN-OS there.
+// Client is an XML API client connection.  If provides wrapper functions
+// for invoking the various PAN-OS API methods.  After creating the client,
+// invoke Setup() followed by Initialize() to prepare it for use.
 type Client struct {
-	// Connection properties.
-	Hostname string            `json:"hostname"`
-	Username string            `json:"username"`
-	Password string            `json:"password"`
-	ApiKey   string            `json:"api_key"`
-	Protocol string            `json:"protocol"`
-	Port     uint              `json:"port"`
-	Timeout  int               `json:"timeout"`
-	Target   string            `json:"target"`
-	Headers  map[string]string `json:"headers"`
+	Hostname        string            `json:"hostname"`
+	Username        string            `json:"username"`
+	Password        string            `json:"password"`
+	ApiKey          string            `json:"api_key"`
+	Protocol        string            `json:"protocol"`
+	Port            int               `json:"port"`
+	Target          string            `json:"target"`
+	ApiKeyInRequest bool              `json:"api_key_in_request"`
+	Headers         map[string]string `json:"headers"`
+	Logging         LoggingInfo       `json:"logging"`
 
 	// Set to true if you want to check environment variables
 	// for auth and connection properties.
-	CheckEnvironment bool `json:"-"`
+	CheckEnvironment bool   `json:"-"`
+	AuthFile         string `json:"-"`
 
-	// HTTP transport options.  Note that the VerifyCertificate setting is
-	// only used if you do not specify a HTTP transport yourself.
-	VerifyCertificate bool            `json:"verify_certificate"`
-	Transport         *http.Transport `json:"-"`
+	// HTTP transport options.  Note that the SkipVerifyCertificate setting
+	// is only used if you do not specify a HTTP transport yourself.
+	SkipVerifyCertificate bool            `json:"skip_verify_certificate"`
+	Transport             *http.Transport `json:"-"`
 
 	// Variables determined at runtime.
-	Version        version.Number    `json:"-"`
-	SystemInfo     map[string]string `json:"-"`
-	Plugin         []plugin.Info     `json:"-"`
-	MultiConfigure *MultiConfigure   `json:"-"`
-
-	// Logging level.
-	Logging               uint32   `json:"-"`
-	LoggingFromInitialize []string `json:"logging"`
+	Version    version.Number    `json:"-"`
+	SystemInfo map[string]string `json:"-"`
+	Plugin     []plugin.Info     `json:"-"`
 
 	// Internal variables.
-	credsFile  string
 	con        *http.Client
 	api_url    string
-	configTree *util.XmlNode
+	configTree *generic.Xml
+	logger     *categoryLogger
 
 	// Variables for testing, response bytes, headers, and response index.
-	rp              []url.Values
-	rb              [][]byte
-	rh              []http.Header
-	ri              int
+	testInput       []*http.Request
+	testOutput      []*http.Response
+	testIndex       int
 	authFileContent []byte
 }
 
-// String is the string representation of a client connection.  Both the
-// password and API key are replaced with stars, if set, making it safe
-// to print the client connection in log messages.
-func (c *Client) String() string {
-	var passwd string
-	var api_key string
-
-	if c.Password == "" {
-		passwd = ""
-	} else {
-		passwd = "********"
-	}
-
-	if c.ApiKey == "" {
-		api_key = ""
-	} else {
-		api_key = "********"
-	}
-
-	return fmt.Sprintf(
-		"{Hostname:%s Username:%s Password:%s ApiKey:%s Protocol:%s Port:%d Timeout:%d Logging:%d}",
-		c.Hostname, c.Username, passwd, api_key, c.Protocol, c.Port, c.Timeout, c.Logging)
-}
-
-// Versioning returns the client version number.
+// Versioning returns the version number of PAN-OS.
 func (c *Client) Versioning() version.Number {
 	return c.Version
 }
 
-// Plugins returns the plugin information.
+// Plugins returns the list of plugins.
 func (c *Client) Plugins() []plugin.Info {
 	return c.Plugin
 }
 
-// Initialize does some initial setup of the Client connection, retrieves
-// the API key if it was not already present, then performs "show system
-// info" to get the PAN-OS version.  The full results are saved into the
-// client's SystemInfo map.
-//
-// If not specified, the following is assumed:
-//  * Protocol: https
-//  * Port: (unspecified)
-//  * Timeout: 10
-//  * Logging: LogAction | LogUid
-func (c *Client) Initialize() error {
-	if len(c.rb) == 0 {
-		var e error
-
-		if e = c.initCon(); e != nil {
-			return e
-		} else if e = c.initApiKey(); e != nil {
-			return e
-		} else if e = c.initSystemInfo(); e != nil {
-			return e
-		}
-	} else {
-		c.Hostname = "localhost"
-		c.ApiKey = "password"
-	}
-
-	return nil
-}
-
-// InitializeUsing does Initialize(), but takes in a filename that contains
-// fallback authentication credentials if they aren't specified.
-//
-// The order of preference for auth / connection settings is:
-//
-// * explicitly set
-// * environment variable (set chkenv to true to enable this)
-// * json file
-func (c *Client) InitializeUsing(filename string, chkenv bool) error {
-	c.CheckEnvironment = chkenv
-	c.credsFile = filename
-
-	return c.Initialize()
+// GetTarget returns the Target param, used in certain API calls.
+func (c *Client) GetTarget() string {
+	return c.Target
 }
 
-// RetrieveApiKey retrieves the API key, which will require that both the
-// username and password are defined.
-//
-// The currently set ApiKey is forgotten when invoking this function.
-func (c *Client) RetrieveApiKey() error {
-	c.LogAction("%s: Retrieving API key", c.Hostname)
+// IsPanorama returns true if this is Panorama.
+func (c *Client) IsPanorama() (bool, error) {
+	if len(c.SystemInfo) == 0 {
+		return false, fmt.Errorf("SystemInfo is nil")
+	}
 
-	type key_gen_ans struct {
-		Key string `xml:"result>key"`
+	model, ok := c.SystemInfo["model"]
+	if !ok {
+		return false, fmt.Errorf("model not present in SystemInfo")
 	}
 
-	c.ApiKey = ""
-	ans := key_gen_ans{}
-	data := url.Values{}
-	data.Add("user", c.Username)
-	data.Add("password", c.Password)
-	data.Add("type", "keygen")
+	return model == "Panorama" || strings.HasPrefix(model, "M-"), nil
+}
 
-	_, _, err := c.Communicate(data, &ans)
+// IsFirewall returns true if this PAN-OS seems to be a NGFW instance.
+func (c *Client) IsFirewall() (bool, error) {
+	ans, err := c.IsPanorama()
 	if err != nil {
-		return err
+		return ans, err
 	}
 
-	c.ApiKey = ans.Key
-
-	return nil
+	return !ans, nil
 }
 
-// EntryListUsing retrieves an list of entries using the given function, either
-// Get or Show.
-func (c *Client) EntryListUsing(fn util.Retriever, path []string) ([]string, error) {
+// Setup does validation and initialization in preparation to start executing API
+// commands against PAN-OS.
+func (c *Client) Setup() error {
 	var err error
-	type Entry struct {
-		Name string `xml:"name,attr"`
+
+	// Load up the JSON config file.
+	var json_client Client
+	if c.AuthFile != "" {
+		var b []byte
+		if len(c.testOutput) == 0 {
+			b, err = os.ReadFile(c.AuthFile)
+		} else {
+			b = c.authFileContent
+		}
+
+		if err != nil {
+			return err
+		}
+
+		if err = json.Unmarshal(b, &json_client); err != nil {
+			return err
+		}
 	}
 
-	type resp_struct struct {
-		Entries []Entry `xml:"result>entry"`
+	// Hostname.
+	if c.Hostname == "" {
+		if val := os.Getenv("PANOS_HOSTNAME"); c.CheckEnvironment && val != "" {
+			c.Hostname = val
+		} else if json_client.Hostname != "" {
+			c.Hostname = json_client.Hostname
+		}
 	}
 
-	if path == nil {
-		return nil, fmt.Errorf("xpath is empty")
+	// Username.
+	if c.Username == "" {
+		if val := os.Getenv("PANOS_USERNAME"); c.CheckEnvironment && val != "" {
+			c.Username = val
+		} else {
+			c.Username = json_client.Username
+		}
 	}
-	path = append(path, "entry", "@name")
-	resp := resp_struct{}
 
-	_, err = fn(path, nil, &resp)
-	if err != nil {
-		e2, ok := err.(errors.Panos)
-		if ok && e2.ObjectNotFound() {
-			return nil, nil
+	// Password.
+	if c.Password == "" {
+		if val := os.Getenv("PANOS_PASSWORD"); c.CheckEnvironment && val != "" {
+			c.Password = val
+		} else {
+			c.Password = json_client.Password
 		}
-		return nil, err
 	}
 
-	ans := make([]string, len(resp.Entries))
-	for i := range resp.Entries {
-		ans[i] = resp.Entries[i].Name
+	// API key.
+	if c.ApiKey == "" {
+		if val := os.Getenv("PANOS_API_KEY"); c.CheckEnvironment && val != "" {
+			c.ApiKey = val
+		} else {
+			c.ApiKey = json_client.ApiKey
+		}
 	}
 
-	return ans, nil
-}
+	// Protocol.
+	if c.Protocol == "" {
+		if val := os.Getenv("PANOS_PROTOCOL"); c.CheckEnvironment && val != "" {
+			c.Protocol = val
+		} else if json_client.Protocol != "" {
+			c.Protocol = json_client.Protocol
+		} else {
+			c.Protocol = "https"
+		}
+	}
+	if c.Protocol != "http" && c.Protocol != "https" {
+		return fmt.Errorf("Invalid protocol %q.  Must be \"http\" or \"https\"", c.Protocol)
+	}
 
-// MemberListUsing retrieves an list of members using the given function, either
-// Get or Show.
-func (c *Client) MemberListUsing(fn util.Retriever, path []string) ([]string, error) {
-	type resp_struct struct {
-		Members []string `xml:"result>member"`
+	// Port.
+	if c.Port == 0 {
+		if val := os.Getenv("PANOS_PORT"); c.CheckEnvironment && val != "" {
+			if cp, err := strconv.Atoi(val); err != nil {
+				return fmt.Errorf("Failed to parse the env port number: %s", err)
+			} else {
+				c.Port = cp
+			}
+		} else if json_client.Port != 0 {
+			c.Port = json_client.Port
+		}
+	}
+	if c.Port > 65535 {
+		return fmt.Errorf("Port %d is out of bounds", c.Port)
 	}
 
-	if path == nil {
-		return nil, fmt.Errorf("xpath is empty")
+	// Target.
+	if c.Target == "" {
+		if val := os.Getenv("PANOS_TARGET"); c.CheckEnvironment && val != "" {
+			c.Target = val
+		} else {
+			c.Target = json_client.Target
+		}
 	}
-	path = append(path, "member")
-	resp := resp_struct{}
 
-	_, err := fn(path, nil, &resp)
-	if err != nil {
-		e2, ok := err.(errors.Panos)
-		if ok && e2.ObjectNotFound() {
-			return nil, nil
+	// Headers.
+	if len(c.Headers) == 0 {
+		if val := os.Getenv("PANOS_HEADERS"); c.CheckEnvironment && val != "" {
+			if err := json.Unmarshal([]byte(val), &c.Headers); err != nil {
+				return err
+			}
+		}
+		if len(c.Headers) == 0 && len(json_client.Headers) > 0 {
+			c.Headers = make(map[string]string)
+			for k, v := range json_client.Headers {
+				c.Headers[k] = v
+			}
 		}
-		return nil, err
 	}
 
-	return resp.Members, nil
-}
+	// Skip verify cert.
+	if !c.SkipVerifyCertificate {
+		if val := os.Getenv("PANOS_SKIP_VERIFY_CERTIFICATE"); c.CheckEnvironment && val != "" {
+			if vcb, err := strconv.ParseBool(val); err != nil {
+				return err
+			} else if vcb {
+				c.SkipVerifyCertificate = vcb
+			}
+		}
+		if !c.SkipVerifyCertificate && json_client.SkipVerifyCertificate {
+			c.SkipVerifyCertificate = true
+		}
+	}
 
-// RequestPasswordHash requests a password hash of the given string.
-func (c *Client) RequestPasswordHash(val string) (string, error) {
-	c.LogOp("(op) creating password hash")
-	type phash_req struct {
-		XMLName xml.Name `xml:"request"`
-		Val     string   `xml:"password-hash>password"`
+	err = c.setupLogging(c.Logging)
+	if err != nil {
+		return err
 	}
 
-	type phash_ans struct {
-		Hash string `xml:"result>phash"`
+	// Setup the client.
+	if c.Transport == nil {
+		c.Transport = &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: c.SkipVerifyCertificate,
+			},
+		}
+	}
+	c.con = &http.Client{
+		Transport: c.Transport,
 	}
 
-	req := phash_req{Val: val}
-	ans := phash_ans{}
+	// Sanity check.
+	if c.Hostname == "" {
+		return fmt.Errorf("hostname must be specified")
+	}
+	if c.ApiKey == "" && (c.Username == "" && c.Password == "") {
+		return fmt.Errorf("either API key or both username and password must be specified")
+	}
 
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		return "", err
+	// Configure the api url.
+	if c.Port == 0 {
+		c.api_url = fmt.Sprintf("%s://%s/api", c.Protocol, c.Hostname)
+	} else {
+		c.api_url = fmt.Sprintf("%s://%s:%d/api", c.Protocol, c.Hostname, c.Port)
 	}
 
-	return ans.Hash, nil
+	return nil
 }
 
-// ValidateConfig performs a commit config validation check.
-//
-// Setting sync to true means that this function will block until the job
-// finishes.
-//
-//
-// The sleep param is an optional sleep duration to wait between polling for
-// job completion.  This param is only used if sync is set to true.
+// SetupLocalInspection configures the client for local inspection.
 //
-// This function returns the job ID and if any errors were encountered.
-func (c *Client) ValidateConfig(sync bool, sleep time.Duration) (uint, error) {
+// The version number is taken from the schema if it's present.  If it is not
+// present, then the version number falls back to what's specified in panosVersion.
+func (c *Client) SetupLocalInspection(schema, panosVersion string) error {
 	var err error
 
-	c.LogOp("(op) validating config")
-	type op_req struct {
-		XMLName xml.Name `xml:"validate"`
-		Cmd     string   `xml:"full"`
-	}
-	job_ans := util.JobResponse{}
-	_, err = c.Op(op_req{}, "", nil, &job_ans)
-	if err != nil {
-		return 0, err
+	if err = c.LoadPanosConfig([]byte(schema)); err != nil {
+		return err
 	}
 
-	id := job_ans.Id
-	if !sync {
-		return id, nil
+	if c.Version.Major == 0 && c.Version.Minor == 0 && c.Version.Patch == 0 {
+		if panosVersion == "" {
+			return fmt.Errorf("no version found in the schema; the version must be specified")
+		}
+
+		c.Version, err = version.New(panosVersion)
+		if err != nil {
+			return err
+		}
 	}
 
-	return id, c.WaitForJob(id, sleep, nil, nil)
+	return nil
 }
 
-// RevertToRunningConfig discards any changes made and reverts to the last
-// config committed.
-func (c *Client) RevertToRunningConfig() error {
-	c.LogOp("(op) reverting to running config")
-	_, err := c.Op("<load><config><from>running-config.xml</from></config></load>", "", nil, nil)
-	return err
+// Initialize retrieves the API key if needed then retrieves the system info.
+func (c *Client) Initialize(ctx context.Context) error {
+	var err error
+
+	if c.ApiKey == "" {
+		if err = c.RetrieveApiKey(ctx); err != nil {
+			return err
+		}
+	}
+
+	if err = c.RetrieveSystemInfo(ctx); err != nil {
+		return err
+	}
+
+	if err = c.RetrievePlugins(ctx); err != nil {
+		return err
+	}
+
+	return nil
 }
 
-// ConfigLocks returns any config locks that are currently in place.
-//
-// If vsys is an empty string, then the vsys will default to "shared".
-func (c *Client) ConfigLocks(vsys string) ([]util.Lock, error) {
+// RetrieveSystemInfo performs "show system info" and saves it SystemInfo.
+func (c *Client) RetrieveSystemInfo(ctx context.Context) error {
 	var err error
-	var cmd string
-	ans := configLocks{}
 
-	if vsys == "" {
-		vsys = "shared"
+	type req struct {
+		XMLName xml.Name `xml:"show"`
+		Cmd     string   `xml:"system>info"`
 	}
 
-	if c.Version.Gte(version.Number{9, 1, 0, ""}) {
-		var tgt string
-		if vsys == "shared" {
-			tgt = "all"
-		} else {
-			tgt = vsys
-		}
-		cmd = fmt.Sprintf("<show><config-locks><vsys>%s</vsys></config-locks></show>", tgt)
-	} else {
-		cmd = "<show><config-locks /></show>"
+	type system struct {
+		Tags []generic.Xml `xml:",any"`
 	}
 
-	c.LogOp("(op) getting config locks for scope %q", vsys)
-	_, err = c.Op(cmd, vsys, nil, &ans)
-	if err != nil {
-		return nil, err
+	type resp struct {
+		System system `xml:"result>system"`
 	}
-	return ans.Locks, nil
-}
 
-// LockConfig locks the config for the given scope with the given comment.
-//
-// If vsys is an empty string, the scope defaults to "shared".
-func (c *Client) LockConfig(vsys, comment string) error {
-	if vsys == "" {
-		vsys = "shared"
+	cmd := &xmlapi.Op{
+		Command: req{},
+		Target:  c.Target,
 	}
-	c.LogOp("(op) locking config for scope %q", vsys)
 
-	var inner string
-	if comment == "" {
-		inner = "<add />"
-	} else {
-		inner = fmt.Sprintf("<add><comment>%s</comment></add>", comment)
+	var ans resp
+	if _, _, err = c.Communicate(ctx, cmd, false, &ans); err != nil {
+		return err
 	}
-	cmd := fmt.Sprintf("<request><config-lock>%s</config-lock></request>", inner)
 
-	_, err := c.Op(cmd, vsys, nil, nil)
-	return err
+	c.SystemInfo = make(map[string]string, len(ans.System.Tags))
+	for _, t := range ans.System.Tags {
+		if t.TrimmedText == nil {
+			continue
+		}
+		c.SystemInfo[t.XMLName.Local] = *t.TrimmedText
+		if t.XMLName.Local == "sw-version" {
+			c.Version, err = version.New(*t.TrimmedText)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
 }
 
-// UnlockConfig removes the config lock on the given scope.
+// RetrievePanosConfig retrieves the running config, candidate config,
+// or the specified saved config file.
 //
-// If vsys is an empty string, the scope defaults to "shared".
-func (c *Client) UnlockConfig(vsys string) error {
-	if vsys == "" {
-		vsys = "shared"
+// If the name is candidate, then the candidate config is retrieved.  If the
+// name is running, then the running config is retrieved.  Otherwise, then
+// the name is assumed to be the name of the saved config.
+func (c *Client) RetrievePanosConfig(ctx context.Context, name string) ([]byte, error) {
+	type req struct {
+		XMLName   xml.Name `xml:"show"`
+		Running   *string  `xml:"config>running"`
+		Candidate *string  `xml:"config>candidate"`
+		Saved     *string  `xml:"config>saved"`
 	}
 
-	type cmd struct {
-		XMLName xml.Name `xml:"request"`
-		Cmd     string   `xml:"config-lock>remove"`
+	type rdata struct {
+		Data []byte `xml:",innerxml"`
 	}
 
-	c.LogOp("(op) unlocking config for scope %q", vsys)
-	_, err := c.Op(cmd{}, vsys, nil, nil)
-	return err
-}
+	type resp struct {
+		XMLName xml.Name `xml:"response"`
+		Result  rdata    `xml:"result"`
+	}
 
-// CommitLocks returns any commit locks that are currently in place.
-//
-// If vsys is an empty string, then the vsys will default to "shared".
-func (c *Client) CommitLocks(vsys string) ([]util.Lock, error) {
-	if vsys == "" {
-		vsys = "shared"
+	var s string
+	cs := req{}
+	switch name {
+	case "candidate":
+		cs.Candidate = &s
+	case "running":
+		cs.Running = &s
+	default:
+		cs.Saved = &name
 	}
 
-	c.LogOp("(op) getting commit locks for scope %q", vsys)
-	ans := commitLocks{}
-	_, err := c.Op("<show><commit-locks /></show>", vsys, nil, &ans)
-	if err != nil {
+	cmd := &xmlapi.Op{
+		Command: cs,
+		Target:  c.Target,
+	}
+
+	var ans resp
+	if _, _, err := c.Communicate(ctx, cmd, false, &ans); err != nil {
 		return nil, err
 	}
-	return ans.Locks, nil
+
+	return ans.Result.Data, nil
 }
 
-// LockCommits locks commits for the given scope with the given comment.
+// RetrieveApiKey refreshes the API key.
 //
-// If vsys is an empty string, the scope defaults to "shared".
-func (c *Client) LockCommits(vsys, comment string) error {
-	if vsys == "" {
-		vsys = "shared"
+// This function unsets the ApiKey value and thus requires that the Username and Password
+// be specified.
+func (c *Client) RetrieveApiKey(ctx context.Context) error {
+	type key_gen_ans struct {
+		Key string `xml:"result>key"`
 	}
-	c.LogOp("(op) locking commits for scope %q", vsys)
 
-	var inner string
-	if comment == "" {
-		inner = "<add />"
-	} else {
-		inner = fmt.Sprintf("<add><comment>%s</comment></add>", comment)
+	cmd := &xmlapi.KeyGen{
+		Username: c.Username,
+		Password: c.Password,
 	}
-	cmd := fmt.Sprintf("<request><commit-lock>%s</commit-lock></request>", inner)
 
-	_, err := c.Op(cmd, vsys, nil, nil)
-	return err
+	var ans key_gen_ans
+	_, _, err := c.Communicate(ctx, cmd, false, &ans)
+	if err != nil {
+		return err
+	}
+
+	c.ApiKey = ans.Key
+
+	return nil
 }
 
-// UnlockCommits removes the commit lock on the given scope owned by the given
-// admin, if this admin is someone other than the current acting admin.
-//
-// If vsys is an empty string, the scope defaults to "shared".
-func (c *Client) UnlockCommits(vsys, admin string) error {
-	if vsys == "" {
-		vsys = "shared"
+// RetrievePlugins refreshes the Plugins info from PAN-OS.
+func (c *Client) RetrievePlugins(ctx context.Context) error {
+	cmd := &xmlapi.Op{
+		Command: plugin.GetPlugins{},
 	}
 
-	type cmd struct {
-		XMLName xml.Name `xml:"request"`
-		Admin   string   `xml:"commit-lock>remove>admin,omitempty"`
+	var ans plugin.PackageListing
+	_, _, err := c.Communicate(ctx, cmd, false, &ans)
+	if err != nil {
+		return err
 	}
 
-	c.LogOp("(op) unlocking commits for scope %q", vsys)
-	_, err := c.Op(cmd{Admin: admin}, vsys, nil, nil)
-	return err
+	c.Plugin = ans.Listing()
+
+	return nil
 }
 
-// WaitForJob polls the device, waiting for the specified job to finish.
+// LoadPanosConfig stores the given XML document into this client, allowing
+// the user to use various namespace functions to query the config.  This
+// is referred to as local inspection mode.
 //
-// The sleep param is the length of time to wait between polling for job
-// completion.
+// The config given must be in the form of `<config>...</config>`.
 //
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// If you want to unmarshal the response into a struct, then pass in a
-// pointer to the struct for the "resp" param.  If you just want to know if
-// the job completed with a status other than "FAIL", you only need to check
-// the returned error message.
-//
-// In the case that there are multiple errors returned from the job, the first
-// error is returned as the error string, and no unmarshaling is attempted.
-func (c *Client) WaitForJob(id uint, sleep time.Duration, extras, resp interface{}) error {
-	var err error
-	var prev uint
-	var data []byte
-	dp := false
-	all_ok := true
-
-	c.LogOp("(op) waiting for job %d", id)
-	type op_req struct {
-		XMLName xml.Name `xml:"show"`
-		Id      uint     `xml:"jobs>id"`
+// If the 'detail-version' attribute is present in the XML, then it's saved to this
+// instance's Version attribute.
+func (c *Client) LoadPanosConfig(config []byte) error {
+	var ans generic.Xml
+	if err := xml.Unmarshal(config, &ans); err != nil {
+		return err
 	}
-	req := op_req{Id: id}
 
-	var ans util.BasicJob
-	for {
-		// We need to zero out the response each iteration because the slices
-		// of strings append to each other instead of zeroing out.
-		ans = util.BasicJob{}
+	if ans.XMLName.Local != "config" {
+		return fmt.Errorf("Expected \"config\" at the root, found %q", ans.XMLName.Local)
+	}
 
-		// Get current percent complete.
-		data, err = c.Op(req, "", extras, &ans)
+	if ans.DetailedVersion != nil {
+		vn, err := version.New(*ans.DetailedVersion)
 		if err != nil {
 			return err
 		}
-
-		// Output percent complete if it's new.
-		if ans.Progress != prev {
-			prev = ans.Progress
-			c.LogOp("(op) job %d: %d percent complete", id, prev)
-		}
-
-		// Check for device commits.
-		all_done := true
-		for _, d := range ans.Devices {
-			c.LogOp("%q result: %s", d.Serial, d.Result)
-			if d.Result == "PEND" {
-				all_done = false
-				break
-			} else if d.Result != "OK" && all_ok {
-				all_ok = false
-			}
-		}
-
-		// Check for end condition.
-		if ans.Progress == 100 {
-			if all_done {
-				break
-			} else if !dp {
-				c.LogOp("(op) Waiting for %d device commits ...", len(ans.Devices))
-				dp = true
-			}
-		}
-
-		if sleep > 0 {
-			time.Sleep(sleep)
-		}
-	}
-
-	// Check the results for a failed commit.
-	if ans.Result == "FAIL" {
-		if len(ans.Details.Lines) > 0 {
-			return fmt.Errorf(ans.Details.String())
-		} else {
-			return fmt.Errorf("Job %d has failed to complete successfully", id)
-		}
-	} else if !all_ok {
-		return fmt.Errorf("Commit failed on one or more devices")
+		c.Version = vn
 	}
 
-	if resp == nil {
-		return nil
+	c.configTree = &generic.Xml{
+		XMLName: xml.Name{
+			Local: "a",
+		},
+		Nodes: []generic.Xml{ans},
 	}
 
-	return xml.Unmarshal(data, resp)
+	return nil
 }
 
-// LogAction writes a log message for SET/EDIT/DELETE operations if LogAction is set.
-func (c *Client) LogAction(msg string, i ...interface{}) {
-	if c.Logging&LogAction == LogAction {
-		log.Printf(msg, i...)
+// ReadFromConfig returns the XML at the given XPATH location.  This is
+// referred to as local inspection mode.
+//
+// If the XPATH is a listing, then set withPackaging to false.
+func (c *Client) ReadFromConfig(ctx context.Context, path []string, withPackaging bool, ans any) ([]byte, error) {
+	if c.configTree == nil {
+		return nil, fmt.Errorf("no config loaded")
 	}
-}
 
-// LogQuery writes a log message for GET/SHOW operations if LogQuery is set.
-func (c *Client) LogQuery(msg string, i ...interface{}) {
-	if c.Logging&LogQuery == LogQuery {
-		log.Printf(msg, i...)
+	if len(path) == 0 {
+		return nil, fmt.Errorf("path is empty")
 	}
-}
 
-// LogOp writes a log message for OP operations if LogOp is set.
-func (c *Client) LogOp(msg string, i ...interface{}) {
-	if c.Logging&LogOp == LogOp {
-		log.Printf(msg, i...)
-	}
-}
+	entryPrefix := "entry[@name='"
+	entrySuffix := "']"
 
-// LogUid writes a log message for User-Id operations if LogUid is set.
-func (c *Client) LogUid(msg string, i ...interface{}) {
-	if c.Logging&LogUid == LogUid {
-		log.Printf(msg, i...)
-	}
-}
-
-// LogLog writes a log message for LOG operations if LogLog is set.
-func (c *Client) LogLog(msg string, i ...interface{}) {
-	if c.Logging&LogLog == LogLog {
-		log.Printf(msg, i...)
-	}
-}
+	config := c.configTree
+	for _, pp := range path {
+		var tag, name string
+		if strings.HasPrefix(pp, entryPrefix) && strings.HasSuffix(pp, entrySuffix) {
+			tag = "entry"
+			name = strings.TrimSuffix(strings.TrimPrefix(pp, entryPrefix), entrySuffix)
+		} else {
+			tag = pp
+		}
 
-// LogExport writes a log message for EXPORT operations if LogExport is set.
-func (c *Client) LogExport(msg string, i ...interface{}) {
-	if c.Logging&LogExport == LogExport {
-		log.Printf(msg, i...)
-	}
-}
+		found := false
+		for _, node := range config.Nodes {
+			if node.XMLName.Local == tag && (node.Name == nil || *node.Name == name) {
+				found = true
+				config = &node
+				break
+			}
+		}
 
-// LogImport writes a log message for IMPORT operations if LogImport is set.
-func (c *Client) LogImport(msg string, i ...interface{}) {
-	if c.Logging&LogImport == LogImport {
-		log.Printf(msg, i...)
+		if !found {
+			config = nil
+			break
+		}
 	}
-}
 
-// Communicate sends the given data to PAN-OS.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-//
-// Even if an answer struct is given, we first check for known error formats.  If
-// a known error format is detected, unmarshalling into the answer struct is not
-// performed.
-//
-// If the API key is set, but not present in the given data, then it is added in.
-func (c *Client) Communicate(data url.Values, ans interface{}) ([]byte, http.Header, error) {
-	if c.ApiKey != "" && data.Get("key") == "" {
-		data.Set("key", c.ApiKey)
+	if config == nil {
+		return nil, errors.ObjectNotFound()
 	}
 
-	c.logSend(data)
-
-	body, hdrs, err := c.post(data)
+	b, err := xml.Marshal(config)
 	if err != nil {
-		return body, hdrs, err
+		return b, err
 	}
 
-	return body, hdrs, c.endCommunication(body, ans)
-}
-
-// CommunicateFile does a file upload to PAN-OS.
-//
-// The content param is the content of the file you want to upload.
-//
-// The filename param is the basename of the file you want to specify in the
-// multipart form upload.
-//
-// The fp param is the name of the param for the file upload.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-//
-// Even if an answer struct is given, we first check for known error formats.  If
-// a known error format is detected, unmarshalling into the answer struct is not
-// performed.
-//
-// If the API key is set, but not present in the given data, then it is added in.
-func (c *Client) CommunicateFile(content, filename, fp string, data url.Values, ans interface{}) ([]byte, http.Header, error) {
-	var err error
-
-	if c.ApiKey != "" && data.Get("key") == "" {
-		data.Set("key", c.ApiKey)
+	var newb []byte
+	if !withPackaging {
+		newb = append([]byte(nil), b...)
+	} else {
+		newb = make([]byte, 0, len(b)+7)
+		newb = append(newb, []byte("<q>")...)
+		newb = append(newb, b...)
+		newb = append(newb, []byte("</q>")...)
 	}
 
-	c.logSend(data)
-
-	buf := bytes.Buffer{}
-	w := multipart.NewWriter(&buf)
-
-	for k := range data {
-		w.WriteField(k, data.Get(k))
+	if ans == nil {
+		return newb, nil
 	}
 
-	w2, err := w.CreateFormFile(fp, filename)
-	if err != nil {
-		return nil, nil, err
-	}
+	err = xml.Unmarshal(newb, ans)
+	return newb, err
+}
 
-	if _, err = io.Copy(w2, strings.NewReader(content)); err != nil {
-		return nil, nil, err
+func (c *Client) Clock(ctx context.Context) (time.Time, error) {
+	type creq struct {
+		XMLName xml.Name `xml:"show"`
+		Cmd     string   `xml:"clock"`
 	}
 
-	w.Close()
-
-	req, err := http.NewRequest("POST", c.api_url, &buf)
-	if err != nil {
-		return nil, nil, err
-	}
-	req.Header.Set("Content-Type", w.FormDataContentType())
-	for k, v := range c.Headers {
-		req.Header.Set(k, v)
+	type cresp struct {
+		Result string `xml:"result"`
 	}
 
-	res, err := c.con.Do(req)
-	if err != nil {
-		return nil, nil, err
+	cmd := &xmlapi.Op{
+		Command: creq{},
+		Target:  c.Target,
 	}
+	var ans cresp
 
-	defer res.Body.Close()
-	body, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return body, res.Header, err
+	if _, _, err := c.Communicate(ctx, cmd, false, &ans); err != nil {
+		return time.Time{}, err
 	}
 
-	return body, res.Header, c.endCommunication(body, ans)
+	return time.Parse(time.UnixDate+"\n", ans.Result)
 }
 
-// Op runs an operational or "op" type command.
-//
-// The req param can be either a properly formatted XML string or a struct
-// that can be marshalled into XML.
-//
-// The vsys param is the vsys the op command should be executed in, if any.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
+// MultiConfig does a "multi-config" type command.
 //
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
+// Param strict should be true if you want strict transactional support.
 //
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Op(req interface{}, vsys string, extras, ans interface{}) ([]byte, error) {
-	var err error
-	data := url.Values{}
-	data.Set("type", "op")
-
-	if err = addToData("cmd", req, true, &data); err != nil {
-		return nil, err
+// Note that the error returned from this function is only if there was an error
+// unmarshaling the response into the the multi config response struct.  If the
+// multi config itself failed, then the reason can be found in its results.
+func (c *Client) MultiConfig(ctx context.Context, mc *xmlapi.MultiConfig, strict bool, extras url.Values) ([]byte, *http.Response, *xmlapi.MultiConfigResponse, error) {
+	cmd := &xmlapi.Config{
+		Action:              "multi-config",
+		Element:             mc,
+		StrictTransactional: strict,
+		Target:              c.Target,
 	}
 
-	if vsys != "" {
-		data.Set("vsys", vsys)
+	text, httpResp, err := c.Communicate(ctx, cmd, false, nil)
+
+	// If the text is empty, then the err will have a real error we should report to the
+	// invoker.  However, if the text is not empty, then ignore the error and parse the
+	// multi config results using the specialized struct custom designed to handle it.
+	if len(text) == 0 {
+		return text, httpResp, nil, err
 	}
 
-	if c.Target != "" {
-		data.Set("target", c.Target)
+	mcResp, err := xmlapi.NewMultiConfigResponse(text)
+	if err != nil {
+		return text, httpResp, nil, err
 	}
 
-	if err = mergeUrlValues(&data, extras); err != nil {
-		return nil, err
+	if !mcResp.Ok() {
+		return text, httpResp, mcResp, mcResp
 	}
 
-	b, _, err := c.Communicate(data, ans)
-	return b, err
+	return text, httpResp, mcResp, nil
 }
 
-// Log submits a "log" command.
-//
-// Use `WaitForLogs` to get the results of the log command.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Log(logType, action, query, dir string, nlogs, skip int, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	data.Set("type", "log")
-
-	if logType != "" {
-		data.Set("log-type", logType)
+// RequestPasswordHash requests a password hash of the given string.
+func (c *Client) RequestPasswordHash(ctx context.Context, v string) (string, error) {
+	type phash_req struct {
+		XMLName xml.Name `xml:"request"`
+		Val     string   `xml:"password-hash>password"`
 	}
 
-	if action != "" {
-		data.Set("action", action)
+	cmd := &xmlapi.Op{
+		Command: phash_req{
+			Val: v,
+		},
+		Target: c.Target,
 	}
 
-	if query != "" {
-		data.Set("query", query)
+	type phash_ans struct {
+		Hash string `xml:"result>phash"`
 	}
 
-	if dir != "" {
-		data.Set("dir", dir)
+	var ans phash_ans
+	if _, _, err := c.Communicate(ctx, cmd, false, &ans); err != nil {
+		return "", err
 	}
 
-	if nlogs != 0 {
-		data.Set("nlogs", strconv.Itoa(nlogs))
-	}
+	return ans.Hash, nil
+}
 
-	if skip != 0 {
-		data.Set("skip", strconv.Itoa(skip))
+// ValidateConfig performs a commit config validation check.
+//
+// Use WaitForJob and the uint returned from this function to get the
+// results of the job.
+func (c *Client) ValidateConfig(ctx context.Context, sleep time.Duration) (uint, error) {
+	type req struct {
+		XMLName xml.Name `xml:"validate"`
+		Cmd     string   `xml:"full"`
 	}
 
-	if err := mergeUrlValues(&data, extras); err != nil {
-		return nil, err
+	cmd := &xmlapi.Op{
+		Command: req{},
+		Target:  c.Target,
 	}
 
-	b, _, err := c.Communicate(data, ans)
-	return b, err
+	id, _, _, err := c.StartJob(ctx, cmd)
+	return id, err
 }
 
-// WaitForLogs performs repeated log retrieval operations until the log job is complete
-// or the timeout is reached.
+// WaitForLogs polls PAN-OS until the given log retrieval job is complete.
 //
-// Specify a timeout of zero to wait indefinitely.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) WaitForLogs(id uint, sleep, timeout time.Duration, ans interface{}) ([]byte, error) {
+// The sleep param is the time to wait between polling. Note that a sleep
+// time less than 2 seconds may cause PAN-OS to take longer to finish the
+// job.
+func (c *Client) WaitForLogs(ctx context.Context, id uint, sleep time.Duration, resp any) ([]byte, error) {
+	if id == 0 {
+		return nil, fmt.Errorf("job ID must be specified")
+	}
+
 	var err error
 	var data []byte
 	var prev string
-	start := time.Now()
-	end := start.Add(timeout)
-	extras := url.Values{}
-	extras.Set("job-id", fmt.Sprintf("%d", id))
 
-	c.LogLog("(log) waiting for logs: %d", id)
+	cmd := &xmlapi.Log{
+		Action: "get",
+		JobId:  id,
+	}
 
-	var resp util.BasicJob
+	var ans util.BasicJob
 	for {
-		resp = util.BasicJob{}
+		ans = util.BasicJob{}
 
-		data, err = c.Log("", "get", "", "", 0, 0, extras, &resp)
+		data, _, err = c.Communicate(ctx, cmd, false, &ans)
 		if err != nil {
 			return data, err
 		}
 
-		if resp.Status != prev {
-			prev = resp.Status
-			c.LogLog("(log) job %d status: %s", id, prev)
+		if ans.Status != prev {
+			prev = ans.Status
+			// log %d id and %s prev
 		}
 
-		if resp.Status == "FIN" {
+		if ans.Status == "FIN" {
 			break
 		}
 
-		if timeout > 0 && end.After(time.Now()) {
-			return data, fmt.Errorf("timeout")
-		}
-
 		if sleep > 0 {
 			time.Sleep(sleep)
 		}
 	}
 
-	if resp.Result == "FAIL" {
-		if len(resp.Details.Lines) > 0 {
-			return data, fmt.Errorf(resp.Details.String())
+	if ans.Result == "FAIL" {
+		if len(ans.Details.Lines) > 0 {
+			return data, fmt.Errorf(ans.Details.String())
 		} else {
-			return data, fmt.Errorf("Job %d has failed to complete successfully", id)
+			return data, fmt.Errorf("Job %d has failed", id)
 		}
 	}
 
-	if ans == nil {
+	if resp == nil {
 		return data, nil
 	}
 
-	err = xml.Unmarshal(data, ans)
+	err = xml.Unmarshal(data, resp)
 	return data, err
 }
 
-// Show runs a "show" type command.
-//
-// The path param should be either a string or a slice of strings.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Show(path, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	return c.typeConfig("show", data, nil, extras, ans)
-}
-
-// Get runs a "get" type command.
-//
-// The path param should be either a string or a slice of strings.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Get(path, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	return c.typeConfig("get", data, nil, extras, ans)
-}
-
-// Delete runs a "delete" type command, removing the supplied xpath and
-// everything underneath it.
-//
-// The path param should be either a string or a slice of strings.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Delete(path, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	return c.typeConfig("delete", data, nil, extras, ans)
-}
-
-// Set runs a "set" type command, creating the element at the given xpath.
-//
-// The path param should be either a string or a slice of strings.
-//
-// The element param can be either a string of properly formatted XML to send
-// or a struct which can be marshaled into a string.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Set(path, element, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	return c.typeConfig("set", data, element, extras, ans)
-}
-
-// Edit runs a "edit" type command, modifying what is at the given xpath
-// with the supplied element.
-//
-// The path param should be either a string or a slice of strings.
-//
-// The element param can be either a string of properly formatted XML to send
-// or a struct which can be marshaled into a string.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Edit(path, element, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	return c.typeConfig("edit", data, element, extras, ans)
-}
-
-// Move does a "move" type command.
-func (c *Client) Move(path interface{}, where, dst string, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-
-	if where != "" {
-		data.Set("where", where)
-	}
-
-	if dst != "" {
-		data.Set("dst", dst)
-	}
-
-	return c.typeConfig("move", data, nil, extras, ans)
-}
-
-// Rename does a "rename" type command.
-func (c *Client) Rename(path interface{}, newname string, extras, ans interface{}) ([]byte, error) {
-	data := url.Values{}
-	xp := util.AsXpath(path)
-	c.logXpath(xp)
-	data.Set("xpath", xp)
-	data.Set("newname", newname)
-
-	return c.typeConfig("rename", data, nil, extras, ans)
-}
-
-// MultiConfig does a "multi-config" type command.
+// WaitForJob polls PAN-OS until the given job finishes.
 //
-// Param strict should be true if you want strict transactional support.
-//
-// Note that the error returned from this function is only if there was an error
-// unmarshaling the response into the the multi config response struct.  If the
-// multi config itself failed, then the reason can be found in its results.
-func (c *Client) MultiConfig(element MultiConfigure, strict bool, extras interface{}) ([]byte, MultiConfigureResponse, error) {
-	data := url.Values{}
-	if strict {
-		data.Set("strict-transactional", "yes")
-	}
-
-	text, _ := c.typeConfig("multi-config", data, element, extras, nil)
-
-	resp := MultiConfigureResponse{}
-	err := xml.Unmarshal(text, &resp)
-	return text, resp, err
-}
-
-// Uid performs User-ID API calls.
-func (c *Client) Uid(cmd interface{}, vsys string, extras, ans interface{}) ([]byte, error) {
+// The sleep param is the time to wait between polling. Note that a sleep
+// time less than 2 seconds may cause PAN-OS to take longer to finish the
+// job.
+func (c *Client) WaitForJob(ctx context.Context, id uint, sleep time.Duration, resp any) error {
 	var err error
-	data := url.Values{}
-	data.Set("type", "user-id")
-
-	if err = addToData("cmd", cmd, true, &data); err != nil {
-		return nil, err
-	}
-
-	if vsys != "" {
-		data.Set("vsys", vsys)
-	}
-
-	if c.Target != "" {
-		data.Set("target", c.Target)
-	}
-
-	if err = mergeUrlValues(&data, extras); err != nil {
-		return nil, err
-	}
-
-	b, _, err := c.Communicate(data, ans)
-	return b, err
-}
-
-// Import performs an import type command.
-//
-// The cat param is the category.
-//
-// The content param is the content of the file you want to upload.
-//
-// The filename param is the basename of the file you want to specify in the
-// multipart form upload.
-//
-// The fp param is the name of the param for the file upload.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-func (c *Client) Import(cat, content, filename, fp string, timeout time.Duration, extras, ans interface{}) ([]byte, error) {
-	if timeout < 0 {
-		return nil, fmt.Errorf("timeout cannot be negative")
-	} else if timeout > 0 {
-		defer func(c *Client, v time.Duration) {
-			c.con.Timeout = v
-		}(c, c.con.Timeout)
-		c.con.Timeout = timeout
-	}
-
-	data := url.Values{}
-	data.Set("type", "import")
-	data.Set("category", cat)
-
-	if err := mergeUrlValues(&data, extras); err != nil {
-		return nil, err
-	}
-
-	b, _, err := c.CommunicateFile(content, filename, fp, data, ans)
-	return b, err
-}
-
-// Commit performs PAN-OS commits.
-//
-// The cmd param can be a properly formatted XML string, a struct that can
-// be marshalled into XML, or one of the commit types that can be found in the
-// commit package.
-//
-// The action param is the commit action to be taken.  If you are using one of the
-// commit structs as the `cmd` param and the action param is an empty string, then
-// the action is taken from the commit struct passed in.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// Commits result in a job being submitted to the backend.  The job ID, assuming
-// the commit action was successfully submitted, the response from the server,
-// and if an error was encountered or not are all returned from this function.
-func (c *Client) Commit(cmd interface{}, action string, extras interface{}) (uint, []byte, error) {
-	var err error
-	data := url.Values{}
-	data.Set("type", "commit")
-
-	if err = addToData("cmd", cmd, true, &data); err != nil {
-		return 0, nil, err
-	}
-
-	if action != "" {
-		data.Set("action", action)
-	} else if ca, ok := cmd.(util.Actioner); ok && ca.Action() != "" {
-		data.Set("action", ca.Action())
-	}
-
-	if c.Target != "" {
-		data.Set("target", c.Target)
-	}
-
-	if err = mergeUrlValues(&data, extras); err != nil {
-		return 0, nil, err
-	}
-
-	ans := util.JobResponse{}
-	b, _, err := c.Communicate(data, &ans)
-	return ans.Id, b, err
-}
-
-// Export runs an "export" type command.
-//
-// The category param specifies the desired file type to export.
-//
-// The extras param should be either nil or a url.Values{} to be mixed in with
-// the constructed request.
-//
-// The ans param should be a pointer to a struct to unmarshal the response
-// into or nil.
-//
-// Any response received from the server is returned, along with any errors
-// encountered.
-//
-// If the export invoked results in a file being downloaded from PAN-OS, then
-// the string returned is the name of the remote file that is retrieved,
-// otherwise it's just an empty string.
-func (c *Client) Export(category string, timeout time.Duration, extras, ans interface{}) (string, []byte, error) {
-	if timeout < 0 {
-		return "", nil, fmt.Errorf("timeout cannot be negative")
-	} else if timeout > 0 {
-		defer func(c *Client, v time.Duration) {
-			c.con.Timeout = v
-		}(c, c.con.Timeout)
-		c.con.Timeout = timeout
-	}
-
-	data := url.Values{}
-	data.Set("type", "export")
-
-	if category != "" {
-		data.Set("category", category)
-	}
+	var prev uint
+	var data []byte
+	dp := false
+	all_ok := true
 
-	if err := mergeUrlValues(&data, extras); err != nil {
-		return "", nil, err
+	type req struct {
+		XMLName xml.Name `xml:"show"`
+		Id      uint     `xml:"jobs>id"`
 	}
 
-	var filename string
-	b, hdrs, err := c.Communicate(data, ans)
-	if err == nil && hdrs != nil {
-		// Check and see if there's a filename in the content disposition.
-		mediatype, params, err := mime.ParseMediaType(hdrs.Get("Content-Disposition"))
-		if err == nil && mediatype == "attachment" {
-			filename = params["filename"]
-		}
+	cmd := &xmlapi.Op{
+		Command: req{
+			Id: id,
+		},
+		Target: c.Target,
 	}
 
-	return filename, b, err
-}
-
-/*** Internal functions ***/
-
-func (c *Client) initCon() error {
-	var tout time.Duration
-
-	// Load up the JSON config file.
-	json_client := &Client{}
-	if c.credsFile != "" {
-		var (
-			b   []byte
-			err error
-		)
-		if len(c.rb) == 0 {
-			b, err = ioutil.ReadFile(c.credsFile)
-		} else {
-			b, err = c.authFileContent, nil
-		}
+	var ans util.BasicJob
+	for {
+		ans = util.BasicJob{}
 
+		data, _, err = c.Communicate(ctx, cmd, false, &ans)
 		if err != nil {
 			return err
 		}
 
-		if err = json.Unmarshal(b, &json_client); err != nil {
-			return err
-		}
-	}
-
-	// Hostname.
-	if c.Hostname == "" {
-		if val := os.Getenv("PANOS_HOSTNAME"); c.CheckEnvironment && val != "" {
-			c.Hostname = val
-		} else {
-			c.Hostname = json_client.Hostname
-		}
-	}
-
-	// Username.
-	if c.Username == "" {
-		if val := os.Getenv("PANOS_USERNAME"); c.CheckEnvironment && val != "" {
-			c.Username = val
-		} else {
-			c.Username = json_client.Username
-		}
-	}
-
-	// Password.
-	if c.Password == "" {
-		if val := os.Getenv("PANOS_PASSWORD"); c.CheckEnvironment && val != "" {
-			c.Password = val
-		} else {
-			c.Password = json_client.Password
-		}
-	}
-
-	// API key.
-	if c.ApiKey == "" {
-		if val := os.Getenv("PANOS_API_KEY"); c.CheckEnvironment && val != "" {
-			c.ApiKey = val
-		} else {
-			c.ApiKey = json_client.ApiKey
-		}
-	}
-
-	// Protocol.
-	if c.Protocol == "" {
-		if val := os.Getenv("PANOS_PROTOCOL"); c.CheckEnvironment && val != "" {
-			c.Protocol = val
-		} else if json_client.Protocol != "" {
-			c.Protocol = json_client.Protocol
-		} else {
-			c.Protocol = "https"
-		}
-	}
-	if c.Protocol != "http" && c.Protocol != "https" {
-		return fmt.Errorf("Invalid protocol %q.  Must be \"http\" or \"https\"", c.Protocol)
-	}
-
-	// Port.
-	if c.Port == 0 {
-		if val := os.Getenv("PANOS_PORT"); c.CheckEnvironment && val != "" {
-			if cp, err := strconv.Atoi(val); err != nil {
-				return fmt.Errorf("Failed to parse the env port number: %s", err)
-			} else {
-				c.Port = uint(cp)
-			}
-		} else if json_client.Port != 0 {
-			c.Port = json_client.Port
+		if ans.Progress != prev {
+			prev = ans.Progress
+			// log the change.
 		}
-	}
-	if c.Port > 65535 {
-		return fmt.Errorf("Port %d is out of bounds", c.Port)
-	}
 
-	// Timeout.
-	if c.Timeout == 0 {
-		if val := os.Getenv("PANOS_TIMEOUT"); c.CheckEnvironment && val != "" {
-			if ival, err := strconv.Atoi(val); err != nil {
-				return fmt.Errorf("Failed to parse timeout env var as int: %s", err)
-			} else {
-				c.Timeout = ival
+		// Check for device commits.
+		all_done := true
+		for _, d := range ans.Devices {
+			// log %q d.Serial %s d.Result
+			if d.Result == "PEND" {
+				all_done = false
+				break
+			} else if d.Result != "OK" && all_ok {
+				all_ok = false
 			}
-		} else if json_client.Timeout != 0 {
-			c.Timeout = json_client.Timeout
-		} else {
-			c.Timeout = 10
 		}
-	}
-	if c.Timeout <= 0 {
-		return fmt.Errorf("Timeout for %q must be a positive int", c.Hostname)
-	}
-	tout = time.Duration(time.Duration(c.Timeout) * time.Second)
 
-	// Target.
-	if c.Target == "" {
-		if val := os.Getenv("PANOS_TARGET"); c.CheckEnvironment && val != "" {
-			c.Target = val
-		} else {
-			c.Target = json_client.Target
-		}
-	}
-
-	// Headers.
-	if len(c.Headers) == 0 {
-		if val := os.Getenv("PANOS_HEADERS"); c.CheckEnvironment && val != "" {
-			if err := json.Unmarshal([]byte(val), &c.Headers); err != nil {
-				return err
-			}
-		}
-		if len(c.Headers) == 0 && len(json_client.Headers) > 0 {
-			c.Headers = make(map[string]string)
-			for k, v := range json_client.Headers {
-				c.Headers[k] = v
+		// Check if the job's done.
+		if ans.Progress == 100 {
+			if all_done {
+				break
+			} else if !dp {
+				// log waiting for %d devices len(ans.Devices)
+				dp = true
 			}
 		}
-	}
 
-	// Verify cert.
-	if !c.VerifyCertificate {
-		if val := os.Getenv("PANOS_VERIFY_CERTIFICATE"); c.CheckEnvironment && val != "" {
-			if vcb, err := strconv.ParseBool(val); err != nil {
-				return err
-			} else if vcb {
-				c.VerifyCertificate = vcb
-			}
-		}
-		if !c.VerifyCertificate && json_client.VerifyCertificate {
-			c.VerifyCertificate = json_client.VerifyCertificate
+		if sleep > 0 {
+			time.Sleep(sleep)
 		}
 	}
 
-	// Logging.
-	if c.Logging == 0 {
-		var ll []string
-		if val := os.Getenv("PANOS_LOGGING"); c.CheckEnvironment && val != "" {
-			ll = strings.Split(val, ",")
-		} else {
-			ll = json_client.LoggingFromInitialize
-		}
-		if len(ll) > 0 {
-			var lv uint32
-			for _, x := range ll {
-				switch x {
-				case "quiet":
-					lv |= LogQuiet
-				case "action":
-					lv |= LogAction
-				case "query":
-					lv |= LogQuery
-				case "op":
-					lv |= LogOp
-				case "uid":
-					lv |= LogUid
-				case "xpath":
-					lv |= LogXpath
-				case "send":
-					lv |= LogSend
-				case "receive":
-					lv |= LogReceive
-				default:
-					return fmt.Errorf("Unknown logging requested: %s", x)
-				}
-			}
-			c.Logging = lv
+	if ans.Result == "FAIL" {
+		if len(ans.Details.Lines) > 0 {
+			return fmt.Errorf(ans.Details.String())
 		} else {
-			c.Logging = LogAction | LogUid
-		}
-	}
-
-	// Setup the https client.
-	if c.Transport == nil {
-		c.Transport = &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			TLSClientConfig: &tls.Config{
-				InsecureSkipVerify: !c.VerifyCertificate,
-			},
-		}
-	}
-	c.con = &http.Client{
-		Transport: c.Transport,
-		Timeout:   tout,
-	}
-
-	// Sanity check.
-	if c.Hostname == "" {
-		return fmt.Errorf("No hostname specified")
-	} else if c.ApiKey == "" && (c.Username == "" && c.Password == "") {
-		return fmt.Errorf("No username/password or API key given")
-	}
-
-	// Configure the api url
-	if c.Port == 0 {
-		c.api_url = fmt.Sprintf("%s://%s/api", c.Protocol, c.Hostname)
-	} else {
-		c.api_url = fmt.Sprintf("%s://%s:%d/api", c.Protocol, c.Hostname, c.Port)
-	}
-
-	return nil
-}
-
-func (c *Client) initApiKey() error {
-	if c.ApiKey != "" {
-		return nil
-	}
-
-	return c.RetrieveApiKey()
-}
-
-func (c *Client) initSystemInfo() error {
-	var err error
-	c.LogOp("(op) show system info")
-
-	// Run "show system info"
-	type system_info_req struct {
-		XMLName xml.Name `xml:"show"`
-		Cmd     string   `xml:"system>info"`
-	}
-
-	type tagVal struct {
-		XMLName xml.Name
-		Value   string `xml:",chardata"`
-	}
-
-	type sysTag struct {
-		XMLName xml.Name `xml:"system"`
-		Tag     []tagVal `xml:",any"`
-	}
-
-	type system_info_ans struct {
-		System sysTag `xml:"result>system"`
-	}
-
-	req := system_info_req{}
-	ans := system_info_ans{}
-
-	_, err = c.Op(req, "", nil, &ans)
-	if err != nil {
-		return err
-	}
-
-	c.SystemInfo = make(map[string]string, len(ans.System.Tag))
-	for i := range ans.System.Tag {
-		c.SystemInfo[ans.System.Tag[i].XMLName.Local] = ans.System.Tag[i].Value
-		if ans.System.Tag[i].XMLName.Local == "sw-version" {
-			c.Version, err = version.New(ans.System.Tag[i].Value)
-			if err != nil {
-				return fmt.Errorf("Error parsing version %s: %s", ans.System.Tag[i].Value, err)
-			}
+			return fmt.Errorf("Job %d has failed", id)
 		}
+	} else if !all_ok {
+		return fmt.Errorf("Commit failed on one or more devices")
 	}
 
-	return nil
-}
-
-func (c *Client) initPlugins() {
-	c.LogOp("(op) getting plugin info")
-
-	var req plugin.GetPlugins
-	var ans plugin.PackageListing
-
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		c.LogAction("WARNING: Failed to get plugin info: %s", err)
-		return
+	if resp == nil {
+		return nil
 	}
 
-	c.Plugin = ans.Listing()
+	return xml.Unmarshal(data, resp)
 }
 
-func (c *Client) typeConfig(action string, data url.Values, element, extras, ans interface{}) ([]byte, error) {
-	var err error
-
-	if c.MultiConfigure != nil && (action == "set" ||
-		action == "edit" ||
-		action == "delete") {
-		r := MultiConfigureRequest{
-			XMLName: xml.Name{Local: action},
-			Xpath:   data.Get("xpath"),
-		}
-		if element != nil {
-			r.Data = element
-		}
-		c.MultiConfigure.Reqs = append(c.MultiConfigure.Reqs, r)
-		return nil, nil
+// RevertToRunningConfig discards any changes made and reverts to the last
+// committed config.
+func (c *Client) RevertToRunningConfig(ctx context.Context, vsys string) error {
+	type req struct {
+		XMLName xml.Name `xml:"load"`
+		Cmd     string   `xml:"config>from"`
 	}
 
-	data.Set("type", "config")
-	data.Set("action", action)
-
-	if element != nil {
-		if err = addToData("element", element, true, &data); err != nil {
-			return nil, err
-		}
+	cmd := &xmlapi.Op{
+		Command: req{
+			Cmd: "running-config.xml",
+		},
+		Vsys:   vsys,
+		Target: c.Target,
 	}
 
-	if c.Target != "" {
-		data.Set("target", c.Target)
-	}
+	_, _, err := c.Communicate(ctx, cmd, false, nil)
+	return err
+}
 
-	if err = mergeUrlValues(&data, extras); err != nil {
-		return nil, err
+// StartJob sends the given command, which starts a job on PAN-OS.
+//
+// The uint returned is the job ID.
+func (c *Client) StartJob(ctx context.Context, cmd util.PangoCommand) (uint, []byte, *http.Response, error) {
+	var ans util.JobResponse
+	b, resp, err := c.Communicate(ctx, cmd, false, &ans)
+	if err != nil {
+		return 0, b, resp, err
 	}
 
-	b, _, err := c.Communicate(data, ans)
-	return b, err
+	return ans.Id, b, resp, nil
 }
 
-func (c *Client) logXpath(p string) {
-	if c.Logging&LogXpath == LogXpath {
-		log.Printf("(xpath) %s", p)
+// Communicate sends the given content to PAN-OS.
+//
+// The API key is sent either in the request body or as a header.
+//
+// The timeout for the operation is taken from the context.
+func (c *Client) Communicate(ctx context.Context, cmd util.PangoCommand, strip bool, ans any) ([]byte, *http.Response, error) {
+	if cmd == nil {
+		return nil, nil, fmt.Errorf("cmd is nil")
 	}
-}
 
-// VsysImport imports the given names into the specified template / vsys.
-func (c *Client) VsysImport(loc, tmpl, ts, vsys string, names []string) error {
-	path := c.xpathImport(tmpl, ts, vsys)
-	if len(names) == 0 || vsys == "" {
-		return nil
-	} else if len(names) == 1 {
-		path = append(path, loc)
+	data, err := cmd.AsUrlValues()
+	if err != nil {
+		return nil, nil, err
 	}
 
-	obj := util.BulkElement{XMLName: xml.Name{Local: loc}}
-	for i := range names {
-		obj.Data = append(obj.Data, vis{xml.Name{Local: "member"}, names[i]})
+	if c.ApiKeyInRequest && c.ApiKey != "" && data.Get("key") == "" {
+		data.Set("key", c.ApiKey)
 	}
 
-	_, err := c.Set(path, obj.Config(), nil, nil)
-	return err
-}
+	c.logSend(data)
 
-// VsysUnimport removes the given names from all (template, optional) vsys.
-func (c *Client) VsysUnimport(loc, tmpl, ts string, names []string) error {
-	if len(names) == 0 {
-		return nil
+	req, err := http.NewRequestWithContext(ctx, "POST", c.api_url, strings.NewReader(data.Encode()))
+	if err != nil {
+		return nil, nil, err
 	}
 
-	path := make([]string, 0, 14)
-	path = append(path, c.xpathImport(tmpl, ts, "")...)
-	path = append(path, loc, util.AsMemberXpath(names))
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
-	_, err := c.Delete(path, nil, nil)
-	if err != nil {
-		e2, ok := err.(errors.Panos)
-		if ok && e2.ObjectNotFound() {
-			return nil
-		}
-	}
-	return err
+	return c.sendRequest(ctx, req, strip, ans)
 }
 
-// IsImported checks if the importable object is actually imported in the
-// specified location.
-func (c *Client) IsImported(loc, tmpl, ts, vsys, name string) (bool, error) {
-	path := make([]string, 0, 14)
-	path = append(path, c.xpathImport(tmpl, ts, vsys)...)
-	path = append(path, loc, util.AsMemberXpath([]string{name}))
-
-	_, err := c.Get(path, nil, nil)
-	if err == nil {
-		if vsys != "" {
-			return true, nil
-		} else {
-			return false, nil
-		}
+// ImportFile imports the given file into PAN-OS.
+func (c *Client) ImportFile(ctx context.Context, cmd *xmlapi.Import, content, filename, fp string, strip bool, ans any) ([]byte, *http.Response, error) {
+	if cmd == nil {
+		return nil, nil, fmt.Errorf("cmd is nil")
 	}
 
-	e2, ok := err.(errors.Panos)
-	if ok && e2.ObjectNotFound() {
-		if vsys != "" {
-			return false, nil
-		} else {
-			return true, nil
-		}
+	data, err := cmd.AsUrlValues()
+	if err != nil {
+		return nil, nil, err
 	}
 
-	return false, err
-}
+	if c.ApiKeyInRequest && c.ApiKey != "" && data.Get("key") == "" {
+		data.Set("key", c.ApiKey)
+	}
 
-func (c *Client) xpathImport(tmpl, ts, vsys string) []string {
-	ans := make([]string, 0, 12)
-	if tmpl != "" || ts != "" {
-		ans = append(ans, util.TemplateXpathPrefix(tmpl, ts)...)
-	}
-	ans = append(ans,
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-		util.AsEntryXpath([]string{vsys}),
-		"import",
-		"network",
-	)
-
-	return ans
-}
+	c.logSend(data)
 
-func (c *Client) post(data url.Values) ([]byte, http.Header, error) {
-	if len(c.rb) == 0 {
-		req, err := http.NewRequest("POST", c.api_url, strings.NewReader(data.Encode()))
-		if err != nil {
-			return nil, nil, err
-		}
-		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
-		for k, v := range c.Headers {
-			req.Header.Set(k, v)
-		}
+	buf := bytes.Buffer{}
+	w := multipart.NewWriter(&buf)
 
-		r, err := c.con.Do(req)
+	for k := range data {
+		err = w.WriteField(k, data.Get(k))
 		if err != nil {
 			return nil, nil, err
 		}
-
-		defer r.Body.Close()
-		ans, err := ioutil.ReadAll(r.Body)
-		return ans, r.Header, err
-	} else {
-		if c.ri < len(c.rb) {
-			c.rp = append(c.rp, data)
-		}
-		body := c.rb[c.ri%len(c.rb)]
-		var hdr http.Header
-		if len(c.rh) > 0 {
-			hdr = c.rh[c.ri%len(c.rh)]
-		}
-		c.ri++
-		return body, hdr, nil
 	}
-}
-
-func (c *Client) endCommunication(body []byte, ans interface{}) error {
-	var err error
 
-	if c.Logging&LogReceive == LogReceive {
-		log.Printf("Response = %s", body)
+	w2, err := w.CreateFormFile(fp, filename)
+	if err != nil {
+		return nil, nil, err
 	}
 
-	// Check for errors first
-	if err = errors.Parse(body); err != nil {
-		return err
+	if _, err = io.Copy(w2, strings.NewReader(content)); err != nil {
+		return nil, nil, err
 	}
 
-	// Return the body string if we weren't given something to unmarshal into
-	if ans == nil {
-		return nil
-	}
+	w.Close()
 
-	// Unmarshal using the struct passed in
-	err = xml.Unmarshal(body, ans)
+	req, err := http.NewRequestWithContext(ctx, "POST", c.api_url, &buf)
 	if err != nil {
-		return fmt.Errorf("Error unmarshaling into provided interface: %s", err)
-	}
-
-	return nil
-}
-
-/*
-PositionFirstEntity moves an element before another one using the Move API command.
-
-Param `mvt` is a util.Move* constant.
-
-Param `rel` is the relative entity that `mvt` is in relation to.
-
-Param `ent` is the entity that is to be positioned.
-
-Param `path` is the XPATH of `ent`.
-
-Param `elms` is the ordered list of entities that should include both
-`rel` and `ent`.
-be found.
-*/
-func (c *Client) PositionFirstEntity(mvt int, rel, ent string, path, elms []string) error {
-	// Sanity checks.
-	if rel == ent {
-		return fmt.Errorf("Can't position %q in relation to itself", rel)
-	} else if mvt < util.MoveSkip && mvt > util.MoveBottom {
-		return fmt.Errorf("Invalid position int given: %d", mvt)
-	} else if (mvt == util.MoveBefore || mvt == util.MoveDirectlyBefore || mvt == util.MoveAfter || mvt == util.MoveDirectlyAfter) && rel == "" {
-		return fmt.Errorf("Specify 'ref' in order to perform relative group positioning")
+		return nil, nil, err
 	}
 
-	var err error
-	fIdx := -1
-	oIdx := -1
-
-	switch mvt {
-	case util.MoveSkip:
-		return nil
-	case util.MoveTop:
-		_, em := c.Move(path, "top", "", nil, nil)
-		if em != nil && em.Error() != "already at the top" {
-			err = em
-		}
-	case util.MoveBottom:
-		_, em := c.Move(path, "bottom", "", nil, nil)
-		if em != nil && em.Error() != "already at the bottom" {
-			err = em
-		}
-	default:
-		// Find the indexes of the first rule and the ref rule.
-		for i, v := range elms {
-			if v == ent {
-				fIdx = i
-			} else if v == rel {
-				oIdx = i
-			}
-			if fIdx != -1 && oIdx != -1 {
-				break
-			}
-		}
-
-		// Sanity check: both rules should be present.
-		if fIdx == -1 {
-			return fmt.Errorf("Entity to be moved %q does not exist", ent)
-		} else if oIdx == -1 {
-			return fmt.Errorf("Reference entity %q does not exist", rel)
-		}
-
-		// Move the first element, if needed.
-		if (mvt == util.MoveBefore && fIdx > oIdx) || (mvt == util.MoveDirectlyBefore && fIdx+1 != oIdx) {
-			_, err = c.Move(path, "before", rel, nil, nil)
-		} else if (mvt == util.MoveAfter && fIdx < oIdx) || (mvt == util.MoveDirectlyAfter && fIdx != oIdx+1) {
-			_, err = c.Move(path, "after", rel, nil, nil)
-		}
-	}
+	req.Header.Set("Content-Type", w.FormDataContentType())
 
-	return err
+	return c.sendRequest(ctx, req, strip, ans)
 }
 
-// Clock gets the time on the PAN-OS appliance.
-func (c *Client) Clock() (time.Time, error) {
-	type t_req struct {
-		XMLName xml.Name `xml:"show"`
-		Cmd     string   `xml:"clock"`
+// ExportFile retrieves a file from PAN-OS.
+func (c *Client) ExportFile(ctx context.Context, cmd *xmlapi.Export, ans any) (string, []byte, *http.Response, error) {
+	if cmd == nil {
+		return "", nil, nil, fmt.Errorf("cmd is nil")
 	}
 
