REST XML API- USING ORACLE and Panaorama , Dynamic address object updation failure on Palo-Alto Devices

Reply
Highlighted
Not applicable

REST XML API- USING ORACLE and Panaorama , Dynamic address object updation failure on Palo-Alto Devices

The Oracle server is making REST-XML API request from a SQL PROCEDURE using the UTL_HTTP package to Panorama server for the below

  1. key generation for panorama   [ Successful ]
  2. Dynamic object creation on panorama   [ Successful ]
  3. FW rule creation on panorama   [ Successful ]
  4. commit ALL panorama    [ Successful ]
  5. commit on device group using panorama  [ Successful ]
  6. update [register/unregistered] dynamic address objects using panorama   [ Failure : 502 Bad Gateway (  UTL_HTTP package error) ]

As a single point of management panorama is used.

The last one ( 6th ) request is failing as panorama is used as a proxy to update the dynamic address object on device. The same request is getting successful when run through the Browser.

Sample XML API Request is :


https://<panorama_host_name>/api/?type=user-id&action=set&vsys=vsys1&cmd=<uid-message><version>1.1</version><type>update</type><payload><register><entry identifier="dy1" ip="1.1.1.5"></entry></register></payload></uid-message>&key=<key_value>&target=<device-id>'


When debugged on the device using below commands -

debug user-id on debug

debug user-id set userid all

tail follow yes mp-log useridd.log

I am able to see request coming on the device when run through the BROWSER. but NOT when run through the Oracle server procedure.

Below different command from the oracle procedure to ensure that request is getting reached from panorama to device-

https://<panorama_host_name>/api/?type=op&cmd=<show><system><info></info></system></show>&key=keyval...

The above is working from the ORACLE Procedure as well as browser.

So it seems that userid xml is not working from oracle procedure.

Please help or guide to resolve this.

Tags (3)
L4 Transporter

Re: REST XML API- USING ORACLE and Panaorama , Dynamic address object updation failure on Palo-Alto Devices

Hello,

Did you find it out for resolved way?

If you did, please let me know it.

Thanks,

KC Lee

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!