Automation and Orchestration Tools and Technologies

When configuring and managing the Palo Alto Networks Next-Generation firewall for scale and agility, it’s nice to have a collection of tools to automate activities and events. Our Automation and Orchestration tools and technologies provide a collection of open, extensible projects that help you take the next step. Learn about these tools with detailed documents and join in the discussions with other users to get the most from these resources.

Automation Projects

Available Automation Tools


Automation for Everyone. Ansible is designed around the way people work and the way people work together. Learn more

Device Framework Device Framework

Device Framework enables non-programmers to create sophisticated automations that leverage the PAN-OS API. Learn more

Terraform Terraform

Terraform enables teams to automate deployment and adapt to the changing needs of cloud infrastructures. Learn more

Automation Blog

Terraform Provider Version 1.5.0 Released

post time: 2 weeks ago

The 1.5.0 release contains support for BGP, BFD profiles, an enhanced NAT rule resource, and various user requested enhancements.

Ansible v2.0.0 (Katana) released

post time: Sep 27, 2018 4:50:49 PM

Version 2.0.0 of Palo Alto Network Modules has been released. This is major release that includes expanded support for Panorama and Next Generation Firewall including very much awaited support for idempotency.


The updated documentation can be found here:

Terraform Provider Version 1.4.0 Released

post time: Aug 27, 2018 3:03:05 PM

The 1.4.0 release includes expanded support for Panorama (such as ethernet interfaces, templates, and template variables), IPSec tunnels, IKE gateways, firewall licensing, and much more.

Terraform Deployment and Configuration Templates facilitating CI/CD workflows for security teams

post time: Jun 28, 2018 2:55:58 PM

Application developers working in agile teams have the need to push and deploy code numerous times a day. The agility of the dev teams puts a lot of pressure on the infrastructure and security teams to keep pace. Consequently, quite often this results in security teams slowing down the deployment of apps into production environments.


However, Palo Alto Networks has built out a slew of automation capabilities that provide security teams with the capabilities and tools to demonstrate the same agility as the app teams.  These capabilities enable enterprises as a whole to succeed by deploying the line of business application in a timely and more importantly, a secure manner.


The following sections describe:

  • How app teams and security teams can leverage code repositories such as github to store both application artifacts and security policies as code.
  • How security teams can leverage ```Terraform``` and the Palo Alto Networks ```Terraform provider``` to leverage CI / CD workflows to keep pace with line of business requirements.

Terraform Provider Version 1.2.0 Released

post time: Jun 19, 2018 2:09:47 PM

The 1.2.0 release includes support for security policy groups, PAN-OS 8.1's FQDN destination address translations, and telemetry sharing with Palo Alto Networks.


Have questions about automation APIs? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
posted: a week ago updated: a week ago

Panorama Managed Bootstrap Deployment

We are currently preparing for a bootstrap deployment, with a Panorama MGMT server. 3 Datacenters. 1 NGFW & 1 Panorama Log Collector per DC. The q...

7 0
posted: 3 weeks ago updated: 2 weeks ago

How to start with pandievice and API

Hi all, I feel a bit stupid asking the question, but surely, others had the same problem as me. I am trying to create multiple address objec...

78 5
posted: 3 weeks ago updated: 3 weeks ago

Output format for test/url-info-cloud and test/url-info-host

So I had a crazy idea and started poking around at the XML API on my firewall.  I wanted to see if there was a generally efficient way to automat...

13 0
posted: Jan 14, 2019 6:19:11 PM updated: Jan 17, 2019 3:40:06 PM

APIs to createmove a security policy at the top of device group pre-rule section and move it up/down

Dear All, on Panorama GUI (version 8.1.3),  I am able to move security policies to Top, Bottom, Up and Down in the device group pre-rul...

77 6
posted: Jan 13, 2019 2:03:47 AM updated: Jan 17, 2019 10:39:34 AM

Disable tunnel ipsec via api

Is there a way to disable ipsec tunnel via api?From what I reah ansible-pan, there is only state present / absent. Thanks...

35 8