I'm writing a script to disable a rule using panxapi. I'm trying to check to make sure the rule exists. I've found if I have a typo in the rule name, panxapi will create the rule as a blank, so I need to make sure the rule exists before running panxapi to disable it. I started testing how to do this and have run across something I don't understand. Options -g and -s look to be what I would need, but I'm not understanding their results. If I enter a non-existent rule "Rule.junk" they return different results.
|-g||get candidate config at xpath|
|-s||show active config at xpath|
panxapi -h 192.168.x.x -s "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"
show: No such node status="error"
panxapi -h 192.168.x,x -g "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Rule.junk']"
My candidate and running config are identical, yet -s says the rule doesn't exist, and -g says it does?
The results are showing you that the config you're looking for is in candidate config - but not in the active config (i.e. committed to the device). Is that possibly why you're seeing those results?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!