XML-API Use Case to Add & Delete TS-Agents

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Community Team Member

As I explained in a previous blog, XML API can be a very useful and powerful tool to work with. Having different use case examples can help overcome some of the initial hurdles when using XML API. 

 

The following use case was created by our very own @vsathiamoo

Check out how to go about adding/deleting TS-agents using the XML API:

 

 

To use the API, generate the API key required for authenticating API calls.

 

Resources

 

Get API Key

URL Encoding

 

Using the following command, the Palo Alto Networks firewall running configuration can be retrieved:

 

Command Syntax (Running Configuration)

 

 

https://<<FW-IP>>/api/?type=op&cmd=<show><config><running></running></config></show>&key=<<API-KEY>>

 

Example (if your host is 10.192.16.170 and you obtained your key with admin/admin credentials):

 

 

https://10.192.16.170/api/?type=op&cmd=<show><config><running></running></config></show>&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09           

 

2018-03-19_12-25-25.jpg

 

 

The above example shows that there is a Terminal Services Agent (TEST-AGENT1 in our example) configured and the XPATH to use to configure a new Terminal Services Agemt would be the following :
 
XPATH
 
/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='MYTSAGENT']

 

Using action=set you can add or create a new object at a specified location in the configuration hierarchy.  Use the xpath parameter to specify the location of the object in the configuration.

 

In the example below, we will add a Terminal Services Agent (TS-AGENT2).  The IP address and Port of the TS agent will be populated with the following API call.

 

Command Syntax (Add TS Agent)

 

https://<<FW-IP>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENT NAME']&element=<host>IP ADDRESS</host><port>5009</port>

Example

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']&element=<host>10.1.1.2</host><port>5009</port>

 

Command Syntax (Add TS Agent with Alternative IP Addresses)

 

 

https://<<FW-IP>>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENTNAME']&element=<host>IP1</host><port>5009</port><ip-list><member>Alternate IP1</member><member>Alternate IP2</member></ip-list>

  

Parameter Description
FW-IP Palo Alto Networks Firewall Management IP.
API-KEY API key for an administrator account
TSAGENTNAME A name to identify the TS agent.
IP1 IP address of the terminal server where the TS agent is installed
Alternate IP1 Additional IP addresses of TS agent
Alternate IP2 Additional IP addresses of TS agent (Note: TS agents can have upto 8 additional IP addresses)

 

Example

 

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']&element=<host>10.1.1.2</host><port>5009</port

  2018-03-19_12-48-13.jpg

 

The same command can be used to modify Terminal Services Agent properties (Host IP and Port).

 

Resources:

 

XPATH

XML API Request types

 

In a similar way, you can remove  a Terminal Services Agent (TS-AGENT2) from the firewall.

 

Command Syntax (Remove TS Agent)

 

https://<<FW-IP>>/api?key=<<API-KEY>>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TSAGENTNAME']

Example

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']

 
2018-03-19_13-01-30.jpg

 

 

 

There are plenty of XML API resources available on Live for you to get started. This is just one of many possible use cases where XML API can be useful for you!

 

Feel free to ask questions or share your XML API examples in the comments section below!

 

-Kiwi out!

 

2 Comments
  • 21969 Views
  • 2 comments
  • 3 Likes
Register or Sign-in
Labels