06-15-2012 09:35 AM
Hi all,
I'm trying to setup automatic config backups via the API per this article:
https://live.paloaltonetworks.com/docs/DOC-1714
I use a command like this to get my key:
https://pan-firewall.example.com/esp/restapi.esp?type=keygen&user=jmesser&password=notmypassword
And then use the key in this command to get the config:
I have superuser permissions and these commands work great in my browser. I've tested both Chrome and Firefox. I get the key no problem and the config comes up without issue. Slick. But what I can't figure out is that when I use cURL or wget instead of the browser I get a 403 "User not authorized to perform this operation" error. The command I use is simply:
curl --insecure <the_URLs_above>
Anybody know why the browser would work but not cURL? I just can't think why they would be different.
Thanks,
Chris
06-18-2012 12:59 PM
What is the PAN-OS version?
In 4.0 the user must be superuser.
In 4.1 the user can be superreader, though I recall it not working in early 4.1.x versions. superreader works for me with action=show using 4.1.6.
06-18-2012 01:01 PM
I'm running 4.1.6 and am using a superuser account. It works fine with a browser. Just not from the command line.
06-18-2012 01:49 PM
you might run 'tail follow yes mp-log appWeb.log' in the CLI then do a request with browser then
curl and compare the logs. In particular the line with the key to see if there is a difference:
panPhpSymbolLookupInArray(pan_php.c:197): panPhpSymbolLookupInArray, _REQUEST[key] = kxA5lTLW3OoJ5E/8KCLRfplJvALJ1cAJufitTERVxpY=
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
