Create Post-Security-Rule - RestAPI

Reply
L1 Bithead

Create Post-Security-Rule - RestAPI

I have Panorama managing my firewalls. I would like to leverage Postman to make API POSTS to Panorama for new security policies. 

 

Can someone provide an example of a filled-out body with bogus data to show me how the API wants it?

 

I'm particularily getting stuck on the first part of the body.. I have a device group called "firewalls" and the device is named "firewall1"

 

{

            "entry": {

                        "@name": "testrule",

                        "target": {

                              "devices": {

                                       "entry": [

                                             null

                                        ]

                              },

 

 

L4 Transporter

Re: Create Post-Security-Rule - RestAPI

If you're doing PAN-OS automation and aren't using any of the integrations that already exist (aka - Terraform or Ansible) and you need to figure out how to format calls to the XML API, your best course of action is to use the debug GUI functionality.

 

  • Open a browswer tab and go to https://<pan-os-ip-address>
  • Navigate to the screen you want information about
  • Open another browser tab and go to https://<pan-os-ip-address>/debug
  • Click "Clear" in the debug tab
  • Perform the action you are trying to automate
  • Click "Refresh" in the debug tab

 

This is just one of the three ways available.  The other two are detailed here (the link is from PAN-OS 7.1, but the information is still accurate now):

 

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api...

 

Hope this helps!

 

L1 Bithead

Re: Create Post-Security-Rule - RestAPI

Do you suggest that I work on using Ansible? I want to automate our firewall changes. Can you give me a brief rundown of an example workflow that you or someone else has created for firewall changes? Hoping that I'll have an idea of what to work toward.. Right now, it's trying to mess with Postman. 

Highlighted
L4 Transporter

Re: Create Post-Security-Rule - RestAPI

Neither Terraform nor Ansible force specific workflows on the user, so you are free to use whatever workflow you want.  Using either of them however gets you away from having to start from nothing.

 

As to whether you should use Terraform or Ansible, I think that it becomes a matter of preference.  Sometimes a company is already using one or the other internally, so it makes sense to stick with that tool.  But if no one is using either already and you are free to choose, I think I'd suggest playing with them both and figuring out which you like more.

 

Palo Alto Networks has had a Terraform & Ansible lab the past few years at Ignite.  Here's the 2019 lab (the description has the link to the lab guide as HTML):

 

https://github.com/PaloAltoNetworks/multicloud-automation-lab

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!