-	type t_resp struct {
-		Result string `xml:"result"`
+	data, err := cmd.AsUrlValues()
+	if err != nil {
+		return "", nil, nil, err
 	}
 
-	req := t_req{}
-	ans := t_resp{}
-
-	c.LogOp("(op) getting system time")
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		return time.Time{}, err
+	if c.ApiKeyInRequest && c.ApiKey != "" && data.Get("key") == "" {
+		data.Set("key", c.ApiKey)
 	}
 
-	return time.Parse(time.UnixDate+"\n", ans.Result)
-}
-
-// PrepareMultiConfigure will start a multi config command.
-//
-// Capacity is the initial capacity of the requests to be sent.
-func (c *Client) PrepareMultiConfigure(capacity int) {
-	c.MultiConfigure = &MultiConfigure{
-		Reqs: make([]MultiConfigureRequest, 0, capacity),
+	req, err := http.NewRequestWithContext(ctx, "POST", c.api_url, strings.NewReader(data.Encode()))
+	if err != nil {
+		return "", nil, nil, err
 	}
-}
 
-// SendMultiConfigure will send the accumulated multi configure request.
-//
-// Param strict should be true if you want strict transactional support.
-//
-// Note that the error returned from this function is only if there was an error
-// unmarshaling the response into the the multi config response struct.  If the
-// multi config itself failed, then the reason can be found in its results.
-func (c *Client) SendMultiConfigure(strict bool) (MultiConfigureResponse, error) {
-	if c.MultiConfigure == nil {
-		return MultiConfigureResponse{}, nil
+	b, resp, err := c.sendRequest(ctx, req, false, ans)
+	if err != nil {
+		return "", b, resp, err
 	}
 
-	mc := c.MultiConfigure
-	c.MultiConfigure = nil
+	var filename string
+	mediatype, params, err := mime.ParseMediaType(resp.Header.Get("Content-Disposition"))
+	if err == nil && mediatype == "attachment" {
+		filename = params["filename"]
+	}
 
-	_, ans, err := c.MultiConfig(*mc, strict, nil)
-	return ans, err
+	return filename, b, resp, nil
 }
 
-// GetTechSupportFile returns the tech support .tgz file.
-//
-// This function returns the name of the tech support file, the file
-// contents, and an error if one occurred.
-//
-// The timeout param is the new timeout (in seconds) to temporarily assign to
-// client connections to allow for the successful download of the tech support
-// file.  If the timeout is zero, then pango.Client.Timeout is the timeout for
-// tech support file retrieval.
-func (c *Client) GetTechSupportFile(timeout time.Duration) (string, []byte, error) {
-	if timeout < 0 {
-		return "", nil, fmt.Errorf("timeout cannot be negative")
+// GetTechSupportFile returns the tech support file .tgz file.
+func (c *Client) GetTechSupportFile(ctx context.Context) (string, []byte, error) {
+	cmd := &xmlapi.Export{
+		Category: "tech-support",
 	}
 
-	var err error
-	var resp util.JobResponse
-	cmd := "tech-support"
-
-	c.LogExport("(export) tech support file")
-
-	// Request the tech support file creation.
-	_, _, err = c.Export(cmd, 0, nil, &resp)
+	id, _, _, err := c.StartJob(ctx, cmd)
 	if err != nil {
 		return "", nil, err
 	}
-	if resp.Id == 0 {
-		return "", nil, fmt.Errorf("Job ID was not found")
-	}
 
-	extras := url.Values{}
-	extras.Set("action", "status")
-	extras.Set("job-id", fmt.Sprintf("%d", resp.Id))
+	cmd.Action = "status"
+	cmd.JobId = id
 
-	// Poll the job until it's done.
-	var pr util.BasicJob
+	var resp util.BasicJob
 	var prev uint
 	for {
-		_, _, err = c.Export(cmd, 0, extras, &pr)
-		if err != nil {
+		resp = util.BasicJob{}
+
+		if _, _, _, err = c.ExportFile(ctx, cmd, &resp); err != nil {
 			return "", nil, err
 		}
 
 		// The progress is not an uint when the job completes, so don't print
 		// the progress as 0 when the job is actually complete.
-		if pr.Progress != prev && pr.Progress != 0 {
-			prev = pr.Progress
-			c.LogExport("(export) tech support job %d: %d percent complete", resp.Id, prev)
+		if resp.Progress != prev && resp.Progress != 0 {
+			prev = resp.Progress
+			// log %d resp.Id at %d prev percentage complete.
 		}
 
-		if pr.Status == "FIN" {
+		if resp.Status == "FIN" {
 			break
 		}
 
 		time.Sleep(2 * time.Second)
 	}
 
-	if pr.Result == "FAIL" {
-		return "", nil, fmt.Errorf(pr.Details.String())
+	if resp.Result == "FAIL" {
+		return "", nil, fmt.Errorf(resp.Details.String())
 	}
 
-	extras.Set("action", "get")
-	return c.Export(cmd, timeout, extras, nil)
+	cmd.Action = "get"
+
+	filename, b, _, err := c.ExportFile(ctx, cmd, nil)
+	return filename, b, err
 }
 
-// RetrievePanosConfig retrieves either the running config, candidate config,
-// or the specified saved config file, then does `LoadPanosConfig()` to save it.
 //
-// After the config is loaded, config can be queried and retrieved using
-// any `FromPanosConfig()` methods.
+// Internal functions.
 //
-// Param `value` can be the word "candidate" to load candidate config or
-// `running` to load running config.  If the value is neither of those, it
-// is assumed to be the name of a saved config and that is loaded.
-func (c *Client) RetrievePanosConfig(value string) error {
-	type getConfig struct {
-		XMLName   xml.Name `xml:"show"`
-		Running   *string  `xml:"config>running"`
-		Candidate *string  `xml:"config>candidate"`
-		Saved     *string  `xml:"config>saved"`
+
+func (c *Client) setupLogging(logging LoggingInfo) error {
+	var logger *slog.Logger
+
+	if logging.SLogHandler == nil {
+		logger = slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: logging.LogLevel}))
+		logger.Info("No slog handler provided, creating default os.Stderr handler.", "LogLevel", logging.LogLevel.Level())
+	} else {
+		logger = slog.New(logging.SLogHandler)
+		if logging.LogLevel != 0 {
+			logger.Warn("LogLevel is ignored when using custom SLog handler.")
+		}
 	}
 
-	type data struct {
-		Data []byte `xml:",innerxml"`
+	// 1. logging.LogCategories has the highest priority
+	// 2. If logging.LogCategories is not set, we check logging.LogSymbols
+	// 3. If logging.LogSymbols is empty and c.CheckEnvironment is true we consult
+	//    PANOS_LOGGING environment variable.
+	// 4. If no logging categories have been selected, default to basic library logging
+	//    (i.e. "pango" category)
+	logMask := logging.LogCategories
+	var err error
+	if logMask == 0 {
+		logMask, err = LogCategoryFromStrings(logging.LogSymbols)
+		if err != nil {
+			return err
+		}
+
+		if logMask == 0 {
+			if val := os.Getenv("PANOS_LOGGING"); c.CheckEnvironment && val != "" {
+				symbols := strings.Split(val, ",")
+				logMask, err = LogCategoryFromStrings(symbols)
+				if err != nil {
+					return err
+				}
+			}
+		}
 	}
 
-	type resp struct {
-		XMLName xml.Name `xml:"response"`
-		Result  data     `xml:"result"`
+	// To disable logging completely, use custom SLog handler that discards all logs,
+	// e.g. https://github.com/golang/go/issues/62005 for the example of such handler.
+	if logMask == 0 {
+		logMask = LogCategoryPango
 	}
 
-	s := ""
-	req := getConfig{}
-	switch value {
-	case "candidate":
-		req.Candidate = &s
-	case "running":
-		req.Running = &s
-	default:
-		req.Saved = &value
+	enabledLogging, _ := LogCategoryAsStrings(logMask)
+	logger.Info("Pango logging configured", "symbols", enabledLogging)
+
+	c.logger = newCategoryLogger(logger, logMask)
+
+	return nil
+}
+
+func (c *Client) sendRequest(ctx context.Context, req *http.Request, strip bool, ans any) ([]byte, *http.Response, error) {
+	// Optional: set the API key in the header.
+	if !c.ApiKeyInRequest && c.ApiKey != "" {
+		req.Header.Set("X-PAN-KEY", c.ApiKey)
 	}
-	ans := resp{}
 
-	if _, err := c.Op(req, "", nil, &ans); err != nil {
-		return err
+	// Configure all user given headers.
+	for k, v := range c.Headers {
+		req.Header.Set(k, v)
 	}
 
-	return c.LoadPanosConfig(ans.Result.Data)
-}
+	// Perform the operation.
+	var err error
+	var resp *http.Response
+	if len(c.testOutput) != 0 {
+		c.testInput = append(c.testInput, req)
+		resp = c.testOutput[c.testIndex%len(c.testOutput)]
+		c.testIndex++
+	} else {
+		resp, err = c.con.Do(req)
+	}
 
-// LoadPanosConfig stores the given XML document into the local client instance.
-//
-// The `config` can either be `<config>...</config>` or something that contians
-// only the config document (such as `<result ...><config>...</config></result>`).
-//
-// After the config is loaded, config can be queried and retrieved using
-// any `FromPanosConfig()` methods.
-func (c *Client) LoadPanosConfig(config []byte) error {
-	log.Printf("load panos config")
-	if err := xml.Unmarshal(config, &c.configTree); err != nil {
-		return err
+	if err != nil {
+		return nil, nil, err
 	}
 
-	if c.configTree.XMLName.Local == "config" {
-		// Add a place holder parent util.XmlNode.
-		c.configTree = &util.XmlNode{
-			XMLName: xml.Name{
-				Local: "a",
-			},
-			Nodes: []util.XmlNode{
-				*c.configTree,
-			},
+	// Read in the response.
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return body, resp, err
+	}
+
+	// Check the response for errors.
+	if err = errors.Parse(body); err != nil {
+		return body, resp, err
+	}
+
+	// Optional: strip the "response" tag from the XML returned.
+	if strip {
+		var index int
+		gt := []byte(">")
+		lt := []byte("<")
+
+		index = bytes.Index(body, gt)
+		if index > 0 {
+			body = body[index+1:]
+			index = bytes.LastIndex(body, lt)
+			if index > 0 {
+				body = body[:index]
+			}
 		}
-		return nil
 	}
 
-	if len(c.configTree.Nodes) == 1 && c.configTree.Nodes[0].XMLName.Local == "config" {
-		// Already has a place holder parent.
-		return nil
+	if ans == nil {
+		return body, resp, nil
 	}
 
-	c.configTree = nil
-	return fmt.Errorf("doesn't seem to be a config tree")
-}
+	// Optional: unmarshal using the struct passed in.
+	err = xml.Unmarshal(body, ans)
+	if err != nil {
+		return body, resp, fmt.Errorf("err unmarshaling into provided interface: %s", err)
+	}
+
+	c.logger.WithLogCategory(LogCategoryReceive).Debug("Received data from server", "body", c.prepareReceiveDataForLogging(body))
 
-// ConfigTree returns the configuration tree that was loaded either via
-// `RetrievePanosConfig()` or `LoadPanosConfig()`.
-func (c *Client) ConfigTree() *util.XmlNode {
-	return c.configTree
+	return body, resp, nil
 }
 
 func (c *Client) logSend(data url.Values) {
-	var b strings.Builder
-
-	// Traditional send logging.
-	if c.Logging&LogSend == LogSend {
-		if b.Len() > 0 {
-			fmt.Fprintf(&b, "\n")
-		}
-		realKey := data.Get("key")
-		if realKey != "" {
-			data.Set("key", "########")
-		}
-		fmt.Fprintf(&b, "Sending data: %#v", data)
-		if realKey != "" {
-			data.Set("key", realKey)
-		}
+	c.logger.WithLogCategory(LogCategoryPango).Debug("Hello World!")
+	sendData := slog.Group("data", c.prepareSendDataForLogging(data)...)
+	if c.logger.enabledFor(LogCategoryCurl) {
+		curlEquivalent := slog.Group("curl", c.prepareSendDataAsCurl(data)...)
+		c.logger.WithLogCategory(LogCategorySend).Debug("data sent to the server", sendData, curlEquivalent)
+	} else {
+		c.logger.WithLogCategory(LogCategorySend).Debug("data sent to the server", sendData)
 	}
+}
 
-	// Log the send data as an OSX curl command.
-	if c.Logging&LogOsxCurl == LogOsxCurl {
-		if b.Len() > 0 {
-			fmt.Fprintf(&b, "\n")
-		}
-		special := map[string]string{
-			"key":     "",
-			"element": "",
-		}
-		ev := url.Values{}
-		for k := range data {
-			var isSpecial bool
-			for sk := range special {
-				if sk == k {
-					isSpecial = true
-					special[k] = data.Get(k)
-					break
-				}
-			}
-			if !isSpecial {
-				ev[k] = make([]string, 0, len(data[k]))
-				for i := range data[k] {
-					ev[k] = append(ev[k], data[k][i])
-				}
-			}
-		}
+func (c *Client) prepareSendDataForLogging(data url.Values) []any {
+	filterSensitive := !c.logger.enabledFor(LogCategorySensitive)
 
-		// Build up the curl command.
-		fmt.Fprintf(&b, "curl")
-		// Verify cert.
-		if !c.VerifyCertificate {
-			fmt.Fprintf(&b, " -k")
-		}
-		// Headers.
-		if len(c.Headers) > 0 && c.Logging&LogCurlWithPersonalData == LogCurlWithPersonalData {
-			for k, v := range c.Headers {
-				if v != "" {
-					fmt.Fprintf(&b, " --header '%s: %s'", k, v)
-				} else {
-					fmt.Fprintf(&b, " --header '%s;'", k)
+	preparedValues := make([]any, 0)
+
+	for key, values := range data {
+		for _, value := range values {
+			preparedValues = append(preparedValues, key)
+			if filterSensitive {
+				switch key {
+				case "key", "password":
+					preparedValues = append(preparedValues, "***")
+				default:
+					preparedValues = append(preparedValues, value)
 				}
-			}
-		}
-		// Add URL encoded values.
-		if special["key"] != "" {
-			if c.Logging&LogCurlWithPersonalData == LogCurlWithPersonalData {
-				ev.Set("key", special["key"])
 			} else {
-				ev.Set("key", "APIKEY")
+				preparedValues = append(preparedValues, value)
 			}
 		}
-		// Add in the element, if present.
-		if special["element"] != "" {
-			fmt.Fprintf(&b, " --data-urlencode element@element.xml")
-		}
-		// URL.
-		fmt.Fprintf(&b, " '%s://", c.Protocol)
-		if c.Logging&LogCurlWithPersonalData == LogCurlWithPersonalData {
-			fmt.Fprintf(&b, "%s", c.Hostname)
-		} else {
-			fmt.Fprintf(&b, "HOST")
-		}
-		if c.Port != 0 {
-			fmt.Fprintf(&b, ":%d", c.Port)
-		}
-		fmt.Fprintf(&b, "/api")
-		if len(ev) > 0 {
-			fmt.Fprintf(&b, "?%s", ev.Encode())
-		}
-		fmt.Fprintf(&b, "'")
-		// Data.
-		if special["element"] != "" {
-			fmt.Fprintf(&b, "\nelement.xml:\n%s", special["element"])
-		}
 	}
 
-	if b.Len() > 0 {
-		log.Printf("%s", b.String())
-	}
+	return preparedValues
 }
 
-/** Non-struct private functions **/
+func (c *Client) prepareSendDataAsCurl(data url.Values) []any {
+	filterSensitive := !c.logger.enabledFor(LogCategorySensitive)
 
-func mergeUrlValues(data *url.Values, extras interface{}) error {
-	if extras == nil {
-		return nil
+	// A map of items and their values for items that require additional
+	// processing, and not be sent as is.
+	special := map[string]string{
+		"element": "",
 	}
 
-	ev, ok := extras.(url.Values)
-	if !ok {
-		return fmt.Errorf("extras needs to be of type url.Values or nil")
-	}
+	sensitive := []string{"user", "password", "key", "host"}
 
-	for key := range ev {
-		data.Set(key, ev.Get(key))
-	}
+	values := url.Values{}
+	for key, value := range data {
+		isSpecial := false
+		for needle := range special {
+			if key == needle {
+				isSpecial = true
+				special[key] = value[0]
+				break
+			}
+		}
 
-	return nil
-}
+		isSensitive := false
+		for _, needle := range sensitive {
+			if key == needle {
+				isSensitive = true
+				break
+			}
+		}
 
-func addToData(key string, i interface{}, attemptMarshal bool, data *url.Values) error {
-	if i == nil {
-		return nil
+		// Only non-special values should be part of the
+		// encoded url, and sensitive values should only be
+		// visible when LogCategorySensitiveis set.
+		if !isSpecial {
+			if isSensitive && filterSensitive {
+				values[key] = []string{strings.ToUpper(key)}
+			} else {
+				values[key] = value
+			}
+		}
 	}
 
-	val, err := asString(i, attemptMarshal)
-	if err != nil {
-		return err
+	curlCmd := []string{"curl"}
+
+	if c.SkipVerifyCertificate {
+		curlCmd = append(curlCmd, "-k")
 	}
 
-	data.Set(key, val)
-	return nil
-}
+	if len(c.Headers) > 0 && !filterSensitive {
+		for k, v := range c.Headers {
+			curlCmd = append(curlCmd, "--header")
+			var header string
+			if v == "" {
+				header = fmt.Sprintf("'%s;'", k)
+			} else {
+				header = fmt.Sprintf("'%s: %s'", k, v)
+			}
+			curlCmd = append(curlCmd, header)
+		}
+	}
 
-func asString(i interface{}, attemptMarshal bool) (string, error) {
-	if a, ok := i.(fmt.Stringer); ok {
-		return a.String(), nil
+	hostname := c.Hostname
+	if filterSensitive {
+		hostname = "HOST"
+	}
+	port := ""
+	if c.Port != 0 {
+		port = fmt.Sprintf(":%d", c.Port)
 	}
 
-	if b, ok := i.(util.Elementer); ok {
-		i = b.Element()
+	encodedValues := ""
+	if len(values) > 0 {
+		encodedValues = fmt.Sprintf("?%s", values.Encode())
 	}
 
-	switch val := i.(type) {
-	case nil:
-		return "", fmt.Errorf("nil encountered")
-	case string:
-		return val, nil
-	default:
-		if !attemptMarshal {
-			return "", fmt.Errorf("value must be string or fmt.Stringer")
-		}
+	urlTemplate := "'%s://%s%s/api%s'"
+	apiUrl := fmt.Sprintf(urlTemplate, c.Protocol, hostname, port, encodedValues)
 
-		rb, err := xml.Marshal(val)
-		if err != nil {
-			return "", err
-		}
-		return string(rb), nil
-	}
-}
+	curlCmd = append(curlCmd, apiUrl)
 
-// vis is a vsys import struct.
-type vis struct {
-	XMLName xml.Name
-	Text    string `xml:",chardata"`
-}
+	curlData := []any{"command", strings.Join(curlCmd, " ")}
+
+	if special["element"] != "" {
+		curlData = append(curlData, "element.xml")
+		curlData = append(curlData, special["element"])
+	}
 
-type configLocks struct {
-	Locks []util.Lock `xml:"result>config-locks>entry"`
+	return curlData
 }
 
-type commitLocks struct {
-	Locks []util.Lock `xml:"result>commit-locks>entry"`
+func (c *Client) prepareReceiveDataForLogging(body []byte) string {
+	replacedBody := string(body)
+	keyStartIdx := strings.Index(replacedBody, "<key>")
+	keyEndIdx := strings.Index(replacedBody, "</key>")
+	if keyStartIdx != -1 && keyEndIdx != -1 {
+		replacedBody = replacedBody[:keyStartIdx] + "***" + replacedBody[keyEndIdx+len("</key>"):]
+	}
+	return replacedBody
 }
diff --git a/device/services/dns/config.go b/device/services/dns/config.go
new file mode 100644
index 00000000..52b0caa4
--- /dev/null
+++ b/device/services/dns/config.go
@@ -0,0 +1,158 @@
+package dns
+
+import (
+	"encoding/xml"
+
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type Config struct {
+	DnsSetting      *DnsSetting
+	FqdnRefreshTime *int64
+
+	Misc map[string][]generic.Xml
+}
+type DnsSetting struct {
+	Servers *DnsSettingServers
+}
+type DnsSettingServers struct {
+	Primary   *string
+	Secondary *string
+}
+type configXmlContainer struct {
+	XMLName xml.Name    `xml:"result"`
+	Answer  []configXml `xml:"system"`
+}
+type configXml struct {
+	XMLName         xml.Name       `xml:"system"`
+	DnsSetting      *DnsSettingXml `xml:"dns-setting,omitempty"`
+	FqdnRefreshTime *int64         `xml:"fqdn-refresh-time,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type DnsSettingXml struct {
+	Servers *DnsSettingServersXml `xml:"servers,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type DnsSettingServersXml struct {
+	Primary   *string `xml:"primary,omitempty"`
+	Secondary *string `xml:"secondary,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyConfig, &configXmlContainer{}, nil
+}
+func specifyConfig(o *Config) (any, error) {
+	config := configXml{}
+	var nestedDnsSetting *DnsSettingXml
+	if o.DnsSetting != nil {
+		nestedDnsSetting = &DnsSettingXml{}
+		if _, ok := o.Misc["DnsSetting"]; ok {
+			nestedDnsSetting.Misc = o.Misc["DnsSetting"]
+		}
+		if o.DnsSetting.Servers != nil {
+			nestedDnsSetting.Servers = &DnsSettingServersXml{}
+			if _, ok := o.Misc["DnsSettingServers"]; ok {
+				nestedDnsSetting.Servers.Misc = o.Misc["DnsSettingServers"]
+			}
+			if o.DnsSetting.Servers.Primary != nil {
+				nestedDnsSetting.Servers.Primary = o.DnsSetting.Servers.Primary
+			}
+			if o.DnsSetting.Servers.Secondary != nil {
+				nestedDnsSetting.Servers.Secondary = o.DnsSetting.Servers.Secondary
+			}
+		}
+	}
+	config.DnsSetting = nestedDnsSetting
+
+	config.FqdnRefreshTime = o.FqdnRefreshTime
+
+	config.Misc = o.Misc["Config"]
+
+	return config, nil
+}
+func (c *configXmlContainer) Normalize() ([]*Config, error) {
+	configList := make([]*Config, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		config := &Config{
+			Misc: make(map[string][]generic.Xml),
+		}
+		var nestedDnsSetting *DnsSetting
+		if o.DnsSetting != nil {
+			nestedDnsSetting = &DnsSetting{}
+			if o.DnsSetting.Misc != nil {
+				config.Misc["DnsSetting"] = o.DnsSetting.Misc
+			}
+			if o.DnsSetting.Servers != nil {
+				nestedDnsSetting.Servers = &DnsSettingServers{}
+				if o.DnsSetting.Servers.Misc != nil {
+					config.Misc["DnsSettingServers"] = o.DnsSetting.Servers.Misc
+				}
+				if o.DnsSetting.Servers.Secondary != nil {
+					nestedDnsSetting.Servers.Secondary = o.DnsSetting.Servers.Secondary
+				}
+				if o.DnsSetting.Servers.Primary != nil {
+					nestedDnsSetting.Servers.Primary = o.DnsSetting.Servers.Primary
+				}
+			}
+		}
+		config.DnsSetting = nestedDnsSetting
+
+		config.FqdnRefreshTime = o.FqdnRefreshTime
+
+		config.Misc["Config"] = o.Misc
+
+		configList = append(configList, config)
+	}
+
+	return configList, nil
+}
+
+func SpecMatches(a, b *Config) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchDnsSetting(a.DnsSetting, b.DnsSetting) {
+		return false
+	}
+	if !util.Ints64Match(a.FqdnRefreshTime, b.FqdnRefreshTime) {
+		return false
+	}
+
+	return true
+}
+
+func matchDnsSettingServers(a *DnsSettingServers, b *DnsSettingServers) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.Primary, b.Primary) {
+		return false
+	}
+	if !util.StringsMatch(a.Secondary, b.Secondary) {
+		return false
+	}
+	return true
+}
+func matchDnsSetting(a *DnsSetting, b *DnsSetting) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchDnsSettingServers(a.Servers, b.Servers) {
+		return false
+	}
+	return true
+}
diff --git a/device/services/dns/interfaces.go b/device/services/dns/interfaces.go
new file mode 100644
index 00000000..188f454a
--- /dev/null
+++ b/device/services/dns/interfaces.go
@@ -0,0 +1,7 @@
+package dns
+
+type Specifier func(*Config) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Config, error)
+}
diff --git a/device/services/dns/location.go b/device/services/dns/location.go
new file mode 100644
index 00000000..4d42ef9c
--- /dev/null
+++ b/device/services/dns/location.go
@@ -0,0 +1,180 @@
+package dns
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	System        *SystemLocation        `json:"system,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type SystemLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewSystemLocation() *Location {
+	return &Location{System: &SystemLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.System != nil:
+		if o.System.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.System != nil:
+		if o.System.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.System.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) Xpath(vn version.Number) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	return ans, nil
+}
diff --git a/device/services/dns/service.go b/device/services/dns/service.go
new file mode 100644
index 00000000..83ca11b0
--- /dev/null
+++ b/device/services/dns/service.go
@@ -0,0 +1,175 @@
+package dns
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, config *Config) (*Config, error) {
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(config)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, action string) (*Config, error) {
+	return s.read(ctx, loc, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location) (*Config, error) {
+	return s.read(ctx, loc, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, action string, usePanosConfig bool) (*Config, error) {
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+func (s *Service) Update(ctx context.Context, loc Location, entry *Config) (*Config, error) {
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Config
+	old, err = s.Read(ctx, loc, "get")
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.Xpath(vn)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, config *Config) error {
+	return s.delete(ctx, loc, config)
+}
+func (s *Service) delete(ctx context.Context, loc Location, config *Config) error {
+
+	vn := s.client.Versioning()
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return err
+	}
+	deleteSuffixes := []string{}
+	deleteSuffixes = append(deleteSuffixes, "dns-setting")
+	deleteSuffixes = append(deleteSuffixes, "fqdn-refresh-time")
+
+	for _, suffix := range deleteSuffixes {
+		cmd := &xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(append(path, suffix)),
+			Target: s.client.GetTarget(),
+		}
+
+		_, _, err = s.client.Communicate(ctx, cmd, false, nil)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/device/services/ntp/config.go b/device/services/ntp/config.go
new file mode 100644
index 00000000..1bbd4c06
--- /dev/null
+++ b/device/services/ntp/config.go
@@ -0,0 +1,538 @@
+package ntp
+
+import (
+	"encoding/xml"
+
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type Config struct {
+	NtpServers *NtpServers
+
+	Misc map[string][]generic.Xml
+}
+type NtpServers struct {
+	PrimaryNtpServer   *NtpServersPrimaryNtpServer
+	SecondaryNtpServer *NtpServersSecondaryNtpServer
+}
+type NtpServersPrimaryNtpServer struct {
+	AuthenticationType *NtpServersPrimaryNtpServerAuthenticationType
+	NtpServerAddress   *string
+}
+type NtpServersPrimaryNtpServerAuthenticationType struct {
+	Autokey      *string
+	None         *string
+	SymmetricKey *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey struct {
+	KeyId *int64
+	Md5   *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5
+	Sha1  *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5 struct {
+	AuthenticationKey *string
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1 struct {
+	AuthenticationKey *string
+}
+type NtpServersSecondaryNtpServer struct {
+	AuthenticationType *NtpServersSecondaryNtpServerAuthenticationType
+	NtpServerAddress   *string
+}
+type NtpServersSecondaryNtpServerAuthenticationType struct {
+	Autokey      *string
+	None         *string
+	SymmetricKey *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey struct {
+	KeyId *int64
+	Md5   *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5
+	Sha1  *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5 struct {
+	AuthenticationKey *string
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1 struct {
+	AuthenticationKey *string
+}
+type configXmlContainer struct {
+	XMLName xml.Name    `xml:"result"`
+	Answer  []configXml `xml:"system"`
+}
+type configXml struct {
+	XMLName    xml.Name       `xml:"system"`
+	NtpServers *NtpServersXml `xml:"ntp-servers,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersXml struct {
+	PrimaryNtpServer   *NtpServersPrimaryNtpServerXml   `xml:"primary-ntp-server,omitempty"`
+	SecondaryNtpServer *NtpServersSecondaryNtpServerXml `xml:"secondary-ntp-server,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersPrimaryNtpServerXml struct {
+	AuthenticationType *NtpServersPrimaryNtpServerAuthenticationTypeXml `xml:"authentication-type,omitempty"`
+	NtpServerAddress   *string                                          `xml:"ntp-server-address,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeXml struct {
+	Autokey      *string                                                      `xml:"autokey,omitempty"`
+	None         *string                                                      `xml:"none,omitempty"`
+	SymmetricKey *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyXml `xml:"symmetric-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyXml struct {
+	KeyId *int64                                                           `xml:"key-id,omitempty"`
+	Md5   *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml  `xml:"algorithm>md5,omitempty"`
+	Sha1  *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1Xml `xml:"algorithm>sha1,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml struct {
+	AuthenticationKey *string `xml:"authentication-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1Xml struct {
+	AuthenticationKey *string `xml:"authentication-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersSecondaryNtpServerXml struct {
+	AuthenticationType *NtpServersSecondaryNtpServerAuthenticationTypeXml `xml:"authentication-type,omitempty"`
+	NtpServerAddress   *string                                            `xml:"ntp-server-address,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeXml struct {
+	Autokey      *string                                                        `xml:"autokey,omitempty"`
+	None         *string                                                        `xml:"none,omitempty"`
+	SymmetricKey *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyXml `xml:"symmetric-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyXml struct {
+	KeyId *int64                                                             `xml:"key-id,omitempty"`
+	Md5   *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml  `xml:"algorithm>md5,omitempty"`
+	Sha1  *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1Xml `xml:"algorithm>sha1,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml struct {
+	AuthenticationKey *string `xml:"authentication-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1Xml struct {
+	AuthenticationKey *string `xml:"authentication-key,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyConfig, &configXmlContainer{}, nil
+}
+func specifyConfig(o *Config) (any, error) {
+	config := configXml{}
+	var nestedNtpServers *NtpServersXml
+	if o.NtpServers != nil {
+		nestedNtpServers = &NtpServersXml{}
+		if _, ok := o.Misc["NtpServers"]; ok {
+			nestedNtpServers.Misc = o.Misc["NtpServers"]
+		}
+		if o.NtpServers.PrimaryNtpServer != nil {
+			nestedNtpServers.PrimaryNtpServer = &NtpServersPrimaryNtpServerXml{}
+			if _, ok := o.Misc["NtpServersPrimaryNtpServer"]; ok {
+				nestedNtpServers.PrimaryNtpServer.Misc = o.Misc["NtpServersPrimaryNtpServer"]
+			}
+			if o.NtpServers.PrimaryNtpServer.NtpServerAddress != nil {
+				nestedNtpServers.PrimaryNtpServer.NtpServerAddress = o.NtpServers.PrimaryNtpServer.NtpServerAddress
+			}
+			if o.NtpServers.PrimaryNtpServer.AuthenticationType != nil {
+				nestedNtpServers.PrimaryNtpServer.AuthenticationType = &NtpServersPrimaryNtpServerAuthenticationTypeXml{}
+				if _, ok := o.Misc["NtpServersPrimaryNtpServerAuthenticationType"]; ok {
+					nestedNtpServers.PrimaryNtpServer.AuthenticationType.Misc = o.Misc["NtpServersPrimaryNtpServerAuthenticationType"]
+				}
+				if o.NtpServers.PrimaryNtpServer.AuthenticationType.None != nil {
+					nestedNtpServers.PrimaryNtpServer.AuthenticationType.None = o.NtpServers.PrimaryNtpServer.AuthenticationType.None
+				}
+				if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey != nil {
+					nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyXml{}
+					if _, ok := o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey"]; ok {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Misc = o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey"]
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5 != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5 = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml{}
+						if _, ok := o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5"]; ok {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc = o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5"]
+						}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey != nil {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey
+						}
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1 != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1 = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1Xml{}
+						if _, ok := o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1"]; ok {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc = o.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1"]
+						}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey != nil {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey
+						}
+					}
+				}
+				if o.NtpServers.PrimaryNtpServer.AuthenticationType.Autokey != nil {
+					nestedNtpServers.PrimaryNtpServer.AuthenticationType.Autokey = o.NtpServers.PrimaryNtpServer.AuthenticationType.Autokey
+				}
+			}
+		}
+		if o.NtpServers.SecondaryNtpServer != nil {
+			nestedNtpServers.SecondaryNtpServer = &NtpServersSecondaryNtpServerXml{}
+			if _, ok := o.Misc["NtpServersSecondaryNtpServer"]; ok {
+				nestedNtpServers.SecondaryNtpServer.Misc = o.Misc["NtpServersSecondaryNtpServer"]
+			}
+			if o.NtpServers.SecondaryNtpServer.AuthenticationType != nil {
+				nestedNtpServers.SecondaryNtpServer.AuthenticationType = &NtpServersSecondaryNtpServerAuthenticationTypeXml{}
+				if _, ok := o.Misc["NtpServersSecondaryNtpServerAuthenticationType"]; ok {
+					nestedNtpServers.SecondaryNtpServer.AuthenticationType.Misc = o.Misc["NtpServersSecondaryNtpServerAuthenticationType"]
+				}
+				if o.NtpServers.SecondaryNtpServer.AuthenticationType.None != nil {
+					nestedNtpServers.SecondaryNtpServer.AuthenticationType.None = o.NtpServers.SecondaryNtpServer.AuthenticationType.None
+				}
+				if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey != nil {
+					nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyXml{}
+					if _, ok := o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey"]; ok {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Misc = o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey"]
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5 != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5 = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5Xml{}
+						if _, ok := o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5"]; ok {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc = o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5"]
+						}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey != nil {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey
+						}
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1 != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1 = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1Xml{}
+						if _, ok := o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1"]; ok {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc = o.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1"]
+						}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey != nil {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey
+						}
+					}
+				}
+				if o.NtpServers.SecondaryNtpServer.AuthenticationType.Autokey != nil {
+					nestedNtpServers.SecondaryNtpServer.AuthenticationType.Autokey = o.NtpServers.SecondaryNtpServer.AuthenticationType.Autokey
+				}
+			}
+			if o.NtpServers.SecondaryNtpServer.NtpServerAddress != nil {
+				nestedNtpServers.SecondaryNtpServer.NtpServerAddress = o.NtpServers.SecondaryNtpServer.NtpServerAddress
+			}
+		}
+	}
+	config.NtpServers = nestedNtpServers
+
+	config.Misc = o.Misc["Config"]
+
+	return config, nil
+}
+func (c *configXmlContainer) Normalize() ([]*Config, error) {
+	configList := make([]*Config, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		config := &Config{
+			Misc: make(map[string][]generic.Xml),
+		}
+		var nestedNtpServers *NtpServers
+		if o.NtpServers != nil {
+			nestedNtpServers = &NtpServers{}
+			if o.NtpServers.Misc != nil {
+				config.Misc["NtpServers"] = o.NtpServers.Misc
+			}
+			if o.NtpServers.PrimaryNtpServer != nil {
+				nestedNtpServers.PrimaryNtpServer = &NtpServersPrimaryNtpServer{}
+				if o.NtpServers.PrimaryNtpServer.Misc != nil {
+					config.Misc["NtpServersPrimaryNtpServer"] = o.NtpServers.PrimaryNtpServer.Misc
+				}
+				if o.NtpServers.PrimaryNtpServer.NtpServerAddress != nil {
+					nestedNtpServers.PrimaryNtpServer.NtpServerAddress = o.NtpServers.PrimaryNtpServer.NtpServerAddress
+				}
+				if o.NtpServers.PrimaryNtpServer.AuthenticationType != nil {
+					nestedNtpServers.PrimaryNtpServer.AuthenticationType = &NtpServersPrimaryNtpServerAuthenticationType{}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.Misc != nil {
+						config.Misc["NtpServersPrimaryNtpServerAuthenticationType"] = o.NtpServers.PrimaryNtpServer.AuthenticationType.Misc
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.None != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.None = o.NtpServers.PrimaryNtpServer.AuthenticationType.None
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey{}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Misc != nil {
+							config.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey"] = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Misc
+						}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId != nil {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.KeyId
+						}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5 != nil {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5 = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5{}
+							if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc != nil {
+								config.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5"] = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc
+							}
+							if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey != nil {
+								nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey
+							}
+						}
+						if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1 != nil {
+							nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1 = &NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1{}
+							if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc != nil {
+								config.Misc["NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1"] = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc
+							}
+							if o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey != nil {
+								nestedNtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey = o.NtpServers.PrimaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey
+							}
+						}
+					}
+					if o.NtpServers.PrimaryNtpServer.AuthenticationType.Autokey != nil {
+						nestedNtpServers.PrimaryNtpServer.AuthenticationType.Autokey = o.NtpServers.PrimaryNtpServer.AuthenticationType.Autokey
+					}
+				}
+			}
+			if o.NtpServers.SecondaryNtpServer != nil {
+				nestedNtpServers.SecondaryNtpServer = &NtpServersSecondaryNtpServer{}
+				if o.NtpServers.SecondaryNtpServer.Misc != nil {
+					config.Misc["NtpServersSecondaryNtpServer"] = o.NtpServers.SecondaryNtpServer.Misc
+				}
+				if o.NtpServers.SecondaryNtpServer.NtpServerAddress != nil {
+					nestedNtpServers.SecondaryNtpServer.NtpServerAddress = o.NtpServers.SecondaryNtpServer.NtpServerAddress
+				}
+				if o.NtpServers.SecondaryNtpServer.AuthenticationType != nil {
+					nestedNtpServers.SecondaryNtpServer.AuthenticationType = &NtpServersSecondaryNtpServerAuthenticationType{}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.Misc != nil {
+						config.Misc["NtpServersSecondaryNtpServerAuthenticationType"] = o.NtpServers.SecondaryNtpServer.AuthenticationType.Misc
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.None != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.None = o.NtpServers.SecondaryNtpServer.AuthenticationType.None
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey{}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Misc != nil {
+							config.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey"] = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Misc
+						}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId != nil {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.KeyId
+						}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5 != nil {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5 = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5{}
+							if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc != nil {
+								config.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5"] = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.Misc
+							}
+							if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey != nil {
+								nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Md5.AuthenticationKey
+							}
+						}
+						if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1 != nil {
+							nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1 = &NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1{}
+							if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc != nil {
+								config.Misc["NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1"] = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.Misc
+							}
+							if o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey != nil {
+								nestedNtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey = o.NtpServers.SecondaryNtpServer.AuthenticationType.SymmetricKey.Sha1.AuthenticationKey
+							}
+						}
+					}
+					if o.NtpServers.SecondaryNtpServer.AuthenticationType.Autokey != nil {
+						nestedNtpServers.SecondaryNtpServer.AuthenticationType.Autokey = o.NtpServers.SecondaryNtpServer.AuthenticationType.Autokey
+					}
+				}
+			}
+		}
+		config.NtpServers = nestedNtpServers
+
+		config.Misc["Config"] = o.Misc
+
+		configList = append(configList, config)
+	}
+
+	return configList, nil
+}
+
+func SpecMatches(a, b *Config) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchNtpServers(a.NtpServers, b.NtpServers) {
+		return false
+	}
+
+	return true
+}
+
+func matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5(a *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5, b *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.AuthenticationKey, b.AuthenticationKey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1(a *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1, b *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.AuthenticationKey, b.AuthenticationKey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey(a *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey, b *NtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.KeyId, b.KeyId) {
+		return false
+	}
+	if !matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeyMd5(a.Md5, b.Md5) {
+		return false
+	}
+	if !matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKeySha1(a.Sha1, b.Sha1) {
+		return false
+	}
+	return true
+}
+func matchNtpServersPrimaryNtpServerAuthenticationType(a *NtpServersPrimaryNtpServerAuthenticationType, b *NtpServersPrimaryNtpServerAuthenticationType) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.None, b.None) {
+		return false
+	}
+	if !matchNtpServersPrimaryNtpServerAuthenticationTypeSymmetricKey(a.SymmetricKey, b.SymmetricKey) {
+		return false
+	}
+	if !util.StringsMatch(a.Autokey, b.Autokey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersPrimaryNtpServer(a *NtpServersPrimaryNtpServer, b *NtpServersPrimaryNtpServer) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.NtpServerAddress, b.NtpServerAddress) {
+		return false
+	}
+	if !matchNtpServersPrimaryNtpServerAuthenticationType(a.AuthenticationType, b.AuthenticationType) {
+		return false
+	}
+	return true
+}
+func matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5(a *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5, b *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.AuthenticationKey, b.AuthenticationKey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1(a *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1, b *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.AuthenticationKey, b.AuthenticationKey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey(a *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey, b *NtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.KeyId, b.KeyId) {
+		return false
+	}
+	if !matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeyMd5(a.Md5, b.Md5) {
+		return false
+	}
+	if !matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKeySha1(a.Sha1, b.Sha1) {
+		return false
+	}
+	return true
+}
+func matchNtpServersSecondaryNtpServerAuthenticationType(a *NtpServersSecondaryNtpServerAuthenticationType, b *NtpServersSecondaryNtpServerAuthenticationType) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.None, b.None) {
+		return false
+	}
+	if !matchNtpServersSecondaryNtpServerAuthenticationTypeSymmetricKey(a.SymmetricKey, b.SymmetricKey) {
+		return false
+	}
+	if !util.StringsMatch(a.Autokey, b.Autokey) {
+		return false
+	}
+	return true
+}
+func matchNtpServersSecondaryNtpServer(a *NtpServersSecondaryNtpServer, b *NtpServersSecondaryNtpServer) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.NtpServerAddress, b.NtpServerAddress) {
+		return false
+	}
+	if !matchNtpServersSecondaryNtpServerAuthenticationType(a.AuthenticationType, b.AuthenticationType) {
+		return false
+	}
+	return true
+}
+func matchNtpServers(a *NtpServers, b *NtpServers) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchNtpServersPrimaryNtpServer(a.PrimaryNtpServer, b.PrimaryNtpServer) {
+		return false
+	}
+	if !matchNtpServersSecondaryNtpServer(a.SecondaryNtpServer, b.SecondaryNtpServer) {
+		return false
+	}
+	return true
+}
diff --git a/device/services/ntp/interfaces.go b/device/services/ntp/interfaces.go
new file mode 100644
index 00000000..a5e39563
--- /dev/null
+++ b/device/services/ntp/interfaces.go
@@ -0,0 +1,7 @@
+package ntp
+
+type Specifier func(*Config) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Config, error)
+}
diff --git a/device/services/ntp/location.go b/device/services/ntp/location.go
new file mode 100644
index 00000000..9dec4909
--- /dev/null
+++ b/device/services/ntp/location.go
@@ -0,0 +1,180 @@
+package ntp
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	System        *SystemLocation        `json:"system,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type SystemLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewSystemLocation() *Location {
+	return &Location{System: &SystemLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.System != nil:
+		if o.System.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.System != nil:
+		if o.System.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.System.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+			"deviceconfig",
+			"system",
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) Xpath(vn version.Number) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	return ans, nil
+}
diff --git a/device/services/ntp/service.go b/device/services/ntp/service.go
new file mode 100644
index 00000000..da4ab757
--- /dev/null
+++ b/device/services/ntp/service.go
@@ -0,0 +1,174 @@
+package ntp
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, config *Config) (*Config, error) {
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(config)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, action string) (*Config, error) {
+	return s.read(ctx, loc, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location) (*Config, error) {
+	return s.read(ctx, loc, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, action string, usePanosConfig bool) (*Config, error) {
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+func (s *Service) Update(ctx context.Context, loc Location, entry *Config) (*Config, error) {
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Config
+	old, err = s.Read(ctx, loc, "get")
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.Xpath(vn)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, config *Config) error {
+	return s.delete(ctx, loc, config)
+}
+func (s *Service) delete(ctx context.Context, loc Location, config *Config) error {
+
+	vn := s.client.Versioning()
+	path, err := loc.Xpath(vn)
+	if err != nil {
+		return err
+	}
+	deleteSuffixes := []string{}
+	deleteSuffixes = append(deleteSuffixes, "ntp-servers")
+
+	for _, suffix := range deleteSuffixes {
+		cmd := &xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(append(path, suffix)),
+			Target: s.client.GetTarget(),
+		}
+
+		_, _, err = s.client.Communicate(ctx, cmd, false, nil)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/discard.go b/discard.go
new file mode 100644
index 00000000..8bad67d0
--- /dev/null
+++ b/discard.go
@@ -0,0 +1,18 @@
+package pango
+
+import (
+	"context"
+	"log/slog"
+)
+
+// discardHandler is an slog handler which is always disabled.
+//
+// This slog handler implementation is always disabled, and therefore
+// logs nothing. It is used to filter out log categories not
+// explicitly enabled.
+type discardHandler struct{}
+
+func (d discardHandler) Enabled(context.Context, slog.Level) bool  { return false }
+func (d discardHandler) Handle(context.Context, slog.Record) error { return nil }
+func (d discardHandler) WithAttrs(attrs []slog.Attr) slog.Handler  { return d }
+func (d discardHandler) WithGroup(name string) slog.Handler        { return d }
diff --git a/errors/panos.go b/errors/panos.go
index 54ec07bd..16a604bc 100644
--- a/errors/panos.go
+++ b/errors/panos.go
@@ -1,18 +1,19 @@
 package errors
 
 import (
-    stderr "errors"
 	"encoding/xml"
+	stderr "errors"
 	"fmt"
 	"strings"
-
-	"github.com/PaloAltoNetworks/pango/util"
 )
 
-
-var NoLocationSpecifiedError = stderr.New("no location specified")
+var InvalidFilterError = stderr.New("filter is improperly formatted")
 var NameNotSpecifiedError = stderr.New("name is not specified")
-
+var NoLocationSpecifiedError = stderr.New("no location specified")
+var RelativePositionWithRemoveEverythingElseError = stderr.New("cannot do relative positioning when removing all other rules")
+var UnrecognizedOperatorError = stderr.New("unsupported filter operator")
+var UnsupportedFilterTypeError = stderr.New("unsupported type for filtering")
+var UuidNotSpecifiedError = stderr.New("uuid is not specified")
 
 // Panos is an error returned from PAN-OS.
 //
@@ -32,6 +33,15 @@ func (e Panos) ObjectNotFound() bool {
 	return e.Code == 7
 }
 
+func IsObjectNotFound(e error) bool {
+	e2, ok := e.(Panos)
+	if ok && e2.ObjectNotFound() {
+		return true
+	}
+
+	return false
+}
+
 // ObjectNotFound returns an object not found error.
 func ObjectNotFound() Panos {
 	return Panos{
@@ -64,8 +74,12 @@ type errorCheck struct {
 }
 
 type errorCheckMsg struct {
-	Line    []util.CdataText `xml:"line"`
-	Message string           `xml:",chardata"`
+	Line    []errLine `xml:"line"`
+	Message string    `xml:",chardata"`
+}
+
+type errLine struct {
+	Text string `xml:",cdata"`
 }
 
