This morning started with me pulling my hair out...just like yesterday ended. So, here I am. I want to query our Palo Alto firewall via the API to show me security rules...not a big deal. However, the device as two vsys's (or however you write that), and the API query only revealed one security policy, which I know is not right. I've been using the API GUI to poke around, but I keep getting the same results:
response status="success" code="19">
<result total-count="1" count="1">
blah blah blah
I know this can't be right. I've checked the other vsys via this query and it has ZERO results, which is also wrong. Is this, perhaps, a permissions issue? Or, is the way our device is split in to two vsys's causing the problem?
Of very interesting note: I exported the running config directly from this device and got the same results! Only one security policy shows up under vsys1 and ZERO are in vsys2? I don't understand...
Solved! Go to Solution.
Sorry...I committed the cardinal sin. Here's what we're working with:
All configs are pushed via Panorama.
Panorama and the device in question are both on 7.1.12. I should be looking at the API in Panorama, shouldn't I?
Exactly. It only shows local configuration where you're looking. Alternatively, you can do type=op and cmd=<show><running><security-policy></security-policy></running></show> which should return all the ones in effect if that's what you're after.
Any luck calling an API key via PowerShell instead of embedding it in the request? I wonder if Palo Alto's API can't accept additional headers? I can't seem to find this information anywhere. If I embed my API key in my GET request, I auth successfully. When I call the API key using the "-headers" function in PowerShell, no worky. Thoughts? I know this is a separate concept, but I'm grasping at straws here.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!