Automation and Orchestration Tools and Technologies

When configuring and managing the Palo Alto Networks Next-Generation firewall for scale and agility, it’s nice to have a collection of tools to automate activities and events. Our Automation and Orchestration tools and technologies provide a collection of open, extensible projects that help you take the next step. Learn about these tools with detailed documents and join in the discussions with other users to get the most from these resources.

Automation Projects

Available Automation Tools


Automation for Everyone. Ansible is designed around the way people work and the way people work together. Learn more

Device Framework Device Framework

Device Framework enables non-programmers to create sophisticated automations that leverage the PAN-OS API. Learn more

Terraform Terraform

Terraform enables teams to automate deployment and adapt to the changing needs of cloud infrastructures. Learn more

Automation Blog

Ansible v2.0.0 (Katana) released

post time: 3 weeks ago

Version 2.0.0 of Palo Alto Network Modules has been released. This is major release that includes expanded support for Panorama and Next Generation Firewall including very much awaited support for idempotency.


The updated documentation can be found here:

Terraform Provider Version 1.4.0 Released

post time: Aug 27, 2018 3:03:05 PM

The 1.4.0 release includes expanded support for Panorama (such as ethernet interfaces, templates, and template variables), IPSec tunnels, IKE gateways, firewall licensing, and much more.

Terraform Deployment and Configuration Templates facilitating CI/CD workflows for security teams

post time: Jun 28, 2018 2:55:58 PM

Application developers working in agile teams have the need to push and deploy code numerous times a day. The agility of the dev teams puts a lot of pressure on the infrastructure and security teams to keep pace. Consequently, quite often this results in security teams slowing down the deployment of apps into production environments.


However, Palo Alto Networks has built out a slew of automation capabilities that provide security teams with the capabilities and tools to demonstrate the same agility as the app teams.  These capabilities enable enterprises as a whole to succeed by deploying the line of business application in a timely and more importantly, a secure manner.


The following sections describe:

  • How app teams and security teams can leverage code repositories such as github to store both application artifacts and security policies as code.
  • How security teams can leverage ```Terraform``` and the Palo Alto Networks ```Terraform provider``` to leverage CI / CD workflows to keep pace with line of business requirements.

Terraform Provider Version 1.2.0 Released

post time: Jun 19, 2018 2:09:47 PM

The 1.2.0 release includes support for security policy groups, PAN-OS 8.1's FQDN destination address translations, and telemetry sharing with Palo Alto Networks.

Terraform Provider Version 1.1.0 Released

post time: May 1, 2018 2:31:48 PM

The 1.1.0 release includes Panorama support, an alternative method for specifying device credentials, and many new resources.


Have questions about automation APIs? Join the Live Community to post your questions and get answers.
Author Topic Views Replies
posted: yesterday updated: yesterday

Export Panorama config-bundle using the API.

Hello. I apologize if this question is already answered. Is it possible to export the config-bundle using the XML API?I can only download the Pan...

7 0
posted: a week ago updated: Tuesday

PA - can we have an honest discussion about Ansible and PA?

First of all - thanks for the API - it's mostly great. But, let's talk about Ansible and PA.  Some of our folks went to Ansible Fest and tal...

79 8
posted: 3 weeks ago updated: 3 weeks ago

Why can my API call show GlobalProtect users but cannot disconnect them?

Help Needed! I've been having this issue for a while now. I have a ticket open; yet, I am not able to get this API call to disconnect the connected GP...

17 1
posted: 3 weeks ago updated: 3 weeks ago

Automatic download of updates

My Palo Alto is not connected to the internet. When I need to update it I must manually download the updates from a browser, copy them to my PA, then ...

24 2
posted: Sep 14, 2018 1:20:44 PM updated: 2 weeks ago

Lets Encrypt

Hi,Our customer is implementing the Lets Encrypt ( in the whole his infrastructure. This way, every certificates SSL exp...

37 1