Can anyone advise how the PAN-Perl module can be used in per scripts to send user-id mappiungs directly to the firewall? In reading the module, the PAN-Perl module (PAN::XAPI) seems to include every restull api type, except user-id and so I don't seem to be able to send an "action='user-id', xpath= ...user-id xml..." it's not listed in the doc, nor the module as far as I can see.
I know I can use PAN:API to talk to external agent collectors (which I've tested), but there is a 10-15 second polling period before the Firewall is updated which in my scenario is a touch too long, (and doesn't seem to be changable in config).
any suggestions ?
I have not played with the Perl module, but i have just been playing with Python, and using a external DB source to feed into the User-ID login, and logouts.
There are a few examples on GitHub, but they are mainly Python.
In theory you can do it with perl as it is just RestfulAPI.
I am assuming you are OK with getting the API Key.
My example of the API request format for the login.
https://192.168.0.200/api/?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srN...> <type>update</type> <payload> <login> <entry name="user1" ip="10.0.0.1"/> <entry name="domain\user2" ip="10.0.0.2"/> </login> </payload></uid-message>
You would need to have at least this version:
2012-08-30 - PAN::XAPI, bin/panxapi: add support for updating dynamic objects in PAN-OS 5.0 (type=user-id).
Thanks everyone. Rather than doing direct Rest http calls I was hoping to use PAN::XAPI because it had all the underlying http logic and error handling in simple functions, which simplied things and added reliability for my need. I ended up adding a 15 line subroutine that added $api->userid($cmd) with the same format as the rest of PAN:XAPIs functions, which solved everthing.
Thanks for your help !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!