 func (e *errorCheck) Failed() bool {
diff --git a/example/main.go b/example/main.go
new file mode 100644
index 00000000..7c04e4df
--- /dev/null
+++ b/example/main.go
@@ -0,0 +1,1099 @@
+package main
+
+import (
+	"context"
+	"encoding/xml"
+	"fmt"
+	"log"
+
+	"github.com/PaloAltoNetworks/pango"
+	"github.com/PaloAltoNetworks/pango/device/services/dns"
+	"github.com/PaloAltoNetworks/pango/device/services/ntp"
+	"github.com/PaloAltoNetworks/pango/network/interface/ethernet"
+	"github.com/PaloAltoNetworks/pango/network/interface/loopback"
+	"github.com/PaloAltoNetworks/pango/network/profiles/interface_management"
+	"github.com/PaloAltoNetworks/pango/network/virtual_router"
+	"github.com/PaloAltoNetworks/pango/network/zone"
+	"github.com/PaloAltoNetworks/pango/objects/address"
+	address_group "github.com/PaloAltoNetworks/pango/objects/address/group"
+	"github.com/PaloAltoNetworks/pango/objects/service"
+	service_group "github.com/PaloAltoNetworks/pango/objects/service/group"
+	"github.com/PaloAltoNetworks/pango/objects/tag"
+	"github.com/PaloAltoNetworks/pango/panorama/device_group"
+	"github.com/PaloAltoNetworks/pango/panorama/template"
+	"github.com/PaloAltoNetworks/pango/panorama/template_stack"
+	"github.com/PaloAltoNetworks/pango/policies/rules/security"
+	"github.com/PaloAltoNetworks/pango/rule"
+	"github.com/PaloAltoNetworks/pango/util"
+)
+
+func main() {
+	var err error
+	ctx := context.Background()
+
+	// FW
+	c := &pango.Client{
+		CheckEnvironment:      true,
+		SkipVerifyCertificate: true,
+		ApiKeyInRequest:       true,
+	}
+	if err = c.Setup(); err != nil {
+		log.Printf("Failed to setup client: %s", err)
+		return
+	}
+	log.Printf("Setup client %s (%s)", c.Hostname, c.Username)
+
+	if err = c.Initialize(ctx); err != nil {
+		log.Printf("Failed to initialize client: %s", err)
+		return
+	}
+
+	if ok, _ := c.IsPanorama(); ok {
+		log.Printf("Connected to Panorama, so templates and device groups are going to be created")
+		checkTemplate(c, ctx)
+		checkTemplateStack(c, ctx)
+		checkDeviceGroup(c, ctx)
+	} else {
+		log.Printf("Connected to firewall, so templates and device groups are not going to be created")
+	}
+
+	// CHECKS
+	checkVr(c, ctx)
+	checkZone(c, ctx)
+	checkInterfaceMgmtProfile(c, ctx)
+	checkEthernetLayer3Static(c, ctx)
+	checkEthernetLayer3Dhcp(c, ctx)
+	checkEthernetHa(c, ctx)
+	checkLoopback(c, ctx)
+	checkVrZoneWithEthernet(c, ctx)
+	checkSecurityPolicyRules(c, ctx)
+	checkSecurityPolicyRulesMove(c, ctx)
+	checkSharedObjects(c, ctx)
+	checkTag(c, ctx)
+	checkAddress(c, ctx)
+	checkService(c, ctx)
+	checkNtp(c, ctx)
+	checkDns(c, ctx)
+}
+
+func checkTemplate(c *pango.Client, ctx context.Context) {
+	entry := template.Entry{
+		Name:        "codegen_template",
+		Description: util.String("This is a template created by codegen."),
+		DefaultVsys: util.String("vsys1"),
+		Config: &template.Config{
+			Devices: []template.ConfigDevices{
+				{
+					Name: "localhost.localdomain",
+					Vsys: []template.ConfigDevicesVsys{
+						{
+							Name: "vsys1",
+						},
+					},
+				},
+			},
+		},
+	}
+
+	location := template.NewPanoramaLocation()
+	api := template.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create template: %s", err)
+		return
+	}
+	log.Printf("Template %s created\n", reply.Name)
+}
+
+func checkTemplateStack(c *pango.Client, ctx context.Context) {
+	entry := template_stack.Entry{
+		Name:        "codegen_template_stack",
+		Description: util.String("This is a template stack created by codegen."),
+		Templates:   []string{"codegen_template"},
+		DefaultVsys: util.String("vsys1"),
+	}
+
+	location := template_stack.NewPanoramaLocation()
+	api := template_stack.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create template stack: %s", err)
+		return
+	}
+	log.Printf("Template stack %s created\n", reply.Name)
+}
+
+func checkDeviceGroup(c *pango.Client, ctx context.Context) {
+	entry := device_group.Entry{
+		Name:        "codegen_device_group",
+		Description: util.String("This is a device group created by codegen."),
+		Templates:   []string{"codegen_template"},
+	}
+
+	location := device_group.NewPanoramaLocation()
+
+	api := device_group.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create device group: %s", err)
+		return
+	}
+	log.Printf("Device group %s created\n", reply.Name)
+}
+
+func checkSharedObjects(c *pango.Client, ctx context.Context) {
+	if ok, _ := c.IsPanorama(); ok {
+		addressObject := address.Entry{
+			Name:        "codegen_address_shared1",
+			Description: util.String("This is a shared address created by codegen."),
+			IpNetmask:   util.String("1.2.3.4"),
+		}
+
+		addressLocation := address.Location{
+			Shared: true,
+		}
+		addressApi := address.NewService(c)
+		addressReply, err := addressApi.Create(ctx, addressLocation, addressObject)
+		if err != nil {
+			log.Printf("Failed to create object: %s", err)
+			return
+		}
+		log.Printf("Address '%s=%s' created", addressReply.Name, *addressReply.IpNetmask)
+
+		err = addressApi.Delete(ctx, addressLocation, addressReply.Name)
+		if err != nil {
+			log.Printf("Failed to delete object: %s", err)
+			return
+		}
+		log.Printf("Address '%s' deleted", addressReply.Name)
+	}
+}
+
+func checkVr(c *pango.Client, ctx context.Context) {
+	entry := virtual_router.Entry{
+		Name: "codegen_vr",
+		Protocol: &virtual_router.Protocol{
+			Bgp: &virtual_router.ProtocolBgp{
+				Enable: util.Bool(false),
+			},
+			Ospf: &virtual_router.ProtocolOspf{
+				Enable: util.Bool(false),
+			},
+			Ospfv3: &virtual_router.ProtocolOspfv3{
+				Enable: util.Bool(false),
+			},
+			Rip: &virtual_router.ProtocolRip{
+				Enable: util.Bool(false),
+			},
+		},
+		RoutingTable: &virtual_router.RoutingTable{
+			// Ip: &virtual_router.RoutingTableIp{
+			// 	StaticRoutes: []virtual_router.RoutingTableIpStaticRoutes{
+			// 		{
+			// 			Name:        "default",
+			// 			Destination: util.String("0.0.0.0/0"),
+			// 			Interface:   util.String("ethernet1/2"),
+			// 			NextHop: &virtual_router.RoutingTableIpStaticRoutesNextHop{
+			// 				IpAddress: util.String("1.1.1.1"),
+			// 			},
+			// 			Metric:    util.Int(64),
+			// 			AdminDist: util.Int(120),
+			// 		},
+			// 	},
+			// },
+			// Ipv6: &virtual_router.RoutingTableIpv6{
+			// 	StaticRoutes: []virtual_router.RoutingTableIpv6StaticRoutes{
+			// 		{
+			// 			Name:        "default",
+			// 			Destination: util.String("0.0.0.0/0"),
+			// 			NextHop: &virtual_router.RoutingTableIpv6StaticRoutesNextHop{
+			// 				Ipv6Address: util.String("2001:0000:130F:0000:0000:09C0:876A:230D"),
+			// 			},
+			// 			Metric:    util.Int(24),
+			// 			AdminDist: util.Int(20),
+			// 		},
+			// 	},
+			// },
+		},
+		Ecmp: &virtual_router.Ecmp{
+			Enable:          util.Bool(true),
+			SymmetricReturn: util.Bool(true),
+			MaxPaths:        util.Int(3),
+			Algorithm:       &virtual_router.EcmpAlgorithm{
+				// IpHash: &virtual_router.EcmpAlgorithmIpHash{
+				// 	HashSeed: util.Int(1234),
+				// 	UsePort:  util.Bool(true),
+				// 	SrcOnly:  util.Bool(true),
+				// },
+				// WeightedRoundRobin: &virtual_router.EcmpAlgorithmWeightedRoundRobin{
+				// 	Interfaces: []virtual_router.EcmpAlgorithmWeightedRoundRobinInterfaces{
+				// 		{
+				// 			Name:   "ethernet1/2",
+				// 			Weight: util.Int(1),
+				// 		},
+				// 		{
+				// 			Name:   "ethernet1/3",
+				// 			Weight: util.Int(2),
+				// 		},
+				// 	},
+				// },
+			},
+		},
+		AdministrativeDistances: &virtual_router.AdministrativeDistances{
+			OspfInt: util.Int(77),
+			OspfExt: util.Int(88),
+		},
+	}
+	var location *virtual_router.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = virtual_router.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = virtual_router.NewNgfwLocation()
+	}
+	api := virtual_router.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create VR: %s", err)
+		return
+	}
+	log.Printf("VR %s created\n", reply.Name)
+}
+
+func checkEthernetLayer3Static(c *pango.Client, ctx context.Context) {
+	entry := ethernet.Entry{
+		Name:    "ethernet1/2",
+		Comment: util.String("This is a ethernet1/2"),
+		Layer3: &ethernet.Layer3{
+			NdpProxy: util.Bool(true),
+			Lldp:     util.Bool(true),
+			AdjustTcpMss: &ethernet.Layer3AdjustTcpMss{
+				Enable:            util.Bool(true),
+				Ipv4MssAdjustment: util.Int(250),
+				Ipv6MssAdjustment: util.Int(250),
+			},
+			Mtu: util.Int(1280),
+			Ips: []string{"11.11.11.11", "22.22.22.22"},
+			Ipv6: &ethernet.Layer3Ipv6{
+				Addresses: []ethernet.Layer3Ipv6Addresses{
+					{
+						EnableOnInterface: util.Bool(false),
+						Name:              "2001:0000:130F:0000:0000:09C0:876A:230B",
+					},
+					{
+						EnableOnInterface: util.Bool(true),
+						Name:              "2001:0000:130F:0000:0000:09C0:876A:230C",
+					},
+				},
+			},
+			InterfaceManagementProfile: util.String("codegen_mgmt_profile"),
+		},
+	}
+	var location *ethernet.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = ethernet.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = ethernet.NewNgfwLocation()
+	}
+	api := ethernet.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create ethernet: %s", err)
+		return
+	}
+	log.Printf("Ethernet layer3 %s created\n", reply.Name)
+}
+
+func checkEthernetLayer3Dhcp(c *pango.Client, ctx context.Context) {
+	entry := ethernet.Entry{
+		Name:    "ethernet1/3",
+		Comment: util.String("This is a ethernet1/3"),
+		Layer3: &ethernet.Layer3{
+			InterfaceManagementProfile: util.String("codegen_mgmt_profile"),
+			DhcpClient: &ethernet.Layer3DhcpClient{
+				CreateDefaultRoute: util.Bool(false),
+				DefaultRouteMetric: util.Int(64),
+				Enable:             util.Bool(true),
+				SendHostname: &ethernet.Layer3DhcpClientSendHostname{
+					Enable:   util.Bool(true),
+					Hostname: util.String("codegen_dhcp"),
+				},
+			},
+		},
+	}
+	var location *ethernet.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = ethernet.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = ethernet.NewNgfwLocation()
+	}
+	api := ethernet.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create ethernet: %s", err)
+		return
+	}
+	log.Printf("Ethernet layer3 %s created\n", reply.Name)
+}
+
+func checkEthernetHa(c *pango.Client, ctx context.Context) {
+	entry := ethernet.Entry{
+		Name:    "ethernet1/10",
+		Comment: util.String("This is a ethernet1/10"),
+		Ha:      &ethernet.Ha{},
+	}
+	var location *ethernet.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = ethernet.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = ethernet.NewNgfwLocation()
+	}
+	api := ethernet.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create ethernet: %s", err)
+		return
+	}
+	log.Printf("Ethernet HA %s created\n", reply.Name)
+}
+
+func checkLoopback(c *pango.Client, ctx context.Context) {
+	entry := loopback.Entry{
+		Name: "loopback.123",
+		AdjustTcpMss: &loopback.AdjustTcpMss{
+			Enable:            util.Bool(true),
+			Ipv4MssAdjustment: util.Int(250),
+			Ipv6MssAdjustment: util.Int(250),
+		},
+		Comment: util.String("This is a loopback entry"),
+		Mtu:     util.Int(1280),
+		Ips:     []string{"1.1.1.1", "2.2.2.2"},
+		Ipv6: &loopback.Ipv6{
+			Addresses: []loopback.Ipv6Addresses{
+				{
+					EnableOnInterface: util.Bool(false),
+					Name:              "2001:0000:130F:0000:0000:09C0:876A:130B",
+				},
+				{
+					EnableOnInterface: util.Bool(true),
+					Name:              "2001:0000:130F:0000:0000:09C0:876A:130C",
+				},
+			},
+		},
+		InterfaceManagementProfile: util.String("codegen_mgmt_profile"),
+	}
+	var location *loopback.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = loopback.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = loopback.NewNgfwLocation()
+	}
+	api := loopback.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create loopback: %s", err)
+		return
+	}
+	log.Printf("Loopback %s created\n", reply.Name)
+}
+
+func checkZone(c *pango.Client, ctx context.Context) {
+	entry := zone.Entry{
+		Name:                     "codegen_zone",
+		EnableUserIdentification: util.Bool(true),
+		Network: &zone.Network{
+			EnablePacketBufferProtection: util.Bool(false),
+			Layer3:                       []string{},
+		},
+		DeviceAcl: &zone.DeviceAcl{
+			IncludeList: []string{"1.2.3.4"},
+		},
+		UserAcl: &zone.UserAcl{
+			ExcludeList: []string{"1.2.3.4"},
+		},
+	}
+	var location *zone.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = zone.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = zone.NewVsysLocation()
+	}
+	api := zone.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create zone: %s", err)
+		return
+	}
+	log.Printf("Zone %s created\n", reply.Name)
+}
+
+func checkInterfaceMgmtProfile(c *pango.Client, ctx context.Context) {
+	entry := interface_management.Entry{
+		Name:         "codegen_mgmt_profile",
+		Http:         util.Bool(true),
+		Ping:         util.Bool(true),
+		PermittedIps: []string{"1.1.1.1", "2.2.2.2"},
+	}
+	var location *interface_management.Location
+	if ok, _ := c.IsPanorama(); ok {
+		location = interface_management.NewTemplateLocation()
+		location.Template.Template = "codegen_template"
+	} else {
+		location = interface_management.NewNgfwLocation()
+	}
+	api := interface_management.NewService(c)
+
+	reply, err := api.Create(ctx, *location, entry)
+	if err != nil {
+		log.Printf("Failed to create interface management profile: %s", err)
+		return
+	}
+	log.Printf("Interface management profile %s created\n", reply.Name)
+}
+
+func checkVrZoneWithEthernet(c *pango.Client, ctx context.Context) {
+	// UPDATE VR ABOUT INTERFACES
+	var locationVr *virtual_router.Location
+	if ok, _ := c.IsPanorama(); ok {
+		locationVr = virtual_router.NewTemplateLocation()
+		locationVr.Template.Template = "codegen_template"
+	} else {
+		locationVr = virtual_router.NewNgfwLocation()
+	}
+	apiVr := virtual_router.NewService(c)
+
+	replyVr, err := apiVr.Read(ctx, *locationVr, "codegen_vr", "get")
+	if err != nil {
+		log.Printf("Failed to read VR: %s", err)
+		return
+	}
+	log.Printf("VR %s read\n", replyVr.Name)
+
+	replyVr.Interfaces = []string{"ethernet1/2", "ethernet1/3"}
+
+	replyVr, err = apiVr.Update(ctx, *locationVr, *replyVr, "codegen_vr")
+	if err != nil {
+		log.Printf("Failed to update VR: %s", err)
+		return
+	}
+	log.Printf("VR %s updated with %s\n", replyVr.Name, replyVr.Interfaces)
+
+	// UPDATE ZONE ABOUT INTERFACES
+	var locationZone *zone.Location
+	if ok, _ := c.IsPanorama(); ok {
+		locationZone = zone.NewTemplateLocation()
+		locationZone.Template.Template = "codegen_template"
+	} else {
+		locationZone = zone.NewVsysLocation()
+	}
+	apiZone := zone.NewService(c)
+
+	replyZone, err := apiZone.Read(ctx, *locationZone, "codegen_zone", "get")
+	if err != nil {
+		log.Printf("Failed to read zone: %s", err)
+		return
+	}
+	log.Printf("Zone %s read\n", replyZone.Name)
+
+	replyZone.Network = &zone.Network{
+		EnablePacketBufferProtection: util.Bool(false),
+		Layer3:                       []string{"ethernet1/2", "ethernet1/3"},
+	}
+
+	replyZone, err = apiZone.Update(ctx, *locationZone, *replyZone, "codegen_zone")
+	if err != nil {
+		log.Printf("Failed to update zone: %s", err)
+		return
+	}
+	log.Printf("Zone %s updated with %s\n", replyZone.Name, replyZone.Network.Layer3)
+
+	// DELETE INTERFACES FROM VR
+	replyVr.Interfaces = []string{}
+
+	replyVr, err = apiVr.Update(ctx, *locationVr, *replyVr, "codegen_vr")
+	if err != nil {
+		log.Printf("Failed to update VR: %s", err)
+		return
+	}
+	log.Printf("VR %s updated with %s\n", replyVr.Name, replyVr.Interfaces)
+
+	// DELETE INTERFACES FROM ZONE
+	replyZone.Network = &zone.Network{
+		EnablePacketBufferProtection: util.Bool(false),
+		Layer3:                       []string{},
+	}
+
+	replyZone, err = apiZone.Update(ctx, *locationZone, *replyZone, "codegen_zone")
+	if err != nil {
+		log.Printf("Failed to update zone: %s", err)
+		return
+	}
+	log.Printf("Zone %s updated with %s\n", replyZone.Name, replyZone.Network.Layer3)
+
+	// DELETE INTERFACES
+	var ethernetLocation *ethernet.Location
+	if ok, _ := c.IsPanorama(); ok {
+		ethernetLocation = ethernet.NewTemplateLocation()
+		ethernetLocation.Template.Template = "codegen_template"
+	} else {
+		ethernetLocation = ethernet.NewNgfwLocation()
+	}
+	api := ethernet.NewService(c)
+
+	interfacesToDelete := []string{"ethernet1/2", "ethernet1/3"}
+	for _, iface := range interfacesToDelete {
+		err = api.Delete(ctx, *ethernetLocation, iface)
+		if err != nil {
+			log.Printf("Failed to delete ethernet: %s", err)
+			return
+		}
+		log.Printf("Ethernet %s deleted\n", iface)
+	}
+}
+
+func checkSecurityPolicyRules(c *pango.Client, ctx context.Context) {
+	// SECURITY POLICY RULE - ADD
+	securityPolicyRuleEntry := security.Entry{
+		Name:                 "codegen_rule",
+		Description:          util.String("initial description"),
+		Action:               util.String("allow"),
+		SourceZones:          []string{"any"},
+		SourceAddresses:      []string{"any"},
+		DestinationZones:     []string{"any"},
+		DestinationAddresses: []string{"any"},
+		Applications:         []string{"any"},
+		Services:             []string{"application-default"},
+	}
+
+	var securityPolicyRuleLocation *security.Location
+	if ok, _ := c.IsPanorama(); ok {
+		securityPolicyRuleLocation = security.NewDeviceGroupLocation()
+		securityPolicyRuleLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		securityPolicyRuleLocation = security.NewVsysLocation()
+	}
+
+	securityPolicyRuleApi := security.NewService(c)
+	securityPolicyRuleReply, err := securityPolicyRuleApi.Create(ctx, *securityPolicyRuleLocation, securityPolicyRuleEntry)
+	if err != nil {
+		log.Printf("Failed to create security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' with description '%s' created", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, *securityPolicyRuleReply.Description)
+
+	// SECURITY POLICY RULE - READ
+	securityPolicyRuleReply, err = securityPolicyRuleApi.Read(ctx, *securityPolicyRuleLocation, securityPolicyRuleReply.Name, "get")
+	if err != nil {
+		log.Printf("Failed to update security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' with description '%s' read", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, *securityPolicyRuleReply.Description)
+
+	// SECURITY POLICY RULE - UPDATE
+	securityPolicyRuleEntry.Description = util.String("changed description")
+	securityPolicyRuleReply, err = securityPolicyRuleApi.Update(ctx, *securityPolicyRuleLocation, securityPolicyRuleEntry, securityPolicyRuleReply.Name)
+	if err != nil {
+		log.Printf("Failed to update security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' with description '%s' updated", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, *securityPolicyRuleReply.Description)
+
+	// SECURITY POLICY RULE - READ BY ID
+	securityPolicyRuleReply, err = securityPolicyRuleApi.ReadById(ctx, *securityPolicyRuleLocation, *securityPolicyRuleReply.Uuid, "get")
+	if err != nil {
+		log.Printf("Failed to update security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' with description '%s' read by id", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, *securityPolicyRuleReply.Description)
+
+	// SECURITY POLICY RULE - UPDATE 2
+	securityPolicyRuleEntry.Description = util.String("changed by id description")
+	securityPolicyRuleReply, err = securityPolicyRuleApi.UpdateById(ctx, *securityPolicyRuleLocation, securityPolicyRuleEntry, *securityPolicyRuleReply.Uuid)
+	if err != nil {
+		log.Printf("Failed to update security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' with description '%s' updated", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, *securityPolicyRuleReply.Description)
+
+	// SECURITY POLICY RULE - HIT COUNT
+	if ok, _ := c.IsFirewall(); ok {
+		hitCount, err := securityPolicyRuleApi.HitCount(ctx, *securityPolicyRuleLocation, "test-policy")
+		if err != nil {
+			log.Printf("Failed to get hit count for security policy rule: %s", err)
+			return
+		}
+		if len(hitCount) > 0 {
+			log.Printf("Security policy rule '%d' hit count", hitCount[0].HitCount)
+		} else {
+			log.Printf("Security policy rule not found")
+		}
+	}
+
+	// SECURITY POLICY RULE - AUDIT COMMENT
+	err = securityPolicyRuleApi.SetAuditComment(ctx, *securityPolicyRuleLocation, securityPolicyRuleReply.Name, "another audit comment")
+	if err != nil {
+		log.Printf("Failed to set audit comment for security policy rule: %s", err)
+		return
+	}
+
+	comment, err := securityPolicyRuleApi.CurrentAuditComment(ctx, *securityPolicyRuleLocation, securityPolicyRuleEntry.Name)
+	if err != nil {
+		log.Printf("Failed to get audit comment for security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s:%s' current comment: '%s'", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, comment)
+
+	comments, err := securityPolicyRuleApi.AuditCommentHistory(ctx, *securityPolicyRuleLocation, securityPolicyRuleEntry.Name, "forward", 10, 0)
+	if err != nil {
+		log.Printf("Failed to get audit comments for security policy rule: %s", err)
+		return
+	}
+	for _, comment := range comments {
+		log.Printf("Security policy rule '%s:%s' comment history: '%s:%s'", *securityPolicyRuleReply.Uuid, securityPolicyRuleReply.Name, comment.Time, comment.Comment)
+	}
+
+	// SECURITY POLICY RULE - DELETE
+	err = securityPolicyRuleApi.DeleteById(ctx, *securityPolicyRuleLocation, *securityPolicyRuleReply.Uuid)
+	if err != nil {
+		log.Printf("Failed to delete security policy rule: %s", err)
+		return
+	}
+	log.Printf("Security policy rule '%s' deleted", securityPolicyRuleReply.Name)
+
+	// SECURITY POLICY RULE - FORCE ERROR WHILE DELETE
+	err = securityPolicyRuleApi.Delete(ctx, *securityPolicyRuleLocation, securityPolicyRuleReply.Name)
+	if err != nil {
+		log.Printf("Failed to delete security policy rule: %s", err)
+	} else {
+		log.Printf("Security policy rule '%s' deleted", securityPolicyRuleReply.Name)
+	}
+}
+
+func checkSecurityPolicyRulesMove(c *pango.Client, ctx context.Context) {
+	// SECURITY POLICY RULE - MOVE GROUP
+	var securityPolicyRuleLocation *security.Location
+	if ok, _ := c.IsPanorama(); ok {
+		securityPolicyRuleLocation = security.NewDeviceGroupLocation()
+		securityPolicyRuleLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		securityPolicyRuleLocation = security.NewVsysLocation()
+	}
+
+	securityPolicyRuleApi := security.NewService(c)
+
+	securityPolicyRulesNames := make([]string, 10)
+	var securityPolicyRulesEntries []security.Entry
+	for i := 0; i < 10; i++ {
+		securityPolicyRulesNames[i] = fmt.Sprintf("codegen_rule%d", i)
+		securityPolicyRuleItem := security.Entry{
+			Name:                 securityPolicyRulesNames[i],
+			Description:          util.String("initial description"),
+			Action:               util.String("allow"),
+			SourceZones:          []string{"any"},
+			SourceAddresses:      []string{"any"},
+			DestinationZones:     []string{"any"},
+			DestinationAddresses: []string{"any"},
+			Applications:         []string{"any"},
+			Services:             []string{"application-default"},
+		}
+		securityPolicyRulesEntries = append(securityPolicyRulesEntries, securityPolicyRuleItem)
+		securityPolicyRuleItemReply, err := securityPolicyRuleApi.Create(ctx, *securityPolicyRuleLocation, securityPolicyRuleItem)
+		if err != nil {
+			log.Printf("Failed to create security policy rule: %s", err)
+			return
+		}
+		log.Printf("Security policy rule '%s:%s' with description '%s' created", *securityPolicyRuleItemReply.Uuid, securityPolicyRuleItemReply.Name, *securityPolicyRuleItemReply.Description)
+	}
+	rulePositionBefore7 := rule.Position{
+		First:           nil,
+		Last:            nil,
+		SomewhereBefore: nil,
+		DirectlyBefore:  util.String("codegen_rule7"),
+		SomewhereAfter:  nil,
+		DirectlyAfter:   nil,
+	}
+	rulePositionBottom := rule.Position{
+		First:           nil,
+		Last:            util.Bool(true),
+		SomewhereBefore: nil,
+		DirectlyBefore:  nil,
+		SomewhereAfter:  nil,
+		DirectlyAfter:   nil,
+	}
+	var securityPolicyRulesEntriesToMove []security.Entry
+	securityPolicyRulesEntriesToMove = append(securityPolicyRulesEntriesToMove, securityPolicyRulesEntries[3])
+	securityPolicyRulesEntriesToMove = append(securityPolicyRulesEntriesToMove, securityPolicyRulesEntries[5])
+	for _, securityPolicyRuleItemToMove := range securityPolicyRulesEntriesToMove {
+		log.Printf("Security policy rule '%s' is going to be moved", securityPolicyRuleItemToMove.Name)
+	}
+	err := securityPolicyRuleApi.MoveGroup(ctx, *securityPolicyRuleLocation, rulePositionBefore7, securityPolicyRulesEntriesToMove)
+	if err != nil {
+		log.Printf("Failed to move security policy rules %v: %s", securityPolicyRulesEntriesToMove, err)
+		return
+	}
+	securityPolicyRulesEntriesToMove = []security.Entry{securityPolicyRulesEntries[1]}
+	for _, securityPolicyRuleItemToMove := range securityPolicyRulesEntriesToMove {
+		log.Printf("Security policy rule '%s' is going to be moved", securityPolicyRuleItemToMove.Name)
+	}
+	err = securityPolicyRuleApi.MoveGroup(ctx, *securityPolicyRuleLocation, rulePositionBottom, securityPolicyRulesEntriesToMove)
+	if err != nil {
+		log.Printf("Failed to move security policy rules %v: %s", securityPolicyRulesEntriesToMove, err)
+		return
+	}
+	err = securityPolicyRuleApi.Delete(ctx, *securityPolicyRuleLocation, securityPolicyRulesNames...)
+	if err != nil {
+		log.Printf("Failed to delete security policy rules %s: %s", securityPolicyRulesNames, err)
+		return
+	}
+}
+
+func checkTag(c *pango.Client, ctx context.Context) {
+	// TAG - CREATE
+	tagColor := tag.ColorAzureBlue
+	tagObject := tag.Entry{
+		Name:  "codegen_color",
+		Color: &tagColor,
+	}
+
+	var tagLocation *tag.Location
+	if ok, _ := c.IsPanorama(); ok {
+		tagLocation = tag.NewDeviceGroupLocation()
+		tagLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		tagLocation = tag.NewSharedLocation()
+	}
+
+	tagApi := tag.NewService(c)
+	tagReply, err := tagApi.Create(ctx, *tagLocation, tagObject)
+	if err != nil {
+		log.Printf("Failed to create object: %s", err)
+		return
+	}
+	log.Printf("Tag '%s' created", tagReply.Name)
+
+	// TAG - DELETE
+	err = tagApi.Delete(ctx, *tagLocation, tagReply.Name)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Printf("Tag '%s' deleted", tagReply.Name)
+}
+
+func checkAddress(c *pango.Client, ctx context.Context) {
+	// ADDRESS - CREATE
+	addressObject := address.Entry{
+		Name:      "codegen_address_test1",
+		IpNetmask: util.String("12.13.14.25"),
+	}
+
+	var addressLocation *address.Location
+	if ok, _ := c.IsPanorama(); ok {
+		addressLocation = address.NewDeviceGroupLocation()
+		addressLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		addressLocation = address.NewSharedLocation()
+	}
+
+	addressApi := address.NewService(c)
+	addressReply, err := addressApi.Create(ctx, *addressLocation, addressObject)
+	if err != nil {
+		log.Printf("Failed to create object: %s", err)
+		return
+	}
+	log.Printf("Address '%s=%s' created", addressReply.Name, *addressReply.IpNetmask)
+
+	// ADDRESS - LIST
+	addresses, err := addressApi.List(ctx, *addressLocation, "get", "name starts-with 'codegen'", "'")
+	if err != nil {
+		log.Printf("Failed to list object: %s", err)
+	} else {
+		for index, item := range addresses {
+			log.Printf("Address %d: '%s'", index, item.Name)
+		}
+	}
+
+	// ADDRESS - GROUP
+	addressGroupObject := address_group.Entry{
+		Name:   "codegen_address_group_test1",
+		Static: []string{addressReply.Name},
+	}
+
+	var addressGroupLocation *address_group.Location
+	if ok, _ := c.IsPanorama(); ok {
+		addressGroupLocation = address_group.NewDeviceGroupLocation()
+		addressGroupLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		addressGroupLocation = address_group.NewSharedLocation()
+	}
+
+	addressGroupApi := address_group.NewService(c)
+	addressGroupReply, err := addressGroupApi.Create(ctx, *addressGroupLocation, addressGroupObject)
+	if err != nil {
+		log.Printf("Failed to create object: %s", err)
+		return
+	}
+	log.Printf("Address group '%s' created", addressGroupReply.Name)
+
+	// ADDRESS - GROUP - DELETE
+	err = addressGroupApi.Delete(ctx, *addressGroupLocation, addressGroupReply.Name)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Printf("Address group '%s' deleted", addressGroupReply.Name)
+
+	// ADDRESS - DELETE
+	err = addressApi.Delete(ctx, *addressLocation, addressReply.Name)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Printf("Address '%s' deleted", addressReply.Name)
+}
+
+func checkService(c *pango.Client, ctx context.Context) {
+	// SERVICE - ADD
+	serviceObject := service.Entry{
+		Name:        "codegen_service_test1",
+		Description: util.String("test description"),
+		Protocol: &service.Protocol{
+			Tcp: &service.ProtocolTcp{
+				DestinationPort: util.Int(8642),
+				Override: &service.ProtocolTcpOverride{
+					HalfcloseTimeout: util.Int(124),
+					Timeout:          util.Int(125),
+					TimewaitTimeout:  util.Int(127),
+				},
+			},
+		},
+	}
+
+	var serviceLocation *service.Location
+	if ok, _ := c.IsPanorama(); ok {
+		serviceLocation = service.NewDeviceGroupLocation()
+		serviceLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		serviceLocation = service.NewVsysLocation()
+	}
+
+	serviceApi := service.NewService(c)
+	serviceReply, err := serviceApi.Create(ctx, *serviceLocation, serviceObject)
+	if err != nil {
+		log.Printf("Failed to create object: %s", err)
+		return
+	}
+	log.Printf("Service '%s=%d' created", serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort)
+
+	// SERVICE - UPDATE 1
+	serviceObject.Description = util.String("changed description")
+
+	serviceReply, err = serviceApi.Update(ctx, *serviceLocation, serviceObject, serviceReply.Name)
+	if err != nil {
+		log.Printf("Failed to update object: %s", err)
+		return
+	}
+	log.Printf("Service '%s=%d' updated", serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort)
+
+	// SERVICE - UPDATE 2
+	serviceObject.Protocol.Tcp.DestinationPort = util.Int(1234)
+
+	serviceReply, err = serviceApi.Update(ctx, *serviceLocation, serviceObject, serviceReply.Name)
+	if err != nil {
+		log.Printf("Failed to update object: %s", err)
+		return
+	}
+	log.Printf("Service '%s=%d' updated", serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort)
+
+	// SERVICE - RENAME
+	newServiceName := "codegen_service_test2"
+	serviceObject.Name = newServiceName
+
+	serviceReply, err = serviceApi.Update(ctx, *serviceLocation, serviceObject, serviceReply.Name)
+	if err != nil {
+		log.Printf("Failed to update object: %s", err)
+		return
+	}
+	log.Printf("Service '%s=%d' renamed", serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort)
+
+	// SERVICE GROUP ADD
+	serviceGroupEntry := service_group.Entry{
+		Name:    "codegen_service_group_test1",
+		Members: []string{serviceReply.Name},
+	}
+
+	var serviceGroupLocation *service_group.Location
+	if ok, _ := c.IsPanorama(); ok {
+		serviceGroupLocation = service_group.NewDeviceGroupLocation()
+		serviceGroupLocation.DeviceGroup.DeviceGroup = "codegen_device_group"
+	} else {
+		serviceGroupLocation = service_group.NewVsysLocation()
+	}
+
+	serviceGroupApi := service_group.NewService(c)
+	serviceGroupReply, err := serviceGroupApi.Create(ctx, *serviceGroupLocation, serviceGroupEntry)
+	if err != nil {
+		log.Printf("Failed to create object: %s", err)
+		return
+	}
+	log.Printf("Service group '%s' created", serviceGroupReply.Name)
+
+	// SERVICE GROUP DELETE
+	err = serviceGroupApi.Delete(ctx, *serviceGroupLocation, serviceGroupReply.Name)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Printf("Service group '%s' deleted", serviceGroupReply.Name)
+
+	// SERVICE - LIST
+	//services, err := serviceApi.List(ctx, serviceLocation, "get", "name starts-with 'test'", "'")
+	services, err := serviceApi.List(ctx, *serviceLocation, "get", "", "")
+	if err != nil {
+		log.Printf("Failed to list object: %s", err)
+	} else {
+		for index, item := range services {
+			log.Printf("Service %d: '%s'", index, item.Name)
+		}
+	}
+
+	// SERVICE - DELETE
+	err = serviceApi.Delete(ctx, *serviceLocation, newServiceName)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Printf("Service '%s' deleted", newServiceName)
+
+	// SERVICE - READ
+	serviceLocation = service.NewVsysLocation()
+
+	serviceApi = service.NewService(c)
+	serviceReply, err = serviceApi.Read(ctx, *serviceLocation, "test", "get")
+	if err != nil {
+		log.Printf("Failed to read object: %s", err)
+		return
+	}
+	readDescription := ""
+	if serviceReply.Description != nil {
+		readDescription = *serviceReply.Description
+	}
+	keys := make([]string, 0, len(serviceReply.Misc))
+	xmls := make([]string, 0, len(serviceReply.Misc))
+	for key := range serviceReply.Misc {
+		keys = append(keys, key)
+		data, _ := xml.Marshal(serviceReply.Misc[key])
+		xmls = append(xmls, string(data))
+	}
+	log.Printf("Service '%s=%d, description: %s misc XML: %s, misc keys: %s' read",
+		serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort, readDescription, xmls, keys)
+
+	// SERVICE - UPDATE 3
+	serviceReply.Description = util.String("some text changed now")
+
+	serviceReply, err = serviceApi.Update(ctx, *serviceLocation, *serviceReply, "test")
+	if err != nil {
+		log.Printf("Failed to update object: %s", err)
+		return
+	}
+	readDescription = ""
+	if serviceReply.Description != nil {
+		readDescription = *serviceReply.Description
+	}
+	keys = make([]string, 0, len(serviceReply.Misc))
+	xmls = make([]string, 0, len(serviceReply.Misc))
+	for key := range serviceReply.Misc {
+		keys = append(keys, key)
+		data, _ := xml.Marshal(serviceReply.Misc[key])
+		xmls = append(xmls, string(data))
+	}
+	log.Printf("Service '%s=%d, description: %s misc XML: %s, misc keys: %s' update",
+		serviceReply.Name, *serviceReply.Protocol.Tcp.DestinationPort, readDescription, xmls, keys)
+}
+
+func checkNtp(c *pango.Client, ctx context.Context) {
+	// NTP - ADD
+	ntpConfig := ntp.Config{
+		NtpServers: &ntp.NtpServers{
+			PrimaryNtpServer: &ntp.NtpServersPrimaryNtpServer{
+				NtpServerAddress: util.String("11.12.13.14"),
+			},
+		},
+	}
+
+	var ntpLocation *ntp.Location
+	if ok, _ := c.IsPanorama(); ok {
+		ntpLocation = ntp.NewTemplateLocation()
+		ntpLocation.Template.Template = "codegen_template"
+	} else {
+		ntpLocation = ntp.NewSystemLocation()
+	}
+
+	ntpApi := ntp.NewService(c)
+	ntpReply, err := ntpApi.Create(ctx, *ntpLocation, ntpConfig)
+	if err != nil {
+		log.Printf("Failed to create NTP: %s", err)
+		return
+	}
+	log.Printf("NTP '%s' created", *ntpReply.NtpServers.PrimaryNtpServer.NtpServerAddress)
+
+	// NTP - DELETE
+	err = ntpApi.Delete(ctx, *ntpLocation, ntpConfig)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Print("NTP deleted")
+	return
+}
+
+func checkDns(c *pango.Client, ctx context.Context) {
+	// DNS - ADD
+	dnsConfig := dns.Config{
+		DnsSetting: &dns.DnsSetting{
+			Servers: &dns.DnsSettingServers{
+				Primary:   util.String("8.8.8.8"),
+				Secondary: util.String("4.4.4.4"),
+			},
+		},
+		FqdnRefreshTime: util.Int(27),
+	}
+
+	var dnsLocation *dns.Location
+	if ok, _ := c.IsPanorama(); ok {
+		dnsLocation = dns.NewTemplateLocation()
+		dnsLocation.Template.Template = "codegen_template"
+	} else {
+		dnsLocation = dns.NewSystemLocation()
+	}
+
+	dnsApi := dns.NewService(c)
+	dnsReply, err := dnsApi.Create(ctx, *dnsLocation, dnsConfig)
+	if err != nil {
+		log.Printf("Failed to create DNS: %s", err)
+		return
+	}
+	log.Printf("DNS '%s, %s' created", *dnsReply.DnsSetting.Servers.Primary, *dnsReply.DnsSetting.Servers.Secondary)
+
+	// DNS - DELETE
+	err = dnsApi.Delete(ctx, *dnsLocation, dnsConfig)
+	if err != nil {
+		log.Printf("Failed to delete object: %s", err)
+		return
+	}
+	log.Print("DNS deleted")
+}
diff --git a/filtering/contains.go b/filtering/contains.go
new file mode 100644
index 00000000..0ff25f60
--- /dev/null
+++ b/filtering/contains.go
@@ -0,0 +1,60 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &Contains{}
+)
+
+type Contains struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *Contains) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return false, nil
+		}
+
+		return strings.Contains(*v, o.Value), nil
+	case string:
+		return strings.Contains(v, o.Value), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+
+			if strings.Contains(*str, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []string:
+		for _, str := range v {
+			if strings.Contains(str, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *Contains) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/contains_test.go b/filtering/contains_test.go
new file mode 100644
index 00000000..9e8c00a6
--- /dev/null
+++ b/filtering/contains_test.go
@@ -0,0 +1,70 @@
+package filtering
+
+import (
+	"testing"
+)
+
+func TestContainsStringPointer(t *testing.T) {
+	obj := &Contains{
+		Path:  "test",
+		Value: "bar",
+	}
+
+	str := "foo bar baz"
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: &str},
+		},
+	}
+
+	ans, err := obj.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("fail: %q contains %q", str, obj.Value)
+	}
+}
+
+func TestContainsEmptyStringPointer(t *testing.T) {
+	obj := &Contains{
+		Path:  "test",
+		Value: "bar",
+	}
+
+	str := ""
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: &str},
+		},
+	}
+
+	ans, err := obj.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if ans {
+		t.Fatalf("fail: string contains %q", obj.Value)
+	}
+}
+
+func TestContainsString(t *testing.T) {
+	obj := &Contains{
+		Path:  "test",
+		Value: " ",
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "hello world"},
+		},
+	}
+
+	ans, err := obj.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("fail: no space found")
+	}
+}
diff --git a/filtering/doc.go b/filtering/doc.go
new file mode 100644
index 00000000..3898cf9c
--- /dev/null
+++ b/filtering/doc.go
@@ -0,0 +1,87 @@
+/*
+Package filtering implements a way to do client-side filtering on a list of
+normalized objects.
+
+To use, start with the `Parse()` function:
+
+	logic, err := filtering.Parse(`name contains "foo" and description is-nil`, `"`)
+
+Once the string has been parsed, the logic can be applied to any normalized object that
+implements the `Fielder` interface:
+
+	ok, err := logic.Matches(obj)
+
+# Groupings
+
+Groupings via parenthesis is supported. A grouping can be negated by giving a grouping
+a bang prefix:
+
+	// These two are equivalent.
+	_, _ = filtering.Parse(`description is-nil`, `"`)
+	_, _ = filtering.Parse(`!(description is-not-nil)`, `"`)
+
+# Operators
+
+The following operators are supported:
+
+  - and: `&&` or `and`
+  - or: `||` or `or`
+  - xor: `xor`
+
+# Comparisons
+
+The following checks are supported:
+
+  - `is-nil`: True when a field is a pointer and that pointer is undefined. This check
+    does not expect a value to be specified.
+  - `is-not-nil`: True when a field is a pointer and that pointer is defined. This check
+    does not expect a value to be specified.
+  - `==` | `equals` | `is`: True when a field matches the given value. A field that is a
+    pointer and that pointer is undefined will return False.
+  - `!=` | `not-equal-to` | `is-not`: True when a field does not match the given value. A field
+    that is a nil pointer will return True.
+  - `<` | `less-than`: (int64 / float64) True when the field is less than the value. A
+    field that is a nil pointer will return False.
+  - `<=` | `less-than-or-equal-to`: (int64 / float64) True when the field is less than or equal
+    to the value.  A field that is a nil pointer will return False.
+  - `>` | `greater-than`: (int64 / float64) True when the field is greater than the value. A
+    field that is a nil pointer will return False.
+  - `>=` | `greater-than-or-equal-to`: (int64 / float64) True when the field is greater than
+    or equal to the value.  A field that is a nil pointer will return False.
+  - `contains`: For strings, this is treated as a substring match, and will be False if the
+    field is nil.  For a list of strings, this is treated as an exact across the string slice.
+  - `does-not-contain`: For strings, this returns True if the substring is not present in the
+    field, and will be True if the field is a nil pointer.  For a list of strings, this is treated
+    as an exact match across all strings in the slice, and will return True if none of the strings
+    exactly match the given value.
+  - `starts-with`: (string only) Returns True if the field has the given prefix. A nil pointer
+    to a string returns False.
+  - `does-not-start-with`: (string only) Returns True if the field does not have the given
+    prefix. A nil pointer to a string returns True.
+  - `ends-with`: (string only) Returns True if the field has the given suffix. A nil pointer
+    to a string returns False.
+  - `does-not-end-with`: (string only) Returns True if the field does not have the given suffix. A
+    nil pointer to a string returns True.
+  - `matches-regex`: (string / []string) For strings, searches the string for the given
+    regex; a field that is a pointer to a nil string returns False.  For string slices, the
+    regex is checked against all strings in the slice, and returns True if any of them
+    match the regex.
+  - `does-not-match-regex`: (string / slice of strings) For a string, returns True if the field
+    does not match the given regex; a field that is a pointer to a nil string returns True. For
+    string slices, the regex is checked against all strings in the slice, and returns True if
+    none of them match the regex.
+
+# Field Selection
+
+To select a field, use dotted notation as appropriate:
+
+	// Returns "Name" from the base object.
+	"name"
+
+	// Returns "Bar" in the "Foo" object.
+	"Foo.Bar"
+
+Names can be specified using the camel case name (for users using pango directly) or the
+camel case name (for users using the panos Terraform provider).
+*/
+package filtering
diff --git a/filtering/does_not_contain.go b/filtering/does_not_contain.go
new file mode 100644
index 00000000..18852086
--- /dev/null
+++ b/filtering/does_not_contain.go
@@ -0,0 +1,60 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &DoesNotContain{}
+)
+
+type DoesNotContain struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *DoesNotContain) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return true, nil
+		}
+
+		return !strings.Contains(*v, o.Value), nil
+	case string:
+		return !strings.Contains(v, o.Value), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+
+			if strings.Contains(*str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []string:
+		for _, str := range v {
+			if !strings.Contains(str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *DoesNotContain) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/does_not_end_with.go b/filtering/does_not_end_with.go
new file mode 100644
index 00000000..28f266ed
--- /dev/null
+++ b/filtering/does_not_end_with.go
@@ -0,0 +1,59 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &DoesNotEndWith{}
+)
+
+type DoesNotEndWith struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *DoesNotEndWith) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return true, nil
+		}
+
+		return !strings.HasSuffix(*v, o.Value), nil
+	case string:
+		return !strings.HasSuffix(v, o.Value), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if strings.HasSuffix(*str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []string:
+		for _, str := range v {
+			if strings.HasSuffix(str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *DoesNotEndWith) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/does_not_match_regex.go b/filtering/does_not_match_regex.go
new file mode 100644
index 00000000..b138185b
--- /dev/null
+++ b/filtering/does_not_match_regex.go
@@ -0,0 +1,60 @@
+package filtering
+
+import (
+	"regexp"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &DoesNotMatchRegex{}
+)
+
+type DoesNotMatchRegex struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *DoesNotMatchRegex) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	re, err := regexp.Compile(o.Value)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		return !re.Match([]byte(*v)), nil
+	case string:
+		return !re.Match([]byte(v)), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if re.Match([]byte(*str)) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []string:
+		for _, str := range v {
+			if re.Match([]byte(str)) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *DoesNotMatchRegex) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/does_not_start_with.go b/filtering/does_not_start_with.go
new file mode 100644
index 00000000..c570e181
--- /dev/null
+++ b/filtering/does_not_start_with.go
@@ -0,0 +1,59 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &DoesNotStartWith{}
+)
+
+type DoesNotStartWith struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *DoesNotStartWith) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return true, nil
+		}
+
+		return !strings.HasPrefix(*v, o.Value), nil
+	case string:
+		return !strings.HasPrefix(v, o.Value), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if strings.HasPrefix(*str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []string:
+		for _, str := range v {
+			if strings.HasPrefix(str, o.Value) {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *DoesNotStartWith) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/ends_with.go b/filtering/ends_with.go
new file mode 100644
index 00000000..b1af8dd2
--- /dev/null
+++ b/filtering/ends_with.go
@@ -0,0 +1,59 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &EndsWith{}
+)
+
+type EndsWith struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *EndsWith) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return false, nil
+		}
+
+		return strings.HasSuffix(*v, o.Value), nil
+	case string:
+		return strings.HasSuffix(v, o.Value), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if strings.HasSuffix(*str, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []string:
+		for _, str := range v {
+			if strings.HasSuffix(str, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *EndsWith) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/equals.go b/filtering/equals.go
new file mode 100644
index 00000000..62d66d76
--- /dev/null
+++ b/filtering/equals.go
@@ -0,0 +1,200 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &Equals{}
+)
+
+type Equals struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *Equals) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *bool:
+		if v == nil {
+			return false, nil
+		}
+
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		return *v == bv, nil
+	case bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		return v == bv, nil
+	case []*bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == bv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == bv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *int64:
+		if v == nil {
+			return false, nil
+		}
+
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v == iv, nil
+	case int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v == iv, nil
+	case []*int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == iv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == iv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *float64:
+		if v == nil {
+			return false, nil
+		}
+
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v == fv, nil
+	case float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v == fv, nil
+	case []*float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == fv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == fv {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *string:
+		if v == nil {
+			return false, nil
+		}
+
+		return *v == o.Value, nil
+	case string:
+		return v == o.Value, nil
+	case []*string:
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == o.Value {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []string:
+		for _, val := range v {
+			if val == o.Value {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *Equals) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/greater_than.go b/filtering/greater_than.go
new file mode 100644
index 00000000..e98f724c
--- /dev/null
+++ b/filtering/greater_than.go
@@ -0,0 +1,126 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &GreaterThan{}
+)
+
+type GreaterThan struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *GreaterThan) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *int64:
+		if v == nil {
+			return false, nil
+		}
+
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v > vi, nil
+	case int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v > vi, nil
+	case []*int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val > vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val > vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *float64:
+		if v == nil {
+			return false, nil
+		}
+
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v > vf, nil
+	case float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v > vf, nil
+	case []*float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val > vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val > vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *GreaterThan) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/greater_than_or_equal_to.go b/filtering/greater_than_or_equal_to.go
new file mode 100644
index 00000000..c6b59542
--- /dev/null
+++ b/filtering/greater_than_or_equal_to.go
@@ -0,0 +1,126 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &GreaterThanOrEqualTo{}
+)
+
+type GreaterThanOrEqualTo struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *GreaterThanOrEqualTo) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *int64:
+		if v == nil {
+			return false, nil
+		}
+
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v >= vi, nil
+	case int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v >= vi, nil
+	case []*int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val >= vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val >= vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *float64:
+		if v == nil {
+			return false, nil
+		}
+
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v >= vf, nil
+	case float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v >= vf, nil
+	case []*float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val >= vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val >= vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *GreaterThanOrEqualTo) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/group.go b/filtering/group.go
new file mode 100644
index 00000000..d70f31ab
--- /dev/null
+++ b/filtering/group.go
@@ -0,0 +1,86 @@
+package filtering
+
+import (
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &Group{}
+)
+
+type Group struct {
+	NegateGroup bool
+
+	Matchers []Matcher
+	Operator *Operator
+}
+
+func (o *Group) Matches(f Fielder) (bool, error) {
+	if o.Matchers == nil {
+		return false, errors.InvalidFilterError
+	}
+
+	var ans bool
+
+	for num, m := range o.Matchers {
+		op := m.GetOperator()
+		if num == 0 && op != nil {
+			return false, errors.InvalidFilterError
+		} else if num != 0 && op == nil {
+			return false, errors.InvalidFilterError
+		}
+
+		// First check sets the group's result so far.
+		if num == 0 {
+			ma, err := m.Matches(f)
+			if err != nil {
+				return false, err
+			}
+			ans = ma
+			continue
+		}
+
+		// Subsequent checks update the result.
+		switch {
+		case op.And:
+			// Don't bother running the check if the result is already false.
+			if !ans {
+				continue
+			}
+
+			ma, err := m.Matches(f)
+			if err != nil {
+				return false, err
+			}
+			ans = ma
+		case op.Or:
+			// Run the check only if the result is currently false.
+			if ans {
+				continue
+			}
+
+			ma, err := m.Matches(f)
+			if err != nil {
+				return false, err
+			}
+			ans = ma
+		case op.Xor:
+			// We always have to run the check here.
+			ma, err := m.Matches(f)
+			if err != nil {
+				return false, err
+			}
+			ans = ans != ma
+		default:
+			return false, errors.InvalidFilterError
+		}
+	}
+
+	if o.NegateGroup {
+		ans = !ans
+	}
+
+	return ans, nil
+}
+
+func (o *Group) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/group_test.go b/filtering/group_test.go
new file mode 100644
index 00000000..c7b65798
--- /dev/null
+++ b/filtering/group_test.go
@@ -0,0 +1,358 @@
+package filtering
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestSingleGroup(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Equals{
+				Value: "7",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: int64(7)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestNegateGroup(t *testing.T) {
+	g := &Group{
+		NegateGroup: true,
+		Matchers: []Matcher{
+			&Equals{
+				Value: "7",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: int64(7)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if ans {
+		t.Fatalf("ans was true")
+	}
+}
+
+func TestGroupWithinGroup(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Group{
+				Matchers: []Matcher{
+					&EndsWith{
+						Value: "e",
+					},
+				},
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "this is fine"},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestNegateGroupWithinGroup(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Group{
+				NegateGroup: true,
+				Matchers: []Matcher{
+					&EndsWith{
+						Value: "e",
+					},
+				},
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "this is fine"},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err from matches: %s", err)
+	}
+	if ans {
+		t.Fatalf("ans was true")
+	}
+}
+
+func TestGroupWithTwoChecksAndOperatorReturnsTrue(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&LessThan{
+				Value: "10",
+			},
+			&GreaterThan{
+				Operator: &Operator{
+					And: true,
+				},
+				Value: "0",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: int64(5)},
+			{Value: float64(5)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestGroupWithTwoChecksOrOperatorReturnsTrueSecondIsTrue(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&LessThan{
+				Value: "10",
+			},
+			&GreaterThan{
+				Operator: &Operator{
+					Or: true,
+				},
+				Value: "0",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: int64(11)},
+			{Value: float64(5)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestGroupWithTwoChecksOrOperatorReturnsTrueFirstIsTrue(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&LessThan{
+				Value: "10",
+			},
+			&GreaterThan{
+				Operator: &Operator{
+					Or: true,
+				},
+				Value: "0",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: int64(0)},
+			{Value: float64(0)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestGroupWithTwoChecksXorOperatorReturnsTrue(t *testing.T) {
+	var v *string
+	g := &Group{
+		Matchers: []Matcher{
+			&IsNil{},
+			&GreaterThan{
+				Operator: &Operator{
+					Xor: true,
+				},
+				Value: "0",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: v},
+			{Value: float64(0)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestGroupWithTwoChecksXorOperatorReturnsFalse(t *testing.T) {
+	var v *int64
+	g := &Group{
+		Matchers: []Matcher{
+			&IsNil{},
+			&GreaterThan{
+				Operator: &Operator{
+					Xor: true,
+				},
+				Value: "0",
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: v},
+			{Value: float64(1)},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if ans {
+		t.Fatalf("ans was true")
+	}
+}
+
+func TestGroupWithOrDoesOneCheckIfFirstIsTrue(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Contains{
+				Value: "e",
+			},
+			&Contains{
+				Value: "st",
+				Operator: &Operator{
+					Or: true,
+				},
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "blue"},
+			{Error: fmt.Errorf("test error")},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
+
+func TestGroupWithAndDoesOneCheckIfFirstIsFalse(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Contains{
+				Value: "e",
+			},
+			&Contains{
+				Value: "st",
+				Operator: &Operator{
+					And: true,
+				},
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "blah"},
+			{Error: fmt.Errorf("test error")},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if ans {
+		t.Fatalf("ans was true")
+	}
+}
+
+func TestGroupWithXorDoesBothChecks(t *testing.T) {
+	g := &Group{
+		Matchers: []Matcher{
+			&Contains{
+				Value: "e",
+			},
+			&Contains{
+				Value: "st",
+				Operator: &Operator{
+					Xor: true,
+				},
+			},
+		},
+	}
+
+	f := &testFielder{
+		Answers: []testFielderResponse{
+			{Value: "blah"},
+			{Value: "test"},
+		},
+	}
+
+	ans, err := g.Matches(f)
+	if err != nil {
+		t.Fatalf("err in matches: %s", err)
+	}
+	if !ans {
+		t.Fatalf("ans was false")
+	}
+}
diff --git a/filtering/interfaces.go b/filtering/interfaces.go
new file mode 100644
index 00000000..8c626b59
--- /dev/null
+++ b/filtering/interfaces.go
@@ -0,0 +1,10 @@
+package filtering
+
+type Fielder interface {
+	Field(string) (any, error)
+}
+
+type Matcher interface {
+	Matches(Fielder) (bool, error)
+	GetOperator() *Operator
+}
diff --git a/filtering/is_nil.go b/filtering/is_nil.go
new file mode 100644
index 00000000..442f38be
--- /dev/null
+++ b/filtering/is_nil.go
@@ -0,0 +1,47 @@
+package filtering
+
+import (
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &IsNil{}
+)
+
+type IsNil struct {
+	Path string
+
+	Operator *Operator
+}
+
+func (o *IsNil) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *bool:
+		return v == nil, nil
+	case bool:
+		return false, nil
+	case *int64:
+		return v == nil, nil
+	case int64:
+		return false, nil
+	case *float64:
+		return v == nil, nil
+	case float64:
+		return false, nil
+	case *string:
+		return v == nil, nil
+	case string:
+		return false, nil
+	case []string:
+		return len(v) == 0, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *IsNil) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/is_not_nil.go b/filtering/is_not_nil.go
new file mode 100644
index 00000000..45a86d05
--- /dev/null
+++ b/filtering/is_not_nil.go
@@ -0,0 +1,47 @@
+package filtering
+
+import (
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &IsNotNil{}
+)
+
+type IsNotNil struct {
+	Path string
+
+	Operator *Operator
+}
+
+func (o *IsNotNil) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *bool:
+		return v != nil, nil
+	case bool:
+		return true, nil
+	case *int64:
+		return v != nil, nil
+	case int64:
+		return true, nil
+	case *float64:
+		return v != nil, nil
+	case float64:
+		return true, nil
+	case *string:
+		return v != nil, nil
+	case string:
+		return true, nil
+	case []string:
+		return len(v) != 0, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *IsNotNil) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/less_than.go b/filtering/less_than.go
new file mode 100644
index 00000000..6243d5f4
--- /dev/null
+++ b/filtering/less_than.go
@@ -0,0 +1,126 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &LessThan{}
+)
+
+type LessThan struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *LessThan) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *int64:
+		if v == nil {
+			return false, nil
+		}
+
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v < vi, nil
+	case int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v < vi, nil
+	case []*int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val < vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val < vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *float64:
+		if v == nil {
+			return false, nil
+		}
+
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v < vf, nil
+	case float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v < vf, nil
+	case []*float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val < vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val < vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *LessThan) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/less_than_or_equal_to.go b/filtering/less_than_or_equal_to.go
new file mode 100644
index 00000000..7386178e
--- /dev/null
+++ b/filtering/less_than_or_equal_to.go
@@ -0,0 +1,126 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &LessThanOrEqualTo{}
+)
+
+type LessThanOrEqualTo struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *LessThanOrEqualTo) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *int64:
+		if v == nil {
+			return false, nil
+		}
+
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v <= vi, nil
+	case int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v <= vi, nil
+	case []*int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val <= vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []int64:
+		vi, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val <= vi {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case *float64:
+		if v == nil {
+			return false, nil
+		}
+
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v <= vf, nil
+	case float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v <= vf, nil
+	case []*float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val <= vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []float64:
+		vf, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val <= vf {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *LessThanOrEqualTo) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/matches_regex.go b/filtering/matches_regex.go
new file mode 100644
index 00000000..98db2a27
--- /dev/null
+++ b/filtering/matches_regex.go
@@ -0,0 +1,60 @@
+package filtering
+
+import (
+	"regexp"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &MatchesRegex{}
+)
+
+type MatchesRegex struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *MatchesRegex) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	re, err := regexp.Compile(o.Value)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		return re.Match([]byte(*v)), nil
+	case string:
+		return re.Match([]byte(v)), nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if re.Match([]byte(*str)) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []string:
+		for _, str := range v {
+			if re.Match([]byte(str)) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *MatchesRegex) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/not_equal_to.go b/filtering/not_equal_to.go
new file mode 100644
index 00000000..2239c890
--- /dev/null
+++ b/filtering/not_equal_to.go
@@ -0,0 +1,200 @@
+package filtering
+
+import (
+	"strconv"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &NotEqualTo{}
+)
+
+type NotEqualTo struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *NotEqualTo) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *bool:
+		if v == nil {
+			return true, nil
+		}
+
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		return *v != bv, nil
+	case bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		return v != bv, nil
+	case []*bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == bv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []bool:
+		bv, err := strconv.ParseBool(o.Value)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == bv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case *int64:
+		if v == nil {
+			return true, nil
+		}
+
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v != iv, nil
+	case int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v != iv, nil
+	case []*int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == iv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []int64:
+		iv, err := strconv.ParseInt(o.Value, 10, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == iv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case *float64:
+		if v == nil {
+			return true, nil
+		}
+
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return *v != fv, nil
+	case float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		return v != fv, nil
+	case []*float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if *val == fv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []float64:
+		fv, err := strconv.ParseFloat(o.Value, 64)
+		if err != nil {
+			return false, err
+		}
+
+		for _, val := range v {
+			if val == fv {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case *string:
+		if v == nil {
+			return true, nil
+		}
+
+		return *v != o.Value, nil
+	case string:
+		return v != o.Value, nil
+	case []*string:
+		for _, str := range v {
+			if str == nil {
+				continue
+			}
+			if *str == o.Value {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	case []string:
+		for _, str := range v {
+			if str == o.Value {
+				return false, nil
+			}
+		}
+
+		return true, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *NotEqualTo) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/operators.go b/filtering/operators.go
new file mode 100644
index 00000000..5eab7ee5
--- /dev/null
+++ b/filtering/operators.go
@@ -0,0 +1,7 @@
+package filtering
+
+type Operator struct {
+	And bool
+	Or  bool
+	Xor bool
+}
diff --git a/filtering/parse.go b/filtering/parse.go
new file mode 100644
index 00000000..514ccbca
--- /dev/null
+++ b/filtering/parse.go
@@ -0,0 +1,394 @@
+package filtering
+
+import (
+	"fmt"
+	"io"
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+func Parse(s string, quote string) (*Group, error) {
+	if s == "" {
+		return nil, nil
+	} else if len(quote) != 1 {
+		return nil, fmt.Errorf("quote character should be one character")
+	} else if quote == "&" || quote == "|" || quote == "(" || quote == ")" || quote == " " || quote == `\` || quote == "!" || quote == "." || quote == "<" || quote == ">" || quote == "=" || quote == "-" || quote == "_" {
+		return nil, fmt.Errorf("quote character cannot be a reserved character")
+	}
+
+	var ch rune
+	var err error
+	var op *Operator
+	var path string
+	var token strings.Builder
+	token.Grow(50)
+
+	var quoteRune rune
+	for _, quoteRune = range quote {
+		break
+	}
+
+	groups := make([]*Group, 0, 10)
+	groups = append(groups, &Group{
+		Matchers: make([]Matcher, 0, 10),
+	})
+
+	// So, we are going to cheat a bit here and add a trailing space to the end of the
+	// filter passed in.  This means that we shouldn't have to add any trailing handling
+	// outside of the main "for" loop.
+	r := strings.NewReader(s + " ")
+
+	for true {
+		token.Reset()
+
+		if err = skipSpaces(r); err != nil {
+			break
+		}
+
+		ch, _, err = r.ReadRune()
+		if err != nil {
+			break
+		}
+
+		// New group: regular.
+		if ch == '(' {
+			group := &Group{
+				Matchers: make([]Matcher, 0, 10),
+				Operator: op,
+			}
+			cur := groups[len(groups)-1]
+			cur.Matchers = append(cur.Matchers, group)
+			groups = append(groups, group)
+
+			op = nil
+			continue
+		}
+
+		// Negation can be either negating a group or "!=".
+		if ch == '!' {
+			ch, _, err = r.ReadRune()
+			if err != nil {
+				if err == io.EOF {
+					return nil, errors.InvalidFilterError
+				}
+				return nil, err
+			}
+			if ch == '(' {
+				group := &Group{
+					NegateGroup: true,
+					Matchers:    make([]Matcher, 0, 10),
+					Operator:    op,
+				}
+				cur := groups[len(groups)-1]
+				cur.Matchers = append(cur.Matchers, group)
+				groups = append(groups, group)
+				op = nil
+				continue
+			}
+
+			if err = r.UnreadRune(); err != nil {
+				return nil, err
+			}
+			ch = '!'
+		}
+
+		// End group.
+		if ch == ')' {
+			if len(groups) == 1 {
+				return nil, errors.InvalidFilterError
+			}
+			groups = groups[:len(groups)-1]
+			continue
+		}
+
+		// Get the next token.
+		token.Reset()
+		if ch == quoteRune {
+			prevIsEscape := false
+			for true {
+				ch, _, err = r.ReadRune()
+				if err != nil {
+					if err == io.EOF {
+						return nil, errors.InvalidFilterError
+					}
+					return nil, err
+				}
+				if ch == quoteRune && !prevIsEscape {
+					break
+				}
+				token.WriteRune(ch)
+				prevIsEscape = ch == '\\'
+			}
+		} else {
+			token.WriteRune(ch)
+			for true {
+				ch, _, err = r.ReadRune()
+				if err != nil {
+					if err == io.EOF {
+						return nil, errors.InvalidFilterError
+					}
+					return nil, err
+				}
+				if ch == ' ' || ch == ')' {
+					if err = r.UnreadRune(); err != nil {
+						return nil, err
+					}
+					break
+				}
+				token.WriteRune(ch)
+			}
+		}
+
+		// At this point, we have a token that needs to be interpretted.
+		if len(groups[len(groups)-1].Matchers) != 0 && op == nil {
+			switch token.String() {
+			case "&&", "and":
+				op = &Operator{And: true}
+			case "||", "or":
+				op = &Operator{Or: true}
+			case "xor":
+				op = &Operator{Xor: true}
+			default:
+				return nil, errors.InvalidFilterError
+			}
+		} else if path == "" {
+			path = token.String()
+		} else {
+			group := groups[len(groups)-1]
+			switch token.String() {
+			case "is-nil":
+				group.Matchers = append(group.Matchers, &IsNil{
+					Path:     path,
+					Operator: op,
+				})
+			case "is-not-nil":
+				group.Matchers = append(group.Matchers, &IsNotNil{
+					Path:     path,
+					Operator: op,
+				})
+			case "==", "equals", "is":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &Equals{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "!=", "not-equal-to", "is-not":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &NotEqualTo{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "<", "less-than":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &LessThan{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "<=", "less-than-or-equal-to":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &LessThanOrEqualTo{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case ">", "greater-than":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &GreaterThan{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case ">=", "greater-than-or-equal-to":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &GreaterThanOrEqualTo{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "contains":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &Contains{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "does-not-contain":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &DoesNotContain{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "starts-with":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &StartsWith{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "does-not-start-with":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &DoesNotStartWith{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "ends-with":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &EndsWith{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "does-not-end-with":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &DoesNotEndWith{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "matches-regex":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &MatchesRegex{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			case "does-not-match-regex":
+				value, err := getValue(r, quoteRune)
+				if err != nil {
+					return nil, err
+				}
+				group.Matchers = append(group.Matchers, &DoesNotMatchRegex{
+					Path:     path,
+					Value:    value,
+					Operator: op,
+				})
+			default:
+				return nil, fmt.Errorf("unknown operator: %q", token.String())
+			}
+
+			op = nil
+			path = ""
+		}
+	}
+
+	if err != nil && err != io.EOF {
+		return nil, err
+	}
+
+	if len(groups) != 1 || op != nil || path != "" {
+		return nil, errors.InvalidFilterError
+	}
+
+	return groups[0], nil
+}
+
+func getValue(r *strings.Reader, quoteRune rune) (string, error) {
+	var ch rune
+	var err error
+	var token strings.Builder
+	token.Grow(30)
+
+	if err = skipSpaces(r); err != nil {
+		return "", err
+	}
+
+	ch, _, err = r.ReadRune()
+	if err != nil {
+		return "", err
+	}
+
+	if ch == quoteRune {
+		prevIsEscape := false
+		for true {
+			ch, _, err = r.ReadRune()
+			if err != nil {
+				return token.String(), err
+			}
+			if ch == quoteRune && !prevIsEscape {
+				break
+			}
+			token.WriteRune(ch)
+			prevIsEscape = ch == '\\'
+		}
+	} else {
+		token.WriteRune(ch)
+		for true {
+			ch, _, err = r.ReadRune()
+			if err != nil {
+				return token.String(), err
+			}
+			if ch == ' ' {
+				if err = r.UnreadRune(); err != nil {
+					return token.String(), err
+				}
+				break
+			}
+			token.WriteRune(ch)
+		}
+	}
+
+	return token.String(), nil
+}
+
+func skipSpaces(r *strings.Reader) error {
+	var ch rune
+	var err error
+
+	for true {
+		ch, _, err = r.ReadRune()
+		if err != nil {
+			return err
+		}
+		if ch != ' ' && ch != '\t' {
+			err = r.UnreadRune()
+			break
+		}
+	}
+
+	return err
+}
diff --git a/filtering/parse_test.go b/filtering/parse_test.go
new file mode 100644
index 00000000..0e388648
--- /dev/null
+++ b/filtering/parse_test.go
@@ -0,0 +1,968 @@
+package filtering
+
+import (
+	"testing"
+)
+
+func TestParseEscapeWorks(t *testing.T) {
+	g, err := Parse(`foo contains "bar\"baz"`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*Contains)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "foo" {
+		t.Fatalf("path is %q not \"foo\"", v.Path)
+	}
+	if v.Value != `bar\"baz` {
+		t.Fatalf("value is unexpected: %q", v.Value)
+	}
+}
+
+func TestParseRegexWithAlternativeQuoteWorks(t *testing.T) {
+	g, err := Parse(`foo matches-regex @one"two .*)@`, "@")
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*MatchesRegex)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "foo" {
+		t.Fatalf("path is %q not \"foo\"", v.Path)
+	}
+	if v.Value != `one"two .*)` {
+		t.Fatalf("value is unexpected: %q", v.Value)
+	}
+}
+
+func TestParseIsNil(t *testing.T) {
+	g, err := Parse("foo is-nil", `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*IsNil)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "foo" {
+		t.Fatalf("path is %q not \"foo\"", v.Path)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseIsNotNil(t *testing.T) {
+	g, err := Parse("bar is-not-nil", `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*IsNotNil)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "bar" {
+		t.Fatalf("path is %q not \"bar\"", v.Path)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseEqualsWithDoubleEqualsAndDoubleQuotes(t *testing.T) {
+	g, err := Parse(`wutang == "clan"`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "wutang" {
+		t.Fatalf("path is %q not \"wutang\"", v.Path)
+	}
+	if v.Value != "clan" {
+		t.Fatalf("value is %q not \"clan\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseEqualsWithEqualsWordAndAlternativeQuotes(t *testing.T) {
+	g, err := Parse(`wutang equals ^clan^`, `^`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "wutang" {
+		t.Fatalf("path is %q not \"wutang\"", v.Path)
+	}
+	if v.Value != "clan" {
+		t.Fatalf("value is %q not \"clan\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseEqualsWithEqualsWordAndNoQuotes(t *testing.T) {
+	g, err := Parse(`bond equals 7`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "bond" {
+		t.Fatalf("path is %q not \"bond\"", v.Path)
+	}
+	if v.Value != "7" {
+		t.Fatalf("value is %q not \"7\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseIsNotEqualWithBangEquals(t *testing.T) {
+	g, err := Parse(`persona != 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*NotEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseIsNotEqualWithWords(t *testing.T) {
+	g, err := Parse(`persona not-equal-to 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*NotEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseLessThanSymbol(t *testing.T) {
+	g, err := Parse(`persona < 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*LessThan)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseLessThanWords(t *testing.T) {
+	g, err := Parse(`persona less-than 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*LessThan)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseLessThanOrEqualToSymbol(t *testing.T) {
+	g, err := Parse(`persona <= 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*LessThanOrEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseLessThanOrEqualToWords(t *testing.T) {
+	g, err := Parse(`persona less-than-or-equal-to 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*LessThanOrEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseGreaterThanSymbol(t *testing.T) {
+	g, err := Parse(`persona > 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*GreaterThan)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseGreaterThanWords(t *testing.T) {
+	g, err := Parse(`persona greater-than 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*GreaterThan)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseGreaterThanOrEqualToSymbol(t *testing.T) {
+	g, err := Parse(`persona >= 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*GreaterThanOrEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseGreaterThanOrEqualToWords(t *testing.T) {
+	g, err := Parse(`persona greater-than-or-equal-to 3`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*GreaterThanOrEqualTo)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3" {
+		t.Fatalf("value is %q not \"3\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseContains(t *testing.T) {
+	g, err := Parse(`persona contains 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*Contains)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseDoesNotContain(t *testing.T) {
+	g, err := Parse(`persona does-not-contain 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*DoesNotContain)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseStartsWith(t *testing.T) {
+	g, err := Parse(`persona starts-with 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*StartsWith)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseDoesNotStartWith(t *testing.T) {
+	g, err := Parse(`persona does-not-start-with 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*DoesNotStartWith)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseEndsWith(t *testing.T) {
+	g, err := Parse(`persona ends-with 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*EndsWith)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseDoesNotEndWith(t *testing.T) {
+	g, err := Parse(`persona does-not-end-with 3r`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*DoesNotEndWith)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "persona" {
+		t.Fatalf("path is %q not \"persona\"", v.Path)
+	}
+	if v.Value != "3r" {
+		t.Fatalf("value is %q not \"3r\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseMatchesRegex(t *testing.T) {
+	g, err := Parse(`alphabet matches-regex "ab*c"`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*MatchesRegex)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "alphabet" {
+		t.Fatalf("path is %q not \"alphabet\"", v.Path)
+	}
+	if v.Value != "ab*c" {
+		t.Fatalf("value is %q not \"ab*c\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseDoesNotMatchRegex(t *testing.T) {
+	g, err := Parse(`alphabet does-not-match-regex ab*c`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+	v, ok := g.Matchers[0].(*DoesNotMatchRegex)
+	if !ok {
+		t.Fatalf("g.Matcher[0] type: %T", g.Matchers[0])
+	}
+	if v.Path != "alphabet" {
+		t.Fatalf("path is %q not \"alphabet\"", v.Path)
+	}
+	if v.Value != "ab*c" {
+		t.Fatalf("value is %q not \"ab*c\"", v.Value)
+	}
+	if v.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+}
+
+func TestParseAndConditions(t *testing.T) {
+	g, err := Parse(`game == shadowrun and slang is chummer && platform is snes`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 3 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	v1, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if v1.Path != "game" {
+		t.Fatalf("path is %q not \"game\"", v1.Path)
+	}
+	if v1.Value != "shadowrun" {
+		t.Fatalf("value is %q not \"shadowrun\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+
+	v2, ok := g.Matchers[1].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[1] type: %T", g.Matchers[1])
+	}
+	if v2.Path != "slang" {
+		t.Fatalf("path is %q not \"slang\"", v2.Path)
+	}
+	if v2.Value != "chummer" {
+		t.Fatalf("value is %q not \"chummer\"", v2.Value)
+	}
+	if v2.Operator == nil {
+		t.Fatalf("operator is not nil")
+	}
+	if !v2.Operator.And {
+		t.Fatalf("expected 'and' operator: %#v", v2.Operator)
+	}
+
+	v3, ok := g.Matchers[2].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[2] type: %T", g.Matchers[2])
+	}
+	if v3.Path != "platform" {
+		t.Fatalf("path is %q not \"platform\"", v3.Path)
+	}
+	if v3.Value != "snes" {
+		t.Fatalf("value is %q not \"snes\"", v3.Value)
+	}
+	if v3.Operator == nil {
+		t.Fatalf("operator is not nil")
+	}
+	if !v3.Operator.And {
+		t.Fatalf("expected 'and' operator: %#v", v3.Operator)
+	}
+}
+
+func TestParseOrConditions(t *testing.T) {
+	g, err := Parse(`game == shadowrun or slang is chummer || platform is snes`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 3 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	v1, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if v1.Path != "game" {
+		t.Fatalf("path is %q not \"game\"", v1.Path)
+	}
+	if v1.Value != "shadowrun" {
+		t.Fatalf("value is %q not \"shadowrun\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+
+	v2, ok := g.Matchers[1].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[1] type: %T", g.Matchers[1])
+	}
+	if v2.Path != "slang" {
+		t.Fatalf("path is %q not \"slang\"", v2.Path)
+	}
+	if v2.Value != "chummer" {
+		t.Fatalf("value is %q not \"chummer\"", v2.Value)
+	}
+	if v2.Operator == nil {
+		t.Fatalf("operator is not nil")
+	}
+	if !v2.Operator.Or {
+		t.Fatalf("expected 'or' operator: %#v", v2.Operator)
+	}
+
+	v3, ok := g.Matchers[2].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[2] type: %T", g.Matchers[2])
+	}
+	if v3.Path != "platform" {
+		t.Fatalf("path is %q not \"platform\"", v3.Path)
+	}
+	if v3.Value != "snes" {
+		t.Fatalf("value is %q not \"snes\"", v3.Value)
+	}
+	if v3.Operator == nil {
+		t.Fatalf("operator is not nil")
+	}
+	if !v3.Operator.Or {
+		t.Fatalf("expected 'or' operator: %#v", v3.Operator)
+	}
+}
+
+func TestParseXorCondition(t *testing.T) {
+	g, err := Parse(`game == shadowrun xor slang is chummer`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 2 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	v1, ok := g.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if v1.Path != "game" {
+		t.Fatalf("path is %q not \"game\"", v1.Path)
+	}
+	if v1.Value != "shadowrun" {
+		t.Fatalf("value is %q not \"shadowrun\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("operator is not nil")
+	}
+
+	v2, ok := g.Matchers[1].(*Equals)
+	if !ok {
+		t.Fatalf("g.Matchers[1] type: %T", g.Matchers[1])
+	}
+	if v2.Path != "slang" {
+		t.Fatalf("path is %q not \"slang\"", v2.Path)
+	}
+	if v2.Value != "chummer" {
+		t.Fatalf("value is %q not \"chummer\"", v2.Value)
+	}
+	if v2.Operator == nil {
+		t.Fatalf("operator is not nil")
+	}
+	if !v2.Operator.Xor {
+		t.Fatalf("expected 'or' operator: %#v", v2.Operator)
+	}
+}
+
+func TestParseSingleGrouping(t *testing.T) {
+	g, err := Parse(`(arcana == "The Fool")`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d | %#v", len(g.Matchers), g)
+	}
+
+	g1, ok := g.Matchers[0].(*Group)
+	if !ok {
+		t.Fatalf("g1.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if g1.NegateGroup {
+		t.Fatalf("g1.Matchers[0] is negated")
+	}
+	if len(g1.Matchers) != 1 {
+		t.Fatalf("len g1 matchers: %d", len(g1.Matchers))
+	}
+
+	v1, ok := g1.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g1 type: %T", g1.Matchers[0])
+	}
+	if v1.Path != "arcana" {
+		t.Fatalf("v1.Path is %q not \"arcana\"", v1.Path)
+	}
+	if v1.Value != "The Fool" {
+		t.Fatalf("v1.Value is %q not \"The Fool\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("v1 has operator: %#v", v1.Operator)
+	}
+}
+
+func TestParseDoubleNestedGroupNegatedInner(t *testing.T) {
+	g, err := Parse(`(!(arcana == "The Fool"))`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d | %#v", len(g.Matchers), g)
+	}
+
+	g1, ok := g.Matchers[0].(*Group)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if g1.NegateGroup {
+		t.Fatalf("g1.Matchers[0] is negated")
+	}
+	if len(g1.Matchers) != 1 {
+		t.Fatalf("len g1 matchers: %d", len(g1.Matchers))
+	}
+
+	g2, ok := g1.Matchers[0].(*Group)
+	if !ok {
+		t.Fatalf("g1.Matchers type: %T", g1.Matchers[0])
+	}
+	if !g2.NegateGroup {
+		t.Fatalf("g2 is not negated")
+	}
+	if len(g2.Matchers) != 1 {
+		t.Fatalf("len g2.Matchers: %d", len(g2.Matchers))
+	}
+
+	v1, ok := g2.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g1 type: %T", g1.Matchers[0])
+	}
+	if v1.Path != "arcana" {
+		t.Fatalf("v1.Path is %q not \"arcana\"", v1.Path)
+	}
+	if v1.Value != "The Fool" {
+		t.Fatalf("v1.Value is %q not \"The Fool\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("v1 has operator: %#v", v1.Operator)
+	}
+}
+
+func TestParseDoubleNestedGroupNegatedOuter(t *testing.T) {
+	g, err := Parse(`!((arcana == "The Fool"))`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	if len(g.Matchers) != 1 {
+		t.Fatalf("len matchers: %d | %#v", len(g.Matchers), g)
+	}
+
+	g1, ok := g.Matchers[0].(*Group)
+	if !ok {
+		t.Fatalf("g.Matchers[0] type: %T", g.Matchers[0])
+	}
+	if !g1.NegateGroup {
+		t.Fatalf("g1.Matchers[0] is not negated")
+	}
+	if len(g1.Matchers) != 1 {
+		t.Fatalf("len g1 matchers: %d", len(g1.Matchers))
+	}
+
+	g2, ok := g1.Matchers[0].(*Group)
+	if !ok {
+		t.Fatalf("g1.Matchers type: %T", g1.Matchers[0])
+	}
+	if g2.NegateGroup {
+		t.Fatalf("g2 is negated")
+	}
+	if len(g2.Matchers) != 1 {
+		t.Fatalf("len g2.Matchers: %d", len(g2.Matchers))
+	}
+
+	v1, ok := g2.Matchers[0].(*Equals)
+	if !ok {
+		t.Fatalf("g1 type: %T", g1.Matchers[0])
+	}
+	if v1.Path != "arcana" {
+		t.Fatalf("v1.Path is %q not \"arcana\"", v1.Path)
+	}
+	if v1.Value != "The Fool" {
+		t.Fatalf("v1.Value is %q not \"The Fool\"", v1.Value)
+	}
+	if v1.Operator != nil {
+		t.Fatalf("v1 has operator: %#v", v1.Operator)
+	}
+}
+
+func TestParseFirstOfThreeIsGroup(t *testing.T) {
+	g, err := Parse(`(foo is-nil) and bar is-nil and baz is-nil`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if len(g.Matchers) != 3 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	if _, ok := g.Matchers[0].(*Group); !ok {
+		t.Fatalf("first is not group: %T", g.Matchers[0])
+	}
+
+	if _, ok := g.Matchers[1].(*IsNil); !ok {
+		t.Fatalf("second not is-nil: %T", g.Matchers[1])
+	}
+
+	if _, ok := g.Matchers[2].(*IsNil); !ok {
+		t.Fatalf("third not is-nil: %T", g.Matchers[2])
+	}
+}
+
+func TestParseSecondOfThreeIsGroup(t *testing.T) {
+	g, err := Parse(`foo is-nil and (bar is-nil) and baz is-nil`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if len(g.Matchers) != 3 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	if _, ok := g.Matchers[0].(*IsNil); !ok {
+		t.Fatalf("first not is-nil: %T", g.Matchers[1])
+	}
+
+	if _, ok := g.Matchers[1].(*Group); !ok {
+		t.Fatalf("second is not group: %T", g.Matchers[0])
+	}
+
+	if _, ok := g.Matchers[2].(*IsNil); !ok {
+		t.Fatalf("third not is-nil: %T", g.Matchers[2])
+	}
+}
+
+func TestParseThirdOfThreeIsGroup(t *testing.T) {
+	g, err := Parse(`foo is-nil and bar is-nil and !(baz is-nil)`, `"`)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	if len(g.Matchers) != 3 {
+		t.Fatalf("len matchers: %d", len(g.Matchers))
+	}
+
+	if _, ok := g.Matchers[0].(*IsNil); !ok {
+		t.Fatalf("first not is-nil: %T", g.Matchers[1])
+	}
+
+	if _, ok := g.Matchers[1].(*IsNil); !ok {
+		t.Fatalf("second not is-nil: %T", g.Matchers[0])
+	}
+
+	if _, ok := g.Matchers[2].(*Group); !ok {
+		t.Fatalf("third not group: %T", g.Matchers[2])
+	}
+}
+
+func TestParseReturnsError(t *testing.T) {
+	checks := []string{
+		"(foo is-nil",
+		"bar contains \"jack\")",
+		"unknown operator here",
+		"(((foo is-nil) is-nil))",
+		`quote contains "jack`,
+		"this is-not-nil bar",
+		"foo contains o and",
+		"foobar",
+		"(",
+		")",
+		"",
+	}
+
+	for _, s := range checks {
+		if _, err := Parse(s, `"`); err == nil {
+			t.Fatalf("invalid filter string was ok: %q", s)
+		}
+	}
+}
+
+func TestParseWithInvalidQuoteReturnsError(t *testing.T) {
+	quotes := []string{
+		"|",
+		"&",
+		">",
+		"<",
+		"=",
+		"(",
+		")",
+		" ",
+		`\`,
+		"!",
+		".",
+		"-",
+		"_",
+	}
+
+	okstr := "foo > 5"
+	for _, quote := range quotes {
+		if _, err := Parse(okstr, quote); err == nil {
+			t.Fatalf("invalid quote was ok: %q", quote)
+		}
+	}
+}
diff --git a/filtering/starts_with.go b/filtering/starts_with.go
new file mode 100644
index 00000000..80b217b4
--- /dev/null
+++ b/filtering/starts_with.go
@@ -0,0 +1,59 @@
+package filtering
+
+import (
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+var (
+	_ Matcher = &StartsWith{}
+)
+
+type StartsWith struct {
+	Path  string
+	Value string
+
+	Operator *Operator
+}
+
+func (o *StartsWith) Matches(f Fielder) (bool, error) {
+	x, err := f.Field(o.Path)
+	if err != nil {
+		return false, err
+	}
+
+	switch v := x.(type) {
+	case *string:
+		if v == nil {
+			return false, nil
+		}
+
+		return strings.HasPrefix(*v, o.Value), nil
+	case string:
+		return strings.HasPrefix(v, o.Value), nil
+	case []*string:
+		for _, val := range v {
+			if val == nil {
+				continue
+			}
+			if strings.HasPrefix(*val, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	case []string:
+		for _, val := range v {
+			if strings.HasPrefix(val, o.Value) {
+				return true, nil
+			}
+		}
+
+		return false, nil
+	}
+
+	return false, errors.UnsupportedFilterTypeError
+}
+
+func (o *StartsWith) GetOperator() *Operator { return o.Operator }
diff --git a/filtering/testutils_test.go b/filtering/testutils_test.go
new file mode 100644
index 00000000..a02dd0cc
--- /dev/null
+++ b/filtering/testutils_test.go
@@ -0,0 +1,18 @@
+package filtering
+
+type testFielderResponse struct {
+	Value any
+	Error error
+}
+
+type testFielder struct {
+	Answers []testFielderResponse
+
+	index int
+}
+
+func (o *testFielder) Field(_ string) (any, error) {
+	ans := o.Answers[o.index]
+	o.index++
+	return ans.Value, ans.Error
+}
diff --git a/generic/xml.go b/generic/xml.go
index 7482e9cd..cae21261 100644
--- a/generic/xml.go
+++ b/generic/xml.go
@@ -1,39 +1,40 @@
 package generic
 
 import (
-    "encoding/xml"
-    "strings"
+	"encoding/xml"
+	"strings"
 )
 
 // Xml is a generic catch-all for parsing XML returned from PAN-OS.
 type Xml struct {
-    XMLName xml.Name
-    Name *string `xml:"name,attr,omitempty"`
-    Uuid *string `xml:"uuid,attr,omitempty"`
-    Text []byte `xml:",chardata"`
-    Nodes []Xml `xml:",any"`
+	XMLName         xml.Name
+	Name            *string `xml:"name,attr,omitempty"`
+	Uuid            *string `xml:"uuid,attr,omitempty"`
+	DetailedVersion *string `xml:"detail-version,attr,omitempty"`
+	Text            []byte  `xml:",chardata"`
+	Nodes           []Xml   `xml:",any"`
 
-    // TrimmedText contains the trimmed value of Text.  Note that since this could
-    // very well be trimming legitimate spacing that the text field would otherwise
-    // contain, refering to this field for anything other than debugging purposes is
-    // probably not a good idea.
-    TrimmedText *string `xml:"-"`
+	// TrimmedText contains the trimmed value of Text.  Note that since this could
+	// very well be trimming legitimate spacing that the text field would otherwise
+	// contain, refering to this field for anything other than debugging purposes is
+	// probably not a good idea.
+	TrimmedText *string `xml:"-"`
 }
 
-func (e *Xml) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
-    type local Xml
-    var ans local
-    if err := d.DecodeElement(&ans, &start); err != nil {
-        return err
-    }
+func (x *Xml) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
+	type local Xml
+	var ans local
+	if err := d.DecodeElement(&ans, &start); err != nil {
+		return err
+	}
 
-    if len(ans.Text) != 0 {
-        v := strings.TrimSpace(string(ans.Text))
-        if v != "" {
-            ans.TrimmedText = &v
-        }
-    }
+	if len(ans.Text) != 0 {
+		v := strings.TrimSpace(string(ans.Text))
+		if v != "" {
+			ans.TrimmedText = &v
+		}
+	}
 
-    *e = Xml(ans)
-    return nil
+	*x = Xml(ans)
+	return nil
 }
diff --git a/generic/xml_test.go b/generic/xml_test.go
new file mode 100644
index 00000000..b01f5eef
--- /dev/null
+++ b/generic/xml_test.go
@@ -0,0 +1,117 @@
+package generic
+
+import (
+	"encoding/xml"
+	"strings"
+	"testing"
+)
+
+var (
+	TestXml = []byte(`
+<config version="10.2.0" urldb="paloaltonetworks" detail-version="10.2.4">
+    <normal> some text </normal>
+    <person name="jane"></person>
+    <unique uuid="1234-56-789"></unique>
+    <nested>
+        <and unknown="foobar"></and>
+    </nested>
+</config>`)
+)
+
+func TestUnmarshalDoesNotReturnError(t *testing.T) {
+	var x Xml
+	if err := xml.Unmarshal(TestXml, &x); err != nil {
+		t.Fatalf("Error in unmarshal: %s", err)
+	}
+}
+
+func TestUnmarshalSavesName(t *testing.T) {
+	var x Xml
+	if err := xml.Unmarshal(TestXml, &x); err != nil {
+		t.Fatalf("Error in unmarshal: %s", err)
+	}
+	if len(x.Nodes) == 0 {
+		t.Fatalf("no nodes present")
+	}
+	for _, node := range x.Nodes {
+		if node.XMLName.Local == "person" {
+			if node.Name == nil {
+				t.Fatalf("config > person.name is nil")
+			}
+			if *node.Name != "jane" {
+				t.Fatalf("config > person.name = %q", *node.Name)
+			}
+			return
+		}
+	}
+
+	t.Fatalf("could not find config > person")
+}
+
+func TestUnmarshalSavesUuid(t *testing.T) {
+	var x Xml
+	if err := xml.Unmarshal(TestXml, &x); err != nil {
+		t.Fatalf("Error in unmarshal: %s", err)
+	}
+	if len(x.Nodes) == 0 {
+		t.Fatalf("no nodes present")
+	}
+	for _, node := range x.Nodes {
+		if node.XMLName.Local == "unique" {
+			if node.Uuid == nil {
+				t.Fatalf("config > unique.uuid is nil")
+			}
+			if *node.Uuid != "1234-56-789" {
+				t.Fatalf("config > unique.uuid = %q", *node.Uuid)
+			}
+			return
+		}
+	}
+
+	t.Fatalf("could not find config > unique")
+}
+
+func TestUnmarshalSavesText(t *testing.T) {
+	var x Xml
+	if err := xml.Unmarshal(TestXml, &x); err != nil {
+		t.Fatalf("Error in unmarshal: %s", err)
+	}
+	if len(x.Nodes) == 0 {
+		t.Fatalf("no nodes present")
+	}
+	for _, node := range x.Nodes {
+		if node.XMLName.Local == "normal" {
+			if len(node.Text) == 0 {
+				t.Fatalf("config > normal.text is empty")
+			}
+			if string(node.Text) != " some text " {
+				t.Fatalf("config > normal.text = %q", *node.Uuid)
+			}
+			return
+		}
+	}
+
+	t.Fatalf("could not find config > normal")
+}
+
+func TestMarshalDoesNotContainThings(t *testing.T) {
+	var x Xml
+	if err := xml.Unmarshal(TestXml, &x); err != nil {
+		t.Fatalf("Error in unmarshal: %s", err)
+	}
+
+	b, err := xml.Marshal(x)
+	if err != nil {
+		t.Fatalf("Error in marshal: %s", err)
+	}
+
+	ans := string(b)
+
+	missing := []string{"10.2.0", "foobar", "Node"}
+
+	for _, chk := range missing {
+		if strings.Contains(ans, chk) {
+			t.Fatalf("marshalled bytes includes %q: %s", chk, ans)
+		}
+	}
+}
diff --git a/go.mod b/go.mod
index 3866f35d..8d42ce0b 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,20 @@
 module github.com/PaloAltoNetworks/pango
 
-go 1.21
+go 1.22.5
+
+require (
+	github.com/onsi/ginkgo/v2 v2.19.0
+	github.com/onsi/gomega v1.33.1
+)
+
+require (
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/tools v0.21.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 00000000..b4208ee7
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,32 @@
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
+golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/logging.go b/logging.go
new file mode 100644
index 00000000..c3e71ee0
--- /dev/null
+++ b/logging.go
@@ -0,0 +1,196 @@
+package pango
+
+import (
+	"fmt"
+	"log/slog"
+	"math/bits"
+)
+
+// LogCategory is a bitmask describing what categories of logging to enable.
+//
+// Available bit-wise flags are as follows:
+//
+//   - LogCategoryPango: Basic library-level logging
+//   - LogCategoryOp: Logging of operation commands (Op functions)
+//   - LogCategorySend: Logging of the data being sent to the server. All sensitive
+//     data will be scrubbed from the response unless LogCategorySensitive
+//     is explicitly added to the mask
+//   - LogCategoryReceive: Logging of the data being received from the server. All
+//     sensitive data will be scrubbed from the response unless LogCategorySensitive
+//     is explicitly added to the mask
+//   - LogCategoryCurl: When used along with LogCategorySend, an equivalent curl
+//     command will be logged
+//   - LogCategoryAll: A meta-category, enabling all above categories at once
+//   - LogCategorySensitive: Logging of sensitive data like hostnames, logins,
+//     passwords or API keys of any sort
+type LogCategory uint
+
+const (
+	LogCategoryPango LogCategory = 1 << iota
+	LogCategoryOp
+	LogCategorySend
+	LogCategoryReceive
+	LogCategoryCurl
+	LogCategoryAll = LogCategoryPango | LogCategoryOp | LogCategorySend |
+		LogCategoryReceive | LogCategoryCurl
+	// Make sure that LogCategorySensitive is always last, explicitly set to 1 << 32
+	LogCategorySensitive LogCategory = 1 << 32
+)
+
+var logCategoryToString = map[LogCategory]string{
+	LogCategoryPango:     "pango",
+	LogCategoryOp:        "op",
+	LogCategorySend:      "send",
+	LogCategoryReceive:   "receive",
+	LogCategoryCurl:      "curl",
+	LogCategoryAll:       "all",
+	LogCategorySensitive: "sensitive",
+}
+
+func createStringToCategoryMap(categories map[LogCategory]string) map[string]LogCategory {
+	// Instead of keeping two maps for two way association, we
+	// just generate reversed map on the fly. This function is not
+	// going to be used outside of the initial library setup, so
+	// the slight performance penalty is not an issue.
+	stringsMap := make(map[string]LogCategory, len(logCategoryToString))
+	for category, sym := range logCategoryToString {
+		stringsMap[sym] = category
+	}
+
+	return stringsMap
+}
+
+// LogCategoryFromStrings transforms list with categories into its bitmask equivalent.
+//
+// This function takes a list of strings, representing log categories
+// that can be used to filter what gets logged by pango library. This list
+// can change over time as more categories are added to the library.
+//
+// It returns LogCategory bitmask which can be then used to configure
+// logger. If unknown log category string is given as part of the
+// list, error is returned instead.
+func LogCategoryFromStrings(symbols []string) (LogCategory, error) {
+	stringsMap := createStringToCategoryMap(logCategoryToString)
+
+	var logCategoriesMask LogCategory
+	for _, elt := range symbols {
+		category, ok := stringsMap[elt]
+		if !ok {
+			return 0, fmt.Errorf("unknown log category: %s", elt)
+		}
+
+		logCategoriesMask |= category
+		slog.Info("logCategoriesMask", "equal", logCategoriesMask)
+	}
+	return logCategoriesMask, nil
+}
+
+// LogCategoryAsStrings interprets given LogCategory bitmask into its string representation.
+//
+// This function takes LogCategory bitmask as argument, and converts
+// it into a list of strings, where each element represents a single
+// category. LogCategoryAll is converted into a list of enabled
+// categories, without "all".
+//
+// It returns a list of categories as strings, or error if invalid
+// LogCategory mask has been provided.
+func LogCategoryAsStrings(categories LogCategory) ([]string, error) {
+	symbols := make([]string, 0)
+
+	// Calculate a number of high bits in the categories mask, to make
+	// sure all categories other than LogCategoryAll have been matched.
+	highBits := bits.OnesCount(uint(categories))
+
+	// Iterate over all available log categories, skipping
+	// LogCategoryAll as we can't distinguish between explicitly
+	// ORing all LogCategories and using LogCategoryAll.
+	for key, value := range logCategoryToString {
+		if key == LogCategoryAll {
+			continue
+		}
+		if categories&key == key {
+			symbols = append(symbols, value)
+		}
+	}
+
+	// Return an error if number of high bits in the categories
+	// mask is lower than length of the symbols list
+	if len(symbols) < highBits && (categories&LogCategoryAll != LogCategoryAll) {
+		return nil, fmt.Errorf("invalid LogCategory bitmask")
+	}
+
+	return symbols, nil
+}
+
+// LogCategoryToSymbol returns string representation of the given LogCategory
+//
+// The given LogCategory can only have single bit set high, and cannot
+// match LogCategoryAll. To convert LogCategory bitmask into a list of categories,
+// use LogCategoryToStrings instead.
+//
+// It returns string representation of the log category, or error if
+// unknown category has been provided.
+func LogCategoryToString(category LogCategory) (string, error) {
+	if category&LogCategoryAll == LogCategoryAll {
+		return "", fmt.Errorf("cannot convert LogCategoryAll into a category string.")
+	}
+	symbol, ok := logCategoryToString[category]
+	if ok {
+		return symbol, nil
+	}
+
+	return "", fmt.Errorf("unknown LogCategory: %d", category)
+}
+
+// StringToLogCategory returns LogCategory mask matching given string category.
+//
+// The given string should be a single category, and not "all". To convert "all"
+// into a list of enabled log categories, use LogCategoryFromStrings.
+//
+// It returns LogCategory representation of the given category string, or en
+// error if either "all" or unknown string has been given.
+func StringToLogCategory(sym string) (LogCategory, error) {
+	if sym == logCategoryToString[LogCategoryAll] {
+		return 0, fmt.Errorf("cannot convert \"all\" category string into LogCategory")
+	}
+	for key, value := range logCategoryToString {
+		if value == sym {
+			return key, nil
+		}
+	}
+
+	return 0, fmt.Errorf("Unknown logging symbol: %s", sym)
+}
+
+type categoryLogger struct {
+	logger        *slog.Logger
+	discardLogger *slog.Logger
+	categories    LogCategory
+}
+
+func newCategoryLogger(logger *slog.Logger, categories LogCategory) *categoryLogger {
+	return &categoryLogger{
+		logger:        logger,
+		discardLogger: slog.New(discardHandler{}),
+		categories:    categories,
+	}
+}
+
+func (l *categoryLogger) WithLogCategory(category LogCategory) *slog.Logger {
+	matched, ok := logCategoryToString[category]
+
+	// If the category cannot be matched, instead of returning
+	// error we use "unknown" instead.
+	if !ok {
+		matched = "unknown"
+	}
+
+	if l.categories&category == category {
+		return l.logger.WithGroup(matched)
+	}
+	return l.discardLogger.WithGroup(matched)
+}
+
+func (l *categoryLogger) enabledFor(category LogCategory) bool {
+	return l.categories&category == category
+}
diff --git a/logging_test.go b/logging_test.go
new file mode 100644
index 00000000..b48a73e3
--- /dev/null
+++ b/logging_test.go
@@ -0,0 +1,90 @@
+package pango
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("While configuring logging", func() {
+	When("converting category strings into LogCategory bitmask", func() {
+		Context("with unknown string category", func() {
+			It("should fail with error message", func() {
+				categories := []string{"invalid"}
+				_, err := LogCategoryFromStrings(categories)
+				Expect(err).Should(HaveOccurred())
+			})
+		})
+
+		Context("with \"all\" string present", func() {
+			It("should return LogCategoryMask without LogCategorySensitive bit set", func() {
+				categories := []string{"all"}
+				categoriesMask, err := LogCategoryFromStrings(categories)
+				Expect(err).Should(Succeed())
+				Expect(categoriesMask & LogCategorySensitive).ShouldNot(Equal(LogCategorySensitive))
+			})
+		})
+
+		Context("with \"sensitive\" string present", func() {
+			It("should return LogCategoryMask with LogCategorySensitive bit set", func() {
+				categories := []string{"receive", "sensitive"}
+				categoriesMask, err := LogCategoryFromStrings(categories)
+				Expect(err).Should(Succeed())
+				expectedMask := LogCategoryReceive | LogCategorySensitive
+				Expect(categoriesMask).To(Equal(expectedMask))
+			})
+		})
+	})
+
+	When("converting LogCategory bitmask into category strings", func() {
+		Context("with invalid bitmask set", func() {
+			It("should return error about LogCategoty bitmask being invalid", func() {
+				categories := LogCategory(1 << 31)
+				_, err := LogCategoryAsStrings(categories)
+				Expect(err).Should(HaveOccurred())
+			})
+		})
+
+		Context("with valid bitmask without LogCategorySensitive", func() {
+			It("the list should not \"sensitive\" category", func() {
+				categories := LogCategoryReceive | LogCategorySend
+				result, err := LogCategoryAsStrings(categories)
+				Expect(err).ShouldNot(HaveOccurred())
+				Expect(result).Should(ContainElements([]string{"send", "receive"}))
+				Expect(result).ShouldNot(ContainElement("sensitive"))
+			})
+		})
+
+		Context("with bitmask set to LogCategoryAll", func() {
+			var categories []string
+			BeforeEach(func() {
+				for _, v := range logCategoryToString {
+					if v != "all" && v != "sensitive" {
+						categories = append(categories, v)
+					}
+
+				}
+			})
+
+			It("the list should not contain \"all\" category", func() {
+				result, err := LogCategoryAsStrings(LogCategoryAll)
+				Expect(err).ShouldNot(HaveOccurred())
+				Expect(result).ShouldNot(ContainElement("all"))
+			})
+
+			It("the list should not contain \"sensitive\" category", func() {
+				result, err := LogCategoryAsStrings(LogCategoryAll)
+				Expect(err).ShouldNot(HaveOccurred())
+				Expect(result).ShouldNot(ContainElement("sensitive"))
+			})
+		})
+
+		Context("with explicitly added LogCategorySensitive", func() {
+			It("should have \"sensitive\" element", func() {
+				result, err := LogCategoryAsStrings(LogCategoryCurl | LogCategorySensitive)
+				Expect(err).ShouldNot(HaveOccurred())
+				Expect(result).To(HaveLen(2))
+				Expect(result).Should(ContainElements([]string{"curl", "sensitive"}))
+			})
+		})
+	})
+})
diff --git a/network/interface/ethernet/entry.go b/network/interface/ethernet/entry.go
new file mode 100644
index 00000000..9d8dd903
--- /dev/null
+++ b/network/interface/ethernet/entry.go
@@ -0,0 +1,1823 @@
+package ethernet
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"network", "interface", "ethernet"}
+)
+
+type Entry struct {
+	Name       string
+	Comment    *string
+	LinkDuplex *string
+	LinkSpeed  *string
+	LinkState  *string
+	Poe        *Poe
+	Ha         *Ha
+	Layer3     *Layer3
+	Tap        *Tap
+
+	Misc map[string][]generic.Xml
+}
+
+type Ha struct {
+}
+type Layer3 struct {
+	AdjustTcpMss               *Layer3AdjustTcpMss
+	Arp                        []Layer3Arp
+	Bonjour                    *Layer3Bonjour
+	DhcpClient                 *Layer3DhcpClient
+	InterfaceManagementProfile *string
+	Ips                        []Layer3Ips
+	Ipv6                       *Layer3Ipv6
+	Lldp                       *Layer3Lldp
+	Mtu                        *int64
+	NdpProxy                   *bool
+	NetflowProfile             *string
+	SdwanLinkSettings          *Layer3SdwanLinkSettings
+	UntaggedSubInterface       *bool
+}
+type Layer3AdjustTcpMss struct {
+	Enable            *bool
+	Ipv4MssAdjustment *int64
+	Ipv6MssAdjustment *int64
+}
+type Layer3Arp struct {
+	HwAddress *string
+	Name      string
+}
+type Layer3Bonjour struct {
+	Enable *bool
+}
+type Layer3DhcpClient struct {
+	CreateDefaultRoute *bool
+	DefaultRouteMetric *int64
+	Enable             *bool
+	SendHostname       *Layer3DhcpClientSendHostname
+}
+type Layer3DhcpClientSendHostname struct {
+	Enable   *bool
+	Hostname *string
+}
+type Layer3Ips struct {
+	Name         string
+	SdwanGateway *string
+}
+type Layer3Ipv6 struct {
+	Addresses         []Layer3Ipv6Addresses
+	DnsServer         *Layer3Ipv6DnsServer
+	Enabled           *bool
+	InterfaceId       *string
+	NeighborDiscovery *Layer3Ipv6NeighborDiscovery
+}
+type Layer3Ipv6Addresses struct {
+	Advertise         *Layer3Ipv6AddressesAdvertise
+	Anycast           *string
+	EnableOnInterface *bool
+	Name              string
+	Prefix            *string
+}
+type Layer3Ipv6AddressesAdvertise struct {
+	AutoConfigFlag    *bool
+	Enable            *bool
+	OnlinkFlag        *bool
+	PreferredLifetime *string
+	ValidLifetime     *string
+}
+type Layer3Ipv6DnsServer struct {
+	DnsSupport *Layer3Ipv6DnsServerDnsSupport
+	Enable     *bool
+	Source     *Layer3Ipv6DnsServerSource
+}
+type Layer3Ipv6DnsServerDnsSupport struct {
+	Enable *bool
+	Server []Layer3Ipv6DnsServerDnsSupportServer
+	Suffix []Layer3Ipv6DnsServerDnsSupportSuffix
+}
+type Layer3Ipv6DnsServerDnsSupportServer struct {
+	Lifetime *int64
+	Name     string
+}
+type Layer3Ipv6DnsServerDnsSupportSuffix struct {
+	Lifetime *int64
+	Name     string
+}
+type Layer3Ipv6DnsServerSource struct {
+	Dhcpv6 *Layer3Ipv6DnsServerSourceDhcpv6
+	Manual *Layer3Ipv6DnsServerSourceManual
+}
+type Layer3Ipv6DnsServerSourceDhcpv6 struct {
+	PrefixPool *string
+}
+type Layer3Ipv6DnsServerSourceManual struct {
+	Suffix []Layer3Ipv6DnsServerSourceManualSuffix
+}
+type Layer3Ipv6DnsServerSourceManualSuffix struct {
+	Lifetime *int64
+	Name     string
+}
+type Layer3Ipv6NeighborDiscovery struct {
+	DadAttempts         *int64
+	EnableDad           *bool
+	EnableNdpMonitor    *bool
+	Neighbor            []Layer3Ipv6NeighborDiscoveryNeighbor
+	NsInterval          *int64
+	ReachableTime       *int64
+	RouterAdvertisement *Layer3Ipv6NeighborDiscoveryRouterAdvertisement
+}
+type Layer3Ipv6NeighborDiscoveryNeighbor struct {
+	HwAddress *string
+	Name      string
+}
+type Layer3Ipv6NeighborDiscoveryRouterAdvertisement struct {
+	Enable                 *bool
+	EnableConsistencyCheck *bool
+	HopLimit               *string
+	Lifetime               *int64
+	LinkMtu                *string
+	ManagedFlag            *bool
+	MaxInterval            *int64
+	MinInterval            *int64
+	OtherFlag              *bool
+	ReachableTime          *string
+	RetransmissionTimer    *string
+	RouterPreference       *string
+}
+type Layer3Lldp struct {
+	Enable  *bool
+	Profile *string
+}
+type Layer3SdwanLinkSettings struct {
+	Enable                *bool
+	SdwanInterfaceProfile *string
+	UpstreamNat           *Layer3SdwanLinkSettingsUpstreamNat
+}
+type Layer3SdwanLinkSettingsUpstreamNat struct {
+	Enable   *bool
+	StaticIp *string
+}
+type Poe struct {
+	Enabled       *bool
+	ReservedPower *int64
+}
+type Tap struct {
+	NetflowProfile *string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName    xml.Name `xml:"entry"`
+	Name       string   `xml:"name,attr"`
+	Comment    *string  `xml:"comment,omitempty"`
+	LinkDuplex *string  `xml:"link-duplex,omitempty"`
+	LinkSpeed  *string  `xml:"link-speed,omitempty"`
+	LinkState  *string  `xml:"link-state,omitempty"`
+	Poe        *PoeXml
+	Ha         *HaXml     `xml:"ha,omitempty"`
+	Layer3     *Layer3Xml `xml:"layer3,omitempty"`
+	Tap        *TapXml    `xml:"tap,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type HaXml struct {
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Xml struct {
+	AdjustTcpMss               *Layer3AdjustTcpMssXml      `xml:"adjust-tcp-mss,omitempty"`
+	Arp                        []Layer3ArpXml              `xml:"arp>entry,omitempty"`
+	Bonjour                    *Layer3BonjourXml           `xml:"bonjour,omitempty"`
+	DhcpClient                 *Layer3DhcpClientXml        `xml:"dhcp-client,omitempty"`
+	InterfaceManagementProfile *string                     `xml:"interface-management-profile,omitempty"`
+	Ips                        []Layer3IpsXml              `xml:"ip>entry,omitempty"`
+	Ipv6                       *Layer3Ipv6Xml              `xml:"ipv6,omitempty"`
+	Lldp                       *Layer3LldpXml              `xml:"lldp,omitempty"`
+	Mtu                        *int64                      `xml:"mtu,omitempty"`
+	NdpProxy                   *string                     `xml:"ndp-proxy>enabled,omitempty"`
+	NetflowProfile             *string                     `xml:"netflow-profile,omitempty"`
+	SdwanLinkSettings          *Layer3SdwanLinkSettingsXml `xml:"sdwan-link-settings,omitempty"`
+	UntaggedSubInterface       *string                     `xml:"untagged-sub-interface,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3AdjustTcpMssXml struct {
+	Enable            *string `xml:"enable,omitempty"`
+	Ipv4MssAdjustment *int64  `xml:"ipv4-mss-adjustment,omitempty"`
+	Ipv6MssAdjustment *int64  `xml:"ipv6-mss-adjustment,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3ArpXml struct {
+	HwAddress *string  `xml:"hw-address,omitempty"`
+	XMLName   xml.Name `xml:"entry"`
+	Name      string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3BonjourXml struct {
+	Enable *string
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3DhcpClientXml struct {
+	CreateDefaultRoute *string                          `xml:"create-default-route,omitempty"`
+	DefaultRouteMetric *int64                           `xml:"default-route-metric,omitempty"`
+	Enable             *string                          `xml:"enable,omitempty"`
+	SendHostname       *Layer3DhcpClientSendHostnameXml `xml:"send-hostname,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3DhcpClientSendHostnameXml struct {
+	Enable   *string `xml:"enable,omitempty"`
+	Hostname *string `xml:"hostname,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3IpsXml struct {
+	XMLName      xml.Name `xml:"entry"`
+	Name         string   `xml:"name,attr"`
+	SdwanGateway *string  `xml:"sdwan-gateway,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6Xml struct {
+	Addresses         []Layer3Ipv6AddressesXml        `xml:"address>entry,omitempty"`
+	DnsServer         *Layer3Ipv6DnsServerXml         `xml:"dns-server,omitempty"`
+	Enabled           *string                         `xml:"enabled,omitempty"`
+	InterfaceId       *string                         `xml:"interface-id,omitempty"`
+	NeighborDiscovery *Layer3Ipv6NeighborDiscoveryXml `xml:"neighbor-discovery,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6AddressesXml struct {
+	Advertise         *Layer3Ipv6AddressesAdvertiseXml `xml:"advertise,omitempty"`
+	Anycast           *string                          `xml:"anycast,omitempty"`
+	EnableOnInterface *string                          `xml:"enable-on-interface,omitempty"`
+	XMLName           xml.Name                         `xml:"entry"`
+	Name              string                           `xml:"name,attr"`
+	Prefix            *string                          `xml:"prefix,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6AddressesAdvertiseXml struct {
+	AutoConfigFlag    *string `xml:"auto-config-flag,omitempty"`
+	Enable            *string `xml:"enable,omitempty"`
+	OnlinkFlag        *string `xml:"onlink-flag,omitempty"`
+	PreferredLifetime *string `xml:"preferred-lifetime,omitempty"`
+	ValidLifetime     *string `xml:"valid-lifetime,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerXml struct {
+	DnsSupport *Layer3Ipv6DnsServerDnsSupportXml `xml:"dns-support,omitempty"`
+	Enable     *string                           `xml:"enable,omitempty"`
+	Source     *Layer3Ipv6DnsServerSourceXml     `xml:"source,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerDnsSupportXml struct {
+	Enable *string
+	Server []Layer3Ipv6DnsServerDnsSupportServerXml `xml:"server>entry,omitempty"`
+	Suffix []Layer3Ipv6DnsServerDnsSupportSuffixXml `xml:"suffix>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerDnsSupportServerXml struct {
+	Lifetime *int64
+	XMLName  xml.Name `xml:"entry"`
+	Name     string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerDnsSupportSuffixXml struct {
+	Lifetime *int64
+	XMLName  xml.Name `xml:"entry"`
+	Name     string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerSourceXml struct {
+	Dhcpv6 *Layer3Ipv6DnsServerSourceDhcpv6Xml `xml:"dhcpv6,omitempty"`
+	Manual *Layer3Ipv6DnsServerSourceManualXml `xml:"manual,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerSourceDhcpv6Xml struct {
+	PrefixPool *string `xml:"prefix-pool,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerSourceManualXml struct {
+	Suffix []Layer3Ipv6DnsServerSourceManualSuffixXml `xml:"suffix>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6DnsServerSourceManualSuffixXml struct {
+	Lifetime *int64   `xml:"lifetime,omitempty"`
+	XMLName  xml.Name `xml:"entry"`
+	Name     string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6NeighborDiscoveryXml struct {
+	DadAttempts         *int64                                             `xml:"dad-attempts,omitempty"`
+	EnableDad           *string                                            `xml:"enable-dad,omitempty"`
+	EnableNdpMonitor    *string                                            `xml:"enable-ndp-monitor,omitempty"`
+	Neighbor            []Layer3Ipv6NeighborDiscoveryNeighborXml           `xml:"neighbor>entry,omitempty"`
+	NsInterval          *int64                                             `xml:"ns-interval,omitempty"`
+	ReachableTime       *int64                                             `xml:"reachable-time,omitempty"`
+	RouterAdvertisement *Layer3Ipv6NeighborDiscoveryRouterAdvertisementXml `xml:"router-advertisement,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6NeighborDiscoveryNeighborXml struct {
+	HwAddress *string  `xml:"hw-address,omitempty"`
+	XMLName   xml.Name `xml:"entry"`
+	Name      string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3Ipv6NeighborDiscoveryRouterAdvertisementXml struct {
+	Enable                 *string `xml:"enable,omitempty"`
+	EnableConsistencyCheck *string `xml:"enable-consistency-check,omitempty"`
+	HopLimit               *string `xml:"hop-limit,omitempty"`
+	Lifetime               *int64  `xml:"lifetime,omitempty"`
+	LinkMtu                *string `xml:"link-mtu,omitempty"`
+	ManagedFlag            *string `xml:"managed-flag,omitempty"`
+	MaxInterval            *int64  `xml:"max-interval,omitempty"`
+	MinInterval            *int64  `xml:"min-interval,omitempty"`
+	OtherFlag              *string `xml:"other-flag,omitempty"`
+	ReachableTime          *string `xml:"reachable-time,omitempty"`
+	RetransmissionTimer    *string `xml:"retransmission-timer,omitempty"`
+	RouterPreference       *string `xml:"router-preference,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3LldpXml struct {
+	Enable  *string `xml:"enable,omitempty"`
+	Profile *string `xml:"profile,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3SdwanLinkSettingsXml struct {
+	Enable                *string                                `xml:"enable,omitempty"`
+	SdwanInterfaceProfile *string                                `xml:"sdwan-interface-profile,omitempty"`
+	UpstreamNat           *Layer3SdwanLinkSettingsUpstreamNatXml `xml:"upstream-nat,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Layer3SdwanLinkSettingsUpstreamNatXml struct {
+	Enable   *string `xml:"enable,omitempty"`
+	StaticIp *string `xml:"static-ip>ip-address,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type PoeXml struct {
+	Enabled       *string `xml:"poe-enabled,omitempty"`
+	ReservedPower *int64  `xml:"poe-rsvd-pwr,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type TapXml struct {
+	NetflowProfile *string `xml:"netflow-profile,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "comment" || v == "Comment" {
+		return e.Comment, nil
+	}
+	if v == "link_duplex" || v == "LinkDuplex" {
+		return e.LinkDuplex, nil
+	}
+	if v == "link_speed" || v == "LinkSpeed" {
+		return e.LinkSpeed, nil
+	}
+	if v == "link_state" || v == "LinkState" {
+		return e.LinkState, nil
+	}
+	if v == "poe" || v == "Poe" {
+		return e.Poe, nil
+	}
+	if v == "ha" || v == "Ha" {
+		return e.Ha, nil
+	}
+	if v == "layer3" || v == "Layer3" {
+		return e.Layer3, nil
+	}
+	if v == "tap" || v == "Tap" {
+		return e.Tap, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Comment = o.Comment
+	entry.LinkDuplex = o.LinkDuplex
+	entry.LinkSpeed = o.LinkSpeed
+	entry.LinkState = o.LinkState
+	var nestedPoe *PoeXml
+	if o.Poe != nil {
+		nestedPoe = &PoeXml{}
+		if _, ok := o.Misc["Poe"]; ok {
+			nestedPoe.Misc = o.Misc["Poe"]
+		}
+		if o.Poe.ReservedPower != nil {
+			nestedPoe.ReservedPower = o.Poe.ReservedPower
+		}
+		if o.Poe.Enabled != nil {
+			nestedPoe.Enabled = util.YesNo(o.Poe.Enabled, nil)
+		}
+	}
+	entry.Poe = nestedPoe
+
+	var nestedHa *HaXml
+	if o.Ha != nil {
+		nestedHa = &HaXml{}
+		if _, ok := o.Misc["Ha"]; ok {
+			nestedHa.Misc = o.Misc["Ha"]
+		}
+	}
+	entry.Ha = nestedHa
+
+	var nestedLayer3 *Layer3Xml
+	if o.Layer3 != nil {
+		nestedLayer3 = &Layer3Xml{}
+		if _, ok := o.Misc["Layer3"]; ok {
+			nestedLayer3.Misc = o.Misc["Layer3"]
+		}
+		if o.Layer3.Bonjour != nil {
+			nestedLayer3.Bonjour = &Layer3BonjourXml{}
+			if _, ok := o.Misc["Layer3Bonjour"]; ok {
+				nestedLayer3.Bonjour.Misc = o.Misc["Layer3Bonjour"]
+			}
+			if o.Layer3.Bonjour.Enable != nil {
+				nestedLayer3.Bonjour.Enable = util.YesNo(o.Layer3.Bonjour.Enable, nil)
+			}
+		}
+		if o.Layer3.UntaggedSubInterface != nil {
+			nestedLayer3.UntaggedSubInterface = util.YesNo(o.Layer3.UntaggedSubInterface, nil)
+		}
+		if o.Layer3.Arp != nil {
+			nestedLayer3.Arp = []Layer3ArpXml{}
+			for _, oLayer3Arp := range o.Layer3.Arp {
+				nestedLayer3Arp := Layer3ArpXml{}
+				if _, ok := o.Misc["Layer3Arp"]; ok {
+					nestedLayer3Arp.Misc = o.Misc["Layer3Arp"]
+				}
+				if oLayer3Arp.HwAddress != nil {
+					nestedLayer3Arp.HwAddress = oLayer3Arp.HwAddress
+				}
+				if oLayer3Arp.Name != "" {
+					nestedLayer3Arp.Name = oLayer3Arp.Name
+				}
+				nestedLayer3.Arp = append(nestedLayer3.Arp, nestedLayer3Arp)
+			}
+		}
+		if o.Layer3.NdpProxy != nil {
+			nestedLayer3.NdpProxy = util.YesNo(o.Layer3.NdpProxy, nil)
+		}
+		if o.Layer3.Lldp != nil {
+			nestedLayer3.Lldp = &Layer3LldpXml{}
+			if _, ok := o.Misc["Layer3Lldp"]; ok {
+				nestedLayer3.Lldp.Misc = o.Misc["Layer3Lldp"]
+			}
+			if o.Layer3.Lldp.Enable != nil {
+				nestedLayer3.Lldp.Enable = util.YesNo(o.Layer3.Lldp.Enable, nil)
+			}
+			if o.Layer3.Lldp.Profile != nil {
+				nestedLayer3.Lldp.Profile = o.Layer3.Lldp.Profile
+			}
+		}
+		if o.Layer3.DhcpClient != nil {
+			nestedLayer3.DhcpClient = &Layer3DhcpClientXml{}
+			if _, ok := o.Misc["Layer3DhcpClient"]; ok {
+				nestedLayer3.DhcpClient.Misc = o.Misc["Layer3DhcpClient"]
+			}
+			if o.Layer3.DhcpClient.SendHostname != nil {
+				nestedLayer3.DhcpClient.SendHostname = &Layer3DhcpClientSendHostnameXml{}
+				if _, ok := o.Misc["Layer3DhcpClientSendHostname"]; ok {
+					nestedLayer3.DhcpClient.SendHostname.Misc = o.Misc["Layer3DhcpClientSendHostname"]
+				}
+				if o.Layer3.DhcpClient.SendHostname.Enable != nil {
+					nestedLayer3.DhcpClient.SendHostname.Enable = util.YesNo(o.Layer3.DhcpClient.SendHostname.Enable, nil)
+				}
+				if o.Layer3.DhcpClient.SendHostname.Hostname != nil {
+					nestedLayer3.DhcpClient.SendHostname.Hostname = o.Layer3.DhcpClient.SendHostname.Hostname
+				}
+			}
+			if o.Layer3.DhcpClient.Enable != nil {
+				nestedLayer3.DhcpClient.Enable = util.YesNo(o.Layer3.DhcpClient.Enable, nil)
+			}
+			if o.Layer3.DhcpClient.CreateDefaultRoute != nil {
+				nestedLayer3.DhcpClient.CreateDefaultRoute = util.YesNo(o.Layer3.DhcpClient.CreateDefaultRoute, nil)
+			}
+			if o.Layer3.DhcpClient.DefaultRouteMetric != nil {
+				nestedLayer3.DhcpClient.DefaultRouteMetric = o.Layer3.DhcpClient.DefaultRouteMetric
+			}
+		}
+		if o.Layer3.NetflowProfile != nil {
+			nestedLayer3.NetflowProfile = o.Layer3.NetflowProfile
+		}
+		if o.Layer3.SdwanLinkSettings != nil {
+			nestedLayer3.SdwanLinkSettings = &Layer3SdwanLinkSettingsXml{}
+			if _, ok := o.Misc["Layer3SdwanLinkSettings"]; ok {
+				nestedLayer3.SdwanLinkSettings.Misc = o.Misc["Layer3SdwanLinkSettings"]
+			}
+			if o.Layer3.SdwanLinkSettings.Enable != nil {
+				nestedLayer3.SdwanLinkSettings.Enable = util.YesNo(o.Layer3.SdwanLinkSettings.Enable, nil)
+			}
+			if o.Layer3.SdwanLinkSettings.SdwanInterfaceProfile != nil {
+				nestedLayer3.SdwanLinkSettings.SdwanInterfaceProfile = o.Layer3.SdwanLinkSettings.SdwanInterfaceProfile
+			}
+			if o.Layer3.SdwanLinkSettings.UpstreamNat != nil {
+				nestedLayer3.SdwanLinkSettings.UpstreamNat = &Layer3SdwanLinkSettingsUpstreamNatXml{}
+				if _, ok := o.Misc["Layer3SdwanLinkSettingsUpstreamNat"]; ok {
+					nestedLayer3.SdwanLinkSettings.UpstreamNat.Misc = o.Misc["Layer3SdwanLinkSettingsUpstreamNat"]
+				}
+				if o.Layer3.SdwanLinkSettings.UpstreamNat.Enable != nil {
+					nestedLayer3.SdwanLinkSettings.UpstreamNat.Enable = util.YesNo(o.Layer3.SdwanLinkSettings.UpstreamNat.Enable, nil)
+				}
+				if o.Layer3.SdwanLinkSettings.UpstreamNat.StaticIp != nil {
+					nestedLayer3.SdwanLinkSettings.UpstreamNat.StaticIp = o.Layer3.SdwanLinkSettings.UpstreamNat.StaticIp
+				}
+			}
+		}
+		if o.Layer3.AdjustTcpMss != nil {
+			nestedLayer3.AdjustTcpMss = &Layer3AdjustTcpMssXml{}
+			if _, ok := o.Misc["Layer3AdjustTcpMss"]; ok {
+				nestedLayer3.AdjustTcpMss.Misc = o.Misc["Layer3AdjustTcpMss"]
+			}
+			if o.Layer3.AdjustTcpMss.Ipv6MssAdjustment != nil {
+				nestedLayer3.AdjustTcpMss.Ipv6MssAdjustment = o.Layer3.AdjustTcpMss.Ipv6MssAdjustment
+			}
+			if o.Layer3.AdjustTcpMss.Enable != nil {
+				nestedLayer3.AdjustTcpMss.Enable = util.YesNo(o.Layer3.AdjustTcpMss.Enable, nil)
+			}
+			if o.Layer3.AdjustTcpMss.Ipv4MssAdjustment != nil {
+				nestedLayer3.AdjustTcpMss.Ipv4MssAdjustment = o.Layer3.AdjustTcpMss.Ipv4MssAdjustment
+			}
+		}
+		if o.Layer3.Mtu != nil {
+			nestedLayer3.Mtu = o.Layer3.Mtu
+		}
+		if o.Layer3.Ips != nil {
+			nestedLayer3.Ips = []Layer3IpsXml{}
+			for _, oLayer3Ips := range o.Layer3.Ips {
+				nestedLayer3Ips := Layer3IpsXml{}
+				if _, ok := o.Misc["Layer3Ips"]; ok {
+					nestedLayer3Ips.Misc = o.Misc["Layer3Ips"]
+				}
+				if oLayer3Ips.SdwanGateway != nil {
+					nestedLayer3Ips.SdwanGateway = oLayer3Ips.SdwanGateway
+				}
+				if oLayer3Ips.Name != "" {
+					nestedLayer3Ips.Name = oLayer3Ips.Name
+				}
+				nestedLayer3.Ips = append(nestedLayer3.Ips, nestedLayer3Ips)
+			}
+		}
+		if o.Layer3.Ipv6 != nil {
+			nestedLayer3.Ipv6 = &Layer3Ipv6Xml{}
+			if _, ok := o.Misc["Layer3Ipv6"]; ok {
+				nestedLayer3.Ipv6.Misc = o.Misc["Layer3Ipv6"]
+			}
+			if o.Layer3.Ipv6.Enabled != nil {
+				nestedLayer3.Ipv6.Enabled = util.YesNo(o.Layer3.Ipv6.Enabled, nil)
+			}
+			if o.Layer3.Ipv6.InterfaceId != nil {
+				nestedLayer3.Ipv6.InterfaceId = o.Layer3.Ipv6.InterfaceId
+			}
+			if o.Layer3.Ipv6.Addresses != nil {
+				nestedLayer3.Ipv6.Addresses = []Layer3Ipv6AddressesXml{}
+				for _, oLayer3Ipv6Addresses := range o.Layer3.Ipv6.Addresses {
+					nestedLayer3Ipv6Addresses := Layer3Ipv6AddressesXml{}
+					if _, ok := o.Misc["Layer3Ipv6Addresses"]; ok {
+						nestedLayer3Ipv6Addresses.Misc = o.Misc["Layer3Ipv6Addresses"]
+					}
+					if oLayer3Ipv6Addresses.Name != "" {
+						nestedLayer3Ipv6Addresses.Name = oLayer3Ipv6Addresses.Name
+					}
+					if oLayer3Ipv6Addresses.EnableOnInterface != nil {
+						nestedLayer3Ipv6Addresses.EnableOnInterface = util.YesNo(oLayer3Ipv6Addresses.EnableOnInterface, nil)
+					}
+					if oLayer3Ipv6Addresses.Prefix != nil {
+						nestedLayer3Ipv6Addresses.Prefix = oLayer3Ipv6Addresses.Prefix
+					}
+					if oLayer3Ipv6Addresses.Anycast != nil {
+						nestedLayer3Ipv6Addresses.Anycast = oLayer3Ipv6Addresses.Anycast
+					}
+					if oLayer3Ipv6Addresses.Advertise != nil {
+						nestedLayer3Ipv6Addresses.Advertise = &Layer3Ipv6AddressesAdvertiseXml{}
+						if _, ok := o.Misc["Layer3Ipv6AddressesAdvertise"]; ok {
+							nestedLayer3Ipv6Addresses.Advertise.Misc = o.Misc["Layer3Ipv6AddressesAdvertise"]
+						}
+						if oLayer3Ipv6Addresses.Advertise.OnlinkFlag != nil {
+							nestedLayer3Ipv6Addresses.Advertise.OnlinkFlag = util.YesNo(oLayer3Ipv6Addresses.Advertise.OnlinkFlag, nil)
+						}
+						if oLayer3Ipv6Addresses.Advertise.AutoConfigFlag != nil {
+							nestedLayer3Ipv6Addresses.Advertise.AutoConfigFlag = util.YesNo(oLayer3Ipv6Addresses.Advertise.AutoConfigFlag, nil)
+						}
+						if oLayer3Ipv6Addresses.Advertise.Enable != nil {
+							nestedLayer3Ipv6Addresses.Advertise.Enable = util.YesNo(oLayer3Ipv6Addresses.Advertise.Enable, nil)
+						}
+						if oLayer3Ipv6Addresses.Advertise.ValidLifetime != nil {
+							nestedLayer3Ipv6Addresses.Advertise.ValidLifetime = oLayer3Ipv6Addresses.Advertise.ValidLifetime
+						}
+						if oLayer3Ipv6Addresses.Advertise.PreferredLifetime != nil {
+							nestedLayer3Ipv6Addresses.Advertise.PreferredLifetime = oLayer3Ipv6Addresses.Advertise.PreferredLifetime
+						}
+					}
+					nestedLayer3.Ipv6.Addresses = append(nestedLayer3.Ipv6.Addresses, nestedLayer3Ipv6Addresses)
+				}
+			}
+			if o.Layer3.Ipv6.NeighborDiscovery != nil {
+				nestedLayer3.Ipv6.NeighborDiscovery = &Layer3Ipv6NeighborDiscoveryXml{}
+				if _, ok := o.Misc["Layer3Ipv6NeighborDiscovery"]; ok {
+					nestedLayer3.Ipv6.NeighborDiscovery.Misc = o.Misc["Layer3Ipv6NeighborDiscovery"]
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.NsInterval != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.NsInterval = o.Layer3.Ipv6.NeighborDiscovery.NsInterval
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.ReachableTime != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.ReachableTime = o.Layer3.Ipv6.NeighborDiscovery.ReachableTime
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement = &Layer3Ipv6NeighborDiscoveryRouterAdvertisementXml{}
+					if _, ok := o.Misc["Layer3Ipv6NeighborDiscoveryRouterAdvertisement"]; ok {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Misc = o.Misc["Layer3Ipv6NeighborDiscoveryRouterAdvertisement"]
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference
+					}
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.Neighbor != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.Neighbor = []Layer3Ipv6NeighborDiscoveryNeighborXml{}
+					for _, oLayer3Ipv6NeighborDiscoveryNeighbor := range o.Layer3.Ipv6.NeighborDiscovery.Neighbor {
+						nestedLayer3Ipv6NeighborDiscoveryNeighbor := Layer3Ipv6NeighborDiscoveryNeighborXml{}
+						if _, ok := o.Misc["Layer3Ipv6NeighborDiscoveryNeighbor"]; ok {
+							nestedLayer3Ipv6NeighborDiscoveryNeighbor.Misc = o.Misc["Layer3Ipv6NeighborDiscoveryNeighbor"]
+						}
+						if oLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress != nil {
+							nestedLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress = oLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress
+						}
+						if oLayer3Ipv6NeighborDiscoveryNeighbor.Name != "" {
+							nestedLayer3Ipv6NeighborDiscoveryNeighbor.Name = oLayer3Ipv6NeighborDiscoveryNeighbor.Name
+						}
+						nestedLayer3.Ipv6.NeighborDiscovery.Neighbor = append(nestedLayer3.Ipv6.NeighborDiscovery.Neighbor, nestedLayer3Ipv6NeighborDiscoveryNeighbor)
+					}
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.EnableNdpMonitor != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.EnableNdpMonitor = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.EnableNdpMonitor, nil)
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.EnableDad != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.EnableDad = util.YesNo(o.Layer3.Ipv6.NeighborDiscovery.EnableDad, nil)
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery.DadAttempts != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery.DadAttempts = o.Layer3.Ipv6.NeighborDiscovery.DadAttempts
+				}
+			}
+			if o.Layer3.Ipv6.DnsServer != nil {
+				nestedLayer3.Ipv6.DnsServer = &Layer3Ipv6DnsServerXml{}
+				if _, ok := o.Misc["Layer3Ipv6DnsServer"]; ok {
+					nestedLayer3.Ipv6.DnsServer.Misc = o.Misc["Layer3Ipv6DnsServer"]
+				}
+				if o.Layer3.Ipv6.DnsServer.Enable != nil {
+					nestedLayer3.Ipv6.DnsServer.Enable = util.YesNo(o.Layer3.Ipv6.DnsServer.Enable, nil)
+				}
+				if o.Layer3.Ipv6.DnsServer.Source != nil {
+					nestedLayer3.Ipv6.DnsServer.Source = &Layer3Ipv6DnsServerSourceXml{}
+					if _, ok := o.Misc["Layer3Ipv6DnsServerSource"]; ok {
+						nestedLayer3.Ipv6.DnsServer.Source.Misc = o.Misc["Layer3Ipv6DnsServerSource"]
+					}
+					if o.Layer3.Ipv6.DnsServer.Source.Dhcpv6 != nil {
+						nestedLayer3.Ipv6.DnsServer.Source.Dhcpv6 = &Layer3Ipv6DnsServerSourceDhcpv6Xml{}
+						if _, ok := o.Misc["Layer3Ipv6DnsServerSourceDhcpv6"]; ok {
+							nestedLayer3.Ipv6.DnsServer.Source.Dhcpv6.Misc = o.Misc["Layer3Ipv6DnsServerSourceDhcpv6"]
+						}
+						if o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool != nil {
+							nestedLayer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool = o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool
+						}
+					}
+					if o.Layer3.Ipv6.DnsServer.Source.Manual != nil {
+						nestedLayer3.Ipv6.DnsServer.Source.Manual = &Layer3Ipv6DnsServerSourceManualXml{}
+						if _, ok := o.Misc["Layer3Ipv6DnsServerSourceManual"]; ok {
+							nestedLayer3.Ipv6.DnsServer.Source.Manual.Misc = o.Misc["Layer3Ipv6DnsServerSourceManual"]
+						}
+						if o.Layer3.Ipv6.DnsServer.Source.Manual.Suffix != nil {
+							nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix = []Layer3Ipv6DnsServerSourceManualSuffixXml{}
+							for _, oLayer3Ipv6DnsServerSourceManualSuffix := range o.Layer3.Ipv6.DnsServer.Source.Manual.Suffix {
+								nestedLayer3Ipv6DnsServerSourceManualSuffix := Layer3Ipv6DnsServerSourceManualSuffixXml{}
+								if _, ok := o.Misc["Layer3Ipv6DnsServerSourceManualSuffix"]; ok {
+									nestedLayer3Ipv6DnsServerSourceManualSuffix.Misc = o.Misc["Layer3Ipv6DnsServerSourceManualSuffix"]
+								}
+								if oLayer3Ipv6DnsServerSourceManualSuffix.Lifetime != nil {
+									nestedLayer3Ipv6DnsServerSourceManualSuffix.Lifetime = oLayer3Ipv6DnsServerSourceManualSuffix.Lifetime
+								}
+								if oLayer3Ipv6DnsServerSourceManualSuffix.Name != "" {
+									nestedLayer3Ipv6DnsServerSourceManualSuffix.Name = oLayer3Ipv6DnsServerSourceManualSuffix.Name
+								}
+								nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix = append(nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix, nestedLayer3Ipv6DnsServerSourceManualSuffix)
+							}
+						}
+					}
+				}
+				if o.Layer3.Ipv6.DnsServer.DnsSupport != nil {
+					nestedLayer3.Ipv6.DnsServer.DnsSupport = &Layer3Ipv6DnsServerDnsSupportXml{}
+					if _, ok := o.Misc["Layer3Ipv6DnsServerDnsSupport"]; ok {
+						nestedLayer3.Ipv6.DnsServer.DnsSupport.Misc = o.Misc["Layer3Ipv6DnsServerDnsSupport"]
+					}
+					if o.Layer3.Ipv6.DnsServer.DnsSupport.Server != nil {
+						nestedLayer3.Ipv6.DnsServer.DnsSupport.Server = []Layer3Ipv6DnsServerDnsSupportServerXml{}
+						for _, oLayer3Ipv6DnsServerDnsSupportServer := range o.Layer3.Ipv6.DnsServer.DnsSupport.Server {
+							nestedLayer3Ipv6DnsServerDnsSupportServer := Layer3Ipv6DnsServerDnsSupportServerXml{}
+							if _, ok := o.Misc["Layer3Ipv6DnsServerDnsSupportServer"]; ok {
+								nestedLayer3Ipv6DnsServerDnsSupportServer.Misc = o.Misc["Layer3Ipv6DnsServerDnsSupportServer"]
+							}
+							if oLayer3Ipv6DnsServerDnsSupportServer.Name != "" {
+								nestedLayer3Ipv6DnsServerDnsSupportServer.Name = oLayer3Ipv6DnsServerDnsSupportServer.Name
+							}
+							if oLayer3Ipv6DnsServerDnsSupportServer.Lifetime != nil {
+								nestedLayer3Ipv6DnsServerDnsSupportServer.Lifetime = oLayer3Ipv6DnsServerDnsSupportServer.Lifetime
+							}
+							nestedLayer3.Ipv6.DnsServer.DnsSupport.Server = append(nestedLayer3.Ipv6.DnsServer.DnsSupport.Server, nestedLayer3Ipv6DnsServerDnsSupportServer)
+						}
+					}
+					if o.Layer3.Ipv6.DnsServer.DnsSupport.Suffix != nil {
+						nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix = []Layer3Ipv6DnsServerDnsSupportSuffixXml{}
+						for _, oLayer3Ipv6DnsServerDnsSupportSuffix := range o.Layer3.Ipv6.DnsServer.DnsSupport.Suffix {
+							nestedLayer3Ipv6DnsServerDnsSupportSuffix := Layer3Ipv6DnsServerDnsSupportSuffixXml{}
+							if _, ok := o.Misc["Layer3Ipv6DnsServerDnsSupportSuffix"]; ok {
+								nestedLayer3Ipv6DnsServerDnsSupportSuffix.Misc = o.Misc["Layer3Ipv6DnsServerDnsSupportSuffix"]
+							}
+							if oLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime != nil {
+								nestedLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime = oLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime
+							}
+							if oLayer3Ipv6DnsServerDnsSupportSuffix.Name != "" {
+								nestedLayer3Ipv6DnsServerDnsSupportSuffix.Name = oLayer3Ipv6DnsServerDnsSupportSuffix.Name
+							}
+							nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix = append(nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix, nestedLayer3Ipv6DnsServerDnsSupportSuffix)
+						}
+					}
+					if o.Layer3.Ipv6.DnsServer.DnsSupport.Enable != nil {
+						nestedLayer3.Ipv6.DnsServer.DnsSupport.Enable = util.YesNo(o.Layer3.Ipv6.DnsServer.DnsSupport.Enable, nil)
+					}
+				}
+			}
+		}
+		if o.Layer3.InterfaceManagementProfile != nil {
+			nestedLayer3.InterfaceManagementProfile = o.Layer3.InterfaceManagementProfile
+		}
+	}
+	entry.Layer3 = nestedLayer3
+
+	var nestedTap *TapXml
+	if o.Tap != nil {
+		nestedTap = &TapXml{}
+		if _, ok := o.Misc["Tap"]; ok {
+			nestedTap.Misc = o.Misc["Tap"]
+		}
+		if o.Tap.NetflowProfile != nil {
+			nestedTap.NetflowProfile = o.Tap.NetflowProfile
+		}
+	}
+	entry.Tap = nestedTap
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Comment = o.Comment
+		entry.LinkDuplex = o.LinkDuplex
+		entry.LinkSpeed = o.LinkSpeed
+		entry.LinkState = o.LinkState
+		var nestedPoe *Poe
+		if o.Poe != nil {
+			nestedPoe = &Poe{}
+			if o.Poe.Misc != nil {
+				entry.Misc["Poe"] = o.Poe.Misc
+			}
+			if o.Poe.ReservedPower != nil {
+				nestedPoe.ReservedPower = o.Poe.ReservedPower
+			}
+			if o.Poe.Enabled != nil {
+				nestedPoe.Enabled = util.AsBool(o.Poe.Enabled, nil)
+			}
+		}
+		entry.Poe = nestedPoe
+
+		var nestedHa *Ha
+		if o.Ha != nil {
+			nestedHa = &Ha{}
+			if o.Ha.Misc != nil {
+				entry.Misc["Ha"] = o.Ha.Misc
+			}
+		}
+		entry.Ha = nestedHa
+
+		var nestedLayer3 *Layer3
+		if o.Layer3 != nil {
+			nestedLayer3 = &Layer3{}
+			if o.Layer3.Misc != nil {
+				entry.Misc["Layer3"] = o.Layer3.Misc
+			}
+			if o.Layer3.Ipv6 != nil {
+				nestedLayer3.Ipv6 = &Layer3Ipv6{}
+				if o.Layer3.Ipv6.Misc != nil {
+					entry.Misc["Layer3Ipv6"] = o.Layer3.Ipv6.Misc
+				}
+				if o.Layer3.Ipv6.NeighborDiscovery != nil {
+					nestedLayer3.Ipv6.NeighborDiscovery = &Layer3Ipv6NeighborDiscovery{}
+					if o.Layer3.Ipv6.NeighborDiscovery.Misc != nil {
+						entry.Misc["Layer3Ipv6NeighborDiscovery"] = o.Layer3.Ipv6.NeighborDiscovery.Misc
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.ReachableTime != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.ReachableTime = o.Layer3.Ipv6.NeighborDiscovery.ReachableTime
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement = &Layer3Ipv6NeighborDiscoveryRouterAdvertisement{}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Misc != nil {
+							entry.Misc["Layer3Ipv6NeighborDiscoveryRouterAdvertisement"] = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Misc
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Enable, nil)
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MaxInterval
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.LinkMtu
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.Lifetime
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.MinInterval
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ReachableTime
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RetransmissionTimer
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.HopLimit
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference = o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.RouterPreference
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.ManagedFlag, nil)
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.OtherFlag, nil)
+						}
+						if o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck != nil {
+							nestedLayer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.RouterAdvertisement.EnableConsistencyCheck, nil)
+						}
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.Neighbor != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.Neighbor = []Layer3Ipv6NeighborDiscoveryNeighbor{}
+						for _, oLayer3Ipv6NeighborDiscoveryNeighbor := range o.Layer3.Ipv6.NeighborDiscovery.Neighbor {
+							nestedLayer3Ipv6NeighborDiscoveryNeighbor := Layer3Ipv6NeighborDiscoveryNeighbor{}
+							if oLayer3Ipv6NeighborDiscoveryNeighbor.Misc != nil {
+								entry.Misc["Layer3Ipv6NeighborDiscoveryNeighbor"] = oLayer3Ipv6NeighborDiscoveryNeighbor.Misc
+							}
+							if oLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress != nil {
+								nestedLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress = oLayer3Ipv6NeighborDiscoveryNeighbor.HwAddress
+							}
+							if oLayer3Ipv6NeighborDiscoveryNeighbor.Name != "" {
+								nestedLayer3Ipv6NeighborDiscoveryNeighbor.Name = oLayer3Ipv6NeighborDiscoveryNeighbor.Name
+							}
+							nestedLayer3.Ipv6.NeighborDiscovery.Neighbor = append(nestedLayer3.Ipv6.NeighborDiscovery.Neighbor, nestedLayer3Ipv6NeighborDiscoveryNeighbor)
+						}
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.EnableNdpMonitor != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.EnableNdpMonitor = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.EnableNdpMonitor, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.EnableDad != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.EnableDad = util.AsBool(o.Layer3.Ipv6.NeighborDiscovery.EnableDad, nil)
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.DadAttempts != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.DadAttempts = o.Layer3.Ipv6.NeighborDiscovery.DadAttempts
+					}
+					if o.Layer3.Ipv6.NeighborDiscovery.NsInterval != nil {
+						nestedLayer3.Ipv6.NeighborDiscovery.NsInterval = o.Layer3.Ipv6.NeighborDiscovery.NsInterval
+					}
+				}
+				if o.Layer3.Ipv6.DnsServer != nil {
+					nestedLayer3.Ipv6.DnsServer = &Layer3Ipv6DnsServer{}
+					if o.Layer3.Ipv6.DnsServer.Misc != nil {
+						entry.Misc["Layer3Ipv6DnsServer"] = o.Layer3.Ipv6.DnsServer.Misc
+					}
+					if o.Layer3.Ipv6.DnsServer.Enable != nil {
+						nestedLayer3.Ipv6.DnsServer.Enable = util.AsBool(o.Layer3.Ipv6.DnsServer.Enable, nil)
+					}
+					if o.Layer3.Ipv6.DnsServer.Source != nil {
+						nestedLayer3.Ipv6.DnsServer.Source = &Layer3Ipv6DnsServerSource{}
+						if o.Layer3.Ipv6.DnsServer.Source.Misc != nil {
+							entry.Misc["Layer3Ipv6DnsServerSource"] = o.Layer3.Ipv6.DnsServer.Source.Misc
+						}
+						if o.Layer3.Ipv6.DnsServer.Source.Dhcpv6 != nil {
+							nestedLayer3.Ipv6.DnsServer.Source.Dhcpv6 = &Layer3Ipv6DnsServerSourceDhcpv6{}
+							if o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.Misc != nil {
+								entry.Misc["Layer3Ipv6DnsServerSourceDhcpv6"] = o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.Misc
+							}
+							if o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool != nil {
+								nestedLayer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool = o.Layer3.Ipv6.DnsServer.Source.Dhcpv6.PrefixPool
+							}
+						}
+						if o.Layer3.Ipv6.DnsServer.Source.Manual != nil {
+							nestedLayer3.Ipv6.DnsServer.Source.Manual = &Layer3Ipv6DnsServerSourceManual{}
+							if o.Layer3.Ipv6.DnsServer.Source.Manual.Misc != nil {
+								entry.Misc["Layer3Ipv6DnsServerSourceManual"] = o.Layer3.Ipv6.DnsServer.Source.Manual.Misc
+							}
+							if o.Layer3.Ipv6.DnsServer.Source.Manual.Suffix != nil {
+								nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix = []Layer3Ipv6DnsServerSourceManualSuffix{}
+								for _, oLayer3Ipv6DnsServerSourceManualSuffix := range o.Layer3.Ipv6.DnsServer.Source.Manual.Suffix {
+									nestedLayer3Ipv6DnsServerSourceManualSuffix := Layer3Ipv6DnsServerSourceManualSuffix{}
+									if oLayer3Ipv6DnsServerSourceManualSuffix.Misc != nil {
+										entry.Misc["Layer3Ipv6DnsServerSourceManualSuffix"] = oLayer3Ipv6DnsServerSourceManualSuffix.Misc
+									}
+									if oLayer3Ipv6DnsServerSourceManualSuffix.Lifetime != nil {
+										nestedLayer3Ipv6DnsServerSourceManualSuffix.Lifetime = oLayer3Ipv6DnsServerSourceManualSuffix.Lifetime
+									}
+									if oLayer3Ipv6DnsServerSourceManualSuffix.Name != "" {
+										nestedLayer3Ipv6DnsServerSourceManualSuffix.Name = oLayer3Ipv6DnsServerSourceManualSuffix.Name
+									}
+									nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix = append(nestedLayer3.Ipv6.DnsServer.Source.Manual.Suffix, nestedLayer3Ipv6DnsServerSourceManualSuffix)
+								}
+							}
+						}
+					}
+					if o.Layer3.Ipv6.DnsServer.DnsSupport != nil {
+						nestedLayer3.Ipv6.DnsServer.DnsSupport = &Layer3Ipv6DnsServerDnsSupport{}
+						if o.Layer3.Ipv6.DnsServer.DnsSupport.Misc != nil {
+							entry.Misc["Layer3Ipv6DnsServerDnsSupport"] = o.Layer3.Ipv6.DnsServer.DnsSupport.Misc
+						}
+						if o.Layer3.Ipv6.DnsServer.DnsSupport.Suffix != nil {
+							nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix = []Layer3Ipv6DnsServerDnsSupportSuffix{}
+							for _, oLayer3Ipv6DnsServerDnsSupportSuffix := range o.Layer3.Ipv6.DnsServer.DnsSupport.Suffix {
+								nestedLayer3Ipv6DnsServerDnsSupportSuffix := Layer3Ipv6DnsServerDnsSupportSuffix{}
+								if oLayer3Ipv6DnsServerDnsSupportSuffix.Misc != nil {
+									entry.Misc["Layer3Ipv6DnsServerDnsSupportSuffix"] = oLayer3Ipv6DnsServerDnsSupportSuffix.Misc
+								}
+								if oLayer3Ipv6DnsServerDnsSupportSuffix.Name != "" {
+									nestedLayer3Ipv6DnsServerDnsSupportSuffix.Name = oLayer3Ipv6DnsServerDnsSupportSuffix.Name
+								}
+								if oLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime != nil {
+									nestedLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime = oLayer3Ipv6DnsServerDnsSupportSuffix.Lifetime
+								}
+								nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix = append(nestedLayer3.Ipv6.DnsServer.DnsSupport.Suffix, nestedLayer3Ipv6DnsServerDnsSupportSuffix)
+							}
+						}
+						if o.Layer3.Ipv6.DnsServer.DnsSupport.Enable != nil {
+							nestedLayer3.Ipv6.DnsServer.DnsSupport.Enable = util.AsBool(o.Layer3.Ipv6.DnsServer.DnsSupport.Enable, nil)
+						}
+						if o.Layer3.Ipv6.DnsServer.DnsSupport.Server != nil {
+							nestedLayer3.Ipv6.DnsServer.DnsSupport.Server = []Layer3Ipv6DnsServerDnsSupportServer{}
+							for _, oLayer3Ipv6DnsServerDnsSupportServer := range o.Layer3.Ipv6.DnsServer.DnsSupport.Server {
+								nestedLayer3Ipv6DnsServerDnsSupportServer := Layer3Ipv6DnsServerDnsSupportServer{}
+								if oLayer3Ipv6DnsServerDnsSupportServer.Misc != nil {
+									entry.Misc["Layer3Ipv6DnsServerDnsSupportServer"] = oLayer3Ipv6DnsServerDnsSupportServer.Misc
+								}
+								if oLayer3Ipv6DnsServerDnsSupportServer.Lifetime != nil {
+									nestedLayer3Ipv6DnsServerDnsSupportServer.Lifetime = oLayer3Ipv6DnsServerDnsSupportServer.Lifetime
+								}
+								if oLayer3Ipv6DnsServerDnsSupportServer.Name != "" {
+									nestedLayer3Ipv6DnsServerDnsSupportServer.Name = oLayer3Ipv6DnsServerDnsSupportServer.Name
+								}
+								nestedLayer3.Ipv6.DnsServer.DnsSupport.Server = append(nestedLayer3.Ipv6.DnsServer.DnsSupport.Server, nestedLayer3Ipv6DnsServerDnsSupportServer)
+							}
+						}
+					}
+				}
+				if o.Layer3.Ipv6.Enabled != nil {
+					nestedLayer3.Ipv6.Enabled = util.AsBool(o.Layer3.Ipv6.Enabled, nil)
+				}
+				if o.Layer3.Ipv6.InterfaceId != nil {
+					nestedLayer3.Ipv6.InterfaceId = o.Layer3.Ipv6.InterfaceId
+				}
+				if o.Layer3.Ipv6.Addresses != nil {
+					nestedLayer3.Ipv6.Addresses = []Layer3Ipv6Addresses{}
+					for _, oLayer3Ipv6Addresses := range o.Layer3.Ipv6.Addresses {
+						nestedLayer3Ipv6Addresses := Layer3Ipv6Addresses{}
+						if oLayer3Ipv6Addresses.Misc != nil {
+							entry.Misc["Layer3Ipv6Addresses"] = oLayer3Ipv6Addresses.Misc
+						}
+						if oLayer3Ipv6Addresses.EnableOnInterface != nil {
+							nestedLayer3Ipv6Addresses.EnableOnInterface = util.AsBool(oLayer3Ipv6Addresses.EnableOnInterface, nil)
+						}
+						if oLayer3Ipv6Addresses.Prefix != nil {
+							nestedLayer3Ipv6Addresses.Prefix = oLayer3Ipv6Addresses.Prefix
+						}
+						if oLayer3Ipv6Addresses.Anycast != nil {
+							nestedLayer3Ipv6Addresses.Anycast = oLayer3Ipv6Addresses.Anycast
+						}
+						if oLayer3Ipv6Addresses.Advertise != nil {
+							nestedLayer3Ipv6Addresses.Advertise = &Layer3Ipv6AddressesAdvertise{}
+							if oLayer3Ipv6Addresses.Advertise.Misc != nil {
+								entry.Misc["Layer3Ipv6AddressesAdvertise"] = oLayer3Ipv6Addresses.Advertise.Misc
+							}
+							if oLayer3Ipv6Addresses.Advertise.OnlinkFlag != nil {
+								nestedLayer3Ipv6Addresses.Advertise.OnlinkFlag = util.AsBool(oLayer3Ipv6Addresses.Advertise.OnlinkFlag, nil)
+							}
+							if oLayer3Ipv6Addresses.Advertise.AutoConfigFlag != nil {
+								nestedLayer3Ipv6Addresses.Advertise.AutoConfigFlag = util.AsBool(oLayer3Ipv6Addresses.Advertise.AutoConfigFlag, nil)
+							}
+							if oLayer3Ipv6Addresses.Advertise.Enable != nil {
+								nestedLayer3Ipv6Addresses.Advertise.Enable = util.AsBool(oLayer3Ipv6Addresses.Advertise.Enable, nil)
+							}
+							if oLayer3Ipv6Addresses.Advertise.ValidLifetime != nil {
+								nestedLayer3Ipv6Addresses.Advertise.ValidLifetime = oLayer3Ipv6Addresses.Advertise.ValidLifetime
+							}
+							if oLayer3Ipv6Addresses.Advertise.PreferredLifetime != nil {
+								nestedLayer3Ipv6Addresses.Advertise.PreferredLifetime = oLayer3Ipv6Addresses.Advertise.PreferredLifetime
+							}
+						}
+						if oLayer3Ipv6Addresses.Name != "" {
+							nestedLayer3Ipv6Addresses.Name = oLayer3Ipv6Addresses.Name
+						}
+						nestedLayer3.Ipv6.Addresses = append(nestedLayer3.Ipv6.Addresses, nestedLayer3Ipv6Addresses)
+					}
+				}
+			}
+			if o.Layer3.InterfaceManagementProfile != nil {
+				nestedLayer3.InterfaceManagementProfile = o.Layer3.InterfaceManagementProfile
+			}
+			if o.Layer3.NetflowProfile != nil {
+				nestedLayer3.NetflowProfile = o.Layer3.NetflowProfile
+			}
+			if o.Layer3.SdwanLinkSettings != nil {
+				nestedLayer3.SdwanLinkSettings = &Layer3SdwanLinkSettings{}
+				if o.Layer3.SdwanLinkSettings.Misc != nil {
+					entry.Misc["Layer3SdwanLinkSettings"] = o.Layer3.SdwanLinkSettings.Misc
+				}
+				if o.Layer3.SdwanLinkSettings.Enable != nil {
+					nestedLayer3.SdwanLinkSettings.Enable = util.AsBool(o.Layer3.SdwanLinkSettings.Enable, nil)
+				}
+				if o.Layer3.SdwanLinkSettings.SdwanInterfaceProfile != nil {
+					nestedLayer3.SdwanLinkSettings.SdwanInterfaceProfile = o.Layer3.SdwanLinkSettings.SdwanInterfaceProfile
+				}
+				if o.Layer3.SdwanLinkSettings.UpstreamNat != nil {
+					nestedLayer3.SdwanLinkSettings.UpstreamNat = &Layer3SdwanLinkSettingsUpstreamNat{}
+					if o.Layer3.SdwanLinkSettings.UpstreamNat.Misc != nil {
+						entry.Misc["Layer3SdwanLinkSettingsUpstreamNat"] = o.Layer3.SdwanLinkSettings.UpstreamNat.Misc
+					}
+					if o.Layer3.SdwanLinkSettings.UpstreamNat.Enable != nil {
+						nestedLayer3.SdwanLinkSettings.UpstreamNat.Enable = util.AsBool(o.Layer3.SdwanLinkSettings.UpstreamNat.Enable, nil)
+					}
+					if o.Layer3.SdwanLinkSettings.UpstreamNat.StaticIp != nil {
+						nestedLayer3.SdwanLinkSettings.UpstreamNat.StaticIp = o.Layer3.SdwanLinkSettings.UpstreamNat.StaticIp
+					}
+				}
+			}
+			if o.Layer3.AdjustTcpMss != nil {
+				nestedLayer3.AdjustTcpMss = &Layer3AdjustTcpMss{}
+				if o.Layer3.AdjustTcpMss.Misc != nil {
+					entry.Misc["Layer3AdjustTcpMss"] = o.Layer3.AdjustTcpMss.Misc
+				}
+				if o.Layer3.AdjustTcpMss.Ipv4MssAdjustment != nil {
+					nestedLayer3.AdjustTcpMss.Ipv4MssAdjustment = o.Layer3.AdjustTcpMss.Ipv4MssAdjustment
+				}
+				if o.Layer3.AdjustTcpMss.Ipv6MssAdjustment != nil {
+					nestedLayer3.AdjustTcpMss.Ipv6MssAdjustment = o.Layer3.AdjustTcpMss.Ipv6MssAdjustment
+				}
+				if o.Layer3.AdjustTcpMss.Enable != nil {
+					nestedLayer3.AdjustTcpMss.Enable = util.AsBool(o.Layer3.AdjustTcpMss.Enable, nil)
+				}
+			}
+			if o.Layer3.Mtu != nil {
+				nestedLayer3.Mtu = o.Layer3.Mtu
+			}
+			if o.Layer3.Ips != nil {
+				nestedLayer3.Ips = []Layer3Ips{}
+				for _, oLayer3Ips := range o.Layer3.Ips {
+					nestedLayer3Ips := Layer3Ips{}
+					if oLayer3Ips.Misc != nil {
+						entry.Misc["Layer3Ips"] = oLayer3Ips.Misc
+					}
+					if oLayer3Ips.SdwanGateway != nil {
+						nestedLayer3Ips.SdwanGateway = oLayer3Ips.SdwanGateway
+					}
+					if oLayer3Ips.Name != "" {
+						nestedLayer3Ips.Name = oLayer3Ips.Name
+					}
+					nestedLayer3.Ips = append(nestedLayer3.Ips, nestedLayer3Ips)
+				}
+			}
+			if o.Layer3.Lldp != nil {
+				nestedLayer3.Lldp = &Layer3Lldp{}
+				if o.Layer3.Lldp.Misc != nil {
+					entry.Misc["Layer3Lldp"] = o.Layer3.Lldp.Misc
+				}
+				if o.Layer3.Lldp.Enable != nil {
+					nestedLayer3.Lldp.Enable = util.AsBool(o.Layer3.Lldp.Enable, nil)
+				}
+				if o.Layer3.Lldp.Profile != nil {
+					nestedLayer3.Lldp.Profile = o.Layer3.Lldp.Profile
+				}
+			}
+			if o.Layer3.DhcpClient != nil {
+				nestedLayer3.DhcpClient = &Layer3DhcpClient{}
+				if o.Layer3.DhcpClient.Misc != nil {
+					entry.Misc["Layer3DhcpClient"] = o.Layer3.DhcpClient.Misc
+				}
+				if o.Layer3.DhcpClient.DefaultRouteMetric != nil {
+					nestedLayer3.DhcpClient.DefaultRouteMetric = o.Layer3.DhcpClient.DefaultRouteMetric
+				}
+				if o.Layer3.DhcpClient.SendHostname != nil {
+					nestedLayer3.DhcpClient.SendHostname = &Layer3DhcpClientSendHostname{}
+					if o.Layer3.DhcpClient.SendHostname.Misc != nil {
+						entry.Misc["Layer3DhcpClientSendHostname"] = o.Layer3.DhcpClient.SendHostname.Misc
+					}
+					if o.Layer3.DhcpClient.SendHostname.Enable != nil {
+						nestedLayer3.DhcpClient.SendHostname.Enable = util.AsBool(o.Layer3.DhcpClient.SendHostname.Enable, nil)
+					}
+					if o.Layer3.DhcpClient.SendHostname.Hostname != nil {
+						nestedLayer3.DhcpClient.SendHostname.Hostname = o.Layer3.DhcpClient.SendHostname.Hostname
+					}
+				}
+				if o.Layer3.DhcpClient.Enable != nil {
+					nestedLayer3.DhcpClient.Enable = util.AsBool(o.Layer3.DhcpClient.Enable, nil)
+				}
+				if o.Layer3.DhcpClient.CreateDefaultRoute != nil {
+					nestedLayer3.DhcpClient.CreateDefaultRoute = util.AsBool(o.Layer3.DhcpClient.CreateDefaultRoute, nil)
+				}
+			}
+			if o.Layer3.Bonjour != nil {
+				nestedLayer3.Bonjour = &Layer3Bonjour{}
+				if o.Layer3.Bonjour.Misc != nil {
+					entry.Misc["Layer3Bonjour"] = o.Layer3.Bonjour.Misc
+				}
+				if o.Layer3.Bonjour.Enable != nil {
+					nestedLayer3.Bonjour.Enable = util.AsBool(o.Layer3.Bonjour.Enable, nil)
+				}
+			}
+			if o.Layer3.UntaggedSubInterface != nil {
+				nestedLayer3.UntaggedSubInterface = util.AsBool(o.Layer3.UntaggedSubInterface, nil)
+			}
+			if o.Layer3.Arp != nil {
+				nestedLayer3.Arp = []Layer3Arp{}
+				for _, oLayer3Arp := range o.Layer3.Arp {
+					nestedLayer3Arp := Layer3Arp{}
+					if oLayer3Arp.Misc != nil {
+						entry.Misc["Layer3Arp"] = oLayer3Arp.Misc
+					}
+					if oLayer3Arp.HwAddress != nil {
+						nestedLayer3Arp.HwAddress = oLayer3Arp.HwAddress
+					}
+					if oLayer3Arp.Name != "" {
+						nestedLayer3Arp.Name = oLayer3Arp.Name
+					}
+					nestedLayer3.Arp = append(nestedLayer3.Arp, nestedLayer3Arp)
+				}
+			}
+			if o.Layer3.NdpProxy != nil {
+				nestedLayer3.NdpProxy = util.AsBool(o.Layer3.NdpProxy, nil)
+			}
+		}
+		entry.Layer3 = nestedLayer3
+
+		var nestedTap *Tap
+		if o.Tap != nil {
+			nestedTap = &Tap{}
+			if o.Tap.Misc != nil {
+				entry.Misc["Tap"] = o.Tap.Misc
+			}
+			if o.Tap.NetflowProfile != nil {
+				nestedTap.NetflowProfile = o.Tap.NetflowProfile
+			}
+		}
+		entry.Tap = nestedTap
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Comment, b.Comment) {
+		return false
+	}
+	if !util.StringsMatch(a.LinkDuplex, b.LinkDuplex) {
+		return false
+	}
+	if !util.StringsMatch(a.LinkSpeed, b.LinkSpeed) {
+		return false
+	}
+	if !util.StringsMatch(a.LinkState, b.LinkState) {
+		return false
+	}
+	if !matchPoe(a.Poe, b.Poe) {
+		return false
+	}
+	if !matchHa(a.Ha, b.Ha) {
+		return false
+	}
+	if !matchLayer3(a.Layer3, b.Layer3) {
+		return false
+	}
+	if !matchTap(a.Tap, b.Tap) {
+		return false
+	}
+
+	return true
+}
+
+func matchPoe(a *Poe, b *Poe) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enabled, b.Enabled) {
+		return false
+	}
+	if !util.Ints64Match(a.ReservedPower, b.ReservedPower) {
+		return false
+	}
+	return true
+}
+func matchTap(a *Tap, b *Tap) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.NetflowProfile, b.NetflowProfile) {
+		return false
+	}
+	return true
+}
+func matchHa(a *Ha, b *Ha) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	return true
+}
+func matchLayer3Arp(a []Layer3Arp, b []Layer3Arp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsMatch(a.HwAddress, b.HwAddress) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Lldp(a *Layer3Lldp, b *Layer3Lldp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.Profile, b.Profile) {
+		return false
+	}
+	return true
+}
+func matchLayer3DhcpClientSendHostname(a *Layer3DhcpClientSendHostname, b *Layer3DhcpClientSendHostname) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.Hostname, b.Hostname) {
+		return false
+	}
+	return true
+}
+func matchLayer3DhcpClient(a *Layer3DhcpClient, b *Layer3DhcpClient) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.DefaultRouteMetric, b.DefaultRouteMetric) {
+		return false
+	}
+	if !matchLayer3DhcpClientSendHostname(a.SendHostname, b.SendHostname) {
+		return false
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.BoolsMatch(a.CreateDefaultRoute, b.CreateDefaultRoute) {
+		return false
+	}
+	return true
+}
+func matchLayer3Bonjour(a *Layer3Bonjour, b *Layer3Bonjour) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ips(a []Layer3Ips, b []Layer3Ips) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsMatch(a.SdwanGateway, b.SdwanGateway) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6AddressesAdvertise(a *Layer3Ipv6AddressesAdvertise, b *Layer3Ipv6AddressesAdvertise) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.AutoConfigFlag, b.AutoConfigFlag) {
+		return false
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.ValidLifetime, b.ValidLifetime) {
+		return false
+	}
+	if !util.StringsMatch(a.PreferredLifetime, b.PreferredLifetime) {
+		return false
+	}
+	if !util.BoolsMatch(a.OnlinkFlag, b.OnlinkFlag) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6Addresses(a []Layer3Ipv6Addresses, b []Layer3Ipv6Addresses) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsMatch(a.Anycast, b.Anycast) {
+				return false
+			}
+			if !matchLayer3Ipv6AddressesAdvertise(a.Advertise, b.Advertise) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+			if !util.BoolsMatch(a.EnableOnInterface, b.EnableOnInterface) {
+				return false
+			}
+			if !util.StringsMatch(a.Prefix, b.Prefix) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6NeighborDiscoveryRouterAdvertisement(a *Layer3Ipv6NeighborDiscoveryRouterAdvertisement, b *Layer3Ipv6NeighborDiscoveryRouterAdvertisement) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.MaxInterval, b.MaxInterval) {
+		return false
+	}
+	if !util.StringsMatch(a.LinkMtu, b.LinkMtu) {
+		return false
+	}
+	if !util.Ints64Match(a.Lifetime, b.Lifetime) {
+		return false
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.ReachableTime, b.ReachableTime) {
+		return false
+	}
+	if !util.StringsMatch(a.RetransmissionTimer, b.RetransmissionTimer) {
+		return false
+	}
+	if !util.StringsMatch(a.HopLimit, b.HopLimit) {
+		return false
+	}
+	if !util.StringsMatch(a.RouterPreference, b.RouterPreference) {
+		return false
+	}
+	if !util.BoolsMatch(a.ManagedFlag, b.ManagedFlag) {
+		return false
+	}
+	if !util.BoolsMatch(a.OtherFlag, b.OtherFlag) {
+		return false
+	}
+	if !util.BoolsMatch(a.EnableConsistencyCheck, b.EnableConsistencyCheck) {
+		return false
+	}
+	if !util.Ints64Match(a.MinInterval, b.MinInterval) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6NeighborDiscoveryNeighbor(a []Layer3Ipv6NeighborDiscoveryNeighbor, b []Layer3Ipv6NeighborDiscoveryNeighbor) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsMatch(a.HwAddress, b.HwAddress) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6NeighborDiscovery(a *Layer3Ipv6NeighborDiscovery, b *Layer3Ipv6NeighborDiscovery) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.ReachableTime, b.ReachableTime) {
+		return false
+	}
+	if !matchLayer3Ipv6NeighborDiscoveryRouterAdvertisement(a.RouterAdvertisement, b.RouterAdvertisement) {
+		return false
+	}
+	if !matchLayer3Ipv6NeighborDiscoveryNeighbor(a.Neighbor, b.Neighbor) {
+		return false
+	}
+	if !util.BoolsMatch(a.EnableNdpMonitor, b.EnableNdpMonitor) {
+		return false
+	}
+	if !util.BoolsMatch(a.EnableDad, b.EnableDad) {
+		return false
+	}
+	if !util.Ints64Match(a.DadAttempts, b.DadAttempts) {
+		return false
+	}
+	if !util.Ints64Match(a.NsInterval, b.NsInterval) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerSourceDhcpv6(a *Layer3Ipv6DnsServerSourceDhcpv6, b *Layer3Ipv6DnsServerSourceDhcpv6) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.PrefixPool, b.PrefixPool) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerSourceManualSuffix(a []Layer3Ipv6DnsServerSourceManualSuffix, b []Layer3Ipv6DnsServerSourceManualSuffix) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.Ints64Match(a.Lifetime, b.Lifetime) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerSourceManual(a *Layer3Ipv6DnsServerSourceManual, b *Layer3Ipv6DnsServerSourceManual) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchLayer3Ipv6DnsServerSourceManualSuffix(a.Suffix, b.Suffix) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerSource(a *Layer3Ipv6DnsServerSource, b *Layer3Ipv6DnsServerSource) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchLayer3Ipv6DnsServerSourceDhcpv6(a.Dhcpv6, b.Dhcpv6) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServerSourceManual(a.Manual, b.Manual) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerDnsSupportServer(a []Layer3Ipv6DnsServerDnsSupportServer, b []Layer3Ipv6DnsServerDnsSupportServer) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.Ints64Match(a.Lifetime, b.Lifetime) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerDnsSupportSuffix(a []Layer3Ipv6DnsServerDnsSupportSuffix, b []Layer3Ipv6DnsServerDnsSupportSuffix) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.Ints64Match(a.Lifetime, b.Lifetime) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServerDnsSupport(a *Layer3Ipv6DnsServerDnsSupport, b *Layer3Ipv6DnsServerDnsSupport) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServerDnsSupportServer(a.Server, b.Server) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServerDnsSupportSuffix(a.Suffix, b.Suffix) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6DnsServer(a *Layer3Ipv6DnsServer, b *Layer3Ipv6DnsServer) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServerSource(a.Source, b.Source) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServerDnsSupport(a.DnsSupport, b.DnsSupport) {
+		return false
+	}
+	return true
+}
+func matchLayer3Ipv6(a *Layer3Ipv6, b *Layer3Ipv6) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enabled, b.Enabled) {
+		return false
+	}
+	if !util.StringsMatch(a.InterfaceId, b.InterfaceId) {
+		return false
+	}
+	if !matchLayer3Ipv6Addresses(a.Addresses, b.Addresses) {
+		return false
+	}
+	if !matchLayer3Ipv6NeighborDiscovery(a.NeighborDiscovery, b.NeighborDiscovery) {
+		return false
+	}
+	if !matchLayer3Ipv6DnsServer(a.DnsServer, b.DnsServer) {
+		return false
+	}
+	return true
+}
+func matchLayer3SdwanLinkSettingsUpstreamNat(a *Layer3SdwanLinkSettingsUpstreamNat, b *Layer3SdwanLinkSettingsUpstreamNat) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.StaticIp, b.StaticIp) {
+		return false
+	}
+	return true
+}
+func matchLayer3SdwanLinkSettings(a *Layer3SdwanLinkSettings, b *Layer3SdwanLinkSettings) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.StringsMatch(a.SdwanInterfaceProfile, b.SdwanInterfaceProfile) {
+		return false
+	}
+	if !matchLayer3SdwanLinkSettingsUpstreamNat(a.UpstreamNat, b.UpstreamNat) {
+		return false
+	}
+	return true
+}
+func matchLayer3AdjustTcpMss(a *Layer3AdjustTcpMss, b *Layer3AdjustTcpMss) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.Ints64Match(a.Ipv4MssAdjustment, b.Ipv4MssAdjustment) {
+		return false
+	}
+	if !util.Ints64Match(a.Ipv6MssAdjustment, b.Ipv6MssAdjustment) {
+		return false
+	}
+	return true
+}
+func matchLayer3(a *Layer3, b *Layer3) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchLayer3SdwanLinkSettings(a.SdwanLinkSettings, b.SdwanLinkSettings) {
+		return false
+	}
+	if !matchLayer3AdjustTcpMss(a.AdjustTcpMss, b.AdjustTcpMss) {
+		return false
+	}
+	if !util.Ints64Match(a.Mtu, b.Mtu) {
+		return false
+	}
+	if !matchLayer3Ips(a.Ips, b.Ips) {
+		return false
+	}
+	if !matchLayer3Ipv6(a.Ipv6, b.Ipv6) {
+		return false
+	}
+	if !util.StringsMatch(a.InterfaceManagementProfile, b.InterfaceManagementProfile) {
+		return false
+	}
+	if !util.StringsMatch(a.NetflowProfile, b.NetflowProfile) {
+		return false
+	}
+	if !util.BoolsMatch(a.UntaggedSubInterface, b.UntaggedSubInterface) {
+		return false
+	}
+	if !matchLayer3Arp(a.Arp, b.Arp) {
+		return false
+	}
+	if !util.BoolsMatch(a.NdpProxy, b.NdpProxy) {
+		return false
+	}
+	if !matchLayer3Lldp(a.Lldp, b.Lldp) {
+		return false
+	}
+	if !matchLayer3DhcpClient(a.DhcpClient, b.DhcpClient) {
+		return false
+	}
+	if !matchLayer3Bonjour(a.Bonjour, b.Bonjour) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/network/interface/ethernet/interfaces.go b/network/interface/ethernet/interfaces.go
new file mode 100644
index 00000000..45b962dd
--- /dev/null
+++ b/network/interface/ethernet/interfaces.go
@@ -0,0 +1,7 @@
+package ethernet
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/network/interface/ethernet/location.go b/network/interface/ethernet/location.go
new file mode 100644
index 00000000..5b535aaf
--- /dev/null
+++ b/network/interface/ethernet/location.go
@@ -0,0 +1,606 @@
+package ethernet
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+type Layer3TemplateType int
+
+const (
+	layer3TemplateZone          Layer3TemplateType = iota
+	layer3TemplateVirtualRouter Layer3TemplateType = iota
+	layer3TemplateLogicalRouter Layer3TemplateType = iota
+	layer3TemplateVsys          Layer3TemplateType = iota
+)
+
+type Layer3TemplateImportLocation struct {
+	typ           Layer3TemplateType
+	zone          *Layer3TemplateZoneImportLocation
+	virtualRouter *Layer3TemplateVirtualRouterImportLocation
+	logicalRouter *Layer3TemplateLogicalRouterImportLocation
+	vsys          *Layer3TemplateVsysImportLocation
+}
+
+type Layer3TemplateZoneImportLocation struct {
+	xpath []string
+	zone  string
+	vsys  string
+}
+
+type Layer3TemplateZoneImportLocationSpec struct {
+	Zone string
+	Vsys string
+}
+
+func NewLayer3TemplateZoneImportLocation(spec Layer3TemplateZoneImportLocationSpec) *Layer3TemplateImportLocation {
+	location := &Layer3TemplateZoneImportLocation{
+		zone: spec.Zone,
+		vsys: spec.Vsys,
+	}
+
+	return &Layer3TemplateImportLocation{
+		typ:  layer3TemplateZone,
+		zone: location,
+	}
+}
+
+func (o *Layer3TemplateZoneImportLocation) XpathForLocation(vn version.Number, loc util.ILocation) ([]string, error) {
+	ans, err := loc.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	importAns := []string{
+		"vsys",
+		util.AsEntryXpath([]string{o.vsys}),
+		"zone",
+		util.AsEntryXpath([]string{o.zone}),
+		"network",
+		"layer3",
+	}
+
+	return append(ans, importAns...), nil
+}
+
+func (o *Layer3TemplateZoneImportLocation) MarshalPangoXML(interfaces []string) (string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type request struct {
+		XMLName xml.Name `xml:"layer3"`
+		Members []member `xml:"member"`
+	}
+
+	var members []member
+	for _, elt := range interfaces {
+		members = append(members, member{Name: elt})
+	}
+
+	expected := request{
+		Members: members,
+	}
+	bytes, err := xml.Marshal(expected)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+func (o *Layer3TemplateZoneImportLocation) UnmarshalPangoXML(bytes []byte) ([]string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type response struct {
+		Members []member `xml:"result>layer3>member"`
+	}
+
+	var existing response
+	err := xml.Unmarshal(bytes, &existing)
+	if err != nil {
+		return nil, err
+	}
+
+	var interfaces []string
+	for _, elt := range existing.Members {
+		interfaces = append(interfaces, elt.Name)
+	}
+
+	return interfaces, nil
+}
+
+type Layer3TemplateVirtualRouterImportLocation struct {
+	xpath  []string
+	vsys   string
+	router string
+}
+
+type Layer3TemplateVirtualRouterImportLocationSpec struct {
+	Vsys   string
+	Router string
+}
+
+func NewLayer3TemplateVirtualRouterImportLocation(spec Layer3TemplateVirtualRouterImportLocationSpec) *Layer3TemplateImportLocation {
+	location := &Layer3TemplateVirtualRouterImportLocation{
+		vsys:   spec.Vsys,
+		router: spec.Router,
+	}
+
+	return &Layer3TemplateImportLocation{
+		typ:           layer3TemplateVirtualRouter,
+		virtualRouter: location,
+	}
+}
+
+func (o *Layer3TemplateVirtualRouterImportLocation) XpathForLocation(vn version.Number, loc util.ILocation) ([]string, error) {
+	ans, err := loc.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	importAns := []string{
+		"network",
+		"virtual-router",
+		util.AsEntryXpath([]string{o.router}),
+		"interface",
+	}
+
+	return append(ans, importAns...), nil
+}
+
+func (o *Layer3TemplateVirtualRouterImportLocation) MarshalPangoXML(interfaces []string) (string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type request struct {
+		XMLName xml.Name `xml:"interface"`
+		Members []member `xml:"member"`
+	}
+
+	var members []member
+	for _, elt := range interfaces {
+		members = append(members, member{Name: elt})
+	}
+
+	expected := request{
+		Members: members,
+	}
+	bytes, err := xml.Marshal(expected)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+func (o *Layer3TemplateVirtualRouterImportLocation) UnmarshalPangoXML(bytes []byte) ([]string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type response struct {
+		Members []member `xml:"result>interface>member"`
+	}
+
+	var existing response
+	err := xml.Unmarshal(bytes, &existing)
+	if err != nil {
+		return nil, err
+	}
+
+	var interfaces []string
+	for _, elt := range existing.Members {
+		interfaces = append(interfaces, elt.Name)
+	}
+
+	return interfaces, nil
+}
+
+type Layer3TemplateLogicalRouterImportLocation struct {
+	xpath  []string
+	router string
+	vrf    string
+	vsys   string
+}
+
+type Layer3TemplateLogicalRouterImportLocationSpec struct {
+	Router string
+	Vrf    string
+	Vsys   string
+}
+
+func NewLayer3TemplateLogicalRouterImportLocation(spec Layer3TemplateLogicalRouterImportLocationSpec) *Layer3TemplateImportLocation {
+	location := &Layer3TemplateLogicalRouterImportLocation{
+		router: spec.Router,
+		vrf:    spec.Vrf,
+		vsys:   spec.Vsys,
+	}
+
+	return &Layer3TemplateImportLocation{
+		typ:           layer3TemplateLogicalRouter,
+		logicalRouter: location,
+	}
+}
+
+func (o *Layer3TemplateLogicalRouterImportLocation) XpathForLocation(vn version.Number, loc util.ILocation) ([]string, error) {
+	ans, err := loc.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	importAns := []string{
+		"network",
+		"logical-router",
+		util.AsEntryXpath([]string{o.router}),
+		"vrf",
+		util.AsEntryXpath([]string{o.vrf}),
+		"interface",
+	}
+
+	return append(ans, importAns...), nil
+}
+
+func (o *Layer3TemplateLogicalRouterImportLocation) MarshalPangoXML(interfaces []string) (string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type request struct {
+		XMLName xml.Name `xml:"interface"`
+		Members []member `xml:"member"`
+	}
+
+	var members []member
+	for _, elt := range interfaces {
+		members = append(members, member{Name: elt})
+	}
+
+	expected := request{
+		Members: members,
+	}
+	bytes, err := xml.Marshal(expected)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+func (o *Layer3TemplateLogicalRouterImportLocation) UnmarshalPangoXML(bytes []byte) ([]string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type response struct {
+		Members []member `xml:"result>interface>member"`
+	}
+
+	var existing response
+	err := xml.Unmarshal(bytes, &existing)
+	if err != nil {
+		return nil, err
+	}
+
+	var interfaces []string
+	for _, elt := range existing.Members {
+		interfaces = append(interfaces, elt.Name)
+	}
+
+	return interfaces, nil
+}
+
+type Layer3TemplateVsysImportLocation struct {
+	xpath []string
+	vsys  string
+}
+
+type Layer3TemplateVsysImportLocationSpec struct {
+	Vsys string
+}
+
+func NewLayer3TemplateVsysImportLocation(spec Layer3TemplateVsysImportLocationSpec) *Layer3TemplateImportLocation {
+	location := &Layer3TemplateVsysImportLocation{
+		vsys: spec.Vsys,
+	}
+
+	return &Layer3TemplateImportLocation{
+		typ:  layer3TemplateVsys,
+		vsys: location,
+	}
+}
+
+func (o *Layer3TemplateVsysImportLocation) XpathForLocation(vn version.Number, loc util.ILocation) ([]string, error) {
+	ans, err := loc.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	importAns := []string{
+		"vsys",
+		util.AsEntryXpath([]string{o.vsys}),
+		"import",
+		"network",
+		"interface",
+	}
+
+	return append(ans, importAns...), nil
+}
+
+func (o *Layer3TemplateVsysImportLocation) MarshalPangoXML(interfaces []string) (string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type request struct {
+		XMLName xml.Name `xml:"interface"`
+		Members []member `xml:"member"`
+	}
+
+	var members []member
+	for _, elt := range interfaces {
+		members = append(members, member{Name: elt})
+	}
+
+	expected := request{
+		Members: members,
+	}
+	bytes, err := xml.Marshal(expected)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+func (o *Layer3TemplateVsysImportLocation) UnmarshalPangoXML(bytes []byte) ([]string, error) {
+	type member struct {
+		Name string `xml:",chardata"`
+	}
+
+	type response struct {
+		Members []member `xml:"result>interface>member"`
+	}
+
+	var existing response
+	err := xml.Unmarshal(bytes, &existing)
+	if err != nil {
+		return nil, err
+	}
+
+	var interfaces []string
+	for _, elt := range existing.Members {
+		interfaces = append(interfaces, elt.Name)
+	}
+
+	return interfaces, nil
+}
+
+func (o *Layer3TemplateImportLocation) MarshalPangoXML(interfaces []string) (string, error) {
+	switch o.typ {
+	case layer3TemplateZone:
+		return o.zone.MarshalPangoXML(interfaces)
+	case layer3TemplateVirtualRouter:
+		return o.virtualRouter.MarshalPangoXML(interfaces)
+	case layer3TemplateLogicalRouter:
+		return o.logicalRouter.MarshalPangoXML(interfaces)
+	case layer3TemplateVsys:
+		return o.vsys.MarshalPangoXML(interfaces)
+	default:
+		return "", fmt.Errorf("invalid import location")
+	}
+}
+
+func (o *Layer3TemplateImportLocation) UnmarshalPangoXML(bytes []byte) ([]string, error) {
+	switch o.typ {
+	case layer3TemplateZone:
+		return o.zone.UnmarshalPangoXML(bytes)
+	case layer3TemplateVirtualRouter:
+		return o.virtualRouter.UnmarshalPangoXML(bytes)
+	case layer3TemplateLogicalRouter:
+		return o.logicalRouter.UnmarshalPangoXML(bytes)
+	case layer3TemplateVsys:
+		return o.vsys.UnmarshalPangoXML(bytes)
+	default:
+		return nil, fmt.Errorf("invalid import location")
+	}
+}
+
+func (o *Layer3TemplateImportLocation) XpathForLocation(vn version.Number, loc util.ILocation) ([]string, error) {
+	switch o.typ {
+	case layer3TemplateZone:
+		return o.zone.XpathForLocation(vn, loc)
+	case layer3TemplateVirtualRouter:
+		return o.virtualRouter.XpathForLocation(vn, loc)
+	case layer3TemplateLogicalRouter:
+		return o.logicalRouter.XpathForLocation(vn, loc)
+	case layer3TemplateVsys:
+		return o.vsys.XpathForLocation(vn, loc)
+	default:
+		return nil, fmt.Errorf("invalid import location")
+	}
+}
+
+type Location struct {
+	Ngfw          *NgfwLocation          `json:"ngfw,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type NgfwLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewNgfwLocation() *Location {
+	return &Location{Ngfw: &NgfwLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Ngfw.NgfwDevice}),
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/network/interface/ethernet/service.go b/network/interface/ethernet/service.go
new file mode 100644
index 00000000..7ad26bb2
--- /dev/null
+++ b/network/interface/ethernet/service.go
@@ -0,0 +1,388 @@
+package ethernet
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, importLocations []ImportLocation, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	err = s.importToLocations(ctx, loc, importLocations, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+func (s *Service) importToLocations(ctx context.Context, loc Location, importLocations []ImportLocation, entryName string) error {
+	vn := s.client.Versioning()
+	for _, elt := range importLocations {
+		xpath, err := elt.XpathForLocation(vn, loc)
+
+		cmd := &xmlapi.Config{
+			Action: "get",
+			Xpath:  util.AsXpath(xpath),
+		}
+
+		bytes, _, err := s.client.Communicate(ctx, cmd, false, nil)
+		if err != nil && !errors.IsObjectNotFound(err) {
+			return err
+		}
+
+		existing, err := elt.UnmarshalPangoXML(bytes)
+		if err != nil {
+			return err
+		}
+
+		for _, elt := range existing {
+			if elt == entryName {
+				return nil
+			}
+		}
+
+		existing = append(existing, entryName)
+
+		element, err := elt.MarshalPangoXML(existing)
+		if err != nil {
+			return err
+		}
+
+		cmd = &xmlapi.Config{
+			Action:  "set",
+			Xpath:   util.AsXpath(xpath[:len(xpath)-1]),
+			Element: element,
+		}
+
+		_, _, err = s.client.Communicate(ctx, cmd, false, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (s *Service) unimportFromLocations(ctx context.Context, updates *xmlapi.MultiConfig, loc Location, importLocations []ImportLocation, values []string) error {
+	vn := s.client.Versioning()
+	valuesByName := make(map[string]bool)
+	for _, elt := range values {
+		valuesByName[elt] = true
+	}
+	for _, elt := range importLocations {
+		xpath, err := elt.XpathForLocation(vn, loc)
+
+		cmd := &xmlapi.Config{
+			Action: "get",
+			Xpath:  util.AsXpath(xpath),
+		}
+
+		bytes, _, err := s.client.Communicate(ctx, cmd, false, nil)
+		if err != nil && !errors.IsObjectNotFound(err) {
+			return err
+		}
+
+		existing, err := elt.UnmarshalPangoXML(bytes)
+		if err != nil {
+			return err
+		}
+
+		var filtered []string
+		for _, elt := range existing {
+			if _, found := valuesByName[elt]; !found {
+				filtered = append(filtered, elt)
+			}
+		}
+
+		element, err := elt.MarshalPangoXML(filtered)
+		if err != nil {
+			return err
+		}
+
+		cmd = &xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(xpath),
+			Element: element,
+		}
+
+		_, _, err = s.client.Communicate(ctx, cmd, false, nil)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, importLocations []ImportLocation, name ...string) error {
+	return s.delete(ctx, loc, importLocations, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, importLocations []ImportLocation, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	err = s.unimportFromLocations(ctx, deletes, loc, importLocations, values)
+	if err != nil {
+		return err
+	}
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/network/interface/loopback/entry.go b/network/interface/loopback/entry.go
new file mode 100644
index 00000000..f7eac0b1
--- /dev/null
+++ b/network/interface/loopback/entry.go
@@ -0,0 +1,339 @@
+package loopback
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"network", "interface", "loopback", "units"}
+)
+
+type Entry struct {
+	Name                       string
+	AdjustTcpMss               *AdjustTcpMss
+	Comment                    *string
+	InterfaceManagementProfile *string
+	Ips                        []string
+	Ipv6                       *Ipv6
+	Mtu                        *int64
+	NetflowProfile             *string
+
+	Misc map[string][]generic.Xml
+}
+
+type AdjustTcpMss struct {
+	Enable            *bool
+	Ipv4MssAdjustment *int64
+	Ipv6MssAdjustment *int64
+}
+type Ipv6 struct {
+	Addresses []Ipv6Addresses
+	Enabled   *bool
+}
+type Ipv6Addresses struct {
+	EnableOnInterface *bool
+	Name              string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName                    xml.Name         `xml:"entry"`
+	Name                       string           `xml:"name,attr"`
+	AdjustTcpMss               *AdjustTcpMssXml `xml:"adjust-tcp-mss,omitempty"`
+	Comment                    *string          `xml:"comment,omitempty"`
+	InterfaceManagementProfile *string          `xml:"interface-management-profile,omitempty"`
+	Ips                        *util.EntryType  `xml:"ip,omitempty"`
+	Ipv6                       *Ipv6Xml         `xml:"ipv6,omitempty"`
+	Mtu                        *int64           `xml:"mtu,omitempty"`
+	NetflowProfile             *string          `xml:"netflow-profile,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type AdjustTcpMssXml struct {
+	Enable            *string `xml:"enable,omitempty"`
+	Ipv4MssAdjustment *int64  `xml:"ipv4-mss-adjustment,omitempty"`
+	Ipv6MssAdjustment *int64  `xml:"ipv6-mss-adjustment,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Ipv6Xml struct {
+	Addresses []Ipv6AddressesXml `xml:"address>entry,omitempty"`
+	Enabled   *string            `xml:"enabled,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type Ipv6AddressesXml struct {
+	EnableOnInterface *string  `xml:"enable-on-interface,omitempty"`
+	XMLName           xml.Name `xml:"entry"`
+	Name              string   `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "adjust_tcp_mss" || v == "AdjustTcpMss" {
+		return e.AdjustTcpMss, nil
+	}
+	if v == "comment" || v == "Comment" {
+		return e.Comment, nil
+	}
+	if v == "interface_management_profile" || v == "InterfaceManagementProfile" {
+		return e.InterfaceManagementProfile, nil
+	}
+	if v == "ips" || v == "Ips" {
+		return e.Ips, nil
+	}
+	if v == "ips|LENGTH" || v == "Ips|LENGTH" {
+		return int64(len(e.Ips)), nil
+	}
+	if v == "ipv6" || v == "Ipv6" {
+		return e.Ipv6, nil
+	}
+	if v == "mtu" || v == "Mtu" {
+		return e.Mtu, nil
+	}
+	if v == "netflow_profile" || v == "NetflowProfile" {
+		return e.NetflowProfile, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	var nestedAdjustTcpMss *AdjustTcpMssXml
+	if o.AdjustTcpMss != nil {
+		nestedAdjustTcpMss = &AdjustTcpMssXml{}
+		if _, ok := o.Misc["AdjustTcpMss"]; ok {
+			nestedAdjustTcpMss.Misc = o.Misc["AdjustTcpMss"]
+		}
+		if o.AdjustTcpMss.Enable != nil {
+			nestedAdjustTcpMss.Enable = util.YesNo(o.AdjustTcpMss.Enable, nil)
+		}
+		if o.AdjustTcpMss.Ipv4MssAdjustment != nil {
+			nestedAdjustTcpMss.Ipv4MssAdjustment = o.AdjustTcpMss.Ipv4MssAdjustment
+		}
+		if o.AdjustTcpMss.Ipv6MssAdjustment != nil {
+			nestedAdjustTcpMss.Ipv6MssAdjustment = o.AdjustTcpMss.Ipv6MssAdjustment
+		}
+	}
+	entry.AdjustTcpMss = nestedAdjustTcpMss
+
+	entry.Comment = o.Comment
+	entry.InterfaceManagementProfile = o.InterfaceManagementProfile
+	entry.Ips = util.StrToEnt(o.Ips)
+	var nestedIpv6 *Ipv6Xml
+	if o.Ipv6 != nil {
+		nestedIpv6 = &Ipv6Xml{}
+		if _, ok := o.Misc["Ipv6"]; ok {
+			nestedIpv6.Misc = o.Misc["Ipv6"]
+		}
+		if o.Ipv6.Enabled != nil {
+			nestedIpv6.Enabled = util.YesNo(o.Ipv6.Enabled, nil)
+		}
+		if o.Ipv6.Addresses != nil {
+			nestedIpv6.Addresses = []Ipv6AddressesXml{}
+			for _, oIpv6Addresses := range o.Ipv6.Addresses {
+				nestedIpv6Addresses := Ipv6AddressesXml{}
+				if _, ok := o.Misc["Ipv6Addresses"]; ok {
+					nestedIpv6Addresses.Misc = o.Misc["Ipv6Addresses"]
+				}
+				if oIpv6Addresses.EnableOnInterface != nil {
+					nestedIpv6Addresses.EnableOnInterface = util.YesNo(oIpv6Addresses.EnableOnInterface, nil)
+				}
+				if oIpv6Addresses.Name != "" {
+					nestedIpv6Addresses.Name = oIpv6Addresses.Name
+				}
+				nestedIpv6.Addresses = append(nestedIpv6.Addresses, nestedIpv6Addresses)
+			}
+		}
+	}
+	entry.Ipv6 = nestedIpv6
+
+	entry.Mtu = o.Mtu
+	entry.NetflowProfile = o.NetflowProfile
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		var nestedAdjustTcpMss *AdjustTcpMss
+		if o.AdjustTcpMss != nil {
+			nestedAdjustTcpMss = &AdjustTcpMss{}
+			if o.AdjustTcpMss.Misc != nil {
+				entry.Misc["AdjustTcpMss"] = o.AdjustTcpMss.Misc
+			}
+			if o.AdjustTcpMss.Enable != nil {
+				nestedAdjustTcpMss.Enable = util.AsBool(o.AdjustTcpMss.Enable, nil)
+			}
+			if o.AdjustTcpMss.Ipv4MssAdjustment != nil {
+				nestedAdjustTcpMss.Ipv4MssAdjustment = o.AdjustTcpMss.Ipv4MssAdjustment
+			}
+			if o.AdjustTcpMss.Ipv6MssAdjustment != nil {
+				nestedAdjustTcpMss.Ipv6MssAdjustment = o.AdjustTcpMss.Ipv6MssAdjustment
+			}
+		}
+		entry.AdjustTcpMss = nestedAdjustTcpMss
+
+		entry.Comment = o.Comment
+		entry.InterfaceManagementProfile = o.InterfaceManagementProfile
+		entry.Ips = util.EntToStr(o.Ips)
+		var nestedIpv6 *Ipv6
+		if o.Ipv6 != nil {
+			nestedIpv6 = &Ipv6{}
+			if o.Ipv6.Misc != nil {
+				entry.Misc["Ipv6"] = o.Ipv6.Misc
+			}
+			if o.Ipv6.Addresses != nil {
+				nestedIpv6.Addresses = []Ipv6Addresses{}
+				for _, oIpv6Addresses := range o.Ipv6.Addresses {
+					nestedIpv6Addresses := Ipv6Addresses{}
+					if oIpv6Addresses.Misc != nil {
+						entry.Misc["Ipv6Addresses"] = oIpv6Addresses.Misc
+					}
+					if oIpv6Addresses.EnableOnInterface != nil {
+						nestedIpv6Addresses.EnableOnInterface = util.AsBool(oIpv6Addresses.EnableOnInterface, nil)
+					}
+					if oIpv6Addresses.Name != "" {
+						nestedIpv6Addresses.Name = oIpv6Addresses.Name
+					}
+					nestedIpv6.Addresses = append(nestedIpv6.Addresses, nestedIpv6Addresses)
+				}
+			}
+			if o.Ipv6.Enabled != nil {
+				nestedIpv6.Enabled = util.AsBool(o.Ipv6.Enabled, nil)
+			}
+		}
+		entry.Ipv6 = nestedIpv6
+
+		entry.Mtu = o.Mtu
+		entry.NetflowProfile = o.NetflowProfile
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchAdjustTcpMss(a.AdjustTcpMss, b.AdjustTcpMss) {
+		return false
+	}
+	if !util.StringsMatch(a.Comment, b.Comment) {
+		return false
+	}
+	if !util.StringsMatch(a.InterfaceManagementProfile, b.InterfaceManagementProfile) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Ips, b.Ips) {
+		return false
+	}
+	if !matchIpv6(a.Ipv6, b.Ipv6) {
+		return false
+	}
+	if !util.Ints64Match(a.Mtu, b.Mtu) {
+		return false
+	}
+	if !util.StringsMatch(a.NetflowProfile, b.NetflowProfile) {
+		return false
+	}
+
+	return true
+}
+
+func matchIpv6Addresses(a []Ipv6Addresses, b []Ipv6Addresses) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.BoolsMatch(a.EnableOnInterface, b.EnableOnInterface) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchIpv6(a *Ipv6, b *Ipv6) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enabled, b.Enabled) {
+		return false
+	}
+	if !matchIpv6Addresses(a.Addresses, b.Addresses) {
+		return false
+	}
+	return true
+}
+func matchAdjustTcpMss(a *AdjustTcpMss, b *AdjustTcpMss) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.Ints64Match(a.Ipv4MssAdjustment, b.Ipv4MssAdjustment) {
+		return false
+	}
+	if !util.Ints64Match(a.Ipv6MssAdjustment, b.Ipv6MssAdjustment) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/network/interface/loopback/interfaces.go b/network/interface/loopback/interfaces.go
new file mode 100644
index 00000000..96207a85
--- /dev/null
+++ b/network/interface/loopback/interfaces.go
@@ -0,0 +1,7 @@
+package loopback
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/network/interface/loopback/location.go b/network/interface/loopback/location.go
new file mode 100644
index 00000000..f0db0be4
--- /dev/null
+++ b/network/interface/loopback/location.go
@@ -0,0 +1,187 @@
+package loopback
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Ngfw          *NgfwLocation          `json:"ngfw,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type NgfwLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewNgfwLocation() *Location {
+	return &Location{Ngfw: &NgfwLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Ngfw.NgfwDevice}),
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/network/interface/loopback/service.go b/network/interface/loopback/service.go
new file mode 100644
index 00000000..b088ca0b
--- /dev/null
+++ b/network/interface/loopback/service.go
@@ -0,0 +1,281 @@
+package loopback
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/network/profiles/interface_management/entry.go b/network/profiles/interface_management/entry.go
new file mode 100644
index 00000000..e69baefa
--- /dev/null
+++ b/network/profiles/interface_management/entry.go
@@ -0,0 +1,216 @@
+package interface_management
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"network", "profiles", "interface-management-profile"}
+)
+
+type Entry struct {
+	Name                    string
+	Http                    *bool
+	HttpOcsp                *bool
+	Https                   *bool
+	PermittedIps            []string
+	Ping                    *bool
+	ResponsePages           *bool
+	Snmp                    *bool
+	Ssh                     *bool
+	Telnet                  *bool
+	UseridService           *bool
+	UseridSyslogListenerSsl *bool
+	UseridSyslogListenerUdp *bool
+
+	Misc map[string][]generic.Xml
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName                 xml.Name        `xml:"entry"`
+	Name                    string          `xml:"name,attr"`
+	Http                    *string         `xml:"http,omitempty"`
+	HttpOcsp                *string         `xml:"http-ocsp,omitempty"`
+	Https                   *string         `xml:"https,omitempty"`
+	PermittedIps            *util.EntryType `xml:"permitted-ip,omitempty"`
+	Ping                    *string         `xml:"ping,omitempty"`
+	ResponsePages           *string         `xml:"response-pages,omitempty"`
+	Snmp                    *string         `xml:"snmp,omitempty"`
+	Ssh                     *string         `xml:"ssh,omitempty"`
+	Telnet                  *string         `xml:"telnet,omitempty"`
+	UseridService           *string         `xml:"userid-service,omitempty"`
+	UseridSyslogListenerSsl *string         `xml:"userid-syslog-listener-ssl,omitempty"`
+	UseridSyslogListenerUdp *string         `xml:"userid-syslog-listener-udp,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "http" || v == "Http" {
+		return e.Http, nil
+	}
+	if v == "http_ocsp" || v == "HttpOcsp" {
+		return e.HttpOcsp, nil
+	}
+	if v == "https" || v == "Https" {
+		return e.Https, nil
+	}
+	if v == "permitted_ips" || v == "PermittedIps" {
+		return e.PermittedIps, nil
+	}
+	if v == "permitted_ips|LENGTH" || v == "PermittedIps|LENGTH" {
+		return int64(len(e.PermittedIps)), nil
+	}
+	if v == "ping" || v == "Ping" {
+		return e.Ping, nil
+	}
+	if v == "response_pages" || v == "ResponsePages" {
+		return e.ResponsePages, nil
+	}
+	if v == "snmp" || v == "Snmp" {
+		return e.Snmp, nil
+	}
+	if v == "ssh" || v == "Ssh" {
+		return e.Ssh, nil
+	}
+	if v == "telnet" || v == "Telnet" {
+		return e.Telnet, nil
+	}
+	if v == "userid_service" || v == "UseridService" {
+		return e.UseridService, nil
+	}
+	if v == "userid_syslog_listener_ssl" || v == "UseridSyslogListenerSsl" {
+		return e.UseridSyslogListenerSsl, nil
+	}
+	if v == "userid_syslog_listener_udp" || v == "UseridSyslogListenerUdp" {
+		return e.UseridSyslogListenerUdp, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Http = util.YesNo(o.Http, nil)
+	entry.HttpOcsp = util.YesNo(o.HttpOcsp, nil)
+	entry.Https = util.YesNo(o.Https, nil)
+	entry.PermittedIps = util.StrToEnt(o.PermittedIps)
+	entry.Ping = util.YesNo(o.Ping, nil)
+	entry.ResponsePages = util.YesNo(o.ResponsePages, nil)
+	entry.Snmp = util.YesNo(o.Snmp, nil)
+	entry.Ssh = util.YesNo(o.Ssh, nil)
+	entry.Telnet = util.YesNo(o.Telnet, nil)
+	entry.UseridService = util.YesNo(o.UseridService, nil)
+	entry.UseridSyslogListenerSsl = util.YesNo(o.UseridSyslogListenerSsl, nil)
+	entry.UseridSyslogListenerUdp = util.YesNo(o.UseridSyslogListenerUdp, nil)
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Http = util.AsBool(o.Http, nil)
+		entry.HttpOcsp = util.AsBool(o.HttpOcsp, nil)
+		entry.Https = util.AsBool(o.Https, nil)
+		entry.PermittedIps = util.EntToStr(o.PermittedIps)
+		entry.Ping = util.AsBool(o.Ping, nil)
+		entry.ResponsePages = util.AsBool(o.ResponsePages, nil)
+		entry.Snmp = util.AsBool(o.Snmp, nil)
+		entry.Ssh = util.AsBool(o.Ssh, nil)
+		entry.Telnet = util.AsBool(o.Telnet, nil)
+		entry.UseridService = util.AsBool(o.UseridService, nil)
+		entry.UseridSyslogListenerSsl = util.AsBool(o.UseridSyslogListenerSsl, nil)
+		entry.UseridSyslogListenerUdp = util.AsBool(o.UseridSyslogListenerUdp, nil)
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.BoolsMatch(a.Http, b.Http) {
+		return false
+	}
+	if !util.BoolsMatch(a.HttpOcsp, b.HttpOcsp) {
+		return false
+	}
+	if !util.BoolsMatch(a.Https, b.Https) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.PermittedIps, b.PermittedIps) {
+		return false
+	}
+	if !util.BoolsMatch(a.Ping, b.Ping) {
+		return false
+	}
+	if !util.BoolsMatch(a.ResponsePages, b.ResponsePages) {
+		return false
+	}
+	if !util.BoolsMatch(a.Snmp, b.Snmp) {
+		return false
+	}
+	if !util.BoolsMatch(a.Ssh, b.Ssh) {
+		return false
+	}
+	if !util.BoolsMatch(a.Telnet, b.Telnet) {
+		return false
+	}
+	if !util.BoolsMatch(a.UseridService, b.UseridService) {
+		return false
+	}
+	if !util.BoolsMatch(a.UseridSyslogListenerSsl, b.UseridSyslogListenerSsl) {
+		return false
+	}
+	if !util.BoolsMatch(a.UseridSyslogListenerUdp, b.UseridSyslogListenerUdp) {
+		return false
+	}
+
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/network/profiles/interface_management/interfaces.go b/network/profiles/interface_management/interfaces.go
new file mode 100644
index 00000000..31a952fb
--- /dev/null
+++ b/network/profiles/interface_management/interfaces.go
@@ -0,0 +1,7 @@
+package interface_management
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/network/profiles/interface_management/location.go b/network/profiles/interface_management/location.go
new file mode 100644
index 00000000..64ea8d95
--- /dev/null
+++ b/network/profiles/interface_management/location.go
@@ -0,0 +1,187 @@
+package interface_management
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Ngfw          *NgfwLocation          `json:"ngfw,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type NgfwLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewNgfwLocation() *Location {
+	return &Location{Ngfw: &NgfwLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Ngfw.NgfwDevice}),
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/network/profiles/interface_management/service.go b/network/profiles/interface_management/service.go
new file mode 100644
index 00000000..248eed17
--- /dev/null
+++ b/network/profiles/interface_management/service.go
@@ -0,0 +1,281 @@
+package interface_management
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/network/virtual_router/entry.go b/network/virtual_router/entry.go
new file mode 100644
index 00000000..ed83568b
--- /dev/null
+++ b/network/virtual_router/entry.go
@@ -0,0 +1,1262 @@
+package virtual_router
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"network", "virtual-router"}
+)
+
+type Entry struct {
+	Name                    string
+	AdministrativeDistances *AdministrativeDistances
+	Ecmp                    *Ecmp
+	Interfaces              []string
+	Protocol                *Protocol
+	RoutingTable            *RoutingTable
+
+	Misc map[string][]generic.Xml
+}
+
+type AdministrativeDistances struct {
+	Ebgp       *int64
+	Ibgp       *int64
+	OspfExt    *int64
+	OspfInt    *int64
+	Ospfv3Ext  *int64
+	Ospfv3Int  *int64
+	Rip        *int64
+	Static     *int64
+	StaticIpv6 *int64
+}
+type Ecmp struct {
+	Algorithm        *EcmpAlgorithm
+	Enable           *bool
+	MaxPaths         *int64
+	StrictSourcePath *bool
+	SymmetricReturn  *bool
+}
+type EcmpAlgorithm struct {
+	BalancedRoundRobin *EcmpAlgorithmBalancedRoundRobin
+	IpHash             *EcmpAlgorithmIpHash
+	IpModulo           *EcmpAlgorithmIpModulo
+	WeightedRoundRobin *EcmpAlgorithmWeightedRoundRobin
+}
+type EcmpAlgorithmBalancedRoundRobin struct {
+}
+type EcmpAlgorithmIpHash struct {
+	HashSeed *int64
+	SrcOnly  *bool
+	UsePort  *bool
+}
+type EcmpAlgorithmIpModulo struct {
+}
+type EcmpAlgorithmWeightedRoundRobin struct {
+	Interfaces []EcmpAlgorithmWeightedRoundRobinInterfaces
+}
+type EcmpAlgorithmWeightedRoundRobinInterfaces struct {
+	Name   string
+	Weight *int64
+}
+type Protocol struct {
+	Bgp    *ProtocolBgp
+	Ospf   *ProtocolOspf
+	Ospfv3 *ProtocolOspfv3
+	Rip    *ProtocolRip
+}
+type ProtocolBgp struct {
+	Enable *bool
+}
+type ProtocolOspf struct {
+	Enable *bool
+}
+type ProtocolOspfv3 struct {
+	Enable *bool
+}
+type ProtocolRip struct {
+	Enable *bool
+}
+type RoutingTable struct {
+	Ip   *RoutingTableIp
+	Ipv6 *RoutingTableIpv6
+}
+type RoutingTableIp struct {
+	StaticRoutes []RoutingTableIpStaticRoutes
+}
+type RoutingTableIpStaticRoutes struct {
+	AdminDist   *int64
+	Destination *string
+	Interface   *string
+	Metric      *int64
+	Name        string
+	NextHop     *RoutingTableIpStaticRoutesNextHop
+	RouteTable  *string
+}
+type RoutingTableIpStaticRoutesNextHop struct {
+	Fqdn      *string
+	IpAddress *string
+	NextVr    *string
+	Tunnel    *string
+}
+type RoutingTableIpv6 struct {
+	StaticRoutes []RoutingTableIpv6StaticRoutes
+}
+type RoutingTableIpv6StaticRoutes struct {
+	AdminDist   *int64
+	Destination *string
+	Interface   *string
+	Metric      *int64
+	Name        string
+	NextHop     *RoutingTableIpv6StaticRoutesNextHop
+	RouteTable  *string
+}
+type RoutingTableIpv6StaticRoutesNextHop struct {
+	Fqdn        *string
+	Ipv6Address *string
+	NextVr      *string
+	Tunnel      *string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName                 xml.Name                    `xml:"entry"`
+	Name                    string                      `xml:"name,attr"`
+	AdministrativeDistances *AdministrativeDistancesXml `xml:"admin-dists,omitempty"`
+	Ecmp                    *EcmpXml                    `xml:"ecmp,omitempty"`
+	Interfaces              *util.MemberType            `xml:"interface,omitempty"`
+	Protocol                *ProtocolXml                `xml:"protocol,omitempty"`
+	RoutingTable            *RoutingTableXml            `xml:"routing-table,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type AdministrativeDistancesXml struct {
+	Ebgp       *int64 `xml:"ebgp,omitempty"`
+	Ibgp       *int64 `xml:"ibgp,omitempty"`
+	OspfExt    *int64 `xml:"ospf-ext,omitempty"`
+	OspfInt    *int64 `xml:"ospf-int,omitempty"`
+	Ospfv3Ext  *int64 `xml:"ospfv3-ext,omitempty"`
+	Ospfv3Int  *int64 `xml:"ospfv3-int,omitempty"`
+	Rip        *int64 `xml:"rip,omitempty"`
+	Static     *int64 `xml:"static,omitempty"`
+	StaticIpv6 *int64 `xml:"static-ipv6,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpXml struct {
+	Algorithm        *EcmpAlgorithmXml `xml:"algorithm,omitempty"`
+	Enable           *string           `xml:"enable,omitempty"`
+	MaxPaths         *int64            `xml:"max-path,omitempty"`
+	StrictSourcePath *string           `xml:"strict-source-path,omitempty"`
+	SymmetricReturn  *string           `xml:"symmetric-return,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmXml struct {
+	BalancedRoundRobin *EcmpAlgorithmBalancedRoundRobinXml `xml:"balanced-round-robin,omitempty"`
+	IpHash             *EcmpAlgorithmIpHashXml             `xml:"ip-hash,omitempty"`
+	IpModulo           *EcmpAlgorithmIpModuloXml           `xml:"ip-modulo,omitempty"`
+	WeightedRoundRobin *EcmpAlgorithmWeightedRoundRobinXml `xml:"weighted-round-robin,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmBalancedRoundRobinXml struct {
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmIpHashXml struct {
+	HashSeed *int64  `xml:"hash-seed,omitempty"`
+	SrcOnly  *string `xml:"src-only,omitempty"`
+	UsePort  *string `xml:"use-port,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmIpModuloXml struct {
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmWeightedRoundRobinXml struct {
+	Interfaces []EcmpAlgorithmWeightedRoundRobinInterfacesXml `xml:"interface>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type EcmpAlgorithmWeightedRoundRobinInterfacesXml struct {
+	XMLName xml.Name `xml:"entry"`
+	Name    string   `xml:"name,attr"`
+	Weight  *int64
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolXml struct {
+	Bgp    *ProtocolBgpXml    `xml:"bgp,omitempty"`
+	Ospf   *ProtocolOspfXml   `xml:"ospf,omitempty"`
+	Ospfv3 *ProtocolOspfv3Xml `xml:"ospfv3,omitempty"`
+	Rip    *ProtocolRipXml    `xml:"rip,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolBgpXml struct {
+	Enable *string `xml:"enable,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolOspfXml struct {
+	Enable *string `xml:"enable,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolOspfv3Xml struct {
+	Enable *string `xml:"enable,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolRipXml struct {
+	Enable *string `xml:"enable,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableXml struct {
+	Ip   *RoutingTableIpXml   `xml:"ip,omitempty"`
+	Ipv6 *RoutingTableIpv6Xml `xml:"ipv6,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpXml struct {
+	StaticRoutes []RoutingTableIpStaticRoutesXml `xml:"static-route>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpStaticRoutesXml struct {
+	AdminDist   *int64                                `xml:"admin-dist,omitempty"`
+	Destination *string                               `xml:"destination,omitempty"`
+	Interface   *string                               `xml:"interface,omitempty"`
+	Metric      *int64                                `xml:"metric,omitempty"`
+	XMLName     xml.Name                              `xml:"entry"`
+	Name        string                                `xml:"name,attr"`
+	NextHop     *RoutingTableIpStaticRoutesNextHopXml `xml:"nexthop,omitempty"`
+	RouteTable  *string                               `xml:"route-table,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpStaticRoutesNextHopXml struct {
+	Fqdn      *string `xml:"fqdn,omitempty"`
+	IpAddress *string `xml:"ip-address,omitempty"`
+	NextVr    *string `xml:"next-vr,omitempty"`
+	Tunnel    *string `xml:"tunnel,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpv6Xml struct {
+	StaticRoutes []RoutingTableIpv6StaticRoutesXml `xml:"static-route>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpv6StaticRoutesXml struct {
+	AdminDist   *int64                                  `xml:"admin-dist,omitempty"`
+	Destination *string                                 `xml:"destination,omitempty"`
+	Interface   *string                                 `xml:"interface,omitempty"`
+	Metric      *int64                                  `xml:"metric,omitempty"`
+	XMLName     xml.Name                                `xml:"entry"`
+	Name        string                                  `xml:"name,attr"`
+	NextHop     *RoutingTableIpv6StaticRoutesNextHopXml `xml:"nexthop,omitempty"`
+	RouteTable  *string                                 `xml:"route-table,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type RoutingTableIpv6StaticRoutesNextHopXml struct {
+	Fqdn        *string `xml:"fqdn,omitempty"`
+	Ipv6Address *string `xml:"ipv6-address,omitempty"`
+	NextVr      *string `xml:"next-vr,omitempty"`
+	Tunnel      *string `xml:"tunnel,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "administrative_distances" || v == "AdministrativeDistances" {
+		return e.AdministrativeDistances, nil
+	}
+	if v == "ecmp" || v == "Ecmp" {
+		return e.Ecmp, nil
+	}
+	if v == "interfaces" || v == "Interfaces" {
+		return e.Interfaces, nil
+	}
+	if v == "interfaces|LENGTH" || v == "Interfaces|LENGTH" {
+		return int64(len(e.Interfaces)), nil
+	}
+	if v == "protocol" || v == "Protocol" {
+		return e.Protocol, nil
+	}
+	if v == "routing_table" || v == "RoutingTable" {
+		return e.RoutingTable, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	var nestedAdministrativeDistances *AdministrativeDistancesXml
+	if o.AdministrativeDistances != nil {
+		nestedAdministrativeDistances = &AdministrativeDistancesXml{}
+		if _, ok := o.Misc["AdministrativeDistances"]; ok {
+			nestedAdministrativeDistances.Misc = o.Misc["AdministrativeDistances"]
+		}
+		if o.AdministrativeDistances.OspfExt != nil {
+			nestedAdministrativeDistances.OspfExt = o.AdministrativeDistances.OspfExt
+		}
+		if o.AdministrativeDistances.Ospfv3Int != nil {
+			nestedAdministrativeDistances.Ospfv3Int = o.AdministrativeDistances.Ospfv3Int
+		}
+		if o.AdministrativeDistances.Ospfv3Ext != nil {
+			nestedAdministrativeDistances.Ospfv3Ext = o.AdministrativeDistances.Ospfv3Ext
+		}
+		if o.AdministrativeDistances.Ibgp != nil {
+			nestedAdministrativeDistances.Ibgp = o.AdministrativeDistances.Ibgp
+		}
+		if o.AdministrativeDistances.Ebgp != nil {
+			nestedAdministrativeDistances.Ebgp = o.AdministrativeDistances.Ebgp
+		}
+		if o.AdministrativeDistances.Rip != nil {
+			nestedAdministrativeDistances.Rip = o.AdministrativeDistances.Rip
+		}
+		if o.AdministrativeDistances.StaticIpv6 != nil {
+			nestedAdministrativeDistances.StaticIpv6 = o.AdministrativeDistances.StaticIpv6
+		}
+		if o.AdministrativeDistances.OspfInt != nil {
+			nestedAdministrativeDistances.OspfInt = o.AdministrativeDistances.OspfInt
+		}
+		if o.AdministrativeDistances.Static != nil {
+			nestedAdministrativeDistances.Static = o.AdministrativeDistances.Static
+		}
+	}
+	entry.AdministrativeDistances = nestedAdministrativeDistances
+
+	var nestedEcmp *EcmpXml
+	if o.Ecmp != nil {
+		nestedEcmp = &EcmpXml{}
+		if _, ok := o.Misc["Ecmp"]; ok {
+			nestedEcmp.Misc = o.Misc["Ecmp"]
+		}
+		if o.Ecmp.MaxPaths != nil {
+			nestedEcmp.MaxPaths = o.Ecmp.MaxPaths
+		}
+		if o.Ecmp.Algorithm != nil {
+			nestedEcmp.Algorithm = &EcmpAlgorithmXml{}
+			if _, ok := o.Misc["EcmpAlgorithm"]; ok {
+				nestedEcmp.Algorithm.Misc = o.Misc["EcmpAlgorithm"]
+			}
+			if o.Ecmp.Algorithm.WeightedRoundRobin != nil {
+				nestedEcmp.Algorithm.WeightedRoundRobin = &EcmpAlgorithmWeightedRoundRobinXml{}
+				if _, ok := o.Misc["EcmpAlgorithmWeightedRoundRobin"]; ok {
+					nestedEcmp.Algorithm.WeightedRoundRobin.Misc = o.Misc["EcmpAlgorithmWeightedRoundRobin"]
+				}
+				if o.Ecmp.Algorithm.WeightedRoundRobin.Interfaces != nil {
+					nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces = []EcmpAlgorithmWeightedRoundRobinInterfacesXml{}
+					for _, oEcmpAlgorithmWeightedRoundRobinInterfaces := range o.Ecmp.Algorithm.WeightedRoundRobin.Interfaces {
+						nestedEcmpAlgorithmWeightedRoundRobinInterfaces := EcmpAlgorithmWeightedRoundRobinInterfacesXml{}
+						if _, ok := o.Misc["EcmpAlgorithmWeightedRoundRobinInterfaces"]; ok {
+							nestedEcmpAlgorithmWeightedRoundRobinInterfaces.Misc = o.Misc["EcmpAlgorithmWeightedRoundRobinInterfaces"]
+						}
+						if oEcmpAlgorithmWeightedRoundRobinInterfaces.Weight != nil {
+							nestedEcmpAlgorithmWeightedRoundRobinInterfaces.Weight = oEcmpAlgorithmWeightedRoundRobinInterfaces.Weight
+						}
+						if oEcmpAlgorithmWeightedRoundRobinInterfaces.Name != "" {
+							nestedEcmpAlgorithmWeightedRoundRobinInterfaces.Name = oEcmpAlgorithmWeightedRoundRobinInterfaces.Name
+						}
+						nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces = append(nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces, nestedEcmpAlgorithmWeightedRoundRobinInterfaces)
+					}
+				}
+			}
+			if o.Ecmp.Algorithm.BalancedRoundRobin != nil {
+				nestedEcmp.Algorithm.BalancedRoundRobin = &EcmpAlgorithmBalancedRoundRobinXml{}
+				if _, ok := o.Misc["EcmpAlgorithmBalancedRoundRobin"]; ok {
+					nestedEcmp.Algorithm.BalancedRoundRobin.Misc = o.Misc["EcmpAlgorithmBalancedRoundRobin"]
+				}
+			}
+			if o.Ecmp.Algorithm.IpModulo != nil {
+				nestedEcmp.Algorithm.IpModulo = &EcmpAlgorithmIpModuloXml{}
+				if _, ok := o.Misc["EcmpAlgorithmIpModulo"]; ok {
+					nestedEcmp.Algorithm.IpModulo.Misc = o.Misc["EcmpAlgorithmIpModulo"]
+				}
+			}
+			if o.Ecmp.Algorithm.IpHash != nil {
+				nestedEcmp.Algorithm.IpHash = &EcmpAlgorithmIpHashXml{}
+				if _, ok := o.Misc["EcmpAlgorithmIpHash"]; ok {
+					nestedEcmp.Algorithm.IpHash.Misc = o.Misc["EcmpAlgorithmIpHash"]
+				}
+				if o.Ecmp.Algorithm.IpHash.SrcOnly != nil {
+					nestedEcmp.Algorithm.IpHash.SrcOnly = util.YesNo(o.Ecmp.Algorithm.IpHash.SrcOnly, nil)
+				}
+				if o.Ecmp.Algorithm.IpHash.UsePort != nil {
+					nestedEcmp.Algorithm.IpHash.UsePort = util.YesNo(o.Ecmp.Algorithm.IpHash.UsePort, nil)
+				}
+				if o.Ecmp.Algorithm.IpHash.HashSeed != nil {
+					nestedEcmp.Algorithm.IpHash.HashSeed = o.Ecmp.Algorithm.IpHash.HashSeed
+				}
+			}
+		}
+		if o.Ecmp.Enable != nil {
+			nestedEcmp.Enable = util.YesNo(o.Ecmp.Enable, nil)
+		}
+		if o.Ecmp.SymmetricReturn != nil {
+			nestedEcmp.SymmetricReturn = util.YesNo(o.Ecmp.SymmetricReturn, nil)
+		}
+		if o.Ecmp.StrictSourcePath != nil {
+			nestedEcmp.StrictSourcePath = util.YesNo(o.Ecmp.StrictSourcePath, nil)
+		}
+	}
+	entry.Ecmp = nestedEcmp
+
+	entry.Interfaces = util.StrToMem(o.Interfaces)
+	var nestedProtocol *ProtocolXml
+	if o.Protocol != nil {
+		nestedProtocol = &ProtocolXml{}
+		if _, ok := o.Misc["Protocol"]; ok {
+			nestedProtocol.Misc = o.Misc["Protocol"]
+		}
+		if o.Protocol.Bgp != nil {
+			nestedProtocol.Bgp = &ProtocolBgpXml{}
+			if _, ok := o.Misc["ProtocolBgp"]; ok {
+				nestedProtocol.Bgp.Misc = o.Misc["ProtocolBgp"]
+			}
+			if o.Protocol.Bgp.Enable != nil {
+				nestedProtocol.Bgp.Enable = util.YesNo(o.Protocol.Bgp.Enable, nil)
+			}
+		}
+		if o.Protocol.Rip != nil {
+			nestedProtocol.Rip = &ProtocolRipXml{}
+			if _, ok := o.Misc["ProtocolRip"]; ok {
+				nestedProtocol.Rip.Misc = o.Misc["ProtocolRip"]
+			}
+			if o.Protocol.Rip.Enable != nil {
+				nestedProtocol.Rip.Enable = util.YesNo(o.Protocol.Rip.Enable, nil)
+			}
+		}
+		if o.Protocol.Ospf != nil {
+			nestedProtocol.Ospf = &ProtocolOspfXml{}
+			if _, ok := o.Misc["ProtocolOspf"]; ok {
+				nestedProtocol.Ospf.Misc = o.Misc["ProtocolOspf"]
+			}
+			if o.Protocol.Ospf.Enable != nil {
+				nestedProtocol.Ospf.Enable = util.YesNo(o.Protocol.Ospf.Enable, nil)
+			}
+		}
+		if o.Protocol.Ospfv3 != nil {
+			nestedProtocol.Ospfv3 = &ProtocolOspfv3Xml{}
+			if _, ok := o.Misc["ProtocolOspfv3"]; ok {
+				nestedProtocol.Ospfv3.Misc = o.Misc["ProtocolOspfv3"]
+			}
+			if o.Protocol.Ospfv3.Enable != nil {
+				nestedProtocol.Ospfv3.Enable = util.YesNo(o.Protocol.Ospfv3.Enable, nil)
+			}
+		}
+	}
+	entry.Protocol = nestedProtocol
+
+	var nestedRoutingTable *RoutingTableXml
+	if o.RoutingTable != nil {
+		nestedRoutingTable = &RoutingTableXml{}
+		if _, ok := o.Misc["RoutingTable"]; ok {
+			nestedRoutingTable.Misc = o.Misc["RoutingTable"]
+		}
+		if o.RoutingTable.Ip != nil {
+			nestedRoutingTable.Ip = &RoutingTableIpXml{}
+			if _, ok := o.Misc["RoutingTableIp"]; ok {
+				nestedRoutingTable.Ip.Misc = o.Misc["RoutingTableIp"]
+			}
+			if o.RoutingTable.Ip.StaticRoutes != nil {
+				nestedRoutingTable.Ip.StaticRoutes = []RoutingTableIpStaticRoutesXml{}
+				for _, oRoutingTableIpStaticRoutes := range o.RoutingTable.Ip.StaticRoutes {
+					nestedRoutingTableIpStaticRoutes := RoutingTableIpStaticRoutesXml{}
+					if _, ok := o.Misc["RoutingTableIpStaticRoutes"]; ok {
+						nestedRoutingTableIpStaticRoutes.Misc = o.Misc["RoutingTableIpStaticRoutes"]
+					}
+					if oRoutingTableIpStaticRoutes.RouteTable != nil {
+						nestedRoutingTableIpStaticRoutes.RouteTable = oRoutingTableIpStaticRoutes.RouteTable
+					}
+					if oRoutingTableIpStaticRoutes.Name != "" {
+						nestedRoutingTableIpStaticRoutes.Name = oRoutingTableIpStaticRoutes.Name
+					}
+					if oRoutingTableIpStaticRoutes.Destination != nil {
+						nestedRoutingTableIpStaticRoutes.Destination = oRoutingTableIpStaticRoutes.Destination
+					}
+					if oRoutingTableIpStaticRoutes.Interface != nil {
+						nestedRoutingTableIpStaticRoutes.Interface = oRoutingTableIpStaticRoutes.Interface
+					}
+					if oRoutingTableIpStaticRoutes.NextHop != nil {
+						nestedRoutingTableIpStaticRoutes.NextHop = &RoutingTableIpStaticRoutesNextHopXml{}
+						if _, ok := o.Misc["RoutingTableIpStaticRoutesNextHop"]; ok {
+							nestedRoutingTableIpStaticRoutes.NextHop.Misc = o.Misc["RoutingTableIpStaticRoutesNextHop"]
+						}
+						if oRoutingTableIpStaticRoutes.NextHop.IpAddress != nil {
+							nestedRoutingTableIpStaticRoutes.NextHop.IpAddress = oRoutingTableIpStaticRoutes.NextHop.IpAddress
+						}
+						if oRoutingTableIpStaticRoutes.NextHop.Fqdn != nil {
+							nestedRoutingTableIpStaticRoutes.NextHop.Fqdn = oRoutingTableIpStaticRoutes.NextHop.Fqdn
+						}
+						if oRoutingTableIpStaticRoutes.NextHop.NextVr != nil {
+							nestedRoutingTableIpStaticRoutes.NextHop.NextVr = oRoutingTableIpStaticRoutes.NextHop.NextVr
+						}
+						if oRoutingTableIpStaticRoutes.NextHop.Tunnel != nil {
+							nestedRoutingTableIpStaticRoutes.NextHop.Tunnel = oRoutingTableIpStaticRoutes.NextHop.Tunnel
+						}
+					}
+					if oRoutingTableIpStaticRoutes.AdminDist != nil {
+						nestedRoutingTableIpStaticRoutes.AdminDist = oRoutingTableIpStaticRoutes.AdminDist
+					}
+					if oRoutingTableIpStaticRoutes.Metric != nil {
+						nestedRoutingTableIpStaticRoutes.Metric = oRoutingTableIpStaticRoutes.Metric
+					}
+					nestedRoutingTable.Ip.StaticRoutes = append(nestedRoutingTable.Ip.StaticRoutes, nestedRoutingTableIpStaticRoutes)
+				}
+			}
+		}
+		if o.RoutingTable.Ipv6 != nil {
+			nestedRoutingTable.Ipv6 = &RoutingTableIpv6Xml{}
+			if _, ok := o.Misc["RoutingTableIpv6"]; ok {
+				nestedRoutingTable.Ipv6.Misc = o.Misc["RoutingTableIpv6"]
+			}
+			if o.RoutingTable.Ipv6.StaticRoutes != nil {
+				nestedRoutingTable.Ipv6.StaticRoutes = []RoutingTableIpv6StaticRoutesXml{}
+				for _, oRoutingTableIpv6StaticRoutes := range o.RoutingTable.Ipv6.StaticRoutes {
+					nestedRoutingTableIpv6StaticRoutes := RoutingTableIpv6StaticRoutesXml{}
+					if _, ok := o.Misc["RoutingTableIpv6StaticRoutes"]; ok {
+						nestedRoutingTableIpv6StaticRoutes.Misc = o.Misc["RoutingTableIpv6StaticRoutes"]
+					}
+					if oRoutingTableIpv6StaticRoutes.RouteTable != nil {
+						nestedRoutingTableIpv6StaticRoutes.RouteTable = oRoutingTableIpv6StaticRoutes.RouteTable
+					}
+					if oRoutingTableIpv6StaticRoutes.Name != "" {
+						nestedRoutingTableIpv6StaticRoutes.Name = oRoutingTableIpv6StaticRoutes.Name
+					}
+					if oRoutingTableIpv6StaticRoutes.Destination != nil {
+						nestedRoutingTableIpv6StaticRoutes.Destination = oRoutingTableIpv6StaticRoutes.Destination
+					}
+					if oRoutingTableIpv6StaticRoutes.Interface != nil {
+						nestedRoutingTableIpv6StaticRoutes.Interface = oRoutingTableIpv6StaticRoutes.Interface
+					}
+					if oRoutingTableIpv6StaticRoutes.NextHop != nil {
+						nestedRoutingTableIpv6StaticRoutes.NextHop = &RoutingTableIpv6StaticRoutesNextHopXml{}
+						if _, ok := o.Misc["RoutingTableIpv6StaticRoutesNextHop"]; ok {
+							nestedRoutingTableIpv6StaticRoutes.NextHop.Misc = o.Misc["RoutingTableIpv6StaticRoutesNextHop"]
+						}
+						if oRoutingTableIpv6StaticRoutes.NextHop.Fqdn != nil {
+							nestedRoutingTableIpv6StaticRoutes.NextHop.Fqdn = oRoutingTableIpv6StaticRoutes.NextHop.Fqdn
+						}
+						if oRoutingTableIpv6StaticRoutes.NextHop.NextVr != nil {
+							nestedRoutingTableIpv6StaticRoutes.NextHop.NextVr = oRoutingTableIpv6StaticRoutes.NextHop.NextVr
+						}
+						if oRoutingTableIpv6StaticRoutes.NextHop.Tunnel != nil {
+							nestedRoutingTableIpv6StaticRoutes.NextHop.Tunnel = oRoutingTableIpv6StaticRoutes.NextHop.Tunnel
+						}
+						if oRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address != nil {
+							nestedRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address = oRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address
+						}
+					}
+					if oRoutingTableIpv6StaticRoutes.AdminDist != nil {
+						nestedRoutingTableIpv6StaticRoutes.AdminDist = oRoutingTableIpv6StaticRoutes.AdminDist
+					}
+					if oRoutingTableIpv6StaticRoutes.Metric != nil {
+						nestedRoutingTableIpv6StaticRoutes.Metric = oRoutingTableIpv6StaticRoutes.Metric
+					}
+					nestedRoutingTable.Ipv6.StaticRoutes = append(nestedRoutingTable.Ipv6.StaticRoutes, nestedRoutingTableIpv6StaticRoutes)
+				}
+			}
+		}
+	}
+	entry.RoutingTable = nestedRoutingTable
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		var nestedAdministrativeDistances *AdministrativeDistances
+		if o.AdministrativeDistances != nil {
+			nestedAdministrativeDistances = &AdministrativeDistances{}
+			if o.AdministrativeDistances.Misc != nil {
+				entry.Misc["AdministrativeDistances"] = o.AdministrativeDistances.Misc
+			}
+			if o.AdministrativeDistances.Ospfv3Ext != nil {
+				nestedAdministrativeDistances.Ospfv3Ext = o.AdministrativeDistances.Ospfv3Ext
+			}
+			if o.AdministrativeDistances.Ibgp != nil {
+				nestedAdministrativeDistances.Ibgp = o.AdministrativeDistances.Ibgp
+			}
+			if o.AdministrativeDistances.Ebgp != nil {
+				nestedAdministrativeDistances.Ebgp = o.AdministrativeDistances.Ebgp
+			}
+			if o.AdministrativeDistances.Rip != nil {
+				nestedAdministrativeDistances.Rip = o.AdministrativeDistances.Rip
+			}
+			if o.AdministrativeDistances.StaticIpv6 != nil {
+				nestedAdministrativeDistances.StaticIpv6 = o.AdministrativeDistances.StaticIpv6
+			}
+			if o.AdministrativeDistances.OspfExt != nil {
+				nestedAdministrativeDistances.OspfExt = o.AdministrativeDistances.OspfExt
+			}
+			if o.AdministrativeDistances.Ospfv3Int != nil {
+				nestedAdministrativeDistances.Ospfv3Int = o.AdministrativeDistances.Ospfv3Int
+			}
+			if o.AdministrativeDistances.Static != nil {
+				nestedAdministrativeDistances.Static = o.AdministrativeDistances.Static
+			}
+			if o.AdministrativeDistances.OspfInt != nil {
+				nestedAdministrativeDistances.OspfInt = o.AdministrativeDistances.OspfInt
+			}
+		}
+		entry.AdministrativeDistances = nestedAdministrativeDistances
+
+		var nestedEcmp *Ecmp
+		if o.Ecmp != nil {
+			nestedEcmp = &Ecmp{}
+			if o.Ecmp.Misc != nil {
+				entry.Misc["Ecmp"] = o.Ecmp.Misc
+			}
+			if o.Ecmp.MaxPaths != nil {
+				nestedEcmp.MaxPaths = o.Ecmp.MaxPaths
+			}
+			if o.Ecmp.Algorithm != nil {
+				nestedEcmp.Algorithm = &EcmpAlgorithm{}
+				if o.Ecmp.Algorithm.Misc != nil {
+					entry.Misc["EcmpAlgorithm"] = o.Ecmp.Algorithm.Misc
+				}
+				if o.Ecmp.Algorithm.IpModulo != nil {
+					nestedEcmp.Algorithm.IpModulo = &EcmpAlgorithmIpModulo{}
+					if o.Ecmp.Algorithm.IpModulo.Misc != nil {
+						entry.Misc["EcmpAlgorithmIpModulo"] = o.Ecmp.Algorithm.IpModulo.Misc
+					}
+				}
+				if o.Ecmp.Algorithm.IpHash != nil {
+					nestedEcmp.Algorithm.IpHash = &EcmpAlgorithmIpHash{}
+					if o.Ecmp.Algorithm.IpHash.Misc != nil {
+						entry.Misc["EcmpAlgorithmIpHash"] = o.Ecmp.Algorithm.IpHash.Misc
+					}
+					if o.Ecmp.Algorithm.IpHash.SrcOnly != nil {
+						nestedEcmp.Algorithm.IpHash.SrcOnly = util.AsBool(o.Ecmp.Algorithm.IpHash.SrcOnly, nil)
+					}
+					if o.Ecmp.Algorithm.IpHash.UsePort != nil {
+						nestedEcmp.Algorithm.IpHash.UsePort = util.AsBool(o.Ecmp.Algorithm.IpHash.UsePort, nil)
+					}
+					if o.Ecmp.Algorithm.IpHash.HashSeed != nil {
+						nestedEcmp.Algorithm.IpHash.HashSeed = o.Ecmp.Algorithm.IpHash.HashSeed
+					}
+				}
+				if o.Ecmp.Algorithm.WeightedRoundRobin != nil {
+					nestedEcmp.Algorithm.WeightedRoundRobin = &EcmpAlgorithmWeightedRoundRobin{}
+					if o.Ecmp.Algorithm.WeightedRoundRobin.Misc != nil {
+						entry.Misc["EcmpAlgorithmWeightedRoundRobin"] = o.Ecmp.Algorithm.WeightedRoundRobin.Misc
+					}
+					if o.Ecmp.Algorithm.WeightedRoundRobin.Interfaces != nil {
+						nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces = []EcmpAlgorithmWeightedRoundRobinInterfaces{}
+						for _, oEcmpAlgorithmWeightedRoundRobinInterfaces := range o.Ecmp.Algorithm.WeightedRoundRobin.Interfaces {
+							nestedEcmpAlgorithmWeightedRoundRobinInterfaces := EcmpAlgorithmWeightedRoundRobinInterfaces{}
+							if oEcmpAlgorithmWeightedRoundRobinInterfaces.Misc != nil {
+								entry.Misc["EcmpAlgorithmWeightedRoundRobinInterfaces"] = oEcmpAlgorithmWeightedRoundRobinInterfaces.Misc
+							}
+							if oEcmpAlgorithmWeightedRoundRobinInterfaces.Name != "" {
+								nestedEcmpAlgorithmWeightedRoundRobinInterfaces.Name = oEcmpAlgorithmWeightedRoundRobinInterfaces.Name
+							}
+							if oEcmpAlgorithmWeightedRoundRobinInterfaces.Weight != nil {
+								nestedEcmpAlgorithmWeightedRoundRobinInterfaces.Weight = oEcmpAlgorithmWeightedRoundRobinInterfaces.Weight
+							}
+							nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces = append(nestedEcmp.Algorithm.WeightedRoundRobin.Interfaces, nestedEcmpAlgorithmWeightedRoundRobinInterfaces)
+						}
+					}
+				}
+				if o.Ecmp.Algorithm.BalancedRoundRobin != nil {
+					nestedEcmp.Algorithm.BalancedRoundRobin = &EcmpAlgorithmBalancedRoundRobin{}
+					if o.Ecmp.Algorithm.BalancedRoundRobin.Misc != nil {
+						entry.Misc["EcmpAlgorithmBalancedRoundRobin"] = o.Ecmp.Algorithm.BalancedRoundRobin.Misc
+					}
+				}
+			}
+			if o.Ecmp.Enable != nil {
+				nestedEcmp.Enable = util.AsBool(o.Ecmp.Enable, nil)
+			}
+			if o.Ecmp.SymmetricReturn != nil {
+				nestedEcmp.SymmetricReturn = util.AsBool(o.Ecmp.SymmetricReturn, nil)
+			}
+			if o.Ecmp.StrictSourcePath != nil {
+				nestedEcmp.StrictSourcePath = util.AsBool(o.Ecmp.StrictSourcePath, nil)
+			}
+		}
+		entry.Ecmp = nestedEcmp
+
+		entry.Interfaces = util.MemToStr(o.Interfaces)
+		var nestedProtocol *Protocol
+		if o.Protocol != nil {
+			nestedProtocol = &Protocol{}
+			if o.Protocol.Misc != nil {
+				entry.Misc["Protocol"] = o.Protocol.Misc
+			}
+			if o.Protocol.Rip != nil {
+				nestedProtocol.Rip = &ProtocolRip{}
+				if o.Protocol.Rip.Misc != nil {
+					entry.Misc["ProtocolRip"] = o.Protocol.Rip.Misc
+				}
+				if o.Protocol.Rip.Enable != nil {
+					nestedProtocol.Rip.Enable = util.AsBool(o.Protocol.Rip.Enable, nil)
+				}
+			}
+			if o.Protocol.Ospf != nil {
+				nestedProtocol.Ospf = &ProtocolOspf{}
+				if o.Protocol.Ospf.Misc != nil {
+					entry.Misc["ProtocolOspf"] = o.Protocol.Ospf.Misc
+				}
+				if o.Protocol.Ospf.Enable != nil {
+					nestedProtocol.Ospf.Enable = util.AsBool(o.Protocol.Ospf.Enable, nil)
+				}
+			}
+			if o.Protocol.Ospfv3 != nil {
+				nestedProtocol.Ospfv3 = &ProtocolOspfv3{}
+				if o.Protocol.Ospfv3.Misc != nil {
+					entry.Misc["ProtocolOspfv3"] = o.Protocol.Ospfv3.Misc
+				}
+				if o.Protocol.Ospfv3.Enable != nil {
+					nestedProtocol.Ospfv3.Enable = util.AsBool(o.Protocol.Ospfv3.Enable, nil)
+				}
+			}
+			if o.Protocol.Bgp != nil {
+				nestedProtocol.Bgp = &ProtocolBgp{}
+				if o.Protocol.Bgp.Misc != nil {
+					entry.Misc["ProtocolBgp"] = o.Protocol.Bgp.Misc
+				}
+				if o.Protocol.Bgp.Enable != nil {
+					nestedProtocol.Bgp.Enable = util.AsBool(o.Protocol.Bgp.Enable, nil)
+				}
+			}
+		}
+		entry.Protocol = nestedProtocol
+
+		var nestedRoutingTable *RoutingTable
+		if o.RoutingTable != nil {
+			nestedRoutingTable = &RoutingTable{}
+			if o.RoutingTable.Misc != nil {
+				entry.Misc["RoutingTable"] = o.RoutingTable.Misc
+			}
+			if o.RoutingTable.Ip != nil {
+				nestedRoutingTable.Ip = &RoutingTableIp{}
+				if o.RoutingTable.Ip.Misc != nil {
+					entry.Misc["RoutingTableIp"] = o.RoutingTable.Ip.Misc
+				}
+				if o.RoutingTable.Ip.StaticRoutes != nil {
+					nestedRoutingTable.Ip.StaticRoutes = []RoutingTableIpStaticRoutes{}
+					for _, oRoutingTableIpStaticRoutes := range o.RoutingTable.Ip.StaticRoutes {
+						nestedRoutingTableIpStaticRoutes := RoutingTableIpStaticRoutes{}
+						if oRoutingTableIpStaticRoutes.Misc != nil {
+							entry.Misc["RoutingTableIpStaticRoutes"] = oRoutingTableIpStaticRoutes.Misc
+						}
+						if oRoutingTableIpStaticRoutes.Name != "" {
+							nestedRoutingTableIpStaticRoutes.Name = oRoutingTableIpStaticRoutes.Name
+						}
+						if oRoutingTableIpStaticRoutes.Destination != nil {
+							nestedRoutingTableIpStaticRoutes.Destination = oRoutingTableIpStaticRoutes.Destination
+						}
+						if oRoutingTableIpStaticRoutes.Interface != nil {
+							nestedRoutingTableIpStaticRoutes.Interface = oRoutingTableIpStaticRoutes.Interface
+						}
+						if oRoutingTableIpStaticRoutes.NextHop != nil {
+							nestedRoutingTableIpStaticRoutes.NextHop = &RoutingTableIpStaticRoutesNextHop{}
+							if oRoutingTableIpStaticRoutes.NextHop.Misc != nil {
+								entry.Misc["RoutingTableIpStaticRoutesNextHop"] = oRoutingTableIpStaticRoutes.NextHop.Misc
+							}
+							if oRoutingTableIpStaticRoutes.NextHop.IpAddress != nil {
+								nestedRoutingTableIpStaticRoutes.NextHop.IpAddress = oRoutingTableIpStaticRoutes.NextHop.IpAddress
+							}
+							if oRoutingTableIpStaticRoutes.NextHop.Fqdn != nil {
+								nestedRoutingTableIpStaticRoutes.NextHop.Fqdn = oRoutingTableIpStaticRoutes.NextHop.Fqdn
+							}
+							if oRoutingTableIpStaticRoutes.NextHop.NextVr != nil {
+								nestedRoutingTableIpStaticRoutes.NextHop.NextVr = oRoutingTableIpStaticRoutes.NextHop.NextVr
+							}
+							if oRoutingTableIpStaticRoutes.NextHop.Tunnel != nil {
+								nestedRoutingTableIpStaticRoutes.NextHop.Tunnel = oRoutingTableIpStaticRoutes.NextHop.Tunnel
+							}
+						}
+						if oRoutingTableIpStaticRoutes.AdminDist != nil {
+							nestedRoutingTableIpStaticRoutes.AdminDist = oRoutingTableIpStaticRoutes.AdminDist
+						}
+						if oRoutingTableIpStaticRoutes.Metric != nil {
+							nestedRoutingTableIpStaticRoutes.Metric = oRoutingTableIpStaticRoutes.Metric
+						}
+						if oRoutingTableIpStaticRoutes.RouteTable != nil {
+							nestedRoutingTableIpStaticRoutes.RouteTable = oRoutingTableIpStaticRoutes.RouteTable
+						}
+						nestedRoutingTable.Ip.StaticRoutes = append(nestedRoutingTable.Ip.StaticRoutes, nestedRoutingTableIpStaticRoutes)
+					}
+				}
+			}
+			if o.RoutingTable.Ipv6 != nil {
+				nestedRoutingTable.Ipv6 = &RoutingTableIpv6{}
+				if o.RoutingTable.Ipv6.Misc != nil {
+					entry.Misc["RoutingTableIpv6"] = o.RoutingTable.Ipv6.Misc
+				}
+				if o.RoutingTable.Ipv6.StaticRoutes != nil {
+					nestedRoutingTable.Ipv6.StaticRoutes = []RoutingTableIpv6StaticRoutes{}
+					for _, oRoutingTableIpv6StaticRoutes := range o.RoutingTable.Ipv6.StaticRoutes {
+						nestedRoutingTableIpv6StaticRoutes := RoutingTableIpv6StaticRoutes{}
+						if oRoutingTableIpv6StaticRoutes.Misc != nil {
+							entry.Misc["RoutingTableIpv6StaticRoutes"] = oRoutingTableIpv6StaticRoutes.Misc
+						}
+						if oRoutingTableIpv6StaticRoutes.Destination != nil {
+							nestedRoutingTableIpv6StaticRoutes.Destination = oRoutingTableIpv6StaticRoutes.Destination
+						}
+						if oRoutingTableIpv6StaticRoutes.Interface != nil {
+							nestedRoutingTableIpv6StaticRoutes.Interface = oRoutingTableIpv6StaticRoutes.Interface
+						}
+						if oRoutingTableIpv6StaticRoutes.NextHop != nil {
+							nestedRoutingTableIpv6StaticRoutes.NextHop = &RoutingTableIpv6StaticRoutesNextHop{}
+							if oRoutingTableIpv6StaticRoutes.NextHop.Misc != nil {
+								entry.Misc["RoutingTableIpv6StaticRoutesNextHop"] = oRoutingTableIpv6StaticRoutes.NextHop.Misc
+							}
+							if oRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address != nil {
+								nestedRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address = oRoutingTableIpv6StaticRoutes.NextHop.Ipv6Address
+							}
+							if oRoutingTableIpv6StaticRoutes.NextHop.Fqdn != nil {
+								nestedRoutingTableIpv6StaticRoutes.NextHop.Fqdn = oRoutingTableIpv6StaticRoutes.NextHop.Fqdn
+							}
+							if oRoutingTableIpv6StaticRoutes.NextHop.NextVr != nil {
+								nestedRoutingTableIpv6StaticRoutes.NextHop.NextVr = oRoutingTableIpv6StaticRoutes.NextHop.NextVr
+							}
+							if oRoutingTableIpv6StaticRoutes.NextHop.Tunnel != nil {
+								nestedRoutingTableIpv6StaticRoutes.NextHop.Tunnel = oRoutingTableIpv6StaticRoutes.NextHop.Tunnel
+							}
+						}
+						if oRoutingTableIpv6StaticRoutes.AdminDist != nil {
+							nestedRoutingTableIpv6StaticRoutes.AdminDist = oRoutingTableIpv6StaticRoutes.AdminDist
+						}
+						if oRoutingTableIpv6StaticRoutes.Metric != nil {
+							nestedRoutingTableIpv6StaticRoutes.Metric = oRoutingTableIpv6StaticRoutes.Metric
+						}
+						if oRoutingTableIpv6StaticRoutes.RouteTable != nil {
+							nestedRoutingTableIpv6StaticRoutes.RouteTable = oRoutingTableIpv6StaticRoutes.RouteTable
+						}
+						if oRoutingTableIpv6StaticRoutes.Name != "" {
+							nestedRoutingTableIpv6StaticRoutes.Name = oRoutingTableIpv6StaticRoutes.Name
+						}
+						nestedRoutingTable.Ipv6.StaticRoutes = append(nestedRoutingTable.Ipv6.StaticRoutes, nestedRoutingTableIpv6StaticRoutes)
+					}
+				}
+			}
+		}
+		entry.RoutingTable = nestedRoutingTable
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchAdministrativeDistances(a.AdministrativeDistances, b.AdministrativeDistances) {
+		return false
+	}
+	if !matchEcmp(a.Ecmp, b.Ecmp) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Interfaces, b.Interfaces) {
+		return false
+	}
+	if !matchProtocol(a.Protocol, b.Protocol) {
+		return false
+	}
+	if !matchRoutingTable(a.RoutingTable, b.RoutingTable) {
+		return false
+	}
+
+	return true
+}
+
+func matchRoutingTableIpStaticRoutesNextHop(a *RoutingTableIpStaticRoutesNextHop, b *RoutingTableIpStaticRoutesNextHop) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.IpAddress, b.IpAddress) {
+		return false
+	}
+	if !util.StringsMatch(a.Fqdn, b.Fqdn) {
+		return false
+	}
+	if !util.StringsMatch(a.NextVr, b.NextVr) {
+		return false
+	}
+	if !util.StringsMatch(a.Tunnel, b.Tunnel) {
+		return false
+	}
+	return true
+}
+func matchRoutingTableIpStaticRoutes(a []RoutingTableIpStaticRoutes, b []RoutingTableIpStaticRoutes) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+			if !util.StringsMatch(a.Destination, b.Destination) {
+				return false
+			}
+			if !util.StringsMatch(a.Interface, b.Interface) {
+				return false
+			}
+			if !matchRoutingTableIpStaticRoutesNextHop(a.NextHop, b.NextHop) {
+				return false
+			}
+			if !util.Ints64Match(a.AdminDist, b.AdminDist) {
+				return false
+			}
+			if !util.Ints64Match(a.Metric, b.Metric) {
+				return false
+			}
+			if !util.StringsMatch(a.RouteTable, b.RouteTable) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchRoutingTableIp(a *RoutingTableIp, b *RoutingTableIp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchRoutingTableIpStaticRoutes(a.StaticRoutes, b.StaticRoutes) {
+		return false
+	}
+	return true
+}
+func matchRoutingTableIpv6StaticRoutesNextHop(a *RoutingTableIpv6StaticRoutesNextHop, b *RoutingTableIpv6StaticRoutesNextHop) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.Ipv6Address, b.Ipv6Address) {
+		return false
+	}
+	if !util.StringsMatch(a.Fqdn, b.Fqdn) {
+		return false
+	}
+	if !util.StringsMatch(a.NextVr, b.NextVr) {
+		return false
+	}
+	if !util.StringsMatch(a.Tunnel, b.Tunnel) {
+		return false
+	}
+	return true
+}
+func matchRoutingTableIpv6StaticRoutes(a []RoutingTableIpv6StaticRoutes, b []RoutingTableIpv6StaticRoutes) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsMatch(a.RouteTable, b.RouteTable) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+			if !util.StringsMatch(a.Destination, b.Destination) {
+				return false
+			}
+			if !util.StringsMatch(a.Interface, b.Interface) {
+				return false
+			}
+			if !matchRoutingTableIpv6StaticRoutesNextHop(a.NextHop, b.NextHop) {
+				return false
+			}
+			if !util.Ints64Match(a.AdminDist, b.AdminDist) {
+				return false
+			}
+			if !util.Ints64Match(a.Metric, b.Metric) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchRoutingTableIpv6(a *RoutingTableIpv6, b *RoutingTableIpv6) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchRoutingTableIpv6StaticRoutes(a.StaticRoutes, b.StaticRoutes) {
+		return false
+	}
+	return true
+}
+func matchRoutingTable(a *RoutingTable, b *RoutingTable) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchRoutingTableIp(a.Ip, b.Ip) {
+		return false
+	}
+	if !matchRoutingTableIpv6(a.Ipv6, b.Ipv6) {
+		return false
+	}
+	return true
+}
+func matchProtocolBgp(a *ProtocolBgp, b *ProtocolBgp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	return true
+}
+func matchProtocolRip(a *ProtocolRip, b *ProtocolRip) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	return true
+}
+func matchProtocolOspf(a *ProtocolOspf, b *ProtocolOspf) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	return true
+}
+func matchProtocolOspfv3(a *ProtocolOspfv3, b *ProtocolOspfv3) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	return true
+}
+func matchProtocol(a *Protocol, b *Protocol) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchProtocolBgp(a.Bgp, b.Bgp) {
+		return false
+	}
+	if !matchProtocolRip(a.Rip, b.Rip) {
+		return false
+	}
+	if !matchProtocolOspf(a.Ospf, b.Ospf) {
+		return false
+	}
+	if !matchProtocolOspfv3(a.Ospfv3, b.Ospfv3) {
+		return false
+	}
+	return true
+}
+func matchEcmpAlgorithmWeightedRoundRobinInterfaces(a []EcmpAlgorithmWeightedRoundRobinInterfaces, b []EcmpAlgorithmWeightedRoundRobinInterfaces) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.Ints64Match(a.Weight, b.Weight) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchEcmpAlgorithmWeightedRoundRobin(a *EcmpAlgorithmWeightedRoundRobin, b *EcmpAlgorithmWeightedRoundRobin) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchEcmpAlgorithmWeightedRoundRobinInterfaces(a.Interfaces, b.Interfaces) {
+		return false
+	}
+	return true
+}
+func matchEcmpAlgorithmBalancedRoundRobin(a *EcmpAlgorithmBalancedRoundRobin, b *EcmpAlgorithmBalancedRoundRobin) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	return true
+}
+func matchEcmpAlgorithmIpModulo(a *EcmpAlgorithmIpModulo, b *EcmpAlgorithmIpModulo) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	return true
+}
+func matchEcmpAlgorithmIpHash(a *EcmpAlgorithmIpHash, b *EcmpAlgorithmIpHash) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.SrcOnly, b.SrcOnly) {
+		return false
+	}
+	if !util.BoolsMatch(a.UsePort, b.UsePort) {
+		return false
+	}
+	if !util.Ints64Match(a.HashSeed, b.HashSeed) {
+		return false
+	}
+	return true
+}
+func matchEcmpAlgorithm(a *EcmpAlgorithm, b *EcmpAlgorithm) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchEcmpAlgorithmIpModulo(a.IpModulo, b.IpModulo) {
+		return false
+	}
+	if !matchEcmpAlgorithmIpHash(a.IpHash, b.IpHash) {
+		return false
+	}
+	if !matchEcmpAlgorithmWeightedRoundRobin(a.WeightedRoundRobin, b.WeightedRoundRobin) {
+		return false
+	}
+	if !matchEcmpAlgorithmBalancedRoundRobin(a.BalancedRoundRobin, b.BalancedRoundRobin) {
+		return false
+	}
+	return true
+}
+func matchEcmp(a *Ecmp, b *Ecmp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.StrictSourcePath, b.StrictSourcePath) {
+		return false
+	}
+	if !util.Ints64Match(a.MaxPaths, b.MaxPaths) {
+		return false
+	}
+	if !matchEcmpAlgorithm(a.Algorithm, b.Algorithm) {
+		return false
+	}
+	if !util.BoolsMatch(a.Enable, b.Enable) {
+		return false
+	}
+	if !util.BoolsMatch(a.SymmetricReturn, b.SymmetricReturn) {
+		return false
+	}
+	return true
+}
+func matchAdministrativeDistances(a *AdministrativeDistances, b *AdministrativeDistances) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.OspfExt, b.OspfExt) {
+		return false
+	}
+	if !util.Ints64Match(a.Ospfv3Int, b.Ospfv3Int) {
+		return false
+	}
+	if !util.Ints64Match(a.Ospfv3Ext, b.Ospfv3Ext) {
+		return false
+	}
+	if !util.Ints64Match(a.Ibgp, b.Ibgp) {
+		return false
+	}
+	if !util.Ints64Match(a.Ebgp, b.Ebgp) {
+		return false
+	}
+	if !util.Ints64Match(a.Rip, b.Rip) {
+		return false
+	}
+	if !util.Ints64Match(a.StaticIpv6, b.StaticIpv6) {
+		return false
+	}
+	if !util.Ints64Match(a.OspfInt, b.OspfInt) {
+		return false
+	}
+	if !util.Ints64Match(a.Static, b.Static) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/network/virtual_router/interfaces.go b/network/virtual_router/interfaces.go
new file mode 100644
index 00000000..c133d65e
--- /dev/null
+++ b/network/virtual_router/interfaces.go
@@ -0,0 +1,7 @@
+package virtual_router
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/network/virtual_router/location.go b/network/virtual_router/location.go
new file mode 100644
index 00000000..613ea738
--- /dev/null
+++ b/network/virtual_router/location.go
@@ -0,0 +1,187 @@
+package virtual_router
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Ngfw          *NgfwLocation          `json:"ngfw,omitempty"`
+	Template      *TemplateLocation      `json:"template,omitempty"`
+	TemplateStack *TemplateStackLocation `json:"template_stack,omitempty"`
+}
+
+type NgfwLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+}
+
+func NewNgfwLocation() *Location {
+	return &Location{Ngfw: &NgfwLocation{
+		NgfwDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Ngfw != nil:
+		if o.Ngfw.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Ngfw.NgfwDevice}),
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/network/virtual_router/service.go b/network/virtual_router/service.go
new file mode 100644
index 00000000..ef35a2f3
--- /dev/null
+++ b/network/virtual_router/service.go
@@ -0,0 +1,281 @@
+package virtual_router
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/network/zone/entry.go b/network/zone/entry.go
new file mode 100644
index 00000000..bf9f8e5c
--- /dev/null
+++ b/network/zone/entry.go
@@ -0,0 +1,355 @@
+package zone
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"zone"}
+)
+
+type Entry struct {
+	Name                       string
+	DeviceAcl                  *DeviceAcl
+	EnableDeviceIdentification *bool
+	EnableUserIdentification   *bool
+	Network                    *Network
+	UserAcl                    *UserAcl
+
+	Misc map[string][]generic.Xml
+}
+
+type DeviceAcl struct {
+	ExcludeList []string
+	IncludeList []string
+}
+type Network struct {
+	EnablePacketBufferProtection *bool
+	LogSetting                   []string
+	ZoneProtectionProfile        []string
+	Layer2                       []string
+	Layer3                       []string
+	Tap                          []string
+	VirtualWire                  []string
+}
+type UserAcl struct {
+	ExcludeList []string
+	IncludeList []string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName                    xml.Name      `xml:"entry"`
+	Name                       string        `xml:"name,attr"`
+	DeviceAcl                  *DeviceAclXml `xml:"device-acl,omitempty"`
+	EnableDeviceIdentification *string       `xml:"enable-device-identification,omitempty"`
+	EnableUserIdentification   *string       `xml:"enable-user-identification,omitempty"`
+	Network                    *NetworkXml   `xml:"network,omitempty"`
+	UserAcl                    *UserAclXml   `xml:"user-acl,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type DeviceAclXml struct {
+	ExcludeList *util.MemberType `xml:"exclude-list,omitempty"`
+	IncludeList *util.MemberType `xml:"include-list,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type NetworkXml struct {
+	EnablePacketBufferProtection *string          `xml:"enable-packet-buffer-protection,omitempty"`
+	LogSetting                   *util.MemberType `xml:"log-setting,omitempty"`
+	ZoneProtectionProfile        *util.MemberType `xml:"zone-protection-profile,omitempty"`
+	Layer2                       *util.MemberType `xml:"layer2,omitempty"`
+	Layer3                       *util.MemberType `xml:"layer3,omitempty"`
+	Tap                          *util.MemberType `xml:"tap,omitempty"`
+	VirtualWire                  *util.MemberType `xml:"virtual-wire,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type UserAclXml struct {
+	ExcludeList *util.MemberType `xml:"exclude-list,omitempty"`
+	IncludeList *util.MemberType `xml:"include-list,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "device_acl" || v == "DeviceAcl" {
+		return e.DeviceAcl, nil
+	}
+	if v == "enable_device_identification" || v == "EnableDeviceIdentification" {
+		return e.EnableDeviceIdentification, nil
+	}
+	if v == "enable_user_identification" || v == "EnableUserIdentification" {
+		return e.EnableUserIdentification, nil
+	}
+	if v == "network" || v == "Network" {
+		return e.Network, nil
+	}
+	if v == "user_acl" || v == "UserAcl" {
+		return e.UserAcl, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	var nestedDeviceAcl *DeviceAclXml
+	if o.DeviceAcl != nil {
+		nestedDeviceAcl = &DeviceAclXml{}
+		if _, ok := o.Misc["DeviceAcl"]; ok {
+			nestedDeviceAcl.Misc = o.Misc["DeviceAcl"]
+		}
+		if o.DeviceAcl.IncludeList != nil {
+			nestedDeviceAcl.IncludeList = util.StrToMem(o.DeviceAcl.IncludeList)
+		}
+		if o.DeviceAcl.ExcludeList != nil {
+			nestedDeviceAcl.ExcludeList = util.StrToMem(o.DeviceAcl.ExcludeList)
+		}
+	}
+	entry.DeviceAcl = nestedDeviceAcl
+
+	entry.EnableDeviceIdentification = util.YesNo(o.EnableDeviceIdentification, nil)
+	entry.EnableUserIdentification = util.YesNo(o.EnableUserIdentification, nil)
+	var nestedNetwork *NetworkXml
+	if o.Network != nil {
+		nestedNetwork = &NetworkXml{}
+		if _, ok := o.Misc["Network"]; ok {
+			nestedNetwork.Misc = o.Misc["Network"]
+		}
+		if o.Network.EnablePacketBufferProtection != nil {
+			nestedNetwork.EnablePacketBufferProtection = util.YesNo(o.Network.EnablePacketBufferProtection, nil)
+		}
+		if o.Network.ZoneProtectionProfile != nil {
+			nestedNetwork.ZoneProtectionProfile = util.StrToMem(o.Network.ZoneProtectionProfile)
+		}
+		if o.Network.LogSetting != nil {
+			nestedNetwork.LogSetting = util.StrToMem(o.Network.LogSetting)
+		}
+		if o.Network.Layer3 != nil {
+			nestedNetwork.Layer3 = util.StrToMem(o.Network.Layer3)
+		}
+		if o.Network.Layer2 != nil {
+			nestedNetwork.Layer2 = util.StrToMem(o.Network.Layer2)
+		}
+		if o.Network.VirtualWire != nil {
+			nestedNetwork.VirtualWire = util.StrToMem(o.Network.VirtualWire)
+		}
+		if o.Network.Tap != nil {
+			nestedNetwork.Tap = util.StrToMem(o.Network.Tap)
+		}
+	}
+	entry.Network = nestedNetwork
+
+	var nestedUserAcl *UserAclXml
+	if o.UserAcl != nil {
+		nestedUserAcl = &UserAclXml{}
+		if _, ok := o.Misc["UserAcl"]; ok {
+			nestedUserAcl.Misc = o.Misc["UserAcl"]
+		}
+		if o.UserAcl.IncludeList != nil {
+			nestedUserAcl.IncludeList = util.StrToMem(o.UserAcl.IncludeList)
+		}
+		if o.UserAcl.ExcludeList != nil {
+			nestedUserAcl.ExcludeList = util.StrToMem(o.UserAcl.ExcludeList)
+		}
+	}
+	entry.UserAcl = nestedUserAcl
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		var nestedDeviceAcl *DeviceAcl
+		if o.DeviceAcl != nil {
+			nestedDeviceAcl = &DeviceAcl{}
+			if o.DeviceAcl.Misc != nil {
+				entry.Misc["DeviceAcl"] = o.DeviceAcl.Misc
+			}
+			if o.DeviceAcl.IncludeList != nil {
+				nestedDeviceAcl.IncludeList = util.MemToStr(o.DeviceAcl.IncludeList)
+			}
+			if o.DeviceAcl.ExcludeList != nil {
+				nestedDeviceAcl.ExcludeList = util.MemToStr(o.DeviceAcl.ExcludeList)
+			}
+		}
+		entry.DeviceAcl = nestedDeviceAcl
+
+		entry.EnableDeviceIdentification = util.AsBool(o.EnableDeviceIdentification, nil)
+		entry.EnableUserIdentification = util.AsBool(o.EnableUserIdentification, nil)
+		var nestedNetwork *Network
+		if o.Network != nil {
+			nestedNetwork = &Network{}
+			if o.Network.Misc != nil {
+				entry.Misc["Network"] = o.Network.Misc
+			}
+			if o.Network.EnablePacketBufferProtection != nil {
+				nestedNetwork.EnablePacketBufferProtection = util.AsBool(o.Network.EnablePacketBufferProtection, nil)
+			}
+			if o.Network.ZoneProtectionProfile != nil {
+				nestedNetwork.ZoneProtectionProfile = util.MemToStr(o.Network.ZoneProtectionProfile)
+			}
+			if o.Network.LogSetting != nil {
+				nestedNetwork.LogSetting = util.MemToStr(o.Network.LogSetting)
+			}
+			if o.Network.Layer3 != nil {
+				nestedNetwork.Layer3 = util.MemToStr(o.Network.Layer3)
+			}
+			if o.Network.Layer2 != nil {
+				nestedNetwork.Layer2 = util.MemToStr(o.Network.Layer2)
+			}
+			if o.Network.VirtualWire != nil {
+				nestedNetwork.VirtualWire = util.MemToStr(o.Network.VirtualWire)
+			}
+			if o.Network.Tap != nil {
+				nestedNetwork.Tap = util.MemToStr(o.Network.Tap)
+			}
+		}
+		entry.Network = nestedNetwork
+
+		var nestedUserAcl *UserAcl
+		if o.UserAcl != nil {
+			nestedUserAcl = &UserAcl{}
+			if o.UserAcl.Misc != nil {
+				entry.Misc["UserAcl"] = o.UserAcl.Misc
+			}
+			if o.UserAcl.IncludeList != nil {
+				nestedUserAcl.IncludeList = util.MemToStr(o.UserAcl.IncludeList)
+			}
+			if o.UserAcl.ExcludeList != nil {
+				nestedUserAcl.ExcludeList = util.MemToStr(o.UserAcl.ExcludeList)
+			}
+		}
+		entry.UserAcl = nestedUserAcl
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchDeviceAcl(a.DeviceAcl, b.DeviceAcl) {
+		return false
+	}
+	if !util.BoolsMatch(a.EnableDeviceIdentification, b.EnableDeviceIdentification) {
+		return false
+	}
+	if !util.BoolsMatch(a.EnableUserIdentification, b.EnableUserIdentification) {
+		return false
+	}
+	if !matchNetwork(a.Network, b.Network) {
+		return false
+	}
+	if !matchUserAcl(a.UserAcl, b.UserAcl) {
+		return false
+	}
+
+	return true
+}
+
+func matchDeviceAcl(a *DeviceAcl, b *DeviceAcl) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.OrderedListsMatch(a.IncludeList, b.IncludeList) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.ExcludeList, b.ExcludeList) {
+		return false
+	}
+	return true
+}
+func matchNetwork(a *Network, b *Network) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.BoolsMatch(a.EnablePacketBufferProtection, b.EnablePacketBufferProtection) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.ZoneProtectionProfile, b.ZoneProtectionProfile) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.LogSetting, b.LogSetting) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Layer3, b.Layer3) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Layer2, b.Layer2) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.VirtualWire, b.VirtualWire) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tap, b.Tap) {
+		return false
+	}
+	return true
+}
+func matchUserAcl(a *UserAcl, b *UserAcl) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.OrderedListsMatch(a.IncludeList, b.IncludeList) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.ExcludeList, b.ExcludeList) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/network/zone/interfaces.go b/network/zone/interfaces.go
new file mode 100644
index 00000000..8228a035
--- /dev/null
+++ b/network/zone/interfaces.go
@@ -0,0 +1,7 @@
+package zone
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/network/zone/location.go b/network/zone/location.go
new file mode 100644
index 00000000..3d1ca60b
--- /dev/null
+++ b/network/zone/location.go
@@ -0,0 +1,243 @@
+package zone
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	FromPanoramaVsys *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Template         *TemplateLocation         `json:"template,omitempty"`
+	TemplateStack    *TemplateStackLocation    `json:"template_stack,omitempty"`
+	Vsys             *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type TemplateLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+	Vsys           string `json:"vsys"`
+}
+
+type TemplateStackLocation struct {
+	NgfwDevice     string `json:"ngfw_device"`
+	PanoramaDevice string `json:"panorama_device"`
+	TemplateStack  string `json:"template_stack"`
+	Vsys           string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+		Vsys:           "vsys1",
+	},
+	}
+}
+func NewTemplateStackLocation() *Location {
+	return &Location{TemplateStack: &TemplateStackLocation{
+		NgfwDevice:     "localhost.localdomain",
+		PanoramaDevice: "localhost.localdomain",
+		TemplateStack:  "",
+		Vsys:           "vsys1",
+	},
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		if o.Template.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return fmt.Errorf("TemplateStack is unspecified")
+		}
+		if o.TemplateStack.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Template != nil:
+		if o.Template.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		if o.Template.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Template.Vsys}),
+		}
+	case o.TemplateStack != nil:
+		if o.TemplateStack.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.TemplateStack.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.TemplateStack.TemplateStack == "" {
+			return nil, fmt.Errorf("TemplateStack is unspecified")
+		}
+		if o.TemplateStack.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.PanoramaDevice}),
+			"template-stack",
+			util.AsEntryXpath([]string{o.TemplateStack.TemplateStack}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.TemplateStack.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.TemplateStack.Vsys}),
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/network/zone/service.go b/network/zone/service.go
new file mode 100644
index 00000000..2af5928b
--- /dev/null
+++ b/network/zone/service.go
@@ -0,0 +1,281 @@
+package zone
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/objects/address/entry.go b/objects/address/entry.go
index 17a763ac..9ac30dae 100644
--- a/objects/address/entry.go
+++ b/objects/address/entry.go
@@ -1,130 +1,156 @@
 package address
 
 import (
-    "fmt"
-    "encoding/xml"
+	"encoding/xml"
+	"fmt"
 
-    "github.com/PaloAltoNetworks/pango/generic"
-    "github.com/PaloAltoNetworks/pango/util"
-    "github.com/PaloAltoNetworks/pango/version"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
 )
 
 var (
-    Suffix = []string{"address"}
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"address"}
 )
 
 type Entry struct {
-    Name string
-    Description *string
-    Tags []string // ordered
-    IpNetmask *string
-    IpRange *string
-    Fqdn *string
-    IpWildcard *string // PAN-OS 9.0
-
-    Misc map[string] []generic.Xml
+	Name        string
+	Description *string
+	Tags        []string
+	Fqdn        *string
+	IpNetmask   *string
+	IpRange     *string
+	IpWildcard  *string
+
+	Misc map[string][]generic.Xml
 }
 
-func (e *Entry) CopyMiscFrom(v *Entry) {
-    if v == nil || len(v.Misc) == 0 {
-        return
-    }
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
 
-    e.Misc = make(map[string] []generic.Xml)
-    for key := range v.Misc {
-        e.Misc[key] = append([]generic.Xml(nil), v.Misc[key]...)
-    }
+type entryXml struct {
+	XMLName     xml.Name         `xml:"entry"`
+	Name        string           `xml:"name,attr"`
+	Description *string          `xml:"description,omitempty"`
+	Tags        *util.MemberType `xml:"tag,omitempty"`
+	Fqdn        *string          `xml:"fqdn,omitempty"`
+	IpNetmask   *string          `xml:"ip-netmask,omitempty"`
+	IpRange     *string          `xml:"ip-range,omitempty"`
+	IpWildcard  *string          `xml:"ip-wildcard,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
 }
 
-func Versioning(vn version.Number) (Specifier, Normalizer, error) {
-    return Entry1Specify, &Entry1Container{}, nil
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "tags" || v == "Tags" {
+		return e.Tags, nil
+	}
+	if v == "tags|LENGTH" || v == "Tags|LENGTH" {
+		return int64(len(e.Tags)), nil
+	}
+	if v == "fqdn" || v == "Fqdn" {
+		return e.Fqdn, nil
+	}
+	if v == "ip_netmask" || v == "IpNetmask" {
+		return e.IpNetmask, nil
+	}
+	if v == "ip_range" || v == "IpRange" {
+		return e.IpRange, nil
+	}
+	if v == "ip_wildcard" || v == "IpWildcard" {
+		return e.IpWildcard, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
 }
 
-func Entry1Specify(o Entry) (any, error) {
-    ans := Entry1{}
-    ans.Name = o.Name
-    ans.Description = o.Description
-    ans.Tags = util.StrToMem(o.Tags)
-    ans.IpNetmask = o.IpNetmask
-    ans.IpRange = o.IpRange
-    ans.Fqdn = o.Fqdn
-    ans.IpWildcard = o.IpWildcard
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
 
-    ans.Misc = o.Misc[fmt.Sprintf("%s\n%s", "Entry", o.Name)]
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
 
-    return ans, nil
-}
+	entry.Name = o.Name
+	entry.Description = o.Description
+	entry.Tags = util.StrToMem(o.Tags)
+	entry.Fqdn = o.Fqdn
+	entry.IpNetmask = o.IpNetmask
+	entry.IpRange = o.IpRange
+	entry.IpWildcard = o.IpWildcard
 
-type Entry1Container struct {
-    Answer []Entry1 `xml:"entry"`
-}
+	entry.Misc = o.Misc["Entry"]
 
-func (c *Entry1Container) Normalize() ([]Entry, error) {
-    ans := make([]Entry, 0, len(c.Answer))
-    for _, var0 := range c.Answer {
-        var1 := Entry{
-            Misc: make(map[string] []generic.Xml),
-        }
-        var1.Name = var0.Name
-        var1.Description = var0.Description
-        var1.IpNetmask = var0.IpNetmask
-        var1.IpRange = var0.IpRange
-        var1.Fqdn = var0.Fqdn
-        var1.IpWildcard = var0.IpWildcard
-
-        var1.Misc[fmt.Sprintf("%s\n%s", "Entry", var0.Name)] = var0.Misc
-
-        ans = append(ans, var1)
-    }
-
-    return ans, nil
+	return entry, nil
 }
-
-type Entry1 struct {
-    XMLName xml.Name `xml:"entry"`
-    Name string `xml:"name,attr"`
-    IpNetmask *string `xml:"ip-netmask"`
-    IpRange *string `xml:"ip-range"`
-    Fqdn *string `xml:"fqdn"`
-    IpWildcard *string `xml:"ip-wildcard"`
-    Description *string `xml:"description,omitempty"`
-    Tags *util.MemberType `xml:"tag"`
-
-    Misc []generic.Xml `xml:",any"`
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		entry.Tags = util.MemToStr(o.Tags)
+		entry.Fqdn = o.Fqdn
+		entry.IpNetmask = o.IpNetmask
+		entry.IpRange = o.IpRange
+		entry.IpWildcard = o.IpWildcard
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
 }
 
 func SpecMatches(a, b *Entry) bool {
-    if a == nil && b != nil || a != nil && b == nil {
-        return false
-    } else if a == nil && b == nil {
-        return true
-    }
-
-    // Don't compare Name.
-
-    if !util.OptionalStringsMatch(a.Description, b.Description) {
-        return false
-    }
-
-    if !util.OrderedListsMatch(a.Tags, b.Tags) {
-        return false
-    }
-
-    if !util.OptionalStringsMatch(a.IpNetmask, b.IpNetmask) {
-        return false
-    }
-
-    if !util.OptionalStringsMatch(a.IpRange, b.IpRange) {
-        return false
-    }
-
-    if !util.OptionalStringsMatch(a.Fqdn, b.Fqdn) {
-        return false
-    }
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tags, b.Tags) {
+		return false
+	}
+	if !util.StringsMatch(a.Fqdn, b.Fqdn) {
+		return false
+	}
+	if !util.StringsMatch(a.IpNetmask, b.IpNetmask) {
+		return false
+	}
+	if !util.StringsMatch(a.IpRange, b.IpRange) {
+		return false
+	}
+	if !util.StringsMatch(a.IpWildcard, b.IpWildcard) {
+		return false
+	}
+
+	return true
+}
 
-    if !util.OptionalStringsMatch(a.IpWildcard, b.IpWildcard) {
-        return false
-    }
+func (o *Entry) EntryName() string {
+	return o.Name
+}
 
-    return true
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
 }
diff --git a/objects/address/group/entry.go b/objects/address/group/entry.go
new file mode 100644
index 00000000..813f1df4
--- /dev/null
+++ b/objects/address/group/entry.go
@@ -0,0 +1,136 @@
+package group
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"address-group"}
+)
+
+type Entry struct {
+	Name        string
+	Description *string
+	Tags        []string
+	Dynamic     *string
+	Static      []string
+
+	Misc map[string][]generic.Xml
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName     xml.Name         `xml:"entry"`
+	Name        string           `xml:"name,attr"`
+	Description *string          `xml:"description,omitempty"`
+	Tags        *util.MemberType `xml:"tag,omitempty"`
+	Dynamic     *string          `xml:"dynamic>filter,omitempty"`
+	Static      *util.MemberType `xml:"static,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "tags" || v == "Tags" {
+		return e.Tags, nil
+	}
+	if v == "tags|LENGTH" || v == "Tags|LENGTH" {
+		return int64(len(e.Tags)), nil
+	}
+	if v == "dynamic" || v == "Dynamic" {
+		return e.Dynamic, nil
+	}
+	if v == "static" || v == "Static" {
+		return e.Static, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Description = o.Description
+	entry.Tags = util.StrToMem(o.Tags)
+	entry.Dynamic = o.Dynamic
+	entry.Static = util.StrToMem(o.Static)
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		entry.Tags = util.MemToStr(o.Tags)
+		entry.Dynamic = o.Dynamic
+		entry.Static = util.MemToStr(o.Static)
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tags, b.Tags) {
+		return false
+	}
+	if !util.StringsMatch(a.Dynamic, b.Dynamic) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Static, b.Static) {
+		return false
+	}
+
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/objects/address/group/interfaces.go b/objects/address/group/interfaces.go
new file mode 100644
index 00000000..463f1bed
--- /dev/null
+++ b/objects/address/group/interfaces.go
@@ -0,0 +1,7 @@
+package group
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/objects/address/group/location.go b/objects/address/group/location.go
new file mode 100644
index 00000000..204884e9
--- /dev/null
+++ b/objects/address/group/location.go
@@ -0,0 +1,188 @@
+package group
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/objects/address/group/service.go b/objects/address/group/service.go
new file mode 100644
index 00000000..ed586c7c
--- /dev/null
+++ b/objects/address/group/service.go
@@ -0,0 +1,281 @@
+package group
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/objects/address/interfaces.go b/objects/address/interfaces.go
index e8b9eab0..7abde91e 100644
--- a/objects/address/interfaces.go
+++ b/objects/address/interfaces.go
@@ -1,7 +1,7 @@
 package address
 
-type Specifier func(Entry) (any, error)
+type Specifier func(*Entry) (any, error)
 
 type Normalizer interface {
-    Normalize() ([]Entry, error)
+	Normalize() ([]*Entry, error)
 }
diff --git a/objects/address/location.go b/objects/address/location.go
index 20bd7857..4c95d355 100644
--- a/objects/address/location.go
+++ b/objects/address/location.go
@@ -1,117 +1,188 @@
 package address
 
 import (
-    "fmt"
+	"fmt"
 
-    "github.com/PaloAltoNetworks/pango/errors"
-    "github.com/PaloAltoNetworks/pango/util"
-    "github.com/PaloAltoNetworks/pango/version"
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
 )
 
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
 type Location struct {
-    Shared bool `json:"shared"`
-    Vsys *VsysLocation `json:"vsys,omitempty"`
-    DeviceGroup *DeviceGroupLocation `json:"device_group,omitempty"`
-    FromPanorama bool `json:"from_panorama"`
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
 }
 
-func (o Location) IsValid() error {
-    count := 0
-
-    if o.Shared {
-        count++
-    }
-
-    if o.Vsys != nil {
-        if o.Vsys.Name == "" {
-            return fmt.Errorf("vsys.name is unspecified")
-        }
-        if o.Vsys.NgfwDevice == "" {
-            return fmt.Errorf("vsys.ngfw_device is unspecified")
-        }
-        count++
-    }
-
-    if o.DeviceGroup != nil {
-        if o.DeviceGroup.Name == "" {
-            return fmt.Errorf("device_group.name is unspecified")
-        }
-        if o.DeviceGroup.PanoramaDevice == "" {
-            return fmt.Errorf("device_group.panorama_device is unspecified")
-        }
-        count++
-    }
-
-    if o.FromPanorama {
-        count++
-    }
-
-    if count == 0 {
-        return fmt.Errorf("no path specified")
-    }
-
-    if count > 1 {
-        return fmt.Errorf("multiple paths specified: only one should be specified")
-    }
-
-    return nil
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
 }
 
-func (o Location) Xpath(vn version.Number, name string) ([]string, error) {
-    var ans []string
-
-    switch {
-    case o.Shared:
-        ans = []string{
-            "config",
-            "shared",
-        }
-    case o.Vsys != nil:
-        if o.Vsys.NgfwDevice == "" {
-            return nil, fmt.Errorf("NgfwDevice is unspecified")
-        }
-        if o.Vsys.Name == "" {
-            return nil, fmt.Errorf("Name is unspecified")
-        }
-        ans = []string{
-            "config",
-            "devices",
-            util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
-            "vsys",
-            util.AsEntryXpath([]string{o.Vsys.Name}),
-        }
-    case o.DeviceGroup != nil:
-        if o.DeviceGroup.PanoramaDevice == "" {
-            return nil, fmt.Errorf("PanoramaDevice is unspecified")
-        }
-        if o.DeviceGroup.Name == "" {
-            return nil, fmt.Errorf("Name is unspecified")
-        }
-        ans = []string{
-            "config",
-            "devices",
-            util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
-            "device-group",
-            util.AsEntryXpath([]string{o.DeviceGroup.Name}),
-        }
-    case o.FromPanorama:
-        ans = []string{"config", "panorama"}
-    default:
-        return nil, errors.NoLocationSpecifiedError
-    }
-
-    ans = append(ans, Suffix...)
-    ans = append(ans, util.AsEntryXpath([]string{name}))
-
-    return ans, nil
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
 }
 
 type VsysLocation struct {
-    NgfwDevice string `json:"ngfw_device"`
-    Name string `json:"name"`
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
 }
 
-type DeviceGroupLocation struct {
-    PanoramaDevice string `json:"panorama_device"`
-    Name string `json:"name"`
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
 }
diff --git a/objects/address/service.go b/objects/address/service.go
index 73bce697..23b0ea66 100644
--- a/objects/address/service.go
+++ b/objects/address/service.go
@@ -1,344 +1,281 @@
 package address
 
 import (
-    "context"
-    "fmt"
+	"context"
+	"fmt"
 
-    "github.com/PaloAltoNetworks/pango/errors"
-    "github.com/PaloAltoNetworks/pango/xmlapi"
-    "github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
 )
 
 type Service struct {
-    client util.PangoClient
+	client util.PangoClient
 }
 
 func NewService(client util.PangoClient) *Service {
-    return &Service{
-        client: client,
-    }
+	return &Service{
+		client: client,
+	}
 }
 
-// Create creates the given config object.
-func (s *Service) Create(ctx context.Context, loc Location, entry Entry) (*Entry, error) {
-    if entry.Name == "" {
-        return nil, errors.NameNotSpecifiedError
-    }
-
-    vn := s.client.Versioning()
-
-    // Get versioning stuff.
-    specifier, _, err := Versioning(vn)
-    if err != nil {
-        return nil, err
-    }
-
-    // Get the xpath.
-    path, err := loc.Xpath(vn, entry.Name)
-    if err != nil {
-        return nil, err
-    }
-
-    createSpec, err := specifier(entry)
-    if err != nil {
-        return nil, err
-    }
-
-    cmd := &xmlapi.Config{
-        Action: "set",
-        Xpath: util.AsXpath(path[:len(path)-1]),
-        Element: createSpec,
-        Target: s.client.GetTarget(),
-    }
-
-    // Perform the set.
-    if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
-        return nil, err
-    }
-
-    // Return the Read results.
-    return s.Read(ctx, loc, entry.Name, "get")
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
 }
 
-// Read returns the given config object, using the specified action.
-//
-// Param action should be either "get" or "show".
+// Read returns the given config object, using the specified action ("get" or "show").
 func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
-    if name == "" {
-        return nil, errors.NameNotSpecifiedError
-    }
-
-    vn := s.client.Versioning()
-    _, normalizer, err := Versioning(vn)
-    if err != nil {
-        return nil, err
-    }
-
-    path, err := loc.Xpath(vn, name)
-    if err != nil {
-        return nil, err
-    }
-
-    cmd := &xmlapi.Config{
-        Action: action,
-        Xpath: util.AsXpath(path),
-        Target: s.client.GetTarget(),
-    }
-
-    if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
-        return nil, err
-    }
-
-    list, err := normalizer.Normalize()
-    if err != nil {
-        return nil, err
-    } else if len(list) != 1 {
-        return nil, fmt.Errorf("expected to 'get' 1 entry, got %d", len(list))
-    }
-
-    return &list[0], nil
+	return s.read(ctx, loc, name, action, false)
 }
 
-// Update updates the given config object, then returns the result.
-func (s *Service) Update(ctx context.Context, loc Location, entry Entry, oldName string) (*Entry, error) {
-    if entry.Name == "" {
-        return nil, errors.NameNotSpecifiedError
-    }
-
-    vn := s.client.Versioning()
-    updates := xmlapi.NewMultiConfig(2)
-    specifier, _, err := Versioning(vn)
-    if err != nil {
-        return nil, err
-    }
-
-    // Get the old config.
-    var old *Entry
-    if oldName != "" && oldName != entry.Name {
-        // Action needed: rename.
-        path, err := loc.Xpath(vn, oldName)
-        if err != nil {
-            return nil, err
-        }
-
-        old, err = s.Read(ctx, loc, oldName, "get")
-
-        updates.Add(&xmlapi.Config{
-            Action: "rename",
-            Xpath: util.AsXpath(path),
-            NewName: entry.Name,
-        })
-    } else {
-        old, err = s.Read(ctx, loc, entry.Name, "get")
-    }
-    if err != nil {
-        return nil, err
-    }
-
-    if !SpecMatches(&entry, old) {
-        // Action needed: edit.
-        path, err := loc.Xpath(vn, entry.Name)
-        if err != nil {
-            return nil, err
-        }
-
-        // Copy over the misc stuff.
-        entry.CopyMiscFrom(old)
-
-        updateSpec, err := specifier(entry)
-        if err != nil {
-            return nil, err
-        }
-
-        updates.Add(&xmlapi.Config{
-            Action: "edit",
-            Xpath: util.AsXpath(path),
-            Element: updateSpec,
-        })
-    }
-
-    // Do the updates we've built up.
-    if len(updates.Operations) != 0 {
-        if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
-            return nil, err
-        }
-    }
-
-    // Return the read results.
-    return s.Read(ctx, loc, entry.Name, "get")
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
 }
 
-// Delete deletes the given item.
-func (s *Service) Delete(ctx context.Context, loc Location, name string) error {
-    if name == "" {
-        return errors.NameNotSpecifiedError
-    }
-
-    vn := s.client.Versioning()
-
-    path, err := loc.Xpath(vn, name)
-    if err != nil {
-        return err
-    }
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
 
-    cmd := &xmlapi.Config{
-        Action: "delete",
-        Xpath: util.AsXpath(path),
-        Target: s.client.GetTarget(),
-    }
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
 
-    _, _, err = s.client.Communicate(ctx, cmd, false, nil)
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
 
-    return err
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
 }
 
-// List returns a list of service objects using the given action.
-//
-// Param action should be either "get" or "show".
-//
-// (TODO) Param filter is a client side filter for objects returned.
-func (s *Service) List(ctx context.Context, loc Location, action, filter string) ([]Entry, error) {
-    vn := s.client.Versioning()
-
-    _, normalizer, err := Versioning(vn)
-    if err != nil {
-        return nil, err
-    }
-
-    path, err := loc.Xpath(vn, "")
-    if err != nil {
-        return nil, err
-    }
-
-    cmd := &xmlapi.Config{
-        Action: action,
-        Xpath: util.AsXpath(path),
-        Target: s.client.GetTarget(),
-    }
-
-    if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
-        return nil, err
-    }
-
-    return normalizer.Normalize()
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
 }
 
-// ConfigureGroup performs all necessary set / edit / delete commands to ensure that the
-// objects are configured as specified.
-func (s *Service) ConfigureGroup(ctx context.Context, loc Location, entries []Entry, prevNames []string) ([]Entry, error) {
-    var err error
-
-    vn := s.client.Versioning()
-    updates := xmlapi.NewMultiConfig(len(prevNames) + len(entries))
-    specifier, _, err := Versioning(vn)
-    if err != nil {
-        return nil, err
-    }
-
-    curObjs, err := s.List(ctx, loc, "get", "")
-    if err != nil {
-        return nil, err
-    }
-
-    //unfound := make([]Entry, 0, len(entries))
-
-    // Determine set vs edit for desired objects.
-    for _, entry := range entries {
-        var found bool
-        for _, live := range curObjs {
-            if entry.Name == live.Name {
-                found = true
-                if !SpecMatches(&entry, &live) {
-                    path, err := loc.Xpath(vn, entry.Name)
-                    if err != nil {
-                        return nil, err
-                    }
-
-                    // Copy over the misc stuff.
-                    entry.CopyMiscFrom(&live)
-
-                    elm, err := specifier(entry)
-                    if err != nil {
-                        return nil, err
-                    }
-
-                    updates.Add(&xmlapi.Config{
-                        Action: "edit",
-                        Xpath: util.AsXpath(path),
-                        Element: elm,
-                    })
-                }
-                break
-            }
-        }
-
-        if !found {
-            path, err := loc.Xpath(vn, entry.Name)
-            if err != nil {
-                return nil, err
-            }
-
-            elm, err := specifier(entry)
-            if err != nil {
-                return nil, err
-            }
-
-            updates.Add(&xmlapi.Config{
-                Action: "set",
-                Xpath: util.AsXpath(path),
-                Element: elm,
-            })
-        }
-    }
-
-    // Determine which old objects need to be removed.
-    if len(prevNames) != 0 {
-        for _, name := range prevNames {
-            var found bool
-            for _, entry := range entries {
-                if entry.Name == name {
-                    found = true
-                    break
-                }
-            }
-
-            if !found {
-                path, err := loc.Xpath(vn, name)
-                if err != nil {
-                    return nil, err
-                }
-
-                updates.Add(&xmlapi.Config{
-                    Action: "delete",
-                    Xpath: util.AsXpath(path),
-                })
-            }
-        }
-    }
-
-    // Perform the multi-config if there was stuff to do.
-    if len(updates.Operations) != 0 {
-        if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
-            return nil, err
-        }
-    }
-
-    // Get the live version of the entries passed in.
-    curObjs, err = s.List(ctx, loc, "get", "")
-    if err != nil {
-        return nil, err
-    }
-
-    ans := make([]Entry, 0, len(entries))
-    for _, entry := range entries {
-        for _, live := range curObjs {
-            if entry.Name == live.Name {
-                ans = append(ans, live)
-                break
-            }
-        }
-    }
-
-    // Done.
-    return ans, nil
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
 }
diff --git a/objects/profiles/entry.go b/objects/profiles/entry.go
new file mode 100644
index 00000000..fff04b5c
--- /dev/null
+++ b/objects/profiles/entry.go
@@ -0,0 +1,136 @@
+package profiles
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"custom-url-category"}
+)
+
+type Entry struct {
+	Name            string
+	Description     *string
+	DisableOverride *bool
+	List            []string
+	Type            *string
+
+	Misc map[string][]generic.Xml
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName         xml.Name         `xml:"entry"`
+	Name            string           `xml:"name,attr"`
+	Description     *string          `xml:"description,omitempty"`
+	DisableOverride *string          `xml:"disable-override,omitempty"`
+	List            *util.MemberType `xml:"list,omitempty"`
+	Type            *string          `xml:"type,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "disable_override" || v == "DisableOverride" {
+		return e.DisableOverride, nil
+	}
+	if v == "list" || v == "List" {
+		return e.List, nil
+	}
+	if v == "list|LENGTH" || v == "List|LENGTH" {
+		return int64(len(e.List)), nil
+	}
+	if v == "type" || v == "Type" {
+		return e.Type, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Description = o.Description
+	entry.DisableOverride = util.YesNo(o.DisableOverride, nil)
+	entry.List = util.StrToMem(o.List)
+	entry.Type = o.Type
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		entry.DisableOverride = util.AsBool(o.DisableOverride, nil)
+		entry.List = util.MemToStr(o.List)
+		entry.Type = o.Type
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.BoolsMatch(a.DisableOverride, b.DisableOverride) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.List, b.List) {
+		return false
+	}
+	if !util.StringsMatch(a.Type, b.Type) {
+		return false
+	}
+
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/objects/profiles/interfaces.go b/objects/profiles/interfaces.go
new file mode 100644
index 00000000..f896f9b2
--- /dev/null
+++ b/objects/profiles/interfaces.go
@@ -0,0 +1,7 @@
+package profiles
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/objects/profiles/location.go b/objects/profiles/location.go
new file mode 100644
index 00000000..0942a233
--- /dev/null
+++ b/objects/profiles/location.go
@@ -0,0 +1,193 @@
+package profiles
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+			"profiles",
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+			"profiles",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+			"profiles",
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+			"profiles",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+			"profiles",
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/objects/profiles/service.go b/objects/profiles/service.go
new file mode 100644
index 00000000..90e5581b
--- /dev/null
+++ b/objects/profiles/service.go
@@ -0,0 +1,281 @@
+package profiles
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/objects/service/entry.go b/objects/service/entry.go
new file mode 100644
index 00000000..a1a50bc3
--- /dev/null
+++ b/objects/service/entry.go
@@ -0,0 +1,413 @@
+package service
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"service"}
+)
+
+type Entry struct {
+	Name        string
+	Description *string
+	Protocol    *Protocol
+	Tags        []string
+
+	Misc map[string][]generic.Xml
+}
+
+type Protocol struct {
+	Tcp *ProtocolTcp
+	Udp *ProtocolUdp
+}
+type ProtocolTcp struct {
+	DestinationPort *int64
+	Override        *ProtocolTcpOverride
+	SourcePort      *int64
+}
+type ProtocolTcpOverride struct {
+	HalfcloseTimeout *int64
+	Timeout          *int64
+	TimewaitTimeout  *int64
+}
+type ProtocolUdp struct {
+	DestinationPort *int64
+	Override        *ProtocolUdpOverride
+	SourcePort      *int64
+}
+type ProtocolUdpOverride struct {
+	No  *string
+	Yes *ProtocolUdpOverrideYes
+}
+type ProtocolUdpOverrideYes struct {
+	Timeout *int64
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName     xml.Name         `xml:"entry"`
+	Name        string           `xml:"name,attr"`
+	Description *string          `xml:"description,omitempty"`
+	Protocol    *ProtocolXml     `xml:"protocol,omitempty"`
+	Tags        *util.MemberType `xml:"tag,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type ProtocolXml struct {
+	Tcp *ProtocolTcpXml `xml:"tcp,omitempty"`
+	Udp *ProtocolUdpXml `xml:"udp,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolTcpXml struct {
+	DestinationPort *int64                  `xml:"port,omitempty"`
+	Override        *ProtocolTcpOverrideXml `xml:"override>yes,omitempty"`
+	SourcePort      *int64                  `xml:"source-port,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolTcpOverrideXml struct {
+	HalfcloseTimeout *int64 `xml:"halfclose-timeout,omitempty"`
+	Timeout          *int64 `xml:"timeout,omitempty"`
+	TimewaitTimeout  *int64 `xml:"timewait-timeout,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolUdpXml struct {
+	DestinationPort *int64                  `xml:"port,omitempty"`
+	Override        *ProtocolUdpOverrideXml `xml:"override,omitempty"`
+	SourcePort      *int64                  `xml:"source-port,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolUdpOverrideXml struct {
+	No  *string                    `xml:"no,omitempty"`
+	Yes *ProtocolUdpOverrideYesXml `xml:"yes,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProtocolUdpOverrideYesXml struct {
+	Timeout *int64 `xml:"timeout,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "protocol" || v == "Protocol" {
+		return e.Protocol, nil
+	}
+	if v == "tags" || v == "Tags" {
+		return e.Tags, nil
+	}
+	if v == "tags|LENGTH" || v == "Tags|LENGTH" {
+		return int64(len(e.Tags)), nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Description = o.Description
+	var nestedProtocol *ProtocolXml
+	if o.Protocol != nil {
+		nestedProtocol = &ProtocolXml{}
+		if _, ok := o.Misc["Protocol"]; ok {
+			nestedProtocol.Misc = o.Misc["Protocol"]
+		}
+		if o.Protocol.Tcp != nil {
+			nestedProtocol.Tcp = &ProtocolTcpXml{}
+			if _, ok := o.Misc["ProtocolTcp"]; ok {
+				nestedProtocol.Tcp.Misc = o.Misc["ProtocolTcp"]
+			}
+			if o.Protocol.Tcp.DestinationPort != nil {
+				nestedProtocol.Tcp.DestinationPort = o.Protocol.Tcp.DestinationPort
+			}
+			if o.Protocol.Tcp.SourcePort != nil {
+				nestedProtocol.Tcp.SourcePort = o.Protocol.Tcp.SourcePort
+			}
+			if o.Protocol.Tcp.Override != nil {
+				nestedProtocol.Tcp.Override = &ProtocolTcpOverrideXml{}
+				if _, ok := o.Misc["ProtocolTcpOverride"]; ok {
+					nestedProtocol.Tcp.Override.Misc = o.Misc["ProtocolTcpOverride"]
+				}
+				if o.Protocol.Tcp.Override.Timeout != nil {
+					nestedProtocol.Tcp.Override.Timeout = o.Protocol.Tcp.Override.Timeout
+				}
+				if o.Protocol.Tcp.Override.HalfcloseTimeout != nil {
+					nestedProtocol.Tcp.Override.HalfcloseTimeout = o.Protocol.Tcp.Override.HalfcloseTimeout
+				}
+				if o.Protocol.Tcp.Override.TimewaitTimeout != nil {
+					nestedProtocol.Tcp.Override.TimewaitTimeout = o.Protocol.Tcp.Override.TimewaitTimeout
+				}
+			}
+		}
+		if o.Protocol.Udp != nil {
+			nestedProtocol.Udp = &ProtocolUdpXml{}
+			if _, ok := o.Misc["ProtocolUdp"]; ok {
+				nestedProtocol.Udp.Misc = o.Misc["ProtocolUdp"]
+			}
+			if o.Protocol.Udp.DestinationPort != nil {
+				nestedProtocol.Udp.DestinationPort = o.Protocol.Udp.DestinationPort
+			}
+			if o.Protocol.Udp.SourcePort != nil {
+				nestedProtocol.Udp.SourcePort = o.Protocol.Udp.SourcePort
+			}
+			if o.Protocol.Udp.Override != nil {
+				nestedProtocol.Udp.Override = &ProtocolUdpOverrideXml{}
+				if _, ok := o.Misc["ProtocolUdpOverride"]; ok {
+					nestedProtocol.Udp.Override.Misc = o.Misc["ProtocolUdpOverride"]
+				}
+				if o.Protocol.Udp.Override.Yes != nil {
+					nestedProtocol.Udp.Override.Yes = &ProtocolUdpOverrideYesXml{}
+					if _, ok := o.Misc["ProtocolUdpOverrideYes"]; ok {
+						nestedProtocol.Udp.Override.Yes.Misc = o.Misc["ProtocolUdpOverrideYes"]
+					}
+					if o.Protocol.Udp.Override.Yes.Timeout != nil {
+						nestedProtocol.Udp.Override.Yes.Timeout = o.Protocol.Udp.Override.Yes.Timeout
+					}
+				}
+				if o.Protocol.Udp.Override.No != nil {
+					nestedProtocol.Udp.Override.No = o.Protocol.Udp.Override.No
+				}
+			}
+		}
+	}
+	entry.Protocol = nestedProtocol
+
+	entry.Tags = util.StrToMem(o.Tags)
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		var nestedProtocol *Protocol
+		if o.Protocol != nil {
+			nestedProtocol = &Protocol{}
+			if o.Protocol.Misc != nil {
+				entry.Misc["Protocol"] = o.Protocol.Misc
+			}
+			if o.Protocol.Udp != nil {
+				nestedProtocol.Udp = &ProtocolUdp{}
+				if o.Protocol.Udp.Misc != nil {
+					entry.Misc["ProtocolUdp"] = o.Protocol.Udp.Misc
+				}
+				if o.Protocol.Udp.DestinationPort != nil {
+					nestedProtocol.Udp.DestinationPort = o.Protocol.Udp.DestinationPort
+				}
+				if o.Protocol.Udp.SourcePort != nil {
+					nestedProtocol.Udp.SourcePort = o.Protocol.Udp.SourcePort
+				}
+				if o.Protocol.Udp.Override != nil {
+					nestedProtocol.Udp.Override = &ProtocolUdpOverride{}
+					if o.Protocol.Udp.Override.Misc != nil {
+						entry.Misc["ProtocolUdpOverride"] = o.Protocol.Udp.Override.Misc
+					}
+					if o.Protocol.Udp.Override.Yes != nil {
+						nestedProtocol.Udp.Override.Yes = &ProtocolUdpOverrideYes{}
+						if o.Protocol.Udp.Override.Yes.Misc != nil {
+							entry.Misc["ProtocolUdpOverrideYes"] = o.Protocol.Udp.Override.Yes.Misc
+						}
+						if o.Protocol.Udp.Override.Yes.Timeout != nil {
+							nestedProtocol.Udp.Override.Yes.Timeout = o.Protocol.Udp.Override.Yes.Timeout
+						}
+					}
+					if o.Protocol.Udp.Override.No != nil {
+						nestedProtocol.Udp.Override.No = o.Protocol.Udp.Override.No
+					}
+				}
+			}
+			if o.Protocol.Tcp != nil {
+				nestedProtocol.Tcp = &ProtocolTcp{}
+				if o.Protocol.Tcp.Misc != nil {
+					entry.Misc["ProtocolTcp"] = o.Protocol.Tcp.Misc
+				}
+				if o.Protocol.Tcp.DestinationPort != nil {
+					nestedProtocol.Tcp.DestinationPort = o.Protocol.Tcp.DestinationPort
+				}
+				if o.Protocol.Tcp.SourcePort != nil {
+					nestedProtocol.Tcp.SourcePort = o.Protocol.Tcp.SourcePort
+				}
+				if o.Protocol.Tcp.Override != nil {
+					nestedProtocol.Tcp.Override = &ProtocolTcpOverride{}
+					if o.Protocol.Tcp.Override.Misc != nil {
+						entry.Misc["ProtocolTcpOverride"] = o.Protocol.Tcp.Override.Misc
+					}
+					if o.Protocol.Tcp.Override.Timeout != nil {
+						nestedProtocol.Tcp.Override.Timeout = o.Protocol.Tcp.Override.Timeout
+					}
+					if o.Protocol.Tcp.Override.HalfcloseTimeout != nil {
+						nestedProtocol.Tcp.Override.HalfcloseTimeout = o.Protocol.Tcp.Override.HalfcloseTimeout
+					}
+					if o.Protocol.Tcp.Override.TimewaitTimeout != nil {
+						nestedProtocol.Tcp.Override.TimewaitTimeout = o.Protocol.Tcp.Override.TimewaitTimeout
+					}
+				}
+			}
+		}
+		entry.Protocol = nestedProtocol
+
+		entry.Tags = util.MemToStr(o.Tags)
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !matchProtocol(a.Protocol, b.Protocol) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tags, b.Tags) {
+		return false
+	}
+
+	return true
+}
+
+func matchProtocolTcpOverride(a *ProtocolTcpOverride, b *ProtocolTcpOverride) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.Timeout, b.Timeout) {
+		return false
+	}
+	if !util.Ints64Match(a.HalfcloseTimeout, b.HalfcloseTimeout) {
+		return false
+	}
+	if !util.Ints64Match(a.TimewaitTimeout, b.TimewaitTimeout) {
+		return false
+	}
+	return true
+}
+func matchProtocolTcp(a *ProtocolTcp, b *ProtocolTcp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.DestinationPort, b.DestinationPort) {
+		return false
+	}
+	if !util.Ints64Match(a.SourcePort, b.SourcePort) {
+		return false
+	}
+	if !matchProtocolTcpOverride(a.Override, b.Override) {
+		return false
+	}
+	return true
+}
+func matchProtocolUdpOverrideYes(a *ProtocolUdpOverrideYes, b *ProtocolUdpOverrideYes) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.Ints64Match(a.Timeout, b.Timeout) {
+		return false
+	}
+	return true
+}
+func matchProtocolUdpOverride(a *ProtocolUdpOverride, b *ProtocolUdpOverride) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchProtocolUdpOverrideYes(a.Yes, b.Yes) {
+		return false
+	}
+	if !util.StringsMatch(a.No, b.No) {
+		return false
+	}
+	return true
+}
+func matchProtocolUdp(a *ProtocolUdp, b *ProtocolUdp) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchProtocolUdpOverride(a.Override, b.Override) {
+		return false
+	}
+	if !util.Ints64Match(a.DestinationPort, b.DestinationPort) {
+		return false
+	}
+	if !util.Ints64Match(a.SourcePort, b.SourcePort) {
+		return false
+	}
+	return true
+}
+func matchProtocol(a *Protocol, b *Protocol) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchProtocolTcp(a.Tcp, b.Tcp) {
+		return false
+	}
+	if !matchProtocolUdp(a.Udp, b.Udp) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/objects/service/group/entry.go b/objects/service/group/entry.go
new file mode 100644
index 00000000..58d2faaf
--- /dev/null
+++ b/objects/service/group/entry.go
@@ -0,0 +1,129 @@
+package group
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"service-group"}
+)
+
+type Entry struct {
+	Name        string
+	Description *string
+	Members     []string
+	Tags        []string
+
+	Misc map[string][]generic.Xml
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName     xml.Name         `xml:"entry"`
+	Name        string           `xml:"name,attr"`
+	Description *string          `xml:"description,omitempty"`
+	Members     *util.MemberType `xml:"members,omitempty"`
+	Tags        *util.MemberType `xml:"tag,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "members" || v == "Members" {
+		return e.Members, nil
+	}
+	if v == "members|LENGTH" || v == "Members|LENGTH" {
+		return int64(len(e.Members)), nil
+	}
+	if v == "tags" || v == "Tags" {
+		return e.Tags, nil
+	}
+	if v == "tags|LENGTH" || v == "Tags|LENGTH" {
+		return int64(len(e.Tags)), nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Description = o.Description
+	entry.Members = util.StrToMem(o.Members)
+	entry.Tags = util.StrToMem(o.Tags)
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		entry.Members = util.MemToStr(o.Members)
+		entry.Tags = util.MemToStr(o.Tags)
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Members, b.Members) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tags, b.Tags) {
+		return false
+	}
+
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/objects/service/group/interfaces.go b/objects/service/group/interfaces.go
new file mode 100644
index 00000000..463f1bed
--- /dev/null
+++ b/objects/service/group/interfaces.go
@@ -0,0 +1,7 @@
+package group
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/objects/service/group/location.go b/objects/service/group/location.go
new file mode 100644
index 00000000..204884e9
--- /dev/null
+++ b/objects/service/group/location.go
@@ -0,0 +1,188 @@
+package group
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/objects/service/group/service.go b/objects/service/group/service.go
new file mode 100644
index 00000000..ed586c7c
--- /dev/null
+++ b/objects/service/group/service.go
@@ -0,0 +1,281 @@
+package group
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/objects/service/interfaces.go b/objects/service/interfaces.go
new file mode 100644
index 00000000..7ae6bdce
--- /dev/null
+++ b/objects/service/interfaces.go
@@ -0,0 +1,7 @@
+package service
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/objects/service/location.go b/objects/service/location.go
new file mode 100644
index 00000000..6e29a18c
--- /dev/null
+++ b/objects/service/location.go
@@ -0,0 +1,188 @@
+package service
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/objects/service/service.go b/objects/service/service.go
new file mode 100644
index 00000000..42a62348
--- /dev/null
+++ b/objects/service/service.go
@@ -0,0 +1,281 @@
+package service
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/objects/tag/entry.go b/objects/tag/entry.go
new file mode 100644
index 00000000..51d888ca
--- /dev/null
+++ b/objects/tag/entry.go
@@ -0,0 +1,156 @@
+package tag
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"tag"}
+)
+
+type Entry struct {
+	Name     string
+	Color    *string
+	Comments *string
+
+	Misc map[string][]generic.Xml
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName  xml.Name `xml:"entry"`
+	Name     string   `xml:"name,attr"`
+	Color    *string  `xml:"color,omitempty"`
+	Comments *string  `xml:"comments,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+const (
+	ColorAzureBlue     = "color24"
+	ColorBlack         = "color14"
+	ColorBlueGray      = "color12"
+	ColorBlueViolet    = "color30"
+	ColorBrown         = "color16"
+	ColorBurntSienna   = "color41"
+	ColorCeruleanBlue  = "color25"
+	ColorChestnut      = "color42"
+	ColorCobaltBlue    = "color28"
+	ColorCopper        = "color4"
+	ColorCyan          = "color9"
+	ColorForestGreen   = "color22"
+	ColorGold          = "color15"
+	ColorGray          = "color7"
+	ColorGreen         = "color2"
+	ColorLavender      = "color33"
+	ColorLightGray     = "color10"
+	ColorLightGreen    = "color8"
+	ColorLime          = "color13"
+	ColorMagenta       = "color38"
+	ColorMahogany      = "color40"
+	ColorMaroon        = "color19"
+	ColorMediumBlue    = "color27"
+	ColorMediumRose    = "color32"
+	ColorMediumViolet  = "color31"
+	ColorMidnightBlue  = "color26"
+	ColorOlive         = "color17"
+	ColorOrange        = "color5"
+	ColorOrchid        = "color34"
+	ColorPeach         = "color36"
+	ColorPurple        = "color6"
+	ColorRed           = "color1"
+	ColorRedViolet     = "color39"
+	ColorRedOrange     = "color20"
+	ColorSalmon        = "color37"
+	ColorThistle       = "color35"
+	ColorTurquoiseBlue = "color23"
+	ColorVioletBlue    = "color29"
+	ColorYellow        = "color3"
+	ColorYellowOrange  = "color21"
+)
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "color" || v == "Color" {
+		return e.Color, nil
+	}
+	if v == "comments" || v == "Comments" {
+		return e.Comments, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Color = o.Color
+	entry.Comments = o.Comments
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Color = o.Color
+		entry.Comments = o.Comments
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Color, b.Color) {
+		return false
+	}
+	if !util.StringsMatch(a.Comments, b.Comments) {
+		return false
+	}
+
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/objects/tag/interfaces.go b/objects/tag/interfaces.go
new file mode 100644
index 00000000..a4a515bf
--- /dev/null
+++ b/objects/tag/interfaces.go
@@ -0,0 +1,7 @@
+package tag
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/objects/tag/location.go b/objects/tag/location.go
new file mode 100644
index 00000000..ac2ff827
--- /dev/null
+++ b/objects/tag/location.go
@@ -0,0 +1,188 @@
+package tag
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup        *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaShared bool                      `json:"from_panorama_shared"`
+	FromPanoramaVsys   *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared             bool                      `json:"shared"`
+	Vsys               *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{
+		Shared: true,
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	case o.FromPanoramaShared:
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared:
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+		}
+	case o.FromPanoramaShared:
+		ans = []string{
+			"config",
+			"panorama",
+			"shared",
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+		}
+	case o.Shared:
+		ans = []string{
+			"config",
+			"shared",
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/objects/tag/service.go b/objects/tag/service.go
new file mode 100644
index 00000000..1398eed4
--- /dev/null
+++ b/objects/tag/service.go
@@ -0,0 +1,281 @@
+package tag
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/pango_suite_test.go b/pango_suite_test.go
new file mode 100644
index 00000000..2d9f1b0e
--- /dev/null
+++ b/pango_suite_test.go
@@ -0,0 +1,15 @@
+package pango_test
+
+import (
+	"log/slog"
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestPango(t *testing.T) {
+	slog.SetDefault(slog.New(slog.NewTextHandler(GinkgoWriter, &slog.HandlerOptions{Level: slog.LevelDebug})))
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Pango Suite")
+}
diff --git a/panorama/device_group/entry.go b/panorama/device_group/entry.go
new file mode 100644
index 00000000..5bf9765f
--- /dev/null
+++ b/panorama/device_group/entry.go
@@ -0,0 +1,207 @@
+package device_group
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"device-group"}
+)
+
+type Entry struct {
+	Name              string
+	AuthorizationCode *string
+	Description       *string
+	Devices           []Devices
+	Templates         []string
+
+	Misc map[string][]generic.Xml
+}
+
+type Devices struct {
+	Name string
+	Vsys []string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName           xml.Name         `xml:"entry"`
+	Name              string           `xml:"name,attr"`
+	AuthorizationCode *string          `xml:"authorization-code,omitempty"`
+	Description       *string          `xml:"description,omitempty"`
+	Devices           []DevicesXml     `xml:"devices>entry,omitempty"`
+	Templates         *util.MemberType `xml:"reference-templates,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type DevicesXml struct {
+	XMLName xml.Name         `xml:"entry"`
+	Name    string           `xml:"name,attr"`
+	Vsys    *util.MemberType `xml:"vsys,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "authorization_code" || v == "AuthorizationCode" {
+		return e.AuthorizationCode, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "devices" || v == "Devices" {
+		return e.Devices, nil
+	}
+	if v == "devices|LENGTH" || v == "Devices|LENGTH" {
+		return int64(len(e.Devices)), nil
+	}
+	if v == "templates" || v == "Templates" {
+		return e.Templates, nil
+	}
+	if v == "templates|LENGTH" || v == "Templates|LENGTH" {
+		return int64(len(e.Templates)), nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.AuthorizationCode = o.AuthorizationCode
+	entry.Description = o.Description
+	var nestedDevicesCol []DevicesXml
+	if o.Devices != nil {
+		nestedDevicesCol = []DevicesXml{}
+		for _, oDevices := range o.Devices {
+			nestedDevices := DevicesXml{}
+			if _, ok := o.Misc["Devices"]; ok {
+				nestedDevices.Misc = o.Misc["Devices"]
+			}
+			if oDevices.Vsys != nil {
+				nestedDevices.Vsys = util.StrToMem(oDevices.Vsys)
+			}
+			if oDevices.Name != "" {
+				nestedDevices.Name = oDevices.Name
+			}
+			nestedDevicesCol = append(nestedDevicesCol, nestedDevices)
+		}
+		entry.Devices = nestedDevicesCol
+	}
+
+	entry.Templates = util.StrToMem(o.Templates)
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.AuthorizationCode = o.AuthorizationCode
+		entry.Description = o.Description
+		var nestedDevicesCol []Devices
+		if o.Devices != nil {
+			nestedDevicesCol = []Devices{}
+			for _, oDevices := range o.Devices {
+				nestedDevices := Devices{}
+				if oDevices.Misc != nil {
+					entry.Misc["Devices"] = oDevices.Misc
+				}
+				if oDevices.Vsys != nil {
+					nestedDevices.Vsys = util.MemToStr(oDevices.Vsys)
+				}
+				if oDevices.Name != "" {
+					nestedDevices.Name = oDevices.Name
+				}
+				nestedDevicesCol = append(nestedDevicesCol, nestedDevices)
+			}
+			entry.Devices = nestedDevicesCol
+		}
+
+		entry.Templates = util.MemToStr(o.Templates)
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.AuthorizationCode, b.AuthorizationCode) {
+		return false
+	}
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !matchDevices(a.Devices, b.Devices) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Templates, b.Templates) {
+		return false
+	}
+
+	return true
+}
+
+func matchDevices(a []Devices, b []Devices) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.OrderedListsMatch(a.Vsys, b.Vsys) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/panorama/device_group/interfaces.go b/panorama/device_group/interfaces.go
new file mode 100644
index 00000000..c7693d4b
--- /dev/null
+++ b/panorama/device_group/interfaces.go
@@ -0,0 +1,7 @@
+package device_group
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/panorama/device_group/location.go b/panorama/device_group/location.go
new file mode 100644
index 00000000..c17ea3b7
--- /dev/null
+++ b/panorama/device_group/location.go
@@ -0,0 +1,95 @@
+package device_group
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Panorama *PanoramaLocation `json:"panorama,omitempty"`
+}
+
+type PanoramaLocation struct {
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+func NewPanoramaLocation() *Location {
+	return &Location{Panorama: &PanoramaLocation{
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Panorama.PanoramaDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/panorama/device_group/service.go b/panorama/device_group/service.go
new file mode 100644
index 00000000..aafca6aa
--- /dev/null
+++ b/panorama/device_group/service.go
@@ -0,0 +1,281 @@
+package device_group
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/panorama/template/entry.go b/panorama/template/entry.go
new file mode 100644
index 00000000..97a9cede
--- /dev/null
+++ b/panorama/template/entry.go
@@ -0,0 +1,339 @@
+package template
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"template"}
+)
+
+type Entry struct {
+	Name        string
+	Config      *Config
+	DefaultVsys *string
+	Description *string
+
+	Misc map[string][]generic.Xml
+}
+
+type Config struct {
+	Devices []ConfigDevices
+}
+type ConfigDevices struct {
+	Name string
+	Vsys []ConfigDevicesVsys
+}
+type ConfigDevicesVsys struct {
+	Import *ConfigDevicesVsysImport
+	Name   string
+}
+type ConfigDevicesVsysImport struct {
+	Network *ConfigDevicesVsysImportNetwork
+}
+type ConfigDevicesVsysImportNetwork struct {
+	Interfaces []string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName     xml.Name   `xml:"entry"`
+	Name        string     `xml:"name,attr"`
+	Config      *ConfigXml `xml:"config,omitempty"`
+	DefaultVsys *string    `xml:"settings>default-vsys,omitempty"`
+	Description *string    `xml:"description,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type ConfigXml struct {
+	Devices []ConfigDevicesXml `xml:"devices>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ConfigDevicesXml struct {
+	XMLName xml.Name               `xml:"entry"`
+	Name    string                 `xml:"name,attr"`
+	Vsys    []ConfigDevicesVsysXml `xml:"vsys>entry,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ConfigDevicesVsysXml struct {
+	Import  *ConfigDevicesVsysImportXml `xml:"import,omitempty"`
+	XMLName xml.Name                    `xml:"entry"`
+	Name    string                      `xml:"name,attr"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ConfigDevicesVsysImportXml struct {
+	Network *ConfigDevicesVsysImportNetworkXml `xml:"network,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ConfigDevicesVsysImportNetworkXml struct {
+	Interfaces *util.MemberType `xml:"interface,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "config" || v == "Config" {
+		return e.Config, nil
+	}
+	if v == "default_vsys" || v == "DefaultVsys" {
+		return e.DefaultVsys, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	var nestedConfig *ConfigXml
+	if o.Config != nil {
+		nestedConfig = &ConfigXml{}
+		if _, ok := o.Misc["Config"]; ok {
+			nestedConfig.Misc = o.Misc["Config"]
+		}
+		if o.Config.Devices != nil {
+			nestedConfig.Devices = []ConfigDevicesXml{}
+			for _, oConfigDevices := range o.Config.Devices {
+				nestedConfigDevices := ConfigDevicesXml{}
+				if _, ok := o.Misc["ConfigDevices"]; ok {
+					nestedConfigDevices.Misc = o.Misc["ConfigDevices"]
+				}
+				if oConfigDevices.Name != "" {
+					nestedConfigDevices.Name = oConfigDevices.Name
+				}
+				if oConfigDevices.Vsys != nil {
+					nestedConfigDevices.Vsys = []ConfigDevicesVsysXml{}
+					for _, oConfigDevicesVsys := range oConfigDevices.Vsys {
+						nestedConfigDevicesVsys := ConfigDevicesVsysXml{}
+						if _, ok := o.Misc["ConfigDevicesVsys"]; ok {
+							nestedConfigDevicesVsys.Misc = o.Misc["ConfigDevicesVsys"]
+						}
+						if oConfigDevicesVsys.Import != nil {
+							nestedConfigDevicesVsys.Import = &ConfigDevicesVsysImportXml{}
+							if _, ok := o.Misc["ConfigDevicesVsysImport"]; ok {
+								nestedConfigDevicesVsys.Import.Misc = o.Misc["ConfigDevicesVsysImport"]
+							}
+							if oConfigDevicesVsys.Import.Network != nil {
+								nestedConfigDevicesVsys.Import.Network = &ConfigDevicesVsysImportNetworkXml{}
+								if _, ok := o.Misc["ConfigDevicesVsysImportNetwork"]; ok {
+									nestedConfigDevicesVsys.Import.Network.Misc = o.Misc["ConfigDevicesVsysImportNetwork"]
+								}
+								if oConfigDevicesVsys.Import.Network.Interfaces != nil {
+									nestedConfigDevicesVsys.Import.Network.Interfaces = util.StrToMem(oConfigDevicesVsys.Import.Network.Interfaces)
+								}
+							}
+						}
+						if oConfigDevicesVsys.Name != "" {
+							nestedConfigDevicesVsys.Name = oConfigDevicesVsys.Name
+						}
+						nestedConfigDevices.Vsys = append(nestedConfigDevices.Vsys, nestedConfigDevicesVsys)
+					}
+				}
+				nestedConfig.Devices = append(nestedConfig.Devices, nestedConfigDevices)
+			}
+		}
+	}
+	entry.Config = nestedConfig
+
+	entry.DefaultVsys = o.DefaultVsys
+	entry.Description = o.Description
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		var nestedConfig *Config
+		if o.Config != nil {
+			nestedConfig = &Config{}
+			if o.Config.Misc != nil {
+				entry.Misc["Config"] = o.Config.Misc
+			}
+			if o.Config.Devices != nil {
+				nestedConfig.Devices = []ConfigDevices{}
+				for _, oConfigDevices := range o.Config.Devices {
+					nestedConfigDevices := ConfigDevices{}
+					if oConfigDevices.Misc != nil {
+						entry.Misc["ConfigDevices"] = oConfigDevices.Misc
+					}
+					if oConfigDevices.Vsys != nil {
+						nestedConfigDevices.Vsys = []ConfigDevicesVsys{}
+						for _, oConfigDevicesVsys := range oConfigDevices.Vsys {
+							nestedConfigDevicesVsys := ConfigDevicesVsys{}
+							if oConfigDevicesVsys.Misc != nil {
+								entry.Misc["ConfigDevicesVsys"] = oConfigDevicesVsys.Misc
+							}
+							if oConfigDevicesVsys.Name != "" {
+								nestedConfigDevicesVsys.Name = oConfigDevicesVsys.Name
+							}
+							if oConfigDevicesVsys.Import != nil {
+								nestedConfigDevicesVsys.Import = &ConfigDevicesVsysImport{}
+								if oConfigDevicesVsys.Import.Misc != nil {
+									entry.Misc["ConfigDevicesVsysImport"] = oConfigDevicesVsys.Import.Misc
+								}
+								if oConfigDevicesVsys.Import.Network != nil {
+									nestedConfigDevicesVsys.Import.Network = &ConfigDevicesVsysImportNetwork{}
+									if oConfigDevicesVsys.Import.Network.Misc != nil {
+										entry.Misc["ConfigDevicesVsysImportNetwork"] = oConfigDevicesVsys.Import.Network.Misc
+									}
+									if oConfigDevicesVsys.Import.Network.Interfaces != nil {
+										nestedConfigDevicesVsys.Import.Network.Interfaces = util.MemToStr(oConfigDevicesVsys.Import.Network.Interfaces)
+									}
+								}
+							}
+							nestedConfigDevices.Vsys = append(nestedConfigDevices.Vsys, nestedConfigDevicesVsys)
+						}
+					}
+					if oConfigDevices.Name != "" {
+						nestedConfigDevices.Name = oConfigDevices.Name
+					}
+					nestedConfig.Devices = append(nestedConfig.Devices, nestedConfigDevices)
+				}
+			}
+		}
+		entry.Config = nestedConfig
+
+		entry.DefaultVsys = o.DefaultVsys
+		entry.Description = o.Description
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !matchConfig(a.Config, b.Config) {
+		return false
+	}
+	if !util.StringsMatch(a.DefaultVsys, b.DefaultVsys) {
+		return false
+	}
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+
+	return true
+}
+
+func matchConfigDevicesVsysImportNetwork(a *ConfigDevicesVsysImportNetwork, b *ConfigDevicesVsysImportNetwork) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.OrderedListsMatch(a.Interfaces, b.Interfaces) {
+		return false
+	}
+	return true
+}
+func matchConfigDevicesVsysImport(a *ConfigDevicesVsysImport, b *ConfigDevicesVsysImport) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchConfigDevicesVsysImportNetwork(a.Network, b.Network) {
+		return false
+	}
+	return true
+}
+func matchConfigDevicesVsys(a []ConfigDevicesVsys, b []ConfigDevicesVsys) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+			if !matchConfigDevicesVsysImport(a.Import, b.Import) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchConfigDevices(a []ConfigDevices, b []ConfigDevices) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	for _, a := range a {
+		for _, b := range b {
+			if !matchConfigDevicesVsys(a.Vsys, b.Vsys) {
+				return false
+			}
+			if !util.StringsEqual(a.Name, b.Name) {
+				return false
+			}
+		}
+	}
+	return true
+}
+func matchConfig(a *Config, b *Config) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !matchConfigDevices(a.Devices, b.Devices) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/panorama/template/interfaces.go b/panorama/template/interfaces.go
new file mode 100644
index 00000000..df099559
--- /dev/null
+++ b/panorama/template/interfaces.go
@@ -0,0 +1,7 @@
+package template
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/panorama/template/location.go b/panorama/template/location.go
new file mode 100644
index 00000000..27cdd628
--- /dev/null
+++ b/panorama/template/location.go
@@ -0,0 +1,95 @@
+package template
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Panorama *PanoramaLocation `json:"panorama,omitempty"`
+}
+
+type PanoramaLocation struct {
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+func NewPanoramaLocation() *Location {
+	return &Location{Panorama: &PanoramaLocation{
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Panorama.PanoramaDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/panorama/template/service.go b/panorama/template/service.go
new file mode 100644
index 00000000..646ebc5f
--- /dev/null
+++ b/panorama/template/service.go
@@ -0,0 +1,281 @@
+package template
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/panorama/template_stack/entry.go b/panorama/template_stack/entry.go
new file mode 100644
index 00000000..e5a38e42
--- /dev/null
+++ b/panorama/template_stack/entry.go
@@ -0,0 +1,191 @@
+package template_stack
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"template-stack"}
+)
+
+type Entry struct {
+	Name            string
+	DefaultVsys     *string
+	Description     *string
+	Devices         []string
+	Templates       []string
+	UserGroupSource *UserGroupSource
+
+	Misc map[string][]generic.Xml
+}
+
+type UserGroupSource struct {
+	MasterDevice *string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName         xml.Name            `xml:"entry"`
+	Name            string              `xml:"name,attr"`
+	DefaultVsys     *string             `xml:"settings>default-vsys,omitempty"`
+	Description     *string             `xml:"description,omitempty"`
+	Devices         *util.EntryType     `xml:"devices,omitempty"`
+	Templates       *util.MemberType    `xml:"templates,omitempty"`
+	UserGroupSource *UserGroupSourceXml `xml:"user-group-source,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type UserGroupSourceXml struct {
+	MasterDevice *string `xml:"master-device,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "default_vsys" || v == "DefaultVsys" {
+		return e.DefaultVsys, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "devices" || v == "Devices" {
+		return e.Devices, nil
+	}
+	if v == "devices|LENGTH" || v == "Devices|LENGTH" {
+		return int64(len(e.Devices)), nil
+	}
+	if v == "templates" || v == "Templates" {
+		return e.Templates, nil
+	}
+	if v == "templates|LENGTH" || v == "Templates|LENGTH" {
+		return int64(len(e.Templates)), nil
+	}
+	if v == "user_group_source" || v == "UserGroupSource" {
+		return e.UserGroupSource, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.DefaultVsys = o.DefaultVsys
+	entry.Description = o.Description
+	entry.Devices = util.StrToEnt(o.Devices)
+	entry.Templates = util.StrToMem(o.Templates)
+	var nestedUserGroupSource *UserGroupSourceXml
+	if o.UserGroupSource != nil {
+		nestedUserGroupSource = &UserGroupSourceXml{}
+		if _, ok := o.Misc["UserGroupSource"]; ok {
+			nestedUserGroupSource.Misc = o.Misc["UserGroupSource"]
+		}
+		if o.UserGroupSource.MasterDevice != nil {
+			nestedUserGroupSource.MasterDevice = o.UserGroupSource.MasterDevice
+		}
+	}
+	entry.UserGroupSource = nestedUserGroupSource
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.DefaultVsys = o.DefaultVsys
+		entry.Description = o.Description
+		entry.Devices = util.EntToStr(o.Devices)
+		entry.Templates = util.MemToStr(o.Templates)
+		var nestedUserGroupSource *UserGroupSource
+		if o.UserGroupSource != nil {
+			nestedUserGroupSource = &UserGroupSource{}
+			if o.UserGroupSource.Misc != nil {
+				entry.Misc["UserGroupSource"] = o.UserGroupSource.Misc
+			}
+			if o.UserGroupSource.MasterDevice != nil {
+				nestedUserGroupSource.MasterDevice = o.UserGroupSource.MasterDevice
+			}
+		}
+		entry.UserGroupSource = nestedUserGroupSource
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.DefaultVsys, b.DefaultVsys) {
+		return false
+	}
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Devices, b.Devices) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Templates, b.Templates) {
+		return false
+	}
+	if !matchUserGroupSource(a.UserGroupSource, b.UserGroupSource) {
+		return false
+	}
+
+	return true
+}
+
+func matchUserGroupSource(a *UserGroupSource, b *UserGroupSource) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.MasterDevice, b.MasterDevice) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/panorama/template_stack/interfaces.go b/panorama/template_stack/interfaces.go
new file mode 100644
index 00000000..1e96891a
--- /dev/null
+++ b/panorama/template_stack/interfaces.go
@@ -0,0 +1,7 @@
+package template_stack
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/panorama/template_stack/location.go b/panorama/template_stack/location.go
new file mode 100644
index 00000000..8880f36a
--- /dev/null
+++ b/panorama/template_stack/location.go
@@ -0,0 +1,95 @@
+package template_stack
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Panorama *PanoramaLocation `json:"panorama,omitempty"`
+}
+
+type PanoramaLocation struct {
+	PanoramaDevice string `json:"panorama_device"`
+}
+
+func NewPanoramaLocation() *Location {
+	return &Location{Panorama: &PanoramaLocation{
+		PanoramaDevice: "localhost.localdomain",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Panorama != nil:
+		if o.Panorama.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Panorama.PanoramaDevice}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/panorama/template_stack/service.go b/panorama/template_stack/service.go
new file mode 100644
index 00000000..0d72d663
--- /dev/null
+++ b/panorama/template_stack/service.go
@@ -0,0 +1,281 @@
+package template_stack
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/panorama/template_variable/entry.go b/panorama/template_variable/entry.go
new file mode 100644
index 00000000..1db348c9
--- /dev/null
+++ b/panorama/template_variable/entry.go
@@ -0,0 +1,265 @@
+package template_variable
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"variable"}
+)
+
+type Entry struct {
+	Name        string
+	Description *string
+	Type        *Type
+
+	Misc map[string][]generic.Xml
+}
+
+type Type struct {
+	AsNumber       *string
+	DeviceId       *string
+	DevicePriority *string
+	EgressMax      *string
+	Fqdn           *string
+	GroupId        *string
+	Interface      *string
+	IpNetmask      *string
+	IpRange        *string
+	LinkTag        *string
+	QosProfile     *string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName     xml.Name `xml:"entry"`
+	Name        string   `xml:"name,attr"`
+	Description *string  `xml:"description,omitempty"`
+	Type        *TypeXml `xml:"type,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type TypeXml struct {
+	AsNumber       *string `xml:"as-number,omitempty"`
+	DeviceId       *string `xml:"device-id,omitempty"`
+	DevicePriority *string `xml:"device-priority,omitempty"`
+	EgressMax      *string `xml:"egress-max,omitempty"`
+	Fqdn           *string `xml:"fqdn,omitempty"`
+	GroupId        *string `xml:"group-id,omitempty"`
+	Interface      *string `xml:"interface,omitempty"`
+	IpNetmask      *string `xml:"ip-netmask,omitempty"`
+	IpRange        *string `xml:"ip-range,omitempty"`
+	LinkTag        *string `xml:"link-tag,omitempty"`
+	QosProfile     *string `xml:"qos-profile,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "type" || v == "Type" {
+		return e.Type, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Description = o.Description
+	var nestedType *TypeXml
+	if o.Type != nil {
+		nestedType = &TypeXml{}
+		if _, ok := o.Misc["Type"]; ok {
+			nestedType.Misc = o.Misc["Type"]
+		}
+		if o.Type.Fqdn != nil {
+			nestedType.Fqdn = o.Type.Fqdn
+		}
+		if o.Type.DevicePriority != nil {
+			nestedType.DevicePriority = o.Type.DevicePriority
+		}
+		if o.Type.DeviceId != nil {
+			nestedType.DeviceId = o.Type.DeviceId
+		}
+		if o.Type.Interface != nil {
+			nestedType.Interface = o.Type.Interface
+		}
+		if o.Type.EgressMax != nil {
+			nestedType.EgressMax = o.Type.EgressMax
+		}
+		if o.Type.IpRange != nil {
+			nestedType.IpRange = o.Type.IpRange
+		}
+		if o.Type.GroupId != nil {
+			nestedType.GroupId = o.Type.GroupId
+		}
+		if o.Type.AsNumber != nil {
+			nestedType.AsNumber = o.Type.AsNumber
+		}
+		if o.Type.QosProfile != nil {
+			nestedType.QosProfile = o.Type.QosProfile
+		}
+		if o.Type.LinkTag != nil {
+			nestedType.LinkTag = o.Type.LinkTag
+		}
+		if o.Type.IpNetmask != nil {
+			nestedType.IpNetmask = o.Type.IpNetmask
+		}
+	}
+	entry.Type = nestedType
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Description = o.Description
+		var nestedType *Type
+		if o.Type != nil {
+			nestedType = &Type{}
+			if o.Type.Misc != nil {
+				entry.Misc["Type"] = o.Type.Misc
+			}
+			if o.Type.IpNetmask != nil {
+				nestedType.IpNetmask = o.Type.IpNetmask
+			}
+			if o.Type.GroupId != nil {
+				nestedType.GroupId = o.Type.GroupId
+			}
+			if o.Type.AsNumber != nil {
+				nestedType.AsNumber = o.Type.AsNumber
+			}
+			if o.Type.QosProfile != nil {
+				nestedType.QosProfile = o.Type.QosProfile
+			}
+			if o.Type.LinkTag != nil {
+				nestedType.LinkTag = o.Type.LinkTag
+			}
+			if o.Type.IpRange != nil {
+				nestedType.IpRange = o.Type.IpRange
+			}
+			if o.Type.Fqdn != nil {
+				nestedType.Fqdn = o.Type.Fqdn
+			}
+			if o.Type.DevicePriority != nil {
+				nestedType.DevicePriority = o.Type.DevicePriority
+			}
+			if o.Type.DeviceId != nil {
+				nestedType.DeviceId = o.Type.DeviceId
+			}
+			if o.Type.Interface != nil {
+				nestedType.Interface = o.Type.Interface
+			}
+			if o.Type.EgressMax != nil {
+				nestedType.EgressMax = o.Type.EgressMax
+			}
+		}
+		entry.Type = nestedType
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !matchType(a.Type, b.Type) {
+		return false
+	}
+
+	return true
+}
+
+func matchType(a *Type, b *Type) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.IpNetmask, b.IpNetmask) {
+		return false
+	}
+	if !util.StringsMatch(a.GroupId, b.GroupId) {
+		return false
+	}
+	if !util.StringsMatch(a.AsNumber, b.AsNumber) {
+		return false
+	}
+	if !util.StringsMatch(a.QosProfile, b.QosProfile) {
+		return false
+	}
+	if !util.StringsMatch(a.LinkTag, b.LinkTag) {
+		return false
+	}
+	if !util.StringsMatch(a.IpRange, b.IpRange) {
+		return false
+	}
+	if !util.StringsMatch(a.Fqdn, b.Fqdn) {
+		return false
+	}
+	if !util.StringsMatch(a.DevicePriority, b.DevicePriority) {
+		return false
+	}
+	if !util.StringsMatch(a.DeviceId, b.DeviceId) {
+		return false
+	}
+	if !util.StringsMatch(a.Interface, b.Interface) {
+		return false
+	}
+	if !util.StringsMatch(a.EgressMax, b.EgressMax) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
diff --git a/panorama/template_variable/interfaces.go b/panorama/template_variable/interfaces.go
new file mode 100644
index 00000000..94d24335
--- /dev/null
+++ b/panorama/template_variable/interfaces.go
@@ -0,0 +1,7 @@
+package template_variable
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/panorama/template_variable/location.go b/panorama/template_variable/location.go
new file mode 100644
index 00000000..b34ec41f
--- /dev/null
+++ b/panorama/template_variable/location.go
@@ -0,0 +1,105 @@
+package template_variable
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	Template *TemplateLocation `json:"template,omitempty"`
+}
+
+type TemplateLocation struct {
+	PanoramaDevice string `json:"panorama_device"`
+	Template       string `json:"template"`
+}
+
+func NewTemplateLocation() *Location {
+	return &Location{Template: &TemplateLocation{
+		PanoramaDevice: "localhost.localdomain",
+		Template:       "",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.Template != nil:
+		if o.Template.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return fmt.Errorf("Template is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.Template != nil:
+		if o.Template.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.Template.Template == "" {
+			return nil, fmt.Errorf("Template is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Template.PanoramaDevice}),
+			"template",
+			util.AsEntryXpath([]string{o.Template.Template}),
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/panorama/template_variable/service.go b/panorama/template_variable/service.go
new file mode 100644
index 00000000..0d6a2361
--- /dev/null
+++ b/panorama/template_variable/service.go
@@ -0,0 +1,281 @@
+package template_variable
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, usePanosConfig bool) (*Entry, error) {
+	if value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	path, err = loc.XpathWithEntryName(vn, value)
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if value != "" && value != entry.Name {
+		path, err := loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return nil, err
+		}
+
+		old, err = s.Read(ctx, loc, value, "get")
+
+		updates.Add(&xmlapi.Config{
+			Action:  "rename",
+			Xpath:   util.AsXpath(path),
+			NewName: entry.Name,
+			Target:  s.client.GetTarget(),
+		})
+	} else {
+		old, err = s.Read(ctx, loc, entry.Name, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string) error {
+	for _, value := range values {
+		if value == "" {
+			return errors.NameNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		path, err = loc.XpathWithEntryName(vn, value)
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
diff --git a/policies/rules/security/const.go b/policies/rules/security/const.go
new file mode 100644
index 00000000..802e05e8
--- /dev/null
+++ b/policies/rules/security/const.go
@@ -0,0 +1,3 @@
+package security
+
+const RuleType = "security"
diff --git a/policies/rules/security/entry.go b/policies/rules/security/entry.go
new file mode 100644
index 00000000..7f154d93
--- /dev/null
+++ b/policies/rules/security/entry.go
@@ -0,0 +1,525 @@
+package security
+
+import (
+	"encoding/xml"
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/generic"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+var (
+	_ filtering.Fielder = &Entry{}
+)
+
+var (
+	Suffix = []string{"security", "rules"}
+)
+
+type Entry struct {
+	Name                            string
+	Action                          *string
+	Applications                    []string
+	Categories                      []string
+	Description                     *string
+	DestinationAddresses            []string
+	DestinationHips                 []string
+	DestinationZones                []string
+	DisableServerResponseInspection *bool
+	Disabled                        *bool
+	IcmpUnreachable                 *bool
+	LogEnd                          *bool
+	LogSetting                      *string
+	LogStart                        *bool
+	NegateDestination               *bool
+	NegateSource                    *bool
+	ProfileSetting                  *ProfileSetting
+	RuleType                        *string
+	Services                        []string
+	SourceAddresses                 []string
+	SourceHips                      []string
+	SourceUsers                     []string
+	SourceZones                     []string
+	Tags                            []string
+	Uuid                            *string
+
+	Misc map[string][]generic.Xml
+}
+
+type ProfileSetting struct {
+	Group    *string
+	Profiles *ProfileSettingProfiles
+}
+type ProfileSettingProfiles struct {
+	DataFiltering    []string
+	FileBlocking     []string
+	Spyware          []string
+	UrlFiltering     []string
+	Virus            []string
+	Vulnerability    []string
+	WildfireAnalysis []string
+}
+
+type entryXmlContainer struct {
+	Answer []entryXml `xml:"entry"`
+}
+
+type entryXml struct {
+	XMLName                         xml.Name           `xml:"entry"`
+	Name                            string             `xml:"name,attr"`
+	Action                          *string            `xml:"action,omitempty"`
+	Applications                    *util.MemberType   `xml:"application,omitempty"`
+	Categories                      *util.MemberType   `xml:"category,omitempty"`
+	Description                     *string            `xml:"description,omitempty"`
+	DestinationAddresses            *util.MemberType   `xml:"destination,omitempty"`
+	DestinationHips                 *util.MemberType   `xml:"destination-hip,omitempty"`
+	DestinationZones                *util.MemberType   `xml:"to,omitempty"`
+	DisableServerResponseInspection *string            `xml:"option>disable-server-response-inspection,omitempty"`
+	Disabled                        *string            `xml:"disabled,omitempty"`
+	IcmpUnreachable                 *string            `xml:"icmp-unreachable,omitempty"`
+	LogEnd                          *string            `xml:"log-end,omitempty"`
+	LogSetting                      *string            `xml:"log-setting,omitempty"`
+	LogStart                        *string            `xml:"log-start,omitempty"`
+	NegateDestination               *string            `xml:"negate-destination,omitempty"`
+	NegateSource                    *string            `xml:"negate-source,omitempty"`
+	ProfileSetting                  *ProfileSettingXml `xml:"profile-setting,omitempty"`
+	RuleType                        *string            `xml:"rule-type,omitempty"`
+	Services                        *util.MemberType   `xml:"service,omitempty"`
+	SourceAddresses                 *util.MemberType   `xml:"source,omitempty"`
+	SourceHips                      *util.MemberType   `xml:"source-hip,omitempty"`
+	SourceUsers                     *util.MemberType   `xml:"source-user,omitempty"`
+	SourceZones                     *util.MemberType   `xml:"from,omitempty"`
+	Tags                            *util.MemberType   `xml:"tag,omitempty"`
+	Uuid                            *string            `xml:"uuid,attr,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+type ProfileSettingXml struct {
+	Group    *string                    `xml:"group,omitempty"`
+	Profiles *ProfileSettingProfilesXml `xml:"profiles,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+type ProfileSettingProfilesXml struct {
+	DataFiltering    *util.MemberType `xml:"data-filtering,omitempty"`
+	FileBlocking     *util.MemberType `xml:"file-blocking,omitempty"`
+	Spyware          *util.MemberType `xml:"spyware,omitempty"`
+	UrlFiltering     *util.MemberType `xml:"url-filtering,omitempty"`
+	Virus            *util.MemberType `xml:"virus,omitempty"`
+	Vulnerability    *util.MemberType `xml:"vulnerability,omitempty"`
+	WildfireAnalysis *util.MemberType `xml:"wildfire-analysis,omitempty"`
+
+	Misc []generic.Xml `xml:",any"`
+}
+
+func (e *Entry) Field(v string) (any, error) {
+	if v == "name" || v == "Name" {
+		return e.Name, nil
+	}
+	if v == "action" || v == "Action" {
+		return e.Action, nil
+	}
+	if v == "applications" || v == "Applications" {
+		return e.Applications, nil
+	}
+	if v == "applications|LENGTH" || v == "Applications|LENGTH" {
+		return int64(len(e.Applications)), nil
+	}
+	if v == "categories" || v == "Categories" {
+		return e.Categories, nil
+	}
+	if v == "categories|LENGTH" || v == "Categories|LENGTH" {
+		return int64(len(e.Categories)), nil
+	}
+	if v == "description" || v == "Description" {
+		return e.Description, nil
+	}
+	if v == "destination_addresses" || v == "DestinationAddresses" {
+		return e.DestinationAddresses, nil
+	}
+	if v == "destination_addresses|LENGTH" || v == "DestinationAddresses|LENGTH" {
+		return int64(len(e.DestinationAddresses)), nil
+	}
+	if v == "destination_hips" || v == "DestinationHips" {
+		return e.DestinationHips, nil
+	}
+	if v == "destination_hips|LENGTH" || v == "DestinationHips|LENGTH" {
+		return int64(len(e.DestinationHips)), nil
+	}
+	if v == "destination_zones" || v == "DestinationZones" {
+		return e.DestinationZones, nil
+	}
+	if v == "destination_zones|LENGTH" || v == "DestinationZones|LENGTH" {
+		return int64(len(e.DestinationZones)), nil
+	}
+	if v == "disable_server_response_inspection" || v == "DisableServerResponseInspection" {
+		return e.DisableServerResponseInspection, nil
+	}
+	if v == "disabled" || v == "Disabled" {
+		return e.Disabled, nil
+	}
+	if v == "icmp_unreachable" || v == "IcmpUnreachable" {
+		return e.IcmpUnreachable, nil
+	}
+	if v == "log_end" || v == "LogEnd" {
+		return e.LogEnd, nil
+	}
+	if v == "log_setting" || v == "LogSetting" {
+		return e.LogSetting, nil
+	}
+	if v == "log_start" || v == "LogStart" {
+		return e.LogStart, nil
+	}
+	if v == "negate_destination" || v == "NegateDestination" {
+		return e.NegateDestination, nil
+	}
+	if v == "negate_source" || v == "NegateSource" {
+		return e.NegateSource, nil
+	}
+	if v == "profile_setting" || v == "ProfileSetting" {
+		return e.ProfileSetting, nil
+	}
+	if v == "rule_type" || v == "RuleType" {
+		return e.RuleType, nil
+	}
+	if v == "services" || v == "Services" {
+		return e.Services, nil
+	}
+	if v == "services|LENGTH" || v == "Services|LENGTH" {
+		return int64(len(e.Services)), nil
+	}
+	if v == "source_addresses" || v == "SourceAddresses" {
+		return e.SourceAddresses, nil
+	}
+	if v == "source_addresses|LENGTH" || v == "SourceAddresses|LENGTH" {
+		return int64(len(e.SourceAddresses)), nil
+	}
+	if v == "source_hips" || v == "SourceHips" {
+		return e.SourceHips, nil
+	}
+	if v == "source_hips|LENGTH" || v == "SourceHips|LENGTH" {
+		return int64(len(e.SourceHips)), nil
+	}
+	if v == "source_users" || v == "SourceUsers" {
+		return e.SourceUsers, nil
+	}
+	if v == "source_users|LENGTH" || v == "SourceUsers|LENGTH" {
+		return int64(len(e.SourceUsers)), nil
+	}
+	if v == "source_zones" || v == "SourceZones" {
+		return e.SourceZones, nil
+	}
+	if v == "source_zones|LENGTH" || v == "SourceZones|LENGTH" {
+		return int64(len(e.SourceZones)), nil
+	}
+	if v == "tags" || v == "Tags" {
+		return e.Tags, nil
+	}
+	if v == "tags|LENGTH" || v == "Tags|LENGTH" {
+		return int64(len(e.Tags)), nil
+	}
+	if v == "uuid" || v == "Uuid" {
+		return e.Uuid, nil
+	}
+
+	return nil, fmt.Errorf("unknown field")
+}
+
+func Versioning(vn version.Number) (Specifier, Normalizer, error) {
+	return specifyEntry, &entryXmlContainer{}, nil
+}
+
+func specifyEntry(o *Entry) (any, error) {
+	entry := entryXml{}
+
+	entry.Name = o.Name
+	entry.Action = o.Action
+	entry.Applications = util.StrToMem(o.Applications)
+	entry.Categories = util.StrToMem(o.Categories)
+	entry.Description = o.Description
+	entry.DestinationAddresses = util.StrToMem(o.DestinationAddresses)
+	entry.DestinationHips = util.StrToMem(o.DestinationHips)
+	entry.DestinationZones = util.StrToMem(o.DestinationZones)
+	entry.DisableServerResponseInspection = util.YesNo(o.DisableServerResponseInspection, nil)
+	entry.Disabled = util.YesNo(o.Disabled, nil)
+	entry.IcmpUnreachable = util.YesNo(o.IcmpUnreachable, nil)
+	entry.LogEnd = util.YesNo(o.LogEnd, nil)
+	entry.LogSetting = o.LogSetting
+	entry.LogStart = util.YesNo(o.LogStart, nil)
+	entry.NegateDestination = util.YesNo(o.NegateDestination, nil)
+	entry.NegateSource = util.YesNo(o.NegateSource, nil)
+	var nestedProfileSetting *ProfileSettingXml
+	if o.ProfileSetting != nil {
+		nestedProfileSetting = &ProfileSettingXml{}
+		if _, ok := o.Misc["ProfileSetting"]; ok {
+			nestedProfileSetting.Misc = o.Misc["ProfileSetting"]
+		}
+		if o.ProfileSetting.Group != nil {
+			nestedProfileSetting.Group = o.ProfileSetting.Group
+		}
+		if o.ProfileSetting.Profiles != nil {
+			nestedProfileSetting.Profiles = &ProfileSettingProfilesXml{}
+			if _, ok := o.Misc["ProfileSettingProfiles"]; ok {
+				nestedProfileSetting.Profiles.Misc = o.Misc["ProfileSettingProfiles"]
+			}
+			if o.ProfileSetting.Profiles.WildfireAnalysis != nil {
+				nestedProfileSetting.Profiles.WildfireAnalysis = util.StrToMem(o.ProfileSetting.Profiles.WildfireAnalysis)
+			}
+			if o.ProfileSetting.Profiles.DataFiltering != nil {
+				nestedProfileSetting.Profiles.DataFiltering = util.StrToMem(o.ProfileSetting.Profiles.DataFiltering)
+			}
+			if o.ProfileSetting.Profiles.Virus != nil {
+				nestedProfileSetting.Profiles.Virus = util.StrToMem(o.ProfileSetting.Profiles.Virus)
+			}
+			if o.ProfileSetting.Profiles.Spyware != nil {
+				nestedProfileSetting.Profiles.Spyware = util.StrToMem(o.ProfileSetting.Profiles.Spyware)
+			}
+			if o.ProfileSetting.Profiles.Vulnerability != nil {
+				nestedProfileSetting.Profiles.Vulnerability = util.StrToMem(o.ProfileSetting.Profiles.Vulnerability)
+			}
+			if o.ProfileSetting.Profiles.UrlFiltering != nil {
+				nestedProfileSetting.Profiles.UrlFiltering = util.StrToMem(o.ProfileSetting.Profiles.UrlFiltering)
+			}
+			if o.ProfileSetting.Profiles.FileBlocking != nil {
+				nestedProfileSetting.Profiles.FileBlocking = util.StrToMem(o.ProfileSetting.Profiles.FileBlocking)
+			}
+		}
+	}
+	entry.ProfileSetting = nestedProfileSetting
+
+	entry.RuleType = o.RuleType
+	entry.Services = util.StrToMem(o.Services)
+	entry.SourceAddresses = util.StrToMem(o.SourceAddresses)
+	entry.SourceHips = util.StrToMem(o.SourceHips)
+	entry.SourceUsers = util.StrToMem(o.SourceUsers)
+	entry.SourceZones = util.StrToMem(o.SourceZones)
+	entry.Tags = util.StrToMem(o.Tags)
+	entry.Uuid = o.Uuid
+
+	entry.Misc = o.Misc["Entry"]
+
+	return entry, nil
+}
+func (c *entryXmlContainer) Normalize() ([]*Entry, error) {
+	entryList := make([]*Entry, 0, len(c.Answer))
+	for _, o := range c.Answer {
+		entry := &Entry{
+			Misc: make(map[string][]generic.Xml),
+		}
+		entry.Name = o.Name
+		entry.Action = o.Action
+		entry.Applications = util.MemToStr(o.Applications)
+		entry.Categories = util.MemToStr(o.Categories)
+		entry.Description = o.Description
+		entry.DestinationAddresses = util.MemToStr(o.DestinationAddresses)
+		entry.DestinationHips = util.MemToStr(o.DestinationHips)
+		entry.DestinationZones = util.MemToStr(o.DestinationZones)
+		entry.DisableServerResponseInspection = util.AsBool(o.DisableServerResponseInspection, nil)
+		entry.Disabled = util.AsBool(o.Disabled, nil)
+		entry.IcmpUnreachable = util.AsBool(o.IcmpUnreachable, nil)
+		entry.LogEnd = util.AsBool(o.LogEnd, nil)
+		entry.LogSetting = o.LogSetting
+		entry.LogStart = util.AsBool(o.LogStart, nil)
+		entry.NegateDestination = util.AsBool(o.NegateDestination, nil)
+		entry.NegateSource = util.AsBool(o.NegateSource, nil)
+		var nestedProfileSetting *ProfileSetting
+		if o.ProfileSetting != nil {
+			nestedProfileSetting = &ProfileSetting{}
+			if o.ProfileSetting.Misc != nil {
+				entry.Misc["ProfileSetting"] = o.ProfileSetting.Misc
+			}
+			if o.ProfileSetting.Group != nil {
+				nestedProfileSetting.Group = o.ProfileSetting.Group
+			}
+			if o.ProfileSetting.Profiles != nil {
+				nestedProfileSetting.Profiles = &ProfileSettingProfiles{}
+				if o.ProfileSetting.Profiles.Misc != nil {
+					entry.Misc["ProfileSettingProfiles"] = o.ProfileSetting.Profiles.Misc
+				}
+				if o.ProfileSetting.Profiles.Vulnerability != nil {
+					nestedProfileSetting.Profiles.Vulnerability = util.MemToStr(o.ProfileSetting.Profiles.Vulnerability)
+				}
+				if o.ProfileSetting.Profiles.UrlFiltering != nil {
+					nestedProfileSetting.Profiles.UrlFiltering = util.MemToStr(o.ProfileSetting.Profiles.UrlFiltering)
+				}
+				if o.ProfileSetting.Profiles.FileBlocking != nil {
+					nestedProfileSetting.Profiles.FileBlocking = util.MemToStr(o.ProfileSetting.Profiles.FileBlocking)
+				}
+				if o.ProfileSetting.Profiles.WildfireAnalysis != nil {
+					nestedProfileSetting.Profiles.WildfireAnalysis = util.MemToStr(o.ProfileSetting.Profiles.WildfireAnalysis)
+				}
+				if o.ProfileSetting.Profiles.DataFiltering != nil {
+					nestedProfileSetting.Profiles.DataFiltering = util.MemToStr(o.ProfileSetting.Profiles.DataFiltering)
+				}
+				if o.ProfileSetting.Profiles.Virus != nil {
+					nestedProfileSetting.Profiles.Virus = util.MemToStr(o.ProfileSetting.Profiles.Virus)
+				}
+				if o.ProfileSetting.Profiles.Spyware != nil {
+					nestedProfileSetting.Profiles.Spyware = util.MemToStr(o.ProfileSetting.Profiles.Spyware)
+				}
+			}
+		}
+		entry.ProfileSetting = nestedProfileSetting
+
+		entry.RuleType = o.RuleType
+		entry.Services = util.MemToStr(o.Services)
+		entry.SourceAddresses = util.MemToStr(o.SourceAddresses)
+		entry.SourceHips = util.MemToStr(o.SourceHips)
+		entry.SourceUsers = util.MemToStr(o.SourceUsers)
+		entry.SourceZones = util.MemToStr(o.SourceZones)
+		entry.Tags = util.MemToStr(o.Tags)
+		entry.Uuid = o.Uuid
+
+		entry.Misc["Entry"] = o.Misc
+
+		entryList = append(entryList, entry)
+	}
+
+	return entryList, nil
+}
+
+func SpecMatches(a, b *Entry) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+
+	// Don't compare Name.
+	if !util.StringsMatch(a.Action, b.Action) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Applications, b.Applications) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Categories, b.Categories) {
+		return false
+	}
+	if !util.StringsMatch(a.Description, b.Description) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.DestinationAddresses, b.DestinationAddresses) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.DestinationHips, b.DestinationHips) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.DestinationZones, b.DestinationZones) {
+		return false
+	}
+	if !util.BoolsMatch(a.DisableServerResponseInspection, b.DisableServerResponseInspection) {
+		return false
+	}
+	if !util.BoolsMatch(a.Disabled, b.Disabled) {
+		return false
+	}
+	if !util.BoolsMatch(a.IcmpUnreachable, b.IcmpUnreachable) {
+		return false
+	}
+	if !util.BoolsMatch(a.LogEnd, b.LogEnd) {
+		return false
+	}
+	if !util.StringsMatch(a.LogSetting, b.LogSetting) {
+		return false
+	}
+	if !util.BoolsMatch(a.LogStart, b.LogStart) {
+		return false
+	}
+	if !util.BoolsMatch(a.NegateDestination, b.NegateDestination) {
+		return false
+	}
+	if !util.BoolsMatch(a.NegateSource, b.NegateSource) {
+		return false
+	}
+	if !matchProfileSetting(a.ProfileSetting, b.ProfileSetting) {
+		return false
+	}
+	if !util.StringsMatch(a.RuleType, b.RuleType) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Services, b.Services) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.SourceAddresses, b.SourceAddresses) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.SourceHips, b.SourceHips) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.SourceUsers, b.SourceUsers) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.SourceZones, b.SourceZones) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Tags, b.Tags) {
+		return false
+	}
+	if !util.StringsMatch(a.Uuid, b.Uuid) {
+		return false
+	}
+
+	return true
+}
+
+func matchProfileSettingProfiles(a *ProfileSettingProfiles, b *ProfileSettingProfiles) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.OrderedListsMatch(a.Vulnerability, b.Vulnerability) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.UrlFiltering, b.UrlFiltering) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.FileBlocking, b.FileBlocking) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.WildfireAnalysis, b.WildfireAnalysis) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.DataFiltering, b.DataFiltering) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Virus, b.Virus) {
+		return false
+	}
+	if !util.OrderedListsMatch(a.Spyware, b.Spyware) {
+		return false
+	}
+	return true
+}
+func matchProfileSetting(a *ProfileSetting, b *ProfileSetting) bool {
+	if a == nil && b != nil || a != nil && b == nil {
+		return false
+	} else if a == nil && b == nil {
+		return true
+	}
+	if !util.StringsMatch(a.Group, b.Group) {
+		return false
+	}
+	if !matchProfileSettingProfiles(a.Profiles, b.Profiles) {
+		return false
+	}
+	return true
+}
+
+func (o *Entry) EntryName() string {
+	return o.Name
+}
+
+func (o *Entry) SetEntryName(name string) {
+	o.Name = name
+}
+func (o *Entry) EntryUuid() *string {
+	return o.Uuid
+}
+
+func (o *Entry) SetEntryUuid(uuid *string) {
+	o.Uuid = uuid
+}
diff --git a/policies/rules/security/interfaces.go b/policies/rules/security/interfaces.go
new file mode 100644
index 00000000..d15711ca
--- /dev/null
+++ b/policies/rules/security/interfaces.go
@@ -0,0 +1,7 @@
+package security
+
+type Specifier func(*Entry) (any, error)
+
+type Normalizer interface {
+	Normalize() ([]*Entry, error)
+}
diff --git a/policies/rules/security/location.go b/policies/rules/security/location.go
new file mode 100644
index 00000000..d24cdb87
--- /dev/null
+++ b/policies/rules/security/location.go
@@ -0,0 +1,210 @@
+package security
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+)
+
+type ImportLocation interface {
+	XpathForLocation(version.Number, util.ILocation) ([]string, error)
+	MarshalPangoXML([]string) (string, error)
+	UnmarshalPangoXML([]byte) ([]string, error)
+}
+
+type Location struct {
+	DeviceGroup      *DeviceGroupLocation      `json:"device_group,omitempty"`
+	FromPanoramaVsys *FromPanoramaVsysLocation `json:"from_panorama_vsys,omitempty"`
+	Shared           *SharedLocation           `json:"shared,omitempty"`
+	Vsys             *VsysLocation             `json:"vsys,omitempty"`
+}
+
+type DeviceGroupLocation struct {
+	DeviceGroup    string `json:"device_group"`
+	PanoramaDevice string `json:"panorama_device"`
+	Rulebase       string `json:"rulebase"`
+}
+
+type FromPanoramaVsysLocation struct {
+	Vsys string `json:"vsys"`
+}
+
+type SharedLocation struct {
+	Rulebase string `json:"rulebase"`
+}
+
+type VsysLocation struct {
+	NgfwDevice string `json:"ngfw_device"`
+	Rulebase   string `json:"rulebase"`
+	Vsys       string `json:"vsys"`
+}
+
+func NewDeviceGroupLocation() *Location {
+	return &Location{DeviceGroup: &DeviceGroupLocation{
+		DeviceGroup:    "",
+		PanoramaDevice: "localhost.localdomain",
+		Rulebase:       "pre-rulebase",
+	},
+	}
+}
+func NewFromPanoramaVsysLocation() *Location {
+	return &Location{FromPanoramaVsys: &FromPanoramaVsysLocation{
+		Vsys: "vsys1",
+	},
+	}
+}
+func NewSharedLocation() *Location {
+	return &Location{Shared: &SharedLocation{
+		Rulebase: "pre-rulebase",
+	},
+	}
+}
+func NewVsysLocation() *Location {
+	return &Location{Vsys: &VsysLocation{
+		NgfwDevice: "localhost.localdomain",
+		Rulebase:   "pre-rulebase",
+		Vsys:       "vsys1",
+	},
+	}
+}
+
+func (o Location) IsValid() error {
+	count := 0
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.DeviceGroup.Rulebase == "" {
+			return fmt.Errorf("Rulebase is unspecified")
+		}
+		count++
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	case o.Shared != nil:
+		if o.Shared.Rulebase == "" {
+			return fmt.Errorf("Rulebase is unspecified")
+		}
+		count++
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Rulebase == "" {
+			return fmt.Errorf("Rulebase is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return fmt.Errorf("Vsys is unspecified")
+		}
+		count++
+	}
+
+	if count == 0 {
+		return fmt.Errorf("no path specified")
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple paths specified: only one should be specified")
+	}
+
+	return nil
+}
+
+func (o Location) XpathPrefix(vn version.Number) ([]string, error) {
+
+	var ans []string
+
+	switch {
+	case o.DeviceGroup != nil:
+		if o.DeviceGroup.DeviceGroup == "" {
+			return nil, fmt.Errorf("DeviceGroup is unspecified")
+		}
+		if o.DeviceGroup.PanoramaDevice == "" {
+			return nil, fmt.Errorf("PanoramaDevice is unspecified")
+		}
+		if o.DeviceGroup.Rulebase == "" {
+			return nil, fmt.Errorf("Rulebase is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.DeviceGroup.PanoramaDevice}),
+			"device-group",
+			util.AsEntryXpath([]string{o.DeviceGroup.DeviceGroup}),
+			o.DeviceGroup.Rulebase,
+		}
+	case o.FromPanoramaVsys != nil:
+		if o.FromPanoramaVsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"panorama",
+			"vsys",
+			util.AsEntryXpath([]string{o.FromPanoramaVsys.Vsys}),
+			"rulebase",
+		}
+	case o.Shared != nil:
+		if o.Shared.Rulebase == "" {
+			return nil, fmt.Errorf("Rulebase is unspecified")
+		}
+		ans = []string{
+			"config",
+			"shared",
+			o.Shared.Rulebase,
+		}
+	case o.Vsys != nil:
+		if o.Vsys.NgfwDevice == "" {
+			return nil, fmt.Errorf("NgfwDevice is unspecified")
+		}
+		if o.Vsys.Rulebase == "" {
+			return nil, fmt.Errorf("Rulebase is unspecified")
+		}
+		if o.Vsys.Vsys == "" {
+			return nil, fmt.Errorf("Vsys is unspecified")
+		}
+		ans = []string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{o.Vsys.NgfwDevice}),
+			"vsys",
+			util.AsEntryXpath([]string{o.Vsys.Vsys}),
+			"rulebase",
+		}
+	default:
+		return nil, errors.NoLocationSpecifiedError
+	}
+
+	return ans, nil
+}
+func (o Location) XpathWithEntryName(vn version.Number, name string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsEntryXpath([]string{name}))
+
+	return ans, nil
+}
+func (o Location) XpathWithUuid(vn version.Number, uuid string) ([]string, error) {
+
+	ans, err := o.XpathPrefix(vn)
+	if err != nil {
+		return nil, err
+	}
+	ans = append(ans, Suffix...)
+	ans = append(ans, util.AsUuidXpath(uuid))
+
+	return ans, nil
+}
diff --git a/policies/rules/security/service.go b/policies/rules/security/service.go
new file mode 100644
index 00000000..a61fa7f8
--- /dev/null
+++ b/policies/rules/security/service.go
@@ -0,0 +1,862 @@
+package security
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/PaloAltoNetworks/pango/audit"
+	"github.com/PaloAltoNetworks/pango/errors"
+	"github.com/PaloAltoNetworks/pango/filtering"
+	"github.com/PaloAltoNetworks/pango/rule"
+	"github.com/PaloAltoNetworks/pango/util"
+	"github.com/PaloAltoNetworks/pango/version"
+	"github.com/PaloAltoNetworks/pango/xmlapi"
+)
+
+type Service struct {
+	client util.PangoClient
+}
+
+func NewService(client util.PangoClient) *Service {
+	return &Service{
+		client: client,
+	}
+}
+
+// Create adds new item, then returns the result.
+func (s *Service) Create(ctx context.Context, loc Location, entry *Entry) (*Entry, error) {
+	if entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	path, err := loc.XpathWithEntryName(vn, entry.Name)
+	if err != nil {
+		return nil, err
+	}
+	createSpec, err := specifier(entry)
+	if err != nil {
+		return nil, err
+	}
+
+	cmd := &xmlapi.Config{
+		Action:  "set",
+		Xpath:   util.AsXpath(path[:len(path)-1]),
+		Element: createSpec,
+		Target:  s.client.GetTarget(),
+	}
+
+	if _, _, err = s.client.Communicate(ctx, cmd, false, nil); err != nil {
+		return nil, err
+	}
+	return s.Read(ctx, loc, entry.Name, "get")
+}
+
+// Read returns the given config object, using the specified action ("get" or "show").
+func (s *Service) Read(ctx context.Context, loc Location, name, action string) (*Entry, error) {
+	return s.read(ctx, loc, name, action, true, false)
+}
+
+// ReadById returns the given config object with specified ID, using the specified action ("get" or "show").
+func (s *Service) ReadById(ctx context.Context, loc Location, uuid, action string) (*Entry, error) {
+	return s.read(ctx, loc, uuid, action, false, false)
+}
+
+// ReadFromConfig returns the given config object from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfig(ctx context.Context, loc Location, name string) (*Entry, error) {
+	return s.read(ctx, loc, name, "", true, true)
+}
+
+// ReadFromConfigById returns the given config object with specified ID from the loaded XML config.
+// Requires that client.LoadPanosConfig() has been invoked.
+func (s *Service) ReadFromConfigById(ctx context.Context, loc Location, uuid string) (*Entry, error) {
+	return s.read(ctx, loc, uuid, "", false, true)
+}
+
+func (s *Service) read(ctx context.Context, loc Location, value, action string, byName, usePanosConfig bool) (*Entry, error) {
+	if byName && value == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	if !byName && value == "" {
+		return nil, errors.UuidNotSpecifiedError
+	}
+	vn := s.client.Versioning()
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var path []string
+	if byName {
+		path, err = loc.XpathWithEntryName(vn, value)
+	} else {
+		path, err = loc.XpathWithUuid(vn, value)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, true, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, errors.ObjectNotFound()
+			}
+			return nil, err
+		}
+	}
+
+	list, err := normalizer.Normalize()
+	if err != nil {
+		return nil, err
+	} else if len(list) != 1 {
+		return nil, fmt.Errorf("expected to %q 1 entry, got %d", action, len(list))
+	}
+
+	return list[0], nil
+}
+
+// Update updates the given config object, then returns the result.
+func (s *Service) Update(ctx context.Context, loc Location, entry *Entry, name string) (*Entry, error) {
+	return s.update(ctx, loc, entry, name, true)
+}
+
+// UpdateById updates the given config object, then returns the result.
+func (s *Service) UpdateById(ctx context.Context, loc Location, entry *Entry, uuid string) (*Entry, error) {
+	return s.update(ctx, loc, entry, uuid, false)
+}
+func (s *Service) update(ctx context.Context, loc Location, entry *Entry, value string, byName bool) (*Entry, error) {
+	if byName && entry.Name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+	if !byName && value == "" {
+		return nil, errors.UuidNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(2)
+	specifier, _, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+	var old *Entry
+	if byName {
+		if value != "" && value != entry.Name {
+			path, err := loc.XpathWithEntryName(vn, value)
+			if err != nil {
+				return nil, err
+			}
+
+			old, err = s.Read(ctx, loc, value, "get")
+
+			updates.Add(&xmlapi.Config{
+				Action:  "rename",
+				Xpath:   util.AsXpath(path),
+				NewName: entry.Name,
+				Target:  s.client.GetTarget(),
+			})
+		} else {
+			old, err = s.Read(ctx, loc, entry.Name, "get")
+		}
+	} else {
+		old, err = s.ReadById(ctx, loc, value, "get")
+	}
+	if err != nil {
+		return nil, err
+	} else if old == nil {
+		return nil, fmt.Errorf("previous object doesn't exist for update")
+	}
+	if !SpecMatches(entry, old) {
+		path, err := loc.XpathWithEntryName(vn, entry.Name)
+		if err != nil {
+			return nil, err
+		}
+
+		updateSpec, err := specifier(entry)
+		if err != nil {
+			return nil, err
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:  "edit",
+			Xpath:   util.AsXpath(path),
+			Element: updateSpec,
+			Target:  s.client.GetTarget(),
+		})
+	}
+
+	if len(updates.Operations) != 0 {
+		if _, _, _, err = s.client.MultiConfig(ctx, updates, false, nil); err != nil {
+			return nil, err
+		}
+	}
+	if byName {
+		return s.Read(ctx, loc, entry.Name, "get")
+	} else {
+		return s.ReadById(ctx, loc, value, "get")
+	}
+}
+
+// Delete deletes the given item.
+func (s *Service) Delete(ctx context.Context, loc Location, name ...string) error {
+	return s.delete(ctx, loc, name, true)
+}
+
+// DeleteById deletes the given item with specified ID.
+func (s *Service) DeleteById(ctx context.Context, loc Location, uuid ...string) error {
+	return s.delete(ctx, loc, uuid, false)
+}
+func (s *Service) delete(ctx context.Context, loc Location, values []string, byName bool) error {
+	for _, value := range values {
+		if byName && value == "" {
+			return errors.NameNotSpecifiedError
+		}
+		if !byName && value == "" {
+			return errors.UuidNotSpecifiedError
+		}
+	}
+
+	vn := s.client.Versioning()
+	var err error
+	deletes := xmlapi.NewMultiConfig(len(values))
+	for _, value := range values {
+		var path []string
+		if byName {
+			path, err = loc.XpathWithEntryName(vn, value)
+		} else {
+			path, err = loc.XpathWithUuid(vn, value)
+		}
+		if err != nil {
+			return err
+		}
+		deletes.Add(&xmlapi.Config{
+			Action: "delete",
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		})
+	}
+
+	_, _, _, err = s.client.MultiConfig(ctx, deletes, false, nil)
+
+	return err
+}
+
+// List returns a list of objects using the given action ("get" or "show").
+// Params filter and quote are for client side filtering.
+func (s *Service) List(ctx context.Context, loc Location, action, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, action, filter, quote, false)
+}
+
+// ListFromConfig returns a list of objects at the given location.
+// Requires that client.LoadPanosConfig() has been invoked.
+// Params filter and quote are for client side filtering.
+func (s *Service) ListFromConfig(ctx context.Context, loc Location, filter, quote string) ([]*Entry, error) {
+	return s.list(ctx, loc, "", filter, quote, true)
+}
+
+func (s *Service) list(ctx context.Context, loc Location, action, filter, quote string, usePanosConfig bool) ([]*Entry, error) {
+	var err error
+
+	var logic *filtering.Group
+	if filter != "" {
+		logic, err = filtering.Parse(filter, quote)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	vn := s.client.Versioning()
+
+	_, normalizer, err := Versioning(vn)
+	if err != nil {
+		return nil, err
+	}
+
+	path, err := loc.XpathWithEntryName(vn, "")
+	if err != nil {
+		return nil, err
+	}
+
+	if usePanosConfig {
+		if _, err = s.client.ReadFromConfig(ctx, path, false, normalizer); err != nil {
+			return nil, err
+		}
+	} else {
+		cmd := &xmlapi.Config{
+			Action: action,
+			Xpath:  util.AsXpath(path),
+			Target: s.client.GetTarget(),
+		}
+
+		if _, _, err = s.client.Communicate(ctx, cmd, true, normalizer); err != nil {
+			if err.Error() == "No such node" && action == "show" {
+				return nil, nil
+			}
+			return nil, err
+		}
+	}
+
+	listing, err := normalizer.Normalize()
+	if err != nil || logic == nil {
+		return listing, err
+	}
+
+	filtered := make([]*Entry, 0, len(listing))
+	for _, x := range listing {
+		ok, err := logic.Matches(x)
+		if err != nil {
+			return nil, err
+		}
+		if ok {
+			filtered = append(filtered, x)
+		}
+	}
+
+	return filtered, nil
+}
+
+// MoveGroup arranges the given rules in the order specified.
+// Any rule with a UUID specified is ignored.
+// Only the rule names are considered for the purposes of the rule placement.
+func (s *Service) MoveGroup(ctx context.Context, loc Location, position rule.Position, entries []*Entry) error {
+	if len(entries) == 0 {
+		return nil
+	}
+
+	listing, err := s.List(ctx, loc, "get", "", "")
+	if err != nil {
+		return err
+	} else if len(listing) == 0 {
+		return fmt.Errorf("no rules present")
+	}
+
+	rp := make(map[string]int)
+	for idx, live := range listing {
+		rp[live.Name] = idx
+	}
+
+	vn := s.client.Versioning()
+	updates := xmlapi.NewMultiConfig(len(entries))
+
+	var ok, topDown bool
+	var otherIndex int
+	baseIndex := -1
+	switch {
+	case position.First != nil && *position.First:
+		topDown, baseIndex, ok, err = s.moveTop(topDown, entries, baseIndex, ok, rp, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	case position.Last != nil && *position.Last:
+		baseIndex, ok, err = s.moveBottom(entries, baseIndex, ok, rp, listing, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	case position.SomewhereAfter != nil && *position.SomewhereAfter != "":
+		topDown, baseIndex, ok, otherIndex, err = s.moveSomewhereAfter(topDown, entries, baseIndex, ok, rp, otherIndex, position, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	case position.SomewhereBefore != nil && *position.SomewhereBefore != "":
+		baseIndex, ok, otherIndex, err = s.moveSomewhereBefore(entries, baseIndex, ok, rp, otherIndex, position, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	case position.DirectlyAfter != nil && *position.DirectlyAfter != "":
+		topDown, baseIndex, ok, otherIndex, err = s.moveDirectlyAfter(topDown, entries, baseIndex, ok, rp, otherIndex, position, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	case position.DirectlyBefore != nil && *position.DirectlyBefore != "":
+		baseIndex, ok, err = s.moveDirectlyBefore(entries, baseIndex, ok, rp, otherIndex, position, loc, vn, updates)
+		if err != nil {
+			return err
+		}
+	default:
+		topDown = true
+		target := entries[0]
+
+		baseIndex, ok = rp[target.Name]
+		if !ok {
+			return fmt.Errorf("could not find rule %q for first positioning", target.Name)
+		}
+	}
+
+	var prevName, where string
+	if topDown {
+		prevName = entries[0].Name
+		where = "after"
+	} else {
+		prevName = entries[len(entries)-1].Name
+		where = "before"
+	}
+
+	for i := 1; i < len(entries); i++ {
+		err := s.moveRestOfRules(topDown, entries, i, baseIndex, rp, loc, vn, updates, where, prevName)
+		if err != nil {
+			return err
+		}
+	}
+
+	if len(updates.Operations) > 0 {
+		_, _, _, err = s.client.MultiConfig(ctx, updates, false, nil)
+		return err
+	}
+
+	return nil
+}
+
+func (s *Service) moveRestOfRules(topDown bool, entries []*Entry, i int, baseIndex int, rp map[string]int, loc Location, vn version.Number, updates *xmlapi.MultiConfig, where string, prevName string) error {
+	var target Entry
+	var desiredIndex int
+	if topDown {
+		target = *entries[i]
+		desiredIndex = baseIndex + i
+	} else {
+		target = *entries[len(entries)-1-i]
+		desiredIndex = baseIndex - i
+	}
+
+	idx, ok := rp[target.Name]
+	if !ok {
+		return fmt.Errorf("rule %q not present", target.Name)
+	}
+
+	if idx != desiredIndex {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return err
+		}
+
+		if idx < desiredIndex {
+			for name, val := range rp {
+				if val > idx && val <= desiredIndex {
+					rp[name] = val - 1
+				}
+			}
+		} else {
+			for name, val := range rp {
+				if val < idx && val >= desiredIndex {
+					rp[name] = val + 1
+				}
+			}
+		}
+		rp[target.Name] = desiredIndex
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       where,
+			Destination: prevName,
+			Target:      s.client.GetTarget(),
+		})
+	}
+
+	prevName = target.Name
+	return nil
+}
+
+func (s *Service) moveDirectlyBefore(entries []*Entry, baseIndex int, ok bool, rp map[string]int, otherIndex int, position rule.Position, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (int, bool, error) {
+	target := entries[len(entries)-1]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return 0, false, fmt.Errorf("could not find rule %q for initial positioning", target.Name)
+	}
+
+	otherIndex, ok = rp[*position.DirectlyBefore]
+	if !ok {
+		return 0, false, fmt.Errorf("could not find referenced rule %q", *position.DirectlyBefore)
+	}
+
+	if baseIndex+1 != otherIndex {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return 0, false, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == target.Name:
+				rp[name] = otherIndex
+			case val < baseIndex && val >= otherIndex:
+				rp[name] = val + 1
+			}
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "before",
+			Destination: *position.DirectlyBefore,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = otherIndex
+	}
+	return baseIndex, ok, nil
+}
+
+func (s *Service) moveDirectlyAfter(topDown bool, entries []*Entry, baseIndex int, ok bool, rp map[string]int, otherIndex int, position rule.Position, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (bool, int, bool, int, error) {
+	topDown = true
+	target := entries[0]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return false, 0, false, 0, fmt.Errorf("could not find rule %q for initial positioning", target.Name)
+	}
+
+	otherIndex, ok = rp[*position.DirectlyAfter]
+	if !ok {
+		return false, 0, false, 0, fmt.Errorf("could not find referenced rule %q for initial positioning", *position.DirectlyAfter)
+	}
+
+	if baseIndex != otherIndex+1 {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return false, 0, false, 0, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == target.Name:
+				rp[name] = otherIndex
+			case val > baseIndex && val <= otherIndex:
+				rp[name] = otherIndex - 1
+			}
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "after",
+			Destination: *position.DirectlyAfter,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = otherIndex
+	}
+	return topDown, baseIndex, ok, otherIndex, nil
+}
+
+func (s *Service) moveSomewhereBefore(entries []*Entry, baseIndex int, ok bool, rp map[string]int, otherIndex int, position rule.Position, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (int, bool, int, error) {
+	target := entries[len(entries)-1]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return 0, false, 0, fmt.Errorf("could not find rule %q for initial positioning", target.Name)
+	}
+
+	otherIndex, ok = rp[*position.SomewhereBefore]
+	if !ok {
+		return 0, false, 0, fmt.Errorf("could not find referenced rule %q", *position.SomewhereBefore)
+	}
+
+	if baseIndex > otherIndex {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return 0, false, 0, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == target.Name:
+				rp[name] = otherIndex
+			case val < baseIndex && val >= otherIndex:
+				rp[name] = val + 1
+			}
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "before",
+			Destination: *position.SomewhereBefore,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = otherIndex
+	}
+	return baseIndex, ok, otherIndex, nil
+}
+
+func (s *Service) moveSomewhereAfter(topDown bool, entries []*Entry, baseIndex int, ok bool, rp map[string]int, otherIndex int, position rule.Position, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (bool, int, bool, int, error) {
+	topDown = true
+	target := entries[0]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return false, 0, false, 0, fmt.Errorf("could not find rule %q for initial positioning", target.Name)
+	}
+
+	otherIndex, ok = rp[*position.SomewhereAfter]
+	if !ok {
+		return false, 0, false, 0, fmt.Errorf("could not find referenced rule %q for initial positioning", *position.SomewhereAfter)
+	}
+
+	if baseIndex < otherIndex {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return false, 0, false, 0, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == target.Name:
+				rp[name] = otherIndex
+			case val > baseIndex && val <= otherIndex:
+				rp[name] = otherIndex - 1
+			}
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "after",
+			Destination: *position.SomewhereAfter,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = otherIndex
+	}
+	return topDown, baseIndex, ok, otherIndex, nil
+}
+
+func (s *Service) moveBottom(entries []*Entry, baseIndex int, ok bool, rp map[string]int, listing []*Entry, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (int, bool, error) {
+	target := entries[len(entries)-1]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return 0, false, fmt.Errorf("could not find rule %q for last positioning", target.Name)
+	}
+
+	if baseIndex != len(listing)-1 {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return 0, false, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == target.Name:
+				rp[name] = len(listing) - 1
+			case val > baseIndex:
+				rp[name] = val - 1
+			}
+		}
+
+		// some versions of PAN-OS require that the destination always be set
+		var dst string
+		if !vn.Gte(util.FixedPanosVersionForMultiConfigMove) {
+			dst = "bottom"
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "bottom",
+			Destination: dst,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = len(listing) - 1
+	}
+	return baseIndex, ok, nil
+}
+
+func (s *Service) moveTop(topDown bool, entries []*Entry, baseIndex int, ok bool, rp map[string]int, loc Location, vn version.Number, updates *xmlapi.MultiConfig) (bool, int, bool, error) {
+	topDown = true
+	target := entries[0]
+
+	baseIndex, ok = rp[target.Name]
+	if !ok {
+		return false, 0, false, fmt.Errorf("could not find rule %q for first positioning", target.Name)
+	}
+
+	if baseIndex != 0 {
+		path, err := loc.XpathWithEntryName(vn, target.Name)
+		if err != nil {
+			return false, 0, false, err
+		}
+
+		for name, val := range rp {
+			switch {
+			case name == entries[0].Name:
+				rp[name] = 0
+			case val < baseIndex:
+				rp[name] = val + 1
+			}
+		}
+
+		// some versions of PAN-OS require that the destination always be set
+		var dst string
+		if !vn.Gte(util.FixedPanosVersionForMultiConfigMove) {
+			dst = "top"
+		}
+
+		updates.Add(&xmlapi.Config{
+			Action:      "move",
+			Xpath:       util.AsXpath(path),
+			Where:       "top",
+			Destination: dst,
+			Target:      s.client.GetTarget(),
+		})
+
+		baseIndex = 0
+	}
+	return topDown, baseIndex, ok, nil
+}
+
+// HitCount returns the hit count for the given rule.
+func (s *Service) HitCount(ctx context.Context, loc Location, rules ...string) ([]util.HitCount, error) {
+	switch {
+	case loc.Vsys != nil:
+		cmd := &xmlapi.Op{
+			Command: util.NewHitCountRequest(RuleType, loc.Vsys.Vsys, rules),
+			Target:  s.client.GetTarget(),
+		}
+		var resp util.HitCountResponse
+
+		if _, _, err := s.client.Communicate(ctx, cmd, false, &resp); err != nil {
+			return nil, err
+		}
+
+		return resp.Results, nil
+	}
+
+	return nil, fmt.Errorf("unsupported location")
+}
+
+// SetAuditComment sets the given audit comment for the given rule.
+func (s *Service) SetAuditComment(ctx context.Context, loc Location, name, comment string) error {
+	if name == "" {
+		return errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	path, err := loc.XpathWithEntryName(vn, name)
+	if err != nil {
+		return err
+	}
+
+	cmd := &xmlapi.Op{
+		Command: audit.SetComment{
+			Xpath:   util.AsXpath(path),
+			Comment: comment,
+		},
+		Target: s.client.GetTarget(),
+	}
+
+	_, _, err = s.client.Communicate(ctx, cmd, false, nil)
+	return err
+}
+
+// CurrentAuditComment gets any current uncommitted audit comment for the given rule.
+func (s *Service) CurrentAuditComment(ctx context.Context, loc Location, name string) (string, error) {
+	if name == "" {
+		return "", errors.NameNotSpecifiedError
+	}
+
+	vn := s.client.Versioning()
+
+	path, err := loc.XpathWithEntryName(vn, name)
+	if err != nil {
+		return "", err
+	}
+
+	cmd := &xmlapi.Op{
+		Command: audit.GetComment{
+			Xpath: util.AsXpath(path),
+		},
+		Target: s.client.GetTarget(),
+	}
+
+	var resp audit.UncommittedComment
+	if _, _, err = s.client.Communicate(ctx, cmd, false, &resp); err != nil {
+		return "", err
+	}
+
+	return resp.Comment, nil
+}
+
+// AuditCommentHistory returns a chunk of historical audit comment logs.
+func (s *Service) AuditCommentHistory(ctx context.Context, loc Location, name, direction string, nlogs, skip int) ([]audit.Comment, error) {
+	if name == "" {
+		return nil, errors.NameNotSpecifiedError
+	}
+
+	var err error
+	var base, vsysDg string
+	switch {
+	case loc.Vsys != nil:
+		vsysDg = loc.Vsys.Vsys
+		base = "rulebase"
+	case loc.Shared != nil:
+		vsysDg = "shared"
+		base = loc.Shared.Rulebase
+	case loc.DeviceGroup != nil:
+		vsysDg = loc.DeviceGroup.DeviceGroup
+		base = loc.DeviceGroup.Rulebase
+	}
+
+	if vsysDg == "" || base == "" {
+		return nil, fmt.Errorf("unsupported location")
+	}
+
+	query := strings.Join([]string{
+		"(subtype eq audit-comment)",
+		fmt.Sprintf("(path contains '\\'%s\\'')", name),
+		fmt.Sprintf("(path contains '%s')", RuleType),
+		fmt.Sprintf("(path contains %s)", base),
+		fmt.Sprintf("(path contains '\\'%s\\'')", vsysDg),
+	}, " and ")
+	extras := url.Values{}
+	extras.Set("uniq", "yes")
+
+	cmd := &xmlapi.Log{
+		LogType:   "config",
+		Query:     query,
+		Direction: direction,
+		Nlogs:     nlogs,
+		Skip:      skip,
+		Extras:    extras,
+	}
+
+	var job util.JobResponse
+	if _, _, err = s.client.Communicate(ctx, cmd, false, &job); err != nil {
+		return nil, err
+	}
+
+	var resp audit.CommentHistory
+	if _, err = s.client.WaitForLogs(ctx, job.Id, 1*time.Second, &resp); err != nil {
+		return nil, err
+	}
+
+	if len(resp.Comments) != 0 {
+		if clock, err := s.client.Clock(ctx); err == nil {
+			for i := range resp.Comments {
+				resp.Comments[i].SetTime(clock)
+			}
+		}
+	}
+
+	return resp.Comments, nil
+}
diff --git a/rule/position.go b/rule/position.go
new file mode 100644
index 00000000..a22ea3db
--- /dev/null
+++ b/rule/position.go
@@ -0,0 +1,70 @@
+package rule
+
+import (
+	"fmt"
+
+	"github.com/PaloAltoNetworks/pango/errors"
+)
+
+type Position struct {
+	First           *bool   `json:"first,omitempty"`
+	Last            *bool   `json:"last,omitempty"`
+	SomewhereBefore *string `json:"somewhere_before,omitempty"`
+	DirectlyBefore  *string `json:"directly_before,omitempty"`
+	SomewhereAfter  *string `json:"somewhere_after,omitempty"`
+	DirectlyAfter   *string `json:"directly_after,omitempty"`
+}
+
+func (o *Position) IsValid(removeEverythingElse bool) error {
+	count := 0
+
+	if o.First != nil && *o.First {
+		count++
+	}
+
+	if o.Last != nil && *o.Last {
+		count++
+	}
+
+	if o.SomewhereBefore != nil {
+		if removeEverythingElse {
+			return errors.RelativePositionWithRemoveEverythingElseError
+		}
+		if *o.SomewhereBefore != "" {
+			count++
+		}
+	}
+
+	if o.DirectlyBefore != nil {
+		if removeEverythingElse {
+			return errors.RelativePositionWithRemoveEverythingElseError
+		}
+		if *o.DirectlyBefore != "" {
+			count++
+		}
+	}
+
+	if o.SomewhereAfter != nil {
+		if removeEverythingElse {
+			return errors.RelativePositionWithRemoveEverythingElseError
+		}
+		if *o.SomewhereAfter != "" {
+			count++
+		}
+	}
+
+	if o.DirectlyAfter != nil {
+		if removeEverythingElse {
+			return errors.RelativePositionWithRemoveEverythingElseError
+		}
+		if *o.DirectlyAfter != "" {
+			count++
+		}
+	}
+
+	if count > 1 {
+		return fmt.Errorf("multiple positions specified: only one should be specified")
+	}
+
+	return nil
+}
diff --git a/util/comparison.go b/util/comparison.go
index 3f952f4f..fd1ccd59 100644
--- a/util/comparison.go
+++ b/util/comparison.go
@@ -61,16 +61,68 @@ func TargetsMatch(a, b map[string][]string) bool {
 	return true
 }
 
-func OptionalStringsMatch(a, b *string) bool {
-    if a == nil && b == nil {
-        return true
-    } else if a == nil || b == nil {
-        return false
-    }
-
-    return *a == *b
+func StringsMatch(a, b *string) bool {
+	if a == nil && b == nil {
+		return true
+	} else if a == nil || b == nil {
+		return false
+	}
+
+	return *a == *b
+}
+
+func StringsEqual(a, b string) bool {
+	return a == b
+}
+
+func BoolsMatch(a, b *bool) bool {
+	if a == nil && b == nil {
+		return true
+	} else if a == nil || b == nil {
+		return false
+	}
+
+	return *a == *b
+}
+
+func FloatsMatch(a, b *float64) bool {
+	if a == nil && b == nil {
+		return true
+	} else if a == nil || b == nil {
+		return false
+	}
+
+	return *a == *b
 }
 
-func StringsMatch(a, b string) bool {
-    return a == b
+func IntsMatch(a, b *int) bool {
+	if a == nil && b == nil {
+		return true
+	} else if a == nil || b == nil {
+		return false
+	}
+
+	return *a == *b
+}
+
+func Ints64Match(a, b *int64) bool {
+	if a == nil && b == nil {
+		return true
+	} else if a == nil || b == nil {
+		return false
+	}
+
+	return *a == *b
+}
+
+func AnysMatch(a, b any) bool {
+	if a == nil && b == nil {
+		return true
+	}
+
+	if a == nil || b == nil {
+		return false
+	}
+
+	return true
 }
diff --git a/util/location.go b/util/location.go
new file mode 100644
index 00000000..af6278da
--- /dev/null
+++ b/util/location.go
@@ -0,0 +1,7 @@
+package util
+
+import "github.com/PaloAltoNetworks/pango/version"
+
+type ILocation interface {
+	XpathPrefix(version.Number) ([]string, error)
+}
diff --git a/util/pangoclient.go b/util/pangoclient.go
index 62043ec4..eeff7c32 100644
--- a/util/pangoclient.go
+++ b/util/pangoclient.go
@@ -1,20 +1,43 @@
 package util
 
 import (
-    "context"
-    "net/http"
-    "net/url"
+	"context"
+	"net/http"
+	"net/url"
+	"time"
 
 	"github.com/PaloAltoNetworks/pango/plugin"
 	"github.com/PaloAltoNetworks/pango/version"
 	"github.com/PaloAltoNetworks/pango/xmlapi"
 )
 
+// PangoClient interface.
 type PangoClient interface {
+	// Basics.
 	Versioning() version.Number
-    GetTarget() string
 	Plugins() []plugin.Info
-    MultiConfig(context.Context, *xmlapi.MultiConfig, bool, url.Values) ([]byte, *http.Response, *xmlapi.MultiConfigResponse, error)
-    Communicate(context.Context, PangoCommand, bool, any) ([]byte, *http.Response, error)
-    CommunicateFile(context.Context, string, string, string, url.Values, bool, any) ([]byte, *http.Response, error)
+	GetTarget() string
+	IsPanorama() (bool, error)
+	IsFirewall() (bool, error)
+	Clock(context.Context) (time.Time, error)
+
+	// Local inspection mode functions.
+	ReadFromConfig(context.Context, []string, bool, any) ([]byte, error)
+
+	// Communication functions.
+	StartJob(context.Context, PangoCommand) (uint, []byte, *http.Response, error)
+	Communicate(context.Context, PangoCommand, bool, any) ([]byte, *http.Response, error)
+
+	// Polling functions.
+	WaitForJob(context.Context, uint, time.Duration, any) error
+	WaitForLogs(context.Context, uint, time.Duration, any) ([]byte, error)
+
+	// Specialized communication functions around specific XPI API commands.
+	MultiConfig(context.Context, *xmlapi.MultiConfig, bool, url.Values) ([]byte, *http.Response, *xmlapi.MultiConfigResponse, error)
+	ImportFile(context.Context, *xmlapi.Import, string, string, string, bool, any) ([]byte, *http.Response, error)
+	ExportFile(context.Context, *xmlapi.Export, any) (string, []byte, *http.Response, error)
+
+	// Operational functions in use by one or more resources / data sources / namespaces.
+	RequestPasswordHash(context.Context, string) (string, error)
+	GetTechSupportFile(context.Context) (string, []byte, error)
 }
diff --git a/util/pangocommand.go b/util/pangocommand.go
index 310d74a3..362c2f3b 100644
--- a/util/pangocommand.go
+++ b/util/pangocommand.go
@@ -1,9 +1,9 @@
 package util
 
 import (
-    "net/url"
+	"net/url"
 )
 
 type PangoCommand interface {
-    AsUrlValues() (url.Values, error)
+	AsUrlValues() (url.Values, error)
 }
diff --git a/util/types.go b/util/types.go
new file mode 100644
index 00000000..67773a45
--- /dev/null
+++ b/util/types.go
@@ -0,0 +1,23 @@
+package util
+
+// For reference: https://github.com/golang/go/issues/45624
+
+// Bool returns a pointer to the given bool.
+func Bool(v bool) *bool {
+	return &v
+}
+
+// Int returns a pointer to the given int64.
+func Int(v int64) *int64 {
+	return &v
+}
+
+// Float returns a pointer to the given float64.
+func Float(v float64) *float64 {
+	return &v
+}
+
+// String returns a pointer to the given string.
+func String(v string) *string {
+	return &v
+}
diff --git a/util/util.go b/util/util.go
index 2a21a3e3..b7e0b736 100644
--- a/util/util.go
+++ b/util/util.go
@@ -8,8 +8,12 @@ import (
 	"fmt"
 	"regexp"
 	"strings"
+
+	"github.com/PaloAltoNetworks/pango/version"
 )
 
+var FixedPanosVersionForMultiConfigMove = version.Number{99, 99, 99, ""}
+
 // VsysEntryType defines an entry config node with vsys entries underneath.
 type VsysEntryType struct {
 	Entries []VsysEntry `xml:"entry"`
@@ -59,19 +63,37 @@ func MapToVsysEnt(e map[string][]string) *VsysEntryType {
 }
 
 // YesNo returns "yes" on true, "no" on false.
-func YesNo(v bool) string {
-	if v {
-		return "yes"
+func YesNo(val *bool, defaultVal *bool) *string {
+	if val == nil && defaultVal == nil {
+		return nil
 	}
-	return "no"
+
+	result := "no"
+	if val != nil {
+		if *val {
+			result = "yes"
+		}
+	} else if *defaultVal {
+		result = "yes"
+	}
+	return &result
 }
 
 // AsBool returns true on yes, else false.
-func AsBool(val string) bool {
-	if val == "yes" {
-		return true
+func AsBool(val *string, defaultVal *string) *bool {
+	if val == nil && defaultVal == nil {
+		return nil
 	}
-	return false
+
+	result := false
+	if val != nil {
+		if *val == "yes" {
+			result = true
+		}
+	} else if *defaultVal == "yes" {
+		result = true
+	}
+	return &result
 }
 
 // AsXpath makes an xpath out of the given interface.
@@ -108,6 +130,11 @@ func AsEntryXpath(vals []string) string {
 	return buf.String()
 }
 
+// AsUuidXpath returns an xpath segment as a UUID location.
+func AsUuidXpath(v string) string {
+	return fmt.Sprintf("entry[@uuid='%s']", v)
+}
+
 // AsMemberXpath returns the given values as a member xpath segment.
 func AsMemberXpath(vals []string) string {
 	var buf bytes.Buffer
diff --git a/xmlapi/addtodata.go b/xmlapi/addtodata.go
index 67732f7e..9c7bb5a2 100644
--- a/xmlapi/addtodata.go
+++ b/xmlapi/addtodata.go
@@ -1,52 +1,52 @@
 package xmlapi
 
 import (
-    "encoding/xml"
-    "fmt"
-    "net/url"
+	"encoding/xml"
+	"fmt"
+	"net/url"
 )
 
 type elementer interface {
-    Element() interface{}
+	Element() any
 }
 
-func addToData(key string, i interface{}, attemptMarshal bool, data *url.Values) error {
-    if i == nil {
-        return nil
-    }
+func addToData(key string, i any, attemptMarshal bool, data *url.Values) error {
+	if i == nil {
+		return nil
+	}
 
-    val, err := asString(i, attemptMarshal)
-    if err != nil {
-        return err
-    }
+	val, err := asString(i, attemptMarshal)
+	if err != nil {
+		return err
+	}
 
-    data.Set(key, val)
-    return nil
+	data.Set(key, val)
+	return nil
 }
 
-func asString(i interface{}, attemptMarshal bool) (string, error) {
-    if a, ok := i.(fmt.Stringer); ok {
-        return a.String(), nil
-    }
-
-    if b, ok := i.(elementer); ok {
-        i = b.Element()
-    }
-
-    switch val := i.(type) {
-    case nil:
-        return "", fmt.Errorf("nil encountered")
-    case string:
-        return val, nil
-    default:
-        if !attemptMarshal {
-            return "", fmt.Errorf("value must be string or fmt.Stringer")
-        }
-
-        rb, err := xml.Marshal(val)
-        if err != nil {
-            return "", err
-        }
-        return string(rb), nil
-    }
+func asString(i any, attemptMarshal bool) (string, error) {
+	if a, ok := i.(fmt.Stringer); ok {
+		return a.String(), nil
+	}
+
+	if b, ok := i.(elementer); ok {
+		i = b.Element()
+	}
+
+	switch val := i.(type) {
+	case nil:
+		return "", fmt.Errorf("nil encountered")
+	case string:
+		return val, nil
+	default:
+		if !attemptMarshal {
+			return "", fmt.Errorf("value must be string or fmt.Stringer")
+		}
+
+		rb, err := xml.Marshal(val)
+		if err != nil {
+			return "", err
+		}
+		return string(rb), nil
+	}
 }
diff --git a/xmlapi/cdatatext.go b/xmlapi/cdatatext.go
index 7706b9cb..c394fcf5 100644
--- a/xmlapi/cdatatext.go
+++ b/xmlapi/cdatatext.go
@@ -2,5 +2,5 @@ package xmlapi
 
 // CdataText is for getting CDATA contents of XML docs.
 type CdataText struct {
-    Text string `xml:",cdata"`
+	Text string `xml:",cdata"`
 }
diff --git a/xmlapi/commit.go b/xmlapi/commit.go
new file mode 100644
index 00000000..608854e8
--- /dev/null
+++ b/xmlapi/commit.go
@@ -0,0 +1,49 @@
+package xmlapi
+
+import (
+	"fmt"
+	"net/url"
+)
+
+type CommitAction interface {
+	Action() string
+	Element() any
+}
+
+// Commit performs a type=commit XML API action.
+type Commit struct {
+	Command CommitAction
+
+	Target string
+
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
+}
+
+// AsUrlValues returns the full API command as url.Values to send to PAN-OS.
+func (c *Commit) AsUrlValues() (url.Values, error) {
+	if c.Command == nil {
+		return nil, fmt.Errorf("no command specified")
+	}
+
+	data := url.Values{}
+	data.Set("type", "commit")
+
+	if action := c.Command.Action(); action != "" {
+		data.Set("action", action)
+	}
+
+	if err := addToData("cmd", c.Command, true, &data); err != nil {
+		return nil, err
+	}
+
+	if c.Target != "" {
+		data.Set("target", c.Target)
+	}
+
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
+
+	return data, nil
+}
diff --git a/xmlapi/config.go b/xmlapi/config.go
index f9f30590..bb1b5903 100644
--- a/xmlapi/config.go
+++ b/xmlapi/config.go
@@ -1,85 +1,85 @@
 package xmlapi
 
 import (
-    "fmt"
-    "net/url"
+	"fmt"
+	"net/url"
 )
 
 // Config performs a type=config XML API action.
 type Config struct {
-    // The Action.  Can be things like, "get", "show", "set", "edit", "move", or "rename".
-    // or "multi-config".
-    Action string
+	// The Action.  Can be things like, "get", "show", "set", "edit", "move", or "rename".
+	// or "multi-config".
+	Action string
 
-    // The xpath the config operation is operating on, used by almost every type=config
-    // command (not multi-config).
-    Xpath string
+	// The xpath the config operation is operating on, used by almost every type=config
+	// command (not multi-config).
+	Xpath string
 
-    // For "set" and "edit" API calls, this should be a struct that can be turned into
-    // a string by XML.Marshal(), an io.Stringer, or already a string.
-    Element any
+	// For "set" and "edit" API calls, this should be a struct that can be turned into
+	// a string by XML.Marshal(), an io.Stringer, or already a string.
+	Element any
 
-    // For "move" API calls, Where should be the location keyword while Destination
-    // is the other name if Where is "before" or "after".
-    Where string
-    Destination string
+	// For "move" API calls, Where should be the location keyword while Destination
+	// is the other name if Where is "before" or "after".
+	Where       string
+	Destination string
 
-    // For "rename" API calls, the new name.
-    NewName string
+	// For "rename" API calls, the new name.
+	NewName string
 
-    // For "multi-config", if you want strict transactional support or not.
-    StrictTransactional bool
+	// For "multi-config", if you want strict transactional support or not.
+	StrictTransactional bool
 
-    // The target, copied from the client connection.
-    Target string
+	// The target, copied from the client connection.
+	Target string
 
-    // Any extra params that need to be specified should be put here.
-    Extras url.Values
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
 }
 
 // AsUrlValues returns the full API command as url.Values to send to PAN-OS.
 func (c *Config) AsUrlValues() (url.Values, error) {
-    if c.Action == "" {
-        return nil, fmt.Errorf("no action specified")
-    }
+	if c.Action == "" {
+		return nil, fmt.Errorf("no action specified")
+	}
 
-    data := url.Values{}
-    data.Set("type", "config")
-    data.Set("action", c.Action)
+	data := url.Values{}
+	data.Set("type", "config")
+	data.Set("action", c.Action)
 
-    if c.Xpath != "" {
-        data.Set("xpath", c.Xpath)
-    }
+	if c.Xpath != "" {
+		data.Set("xpath", c.Xpath)
+	}
 
-    if c.Element != nil {
-        if err := addToData("element", c.Element, true, &data); err != nil {
-            return nil, err
-        }
-    }
+	if c.Element != nil {
+		if err := addToData("element", c.Element, true, &data); err != nil {
+			return nil, err
+		}
+	}
 
-    if c.Where != "" {
-        data.Set("where", c.Where)
-    }
+	if c.Where != "" {
+		data.Set("where", c.Where)
+	}
 
-    if c.Destination != "" {
-        data.Set("dst", c.Destination)
-    }
+	if c.Destination != "" {
+		data.Set("dst", c.Destination)
+	}
 
-    if c.NewName != "" {
-        data.Set("newname", c.NewName)
-    }
+	if c.NewName != "" {
+		data.Set("newname", c.NewName)
+	}
 
-    if c.StrictTransactional {
-        data.Set("strict-transactional", "yes")
-    }
+	if c.StrictTransactional {
+		data.Set("strict-transactional", "yes")
+	}
 
-    if c.Target != "" {
-        data.Set("target", c.Target)
-    }
+	if c.Target != "" {
+		data.Set("target", c.Target)
+	}
 
-    for key := range c.Extras {
-        data.Set(key, c.Extras.Get(key))
-    }
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
 
-    return data, nil
+	return data, nil
 }
diff --git a/xmlapi/export.go b/xmlapi/export.go
new file mode 100644
index 00000000..5182e91e
--- /dev/null
+++ b/xmlapi/export.go
@@ -0,0 +1,43 @@
+package xmlapi
+
+import (
+	"fmt"
+	"net/url"
+)
+
+// Export performs a type=export XML API action.
+//
+// Param Category is the category.
+type Export struct {
+	Category string
+
+	Action string
+	JobId  uint
+
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
+}
+
+// AsUrlValues returns the full API command as url.Values to send to PAN-OS.
+func (c *Export) AsUrlValues() (url.Values, error) {
+	data := url.Values{}
+	data.Set("type", "export")
+
+	if c.Category != "" {
+		data.Set("category", c.Category)
+	}
+
+	if c.Action != "" {
+		data.Set("action", c.Action)
+	}
+
+	if c.JobId != 0 {
+		data.Set("job-id", fmt.Sprintf("%d", c.JobId))
+	}
+
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
+
+	return data, nil
+}
diff --git a/xmlapi/import.go b/xmlapi/import.go
new file mode 100644
index 00000000..4c4009f3
--- /dev/null
+++ b/xmlapi/import.go
@@ -0,0 +1,31 @@
+package xmlapi
+
+import (
+	"net/url"
+)
+
+// Import performs a type=import XML API action.
+//
+// Param Category is the category.
+type Import struct {
+	Category string
+
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
+}
+
+// AsUrlValues returns the full API command as url.Values to send to PAN-OS.
+func (c *Import) AsUrlValues() (url.Values, error) {
+	data := url.Values{}
+	data.Set("type", "import")
+
+	if c.Category != "" {
+		data.Set("category", c.Category)
+	}
+
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
+
+	return data, nil
+}
diff --git a/xmlapi/keygen.go b/xmlapi/keygen.go
index 834144c3..3f33ad9b 100644
--- a/xmlapi/keygen.go
+++ b/xmlapi/keygen.go
@@ -1,31 +1,31 @@
 package xmlapi
 
 import (
-    "net/url"
+	"net/url"
 )
 
 // KeyGen performs a type=keygen XML API action.
 type KeyGen struct {
-    // The username.
-    Username string
+	// The username.
+	Username string
 
-    // The password.
-    Password string
+	// The password.
+	Password string
 
-    // Any extra params that need to be specified should be put here.
-    Extras url.Values
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
 }
 
 // AsUrlValues returns the full API command as url.Values to send to PAN-OS.
 func (c *KeyGen) AsUrlValues() (url.Values, error) {
-    data := url.Values{}
-    data.Set("type", "keygen")
-    data.Set("user", c.Username)
-    data.Set("password", c.Password)
+	data := url.Values{}
+	data.Set("type", "keygen")
+	data.Set("user", c.Username)
+	data.Set("password", c.Password)
 
-    for key := range c.Extras {
-        data.Set(key, c.Extras.Get(key))
-    }
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
 
-    return data, nil
+	return data, nil
 }
diff --git a/xmlapi/log.go b/xmlapi/log.go
new file mode 100644
index 00000000..be3573e1
--- /dev/null
+++ b/xmlapi/log.go
@@ -0,0 +1,67 @@
+package xmlapi
+
+import (
+	"fmt"
+	"net/url"
+	"strconv"
+)
+
+// Log performs a type=log XML API action.
+type Log struct {
+	LogType string
+
+	Action string
+
+	Query string
+
+	Direction string
+
+	Nlogs int
+
+	Skip int
+
+	JobId uint
+
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
+}
+
+// AsUrlValues returns the full API command as url.Values to send to PAN-OS.
+func (c *Log) AsUrlValues() (url.Values, error) {
+	data := url.Values{}
+	data.Set("type", "log")
+
+	if c.LogType != "" {
+		data.Set("log-type", c.LogType)
+	}
+
+	if c.Action != "" {
+		data.Set("action", c.Action)
+	}
+
+	if c.Query != "" {
+		data.Set("query", c.Query)
+	}
+
+	if c.Direction != "" {
+		data.Set("dir", c.Direction)
+	}
+
+	if c.Nlogs != 0 {
+		data.Set("nlogs", strconv.Itoa(c.Nlogs))
+	}
+
+	if c.Skip != 0 {
+		data.Set("skip", strconv.Itoa(c.Skip))
+	}
+
+	if c.JobId != 0 {
+		data.Set("job-id", fmt.Sprintf("%d", c.JobId))
+	}
+
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
+
+	return data, nil
+}
diff --git a/xmlapi/multiconfig.go b/xmlapi/multiconfig.go
index 58d44fe5..bac943e1 100644
--- a/xmlapi/multiconfig.go
+++ b/xmlapi/multiconfig.go
@@ -1,140 +1,147 @@
 package xmlapi
 
 import (
-    "encoding/xml"
-    "fmt"
-    "strings"
+	"encoding/xml"
+	"fmt"
+	"strings"
+
+	"github.com/PaloAltoNetworks/pango/errors"
 )
 
 // Returns a new struct for performing multi-config operations with.
 func NewMultiConfig(capacity int) *MultiConfig {
-    return &MultiConfig{
-        Operations: make([]MultiConfigOperation, 0, capacity),
-    }
+	return &MultiConfig{
+		Operations: make([]MultiConfigOperation, 0, capacity),
+	}
 }
 
 // MultiConfig contains individual operations of a larger multi-config API call.
 type MultiConfig struct {
-    XMLName xml.Name `xml:"multi-configure-request"`
-    Operations []MultiConfigOperation
+	XMLName    xml.Name `xml:"multi-configure-request"`
+	Operations []MultiConfigOperation
 }
 
 // IncrementalIds assigns incremental IDs to a multi-config call.  Any individual
 // operation that already has an ID will be left as-is.
 func (m *MultiConfig) IncrementalIds() {
-    for i := range m.Operations {
-        if m.Operations[i].Id == "" {
-            m.Operations[i].Id = fmt.Sprintf("%d", i+1)
-        }
-    }
+	for i := range m.Operations {
+		if m.Operations[i].Id == "" {
+			m.Operations[i].Id = fmt.Sprintf("%d", i+1)
+		}
+	}
 }
 
 // Add adds a Config operation to the multi-config request.
 func (m *MultiConfig) Add(c *Config) {
-    if c == nil {
-        return
-    }
-
-    o := MultiConfigOperation{
-        XMLName: xml.Name{Local: c.Action},
-        Xpath: c.Xpath,
-        Where: c.Where,
-        Destination: c.Destination,
-        NewName: c.NewName,
-    }
-
-    if c.Element != nil {
-        o.Data = c.Element
-    }
-
-    m.Operations = append(m.Operations, o)
+	if c == nil {
+		return
+	}
+
+	o := MultiConfigOperation{
+		XMLName:     xml.Name{Local: c.Action},
+		Xpath:       c.Xpath,
+		Where:       c.Where,
+		Destination: c.Destination,
+		NewName:     c.NewName,
+	}
+
+	if c.Element != nil {
+		o.Data = c.Element
+	}
+
+	m.Operations = append(m.Operations, o)
 }
 
 // MultiConfigOperation is an individual operation in a MultiConfigure instance.
 type MultiConfigOperation struct {
-    XMLName xml.Name
-    Id      string `xml:"id,attr,omitempty"`
+	XMLName xml.Name
+	Id      string `xml:"id,attr,omitempty"`
 
-    Xpath string `xml:"xpath,attr"`
-    Data  interface{}
+	Xpath string `xml:"xpath,attr"`
+	Data  interface{}
 
-    // action=move.
-    Where string `xml:"where,attr,omitempty"`
-    Destination   string `xml:"dst,attr,omitempty"`
+	// action=move.
+	Where       string `xml:"where,attr,omitempty"`
+	Destination string `xml:"dst,attr,omitempty"`
 
-    // action=rename.
-    NewName string `xml:"newname,attr,omitempty"`
+	// action=rename.
+	NewName string `xml:"newname,attr,omitempty"`
 }
 
 // NewMultiConfigResponse creates a multi-config response from the given text.
 func NewMultiConfigResponse(text []byte) (*MultiConfigResponse, error) {
-    if len(text) == 0 {
-        return nil, fmt.Errorf("no data received in the multi-config response")
-    }
+	if len(text) == 0 {
+		return nil, fmt.Errorf("no data received in the multi-config response")
+	}
 
-    var ans MultiConfigResponse
-    err := xml.Unmarshal(text, &ans)
+	ans := MultiConfigResponse{raw: text}
+	err := xml.Unmarshal(text, &ans)
 
-    return &ans, err
+	return &ans, err
 }
 
 // MultiConfigResponse is a struct to handle the response from multi-config
 // commands.
 type MultiConfigResponse struct {
-    XMLName xml.Name                     `xml:"response"`
-    Status  string                       `xml:"status,attr"`
-    Code    int                          `xml:"code,attr"`
-    Results []MultiConfigResponseElement `xml:"response"`
+	XMLName xml.Name                     `xml:"response"`
+	Status  string                       `xml:"status,attr"`
+	Code    int                          `xml:"code,attr"`
+	Results []MultiConfigResponseElement `xml:"response"`
+
+	raw []byte `xml:"-"`
 }
 
 // Ok returns if there was an error or not.
 func (m *MultiConfigResponse) Ok() bool {
-    return m.Status == "success"
+	return m.Status == "success"
 }
 
 // Error returns the error if there was one.
 func (m *MultiConfigResponse) Error() string {
-    if len(m.Results) == 0 {
-        return ""
-    }
-
-    r := m.Results[len(m.Results)-1]
-    if r.Ok() {
-        return ""
-    }
-
-    return r.Message()
+	if len(m.Results) == 0 {
+		if err := errors.Parse(m.raw); err != nil {
+			return err.Error()
+		}
+		return "unknown multi-config error format"
+	}
+
+	r := m.Results[len(m.Results)-1]
+	if r.Ok() {
+		return ""
+	}
+
+	return r.Message()
 }
 
 // MultiConfigResponseElement is a single response from a multi-config request.
 type MultiConfigResponseElement struct {
-    XMLName xml.Name `xml:"response"`
-    Status  string   `xml:"status,attr"`
-    Code    int      `xml:"code,attr"`
-    Id      string   `xml:"id,attr,omitempty"`
-    Msg     McreMsg  `xml:"msg"`
+	XMLName xml.Name `xml:"response"`
+	Status  string   `xml:"status,attr"`
+	Code    int      `xml:"code,attr"`
+	Id      string   `xml:"id,attr,omitempty"`
+	Msg     McreMsg  `xml:"msg"`
 }
 
 type McreMsg struct {
-    Line    []CdataText `xml:"line"`
-    Message string           `xml:",chardata"`
+	Line    []CdataText `xml:"line"`
+	Message string      `xml:",chardata"`
 }
 
 func (m *MultiConfigResponseElement) Ok() bool {
-    return m.Status == "success"
+	return m.Status == "success"
 }
 
 func (m *MultiConfigResponseElement) Message() string {
-    if len(m.Msg.Line) > 0 {
-        var b strings.Builder
-        for i := range m.Msg.Line {
-            if i != 0 {
-                b.WriteString(" | ")
-            }
-            b.WriteString(strings.TrimSpace(m.Msg.Line[i].Text))
-        }
-        return b.String()
-    }
-
-    return m.Msg.Message
+	if len(m.Msg.Line) > 0 {
+		var b strings.Builder
+		for i := range m.Msg.Line {
+			if i != 0 {
+				b.WriteString(" | ")
+			}
+			b.WriteString(strings.TrimSpace(m.Msg.Line[i].Text))
+		}
+		return b.String()
+	}
+
+	return m.Msg.Message
 }
diff --git a/xmlapi/op.go b/xmlapi/op.go
index 7dd27536..abbb7171 100644
--- a/xmlapi/op.go
+++ b/xmlapi/op.go
@@ -1,50 +1,50 @@
 package xmlapi
 
 import (
-    "fmt"
-    "net/url"
+	"fmt"
+	"net/url"
 )
 
 // Op performs a type=op XML API action.
 type Op struct {
-    // The comamnd to execute.  This can be a properly formatting XML string,
-    // a fmt.Stringer, or a struct that can mer marshalled into XML.
-    Command any
+	// The comamnd to execute.  This can be a properly formatting XML string,
+	// a fmt.Stringer, or a struct that can mer marshalled into XML.
+	Command any
 
-    // The vsys to send the command to.
-    Vsys string
+	// The vsys to send the command to.
+	Vsys string
 
-    // The target, copied from the client connection.
-    Target string
+	// The target, copied from the client connection.
+	Target string
 
-    // Any extra params that need to be specified should be put here.
-    Extras url.Values
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
 }
 
 // AsUrlValues returns the full API command as url.Values to send to PAN-OS.
 func (c *Op) AsUrlValues() (url.Values, error) {
-    if c.Command == nil {
-        return nil, fmt.Errorf("no command specified")
-    }
+	if c.Command == nil {
+		return nil, fmt.Errorf("no command specified")
+	}
 
-    data := url.Values{}
-    data.Set("type", "op")
+	data := url.Values{}
+	data.Set("type", "op")
 
-    if err := addToData("cmd", c.Command, true, &data); err != nil {
-        return nil, err
-    }
+	if err := addToData("cmd", c.Command, true, &data); err != nil {
+		return nil, err
+	}
 
-    if c.Vsys != "" {
-        data.Set("vsys", c.Vsys)
-    }
+	if c.Vsys != "" {
+		data.Set("vsys", c.Vsys)
+	}
 
-    if c.Target != "" {
-        data.Set("target", c.Target)
-    }
+	if c.Target != "" {
+		data.Set("target", c.Target)
+	}
 
-    for key := range c.Extras {
-        data.Set(key, c.Extras.Get(key))
-    }
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
 
-    return data, nil
+	return data, nil
 }
diff --git a/xmlapi/userid.go b/xmlapi/userid.go
new file mode 100644
index 00000000..73c0774d
--- /dev/null
+++ b/xmlapi/userid.go
@@ -0,0 +1,50 @@
+package xmlapi
+
+import (
+	"fmt"
+	"net/url"
+)
+
+// UserId performs a type=user-id XML API action.
+type UserId struct {
+	// The comamnd to execute.  This can be a properly formatting XML string,
+	// a fmt.Stringer, or a struct that can mer marshalled into XML.
+	Command any
+
+	// The vsys to send the command to.
+	Vsys string
+
+	// The target, copied from the client connection.
+	Target string
+
+	// Any extra params that need to be specified should be put here.
+	Extras url.Values
+}
+
+// AsUrlValues returns the full API command as url.Values to send to PAN-OS.
+func (c *UserId) AsUrlValues() (url.Values, error) {
+	if c.Command == nil {
+		return nil, fmt.Errorf("no command specified")
+	}
+
+	data := url.Values{}
+	data.Set("type", "user-id")
+
+	if err := addToData("cmd", c.Command, true, &data); err != nil {
+		return nil, err
+	}
+
+	if c.Vsys != "" {
+		data.Set("vsys", c.Vsys)
+	}
+
+	if c.Target != "" {
+		data.Set("target", c.Target)
+	}
+
+	for key := range c.Extras {
+		data.Set(key, c.Extras.Get(key))
+	}
+
+	return data, nil
+}

From 35c466b1703073d1918cfa6a118294cffcc91bfa Mon Sep 17 00:00:00 2001
From: Migara Ekanayake <2110772+migara@users.noreply.github.com>
Date: Thu, 12 Sep 2024 15:35:06 +0100
Subject: [PATCH 4/4] update README

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ce4ac3b7..447ad1b5 100644
--- a/README.md
+++ b/README.md
@@ -8,8 +8,8 @@ Palo Alto Networks pango
 > This software is currently in alpha development stage. It is strongly recommended not to use this package in production environments. If you choose to use it for experimental or developmental purposes, please do so with caution.
 
 
-[![GoDoc](https://godoc.org/github.com/PaloAltoNetworks/pango?status.svg)](https://godoc.org/github.com/PaloAltoNetworks/pango)
-[![Build](https://github.com/PaloAltoNetworks/pango/workflows/Sanity%20Check/badge.svg?branch=main)](https://github.com/PaloAltoNetworks/pango/actions?query=workflow%3A%22Sanity+Check%22)
+<!-- [![GoDoc](https://godoc.org/github.com/PaloAltoNetworks/pango?status.svg)](https://godoc.org/github.com/PaloAltoNetworks/pango) -->
+<!-- [![Build](https://github.com/PaloAltoNetworks/pango/workflows/Sanity%20Check/badge.svg?branch=main)](https://github.com/PaloAltoNetworks/pango/actions?query=workflow%3A%22Sanity+Check%22) -->
 
 Package pango is a golang cross version mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama).  Versioning support is in place for PANOS 10.1 and above.