Automation and Orchestration Tools and Technologies

When configuring and managing the Palo Alto Networks Next-Generation firewall for scale and agility, it’s nice to have a collection of tools to automate activities and events. Our Automation and Orchestration tools and technologies provide a collection of open, extensible projects that help you take the next step. Learn about these tools with detailed documents and join in the discussions with other users to get the most from these resources.

Automation Projects

Available Automation Tools


Automation for Everyone. Ansible is designed around the way people work and the way people work together. Learn more

Device Framework Device Framework

Device Framework enables non-programmers to create sophisticated automations that leverage the PAN-OS API. Learn more

Terraform Terraform

Terraform enables teams to automate deployment and adapt to the changing needs of cloud infrastructures. Learn more

Automation Blog

Terraform Deployment and Configuration Templates facilitating CI/CD workflows for security teams

post time: Jun 28, 2018 2:55:58 PM

Application developers working in agile teams have the need to push and deploy code numerous times a day. The agility of the dev teams puts a lot of pressure on the infrastructure and security teams to keep pace. Consequently, quite often this results in security teams slowing down the deployment of apps into production environments.


However, Palo Alto Networks has built out a slew of automation capabilities that provide security teams with the capabilities and tools to demonstrate the same agility as the app teams.  These capabilities enable enterprises as a whole to succeed by deploying the line of business application in a timely and more importantly, a secure manner.


The following sections describe:

  • How app teams and security teams can leverage code repositories such as github to store both application artifacts and security policies as code.
  • How security teams can leverage ```Terraform``` and the Palo Alto Networks ```Terraform provider``` to leverage CI / CD workflows to keep pace with line of business requirements.

Terraform Provider Version 1.2.0 Released

post time: Jun 19, 2018 2:09:47 PM

The 1.2.0 release includes support for security policy groups, PAN-OS 8.1's FQDN destination address translations, and telemetry sharing with Palo Alto Networks.

Terraform Provider Version 1.1.0 Released

post time: May 1, 2018 2:31:48 PM

The 1.1.0 release includes Panorama support, an alternative method for specifying device credentials, and many new resources.

Webinar - Automate Cloud Security with Ansible

post time: Mar 16, 2018 10:07:39 AM

Webinar Apr 25th at 2:00 pm EDT


Palo Alto Networks has developed an Ansible module to enable these organizations to integrate security into their CI/CD pipeline. See it in action and learn how Ansible and Palo Alto Networks help enforce a consistent next-generation security posture across your organization.

View the recording:

Palo Alto Networks Terraform Provider for PAN-OS

post time: Feb 14, 2018 2:05:52 PM

Introducing the new Palo Alto Networks Terraform Provider!


Have questions about automation APIs? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
posted: Thursday updated: Thursday

WildFire API questions about submit links and get report.

I'm testing Wildfire API and met some questions here.  Any help is appreciated. 1. Does the submitted link/Links do not create report?W...

16 0
posted: 2 weeks ago updated: 2 weeks ago

fail to execute ansible command for PANFW

Seek for solution to fix the problem. Thanks.1)host vars:ansible_user: useransible_password: xxxxxxxxxxxxxansible_connection: network_cliansible_netwo...

44 6
posted: 2 weeks ago updated: 2 weeks ago

LetsEncrypt integration

Hi, While I know most would use an issued SSL certificate it would be great if PANOS supported LetsEncrypt for requesting SSL certificates for th...

18 0
posted: 2 weeks ago updated: 2 weeks ago

Update dynamic address group with FQDN

Hi, I'm setting up a script for updating some dynamic address groups thorugh the API.The xml looks like this: <uid-message><version...

10 0
posted: 2 weeks ago updated: 2 weeks ago

API calls to get config from Panorama (object, object groups, policies etc.)

How can I get device group specific policies as well as shared object, object groups etc. from the Panorama. I tried with API browser and cli (wi...

31 3