Automation / API

Automation and Orchestration Tools and Technologies

When configuring and managing the Palo Alto Networks Next-Generation firewall for scale and agility, it’s nice to have a collection of tools to automate activities and events. Our Automation and Orchestration tools and technologies provide a collection of open, extensible projects that help you take the next step. Learn about these tools with detailed documents and join in the discussions with other users to get the most from these resources.

Automation Projects

Available Automation Tools

Ansible

Automation for Everyone. Ansible is designed around the way people work and the way people work together. Learn more

Device Framework Device Framework

Device Framework enables non-programmers to create sophisticated automations that leverage the PAN-OS API. Learn more

Terraform Terraform

Terraform enables teams to automate deployment and adapt to the changing needs of cloud infrastructures. Learn more

Automation Blog

Ansible Version 2.2 Released

post time: Wednesday

Ansible version 2.2 is released, including support for configuring log forwarding profiles, subinterfaces, and more.

Terraform Provider Version 1.5.0 Released

post time: 02-04-2019

The 1.5.0 release contains support for BGP, BFD profiles, an enhanced NAT rule resource, and various user requested enhancements.

Ansible v2.0.0 (Katana) released

post time: 09-27-2018

Version 2.0.0 of Palo Alto Network Modules has been released. This is major release that includes expanded support for Panorama and Next Generation Firewall including very much awaited support for idempotency.

 

The updated documentation can be found here:
http://paloaltonetworks.github.io/ansible-pan/

Terraform Provider Version 1.4.0 Released

post time: 08-27-2018

The 1.4.0 release includes expanded support for Panorama (such as ethernet interfaces, templates, and template variables), IPSec tunnels, IKE gateways, firewall licensing, and much more.

Terraform Deployment and Configuration Templates facilitating CI/CD workflows for security teams

post time: 06-28-2018

Application developers working in agile teams have the need to push and deploy code numerous times a day. The agility of the dev teams puts a lot of pressure on the infrastructure and security teams to keep pace. Consequently, quite often this results in security teams slowing down the deployment of apps into production environments.

 

However, Palo Alto Networks has built out a slew of automation capabilities that provide security teams with the capabilities and tools to demonstrate the same agility as the app teams.  These capabilities enable enterprises as a whole to succeed by deploying the line of business application in a timely and more importantly, a secure manner.

 

The following sections describe:

  • How app teams and security teams can leverage code repositories such as github to store both application artifacts and security policies as code.
  • How security teams can leverage ```Terraform``` and the Palo Alto Networks ```Terraform provider``` to leverage CI / CD workflows to keep pace with line of business requirements.

Discussions

Have questions about automation APIs? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
posted: Thursday updated: Friday

Obtaining Policy Descriptions Through the API

Thanks for taking the time to read my message. I'm an intern tasked with writing a program that returns all device descriptions from a set of policies...

158 4
posted: a week ago updated: a week ago

License Firewall ESXi VM before bootstrapping

We are trying to do automated deployment of multiple VM firewalls, managed by Panorama and using bootstrapping for the initial setup. All appliances w...

87 0
posted: 2 weeks ago updated: 2 weeks ago

XML API Template stack and Device group push to HA pair

Has anyone had experience using Panorama XML API to push config to an HA pair of firewalls (Template/stack or DG)?  For examplehttps://panor...

110 0
posted: 3 weeks ago updated: 3 weeks ago

ClearBrowserCache Method - any way to set a longer timeout?

I'm having an issue with my VM's randomly, wondering if anyone knows if its possible to somehow get more than 5 seconds to allow the browser to clear ...

72 0
posted: 3 weeks ago updated: Wednesday

API commits no longer working

Has anyone encountered this problem?  I have noticed since upgrading Panorama to 8.1.7 that two of my API commits no longer work: log collector a...

174 2