Management Articles

Featured Article
Generate the API key for Panorama, using the query below.   https://{panorama-ip}/api/?type=keygen&user={username}&password={password}   Replace: {panorama-ip} - Panorama's IP {username} - super user username {pas sword} - password of the user    Extract the API key and note it down somewhere safe.   Then use the query below after replacing the parameters.   Below is the exact query to add a Shared Addresses Object to Panorama:   https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/shared/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>   For example:   Panorama IP: 10.50.243.13 API key: LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERU0000 Address Object Name: Google-DNS Address Object IP/Netmask: 8.8.8.8/32   Query would be:   https://10.50.243.13/api/?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERU0000&type=config&action=set&xpath=/config/shared/address/entry[@name='Google-DNS']&element=<ip-netmask>8.8.8.8/32</ip-netmask>      The query should succeed as below:    
View full article
shganesh ‎09-07-2016 04:47 PM
2,535 Views
0 Replies
Overview Palo Alto Networks XML API uses standard HTTP requests to send and receive data, allowing access to several types of data on the device. The data can then easily be integrated with and used in other systems. Using XML API you can also export the device state, which is used to backup a Palo Alto Networks firewall.   Details Proceed with the following steps: Get the API key, which is required for authenticating API calls. You can generate it per user by using: https://<firewall-IP>/api/?type=keygen&user=<username>&password=<password> For more information, please refer to the admin guide: Get Your API Key . Export the device state from the firewall using: https://<firewall-IP>/api/?type=export&category=device-state&key=<your_key> You will then be prompted to save the file.   What are the privileges needed to export the device state? In 7.0 and earlier, a superuser as well as a custom-role based admin are able to export the device state. Starting with 7.1, only a superuser has the privilege of performing an export of the device state. A custom-role based admin is treated as a device-admin. If you try to export the device state without superuser privileges, you will get the following error message: " You need superuser privileges to do that ".   See Also Get Started with the PAN-OS XML API Back Up Configuration and Device State from the CLI
View full article
hzayed ‎08-30-2016 03:59 PM
5,741 Views
2 Replies
1 Like
Symptom User-ID timeout values that are set, on a per user basis, by API XML are ignored by the Windows User-ID Agent. This causes IP-user mappings to remain visible in the User-ID Agent after the set timeout is reached. However, the Palo Alto Networks firewall configured to retrieve the IP-user mapping from the agent will correctly adhere to the set timeout values.   The following is an example entry of a User-ID timeout setting for the user, test\test1 : <uid-message> <payload> <login> <entry name="test\test1" ip="10.10.10.10" timeout="3" /> </login> </payload> <type>update</type> <version>1.0</version> </uid-message>   Cause The Windows User-ID Agent does not proactively time out entries. This is the expected behavior. The agent keeps track of each entry's timestamp and timeout value. When the agent receives a get-all or query-ip request, it will then look at the entry. At that point, it will delete the entry if the timeout has been exceeded.   owner: mcooke
View full article
mcooke ‎08-26-2015 06:20 AM
5,413 Views
2 Replies
To get information on how to create API commands: Login to the firewall using a web browser Open a new browser window and access the firewall via the same URL but add /api at the end ( https://10.1.1.1/api for example) Click on the the appropriate sections At the bottom will be the XML and API URL information owner: mbutt
View full article
npare ‎06-25-2012 01:21 PM
4,465 Views
0 Replies
Ask Questions Get Answers Join the Live Community