This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

About Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

Discussions

Start a conversation

Resolved! With XML API, How does "Require audit comment on policies" check work? ( Panorama -> Management tab)

SettingsI believe adding/updating an Audit comment of a Policy rule is independent from making changes to the policies.Operational command: Audit comment Update (type='op') set audit-comment comment "paul manual edit" xpath​ Configuration command: Making changes to a Policy rule (type='config') '/api/?type=config&action=get&xpath=/config...

HermanEdwards_1-1645848389351.png
HermanEdwards_0-1645848250022.png
HermanEdwards_2-1645848602426.png
HermanEdwards_3-1645850461552.png

Pulling a PCAP Through Splunk Fails Intermittently

I've been working with the Palo app/addons for Splunk. There is the capability to pull a PCAP directly from a firewall (not Panorama) this way. It seems to fail intermittently on several of our firewalls. The errors are either "URLError: reason: [Errno 110] Connection timed out", "URLError: code: 400 reason: Bad Request", or "URLError: reason: [...

XML API: How do I update the login-banner

Hello, I am trying to update the login-banner. I have tried this: https://<HOSTNAME>/api/type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/<login-banner>BANNER_VALUE</login-banner>&key=<APIKEY> I am receiving "success" as response, but the login-banner on t...

Rest-API gives invalid xml response

When receiving an error from the Panorama REST API, the platform is responding with what appears to be an invalid XML document. Here is the data in question:<response><code>16</code><message>Invalid Credential</message><details><entry @type="CauseInfo"><causes><entry><code>2</code&gt...

morahman by L1 Bithead
  • 2982 Views
  • 2 replies
  • 0 Likes

Resolved! API command to enable/disable IPSec tunnel

Hi all, I am trying to enable/disable an IPSec via the API but cannot produce a command that works. I am currently trying this command to disable the tunnelcurl -X GET "<firewall-fqdn>//api/?&type=config&action=set&xpath=/config/devices/entry[@name="<firewall-fqdn>"]/network/tunnel/ipsec/entry[@name="IPSec-Tunnel-Name"]/d...

Resolved! XML API: Panorama: How to Create/Get/Update the field "Audit Comment" of a Security Policy rule?

SettingsPanorama version: 10.1 (latest)When creating/updating a Security Policy rule (see attached images for more info), I'm able to add/update Audit comment for a rule via Web browser by following this guide https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-web-interface-help/policies/audit-comment-archi... . However, I fail to use XML API ...

HermanEdwards_0-1645759483047.png
HermanEdwards_1-1645759483043.png

Resolved! XML API: Do we need to specify "localhost.localdomain" in the Device entry name? Why can we leave Device entry name as blank?

Scenario: While reading the 10.1 Guide and XML API guide, I see:Case1: actions where "localhost.localdomain" is included as the Device entry name in the xpath (e.g. "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='paul']")Case2: actions where the entry name is ignored completely (e.g. "/config/devices/entry/vsys/en...

Resolved! Any way to change local user account password?

Forgive me for this question as automation is an on-going learning thing for me. I'm trying to determine the best way to automate the process of changing the password for a local account on my firewalls en masse rather than logging into each one individually and doing it manually.Initially I thought Ansible, but after looking I am not sure there...

PAN-OS-Python Framework load running config (refresh_from_xml)

I have a script which is doing report on multple Panorama securirty policies. It is working ok using the API, but I need run it offline using the panorama config file. My understanding is that I should be able to do it using the refresh_from_xml() module, but I am keep on getting errors when using it. As an example refreshall() is working fine:...

batd2 by L4 Transporter
  • 2486 Views
  • 1 replies
  • 0 Likes

USER-ID XML API Include Network

Hi,I'm using two PA-850 in HA, Software Version 8.1.21For our Wifi, we have a Clearpass server sending XML-API commands to our PaloAlto, to do IP/User Mapping, but the mapping doesn't work.If I try to call the API directly (using https://myfirewall.com/api), I can send commands this way, and see the result.Sending In API-> User-id this xml co...

rats by L1 Bithead
  • 4098 Views
  • 4 replies
  • 0 Likes

Moving BGP policy rules

Hi, I'm trying to write Ansible automation to move a specific BGP import/export policy rule. Creating a BGP rule will automatically be added to the bottom of thel ist but as you can see we have default-import-deny rule(test_rule_top is used by the default deny even if missing in the screenshot). This will obviously prevent the rule from working....

SebastianOlsen_1-1645690674489.png

Resolved! Ansible playbook to shutdown interface

Hi all! I need help creating an Ansible playbook that shutdown one of the firewall interface. I'm trying to do something like this: [...]collections: - paloaltonetworks.panos tasks:- name: "Interface down" panos_op: provider: '{{ provider }}' cmd: 'set network interface ethernet ethernet1/1 link-state down' [...]But I get this result: TA...

sall13 by L1 Bithead
  • 4761 Views
  • 4 replies
  • 0 Likes

Resolved! Starting point for objects.AddressObject searches - pandevice

Hello all, I am trying to take it slow in regard to automation with the initial task being the identification of address objects that need to removed when a server or workstation is decommissioned. Would like to leverage python andthe pandevice module. As a start, I am trying to connect to our panorama appliance as this is where 100% of this sor...

Resolved! Cannot set aggregate interface or subinterface zone

Hello, I'm trying to update or create an aggregate interface or subinterface with a zone_name parameter. Something like:---- hosts: all name: CONFIGURE NEW AGGREGATE AND SUBINTERFACE IN EXISTING ZONE connection: local gather_facts: Falsecollections:- paloaltonetworks.panosvars: ansible_python_interpreter: /var/lib/awx/venv/ansible/bin/python...

  • 1031 Posts
  • 68 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks