Version: PAN-OS 8
I am attempting to create new security rules in Panorama, but keep getting a response that says a schema node cannot be found
I have the following code in a PS function, where $Name is my intended rule name, and $DeviceAddress is my Panorama address
"Invoke-RestMethod "https://$DeviceAddress/api/?type=config&action=set&key=$apiKey&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='$Name']&element=$script:requestXML" -Method Post"
Could not find schema node for xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='MY Arbitrary Rule Name']
Can someone clarify what is incorrect about the XPath, please?
Solved! Go to Solution.
Your xpath is wrong. If you're doing a `set`, you need to specify the node one above what you're actually setting. For `edit` and `delete` you specify the node itself.
In your case, since you're trying to `set`, your xpath should actually be this:
So how does one specify a rule name in the xpath?
If I run
"$query = Invoke-RestMethod "https://$DeviceAddress/api/?type=config&action=set&key=$apiKey&xpath=config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules" -Method Post"
I get an Unauthorized request as the response
The rule name should be in the XML document that you're posting, which could look something like this:
<entry name="MY Arbitrary Rule Name">
So far, I think I've figured out the proper way to pass an xml document in Powershell, but still get an Unauthorized Request response.
Is a rule-type required in the XML object?
Or rather, what fields are required in order to POST?
The rule-type seems to be optional, but I've always specified it.
However, that error you're getting has to do with the user you're using to do these operations. Looks like it needs more permissions to create the security rule:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!