Zone Creation W/ Python Device Framework

Reply
L1 Bithead

Zone Creation W/ Python Device Framework

I am working on a script to do automation of new tenant builds. One thing I am having a tough time with is creating VLAN Zones because I need to assign them to the specifc VSYS/Location but don't seem to have a paramter to do that. I have been able to successfully add things under Objects and Policies to their specific VSYS, but this zone add is hanging me up. Here is an example of what I am trying to do:

 

fw = firewall.Firewall('127.0.0.1', 'user', 'pass', vsys="shared")
vsys1 = device.Vsys(name = 'vsys1', display_name = 'PRESENTATION')
fw.add(vsys1)
vsys1.create()
VLAN_zone = network.Zone(name = 'TEST_706', mode = 'layer3')
fw.add(VLAN_zone)
VLAN_zone.create()

 When I attempt to create the VLAN zone I get the following error:

 

Traceback (most recent call last):
File "C:/Users/ttoquothty/PycharmProjects/PaloAlto/IaaS.py", line 34, in <module>
VLAN_zone.create()
File "C:\Users\ttoquothty\PycharmProjects\PaloAlto\venv\lib\site-packages\pandevice\base.py", line 576, in create
device.active().xapi.set(self.xpath_short(), element, retry_on_peer=self.HA_SYNC)
File "C:\Users\ttoquothty\PycharmProjects\PaloAlto\venv\lib\site-packages\pandevice\base.py", line 3175, in method
raise the_exception
pandevice.errors.PanDeviceXapiError: Could not find schema node for xpath /config/shared/zone

L1 Bithead

Re: Zone Creation W/ Python Device Framework

I figured out my issue and figured out I'd post a update in case someone stumbles across this with the same question.

 

instead of doing fw.add(VLAN_zone) my script for the Zone should have been:

 

VLAN_zone = network.Zone(name = 'TEST_706', mode = 'layer3')
vsys1.add(VLAN_zone)
VLAN_zone.create()

Using the vsys1 I established earlier to add the Zone. 

L4 Transporter

Re: Zone Creation W/ Python Device Framework

I'm glad that you got it working, but that should have worked.  I just tested it and it does indeed work for me (since there is no vsys specified in the `fw` object, it should default to `vsys1`).

 

I suspect your version of `pandevice` is older, and I'd recommend making sure you're running 0.6.0, which is currently the latest.

L1 Bithead

Re: Zone Creation W/ Python Device Framework

@gfreeman I think it is because in my 'fw' object I have the vsys set to 'shared'. Because looking more closely at the error I was getting it mentions it could not find the xpath for /config/shared/zone. I am on 0.6.3 for Pandevice so should be good there. 

 

This is my first go at anything automation related with the Palo (and also new-ish to Python), it's been pretty cool so far! 

L4 Transporter

Re: Zone Creation W/ Python Device Framework

Oops, missed that.  Yep, you're right :)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!