Automation and Orchestration Tools and Technologies

When configuring and managing the Palo Alto Networks Next-Generation firewall for scale and agility, it’s nice to have a collection of tools to automate activities and events. Our Automation and Orchestration tools and technologies provide a collection of open, extensible projects that help you take the next step. Learn about these tools with detailed documents and join in the discussions with other users to get the most from these resources.

Automation Projects

Available Automation Tools


Automation for Everyone. Ansible is designed around the way people work and the way people work together. Learn more

Device Framework Device Framework

Device Framework enables non-programmers to create sophisticated automations that leverage the PAN-OS API. Learn more

Terraform Terraform

Terraform enables teams to automate deployment and adapt to the changing needs of cloud infrastructures. Learn more

Automation Blog

Ansible v2.0.0 (Katana) released

post time: Sep 27, 2018 4:50:49 PM

Version 2.0.0 of Palo Alto Network Modules has been released. This is major release that includes expanded support for Panorama and Next Generation Firewall including very much awaited support for idempotency.


The updated documentation can be found here:

Terraform Provider Version 1.4.0 Released

post time: Aug 27, 2018 3:03:05 PM

The 1.4.0 release includes expanded support for Panorama (such as ethernet interfaces, templates, and template variables), IPSec tunnels, IKE gateways, firewall licensing, and much more.

Terraform Deployment and Configuration Templates facilitating CI/CD workflows for security teams

post time: Jun 28, 2018 2:55:58 PM

Application developers working in agile teams have the need to push and deploy code numerous times a day. The agility of the dev teams puts a lot of pressure on the infrastructure and security teams to keep pace. Consequently, quite often this results in security teams slowing down the deployment of apps into production environments.


However, Palo Alto Networks has built out a slew of automation capabilities that provide security teams with the capabilities and tools to demonstrate the same agility as the app teams.  These capabilities enable enterprises as a whole to succeed by deploying the line of business application in a timely and more importantly, a secure manner.


The following sections describe:

  • How app teams and security teams can leverage code repositories such as github to store both application artifacts and security policies as code.
  • How security teams can leverage ```Terraform``` and the Palo Alto Networks ```Terraform provider``` to leverage CI / CD workflows to keep pace with line of business requirements.

Terraform Provider Version 1.2.0 Released

post time: Jun 19, 2018 2:09:47 PM

The 1.2.0 release includes support for security policy groups, PAN-OS 8.1's FQDN destination address translations, and telemetry sharing with Palo Alto Networks.

Terraform Provider Version 1.1.0 Released

post time: May 1, 2018 2:31:48 PM

The 1.1.0 release includes Panorama support, an alternative method for specifying device credentials, and many new resources.


Have questions about automation APIs? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
posted: a week ago updated: a week ago

Check that device config is following guidelines

We have quite alot of devices and they are growing in numbers. If we would like to check different settings accross all the devices how would you...

5 0
posted: Nov 14, 2018 6:13:41 AM updated: a month ago

Using pandevice framework to create python structures from xml

I am trying to achieve two things in Pandevice and am struggling. 1) I cannot automatically create a local firewall object with all of it's child...

41 2
posted: Nov 9, 2018 10:01:03 AM updated: 4 weeks ago

Help with create api call

Despite me reading alot of documentation i have not really understood this. Im trying to add a device in panorama, so i run this command from the...

40 2
posted: Nov 1, 2018 12:27:42 PM updated: Nov 1, 2018 12:27:42 PM

Global Protect API to generate ticket

Anyone had any luck with the following API call. Trying to make front end for the helpdesk to be able to generate tickets to disable global prote...

18 0
posted: Oct 31, 2018 8:02:41 AM updated: 4 weeks ago

Automate Creation of Vsys

HiWe are new to Ansible, and would like to automate the create of new vsys on a chassis. Currently we do this manually with a spreadsheet derived from...

29 1