XML API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

XML API

L2 Linker
4 REPLIES 4

Cyber Elite
Cyber Elite

Hi

 

 

please try this:

 

https://10.21.63.99/api/?type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']&element=<source><member>1.1.1.1</member></source><destination><member>2.2.2.2</member></destination>&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09

 

 

please take a look here for more information regarding formatting of API: PAN-OS and Panorama XML API Reference Guide

 

 

regards

Tom

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Community Team Member

You are missing the end-tag </destination>  in your example.

Add it and it should work.

 

Note that you can check ms.log for errors and it should give you an idea of what was wrong :

 

 

Entity: line 1: parser error : Premature end of data in tag request line 1
r>12.12.12.1</member></source><destination><member>11.11.11.1</member></request>
^

 

 

Regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L1 Bithead

Please find a rule example below using curl: with --data-urlencode   

 

for key, I exported the value on my mac from terminal:  export KEY=whateverthekeyis

 

curl -k -d key=$KEY --data-urlencode "xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='API-Deny-All']" -d 'type=config' -d 'action=set' --data-urlencode "element=<to><member>any</member></to><from><member>any</member></from><source><member>any</member></source><destination><member>any</member></destination><source-user><member>any</member></source-user><category><member>any</member></category><application><member>any</member></application><service><member>any</member></service><hip-profiles><member>any</member></hip-profiles><action>deny</action><log-start>yes</log-start>" https://1.1.1.1/api

 

 

Here is another way to do it as well with curl

 

curl --globoff -k "https://1.1.1.1/api/?type=config&action=set&key=$KEY&xpath=/config/devices/entry[@name='localhost.lo...'vsys1']/rulebase/security/rules/entry[@name='allowany']&element=<to><member>any</member></to><from><member>any</member></from><source><member>internal-GROUP</member></source><destination><member>APP-GROUP</member></destination><application><member>any</member></application><service><member>any</member></service><action>allow</action><log-start>yes</log-start>"

 

 

Michael Clark

Palo Alto Networks

L2 Linker

Thanks guys for response

  • 2960 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!