Automation/API Discussions

Bulk update of service groups via API

I have a requirement to do a bulk update of a custom service group in Panorama (11.0.1) via the API. This is reading in a list of services from a CSV file. However it only ever applies the last entry in the CSV. What am i doing wrong?  I've tried PUT

issues with concurrent api call

Hello,

We have had a problem with concurrent API call for a long time and it gets worse as we have more equipment.
Sometimes if we have too much API call in the same time, we have errors: timeout, error 5xx or others strange erros.
The too much API cal

Remove address object from policy

I have a ansible playbook that search after a specific ip and removes it from all addressgroups. However i would also like to remove it from all security rules aswell. The problem is that I would need to build some logic to disable/remove rules if th

Panorama REST API python script examples

Hi all,

I have been using Panorama's REST API interface lately and I would like to share with you some of the useful python scripts that I have been using in an operational enviroment:

Requirements:

1. Install Python software (Windows, Linux or MAC)  

Security rule automation via "panos_security_rule" returned error

I am new to Ansible and trying to set up automation for PA security rule via Ansible for customer. We have installed the panos module from Ansible galaxy and the required python libraries like pan-os-python. However, we encountered two issues when we

Default Username/Password - AWS Palo Alto VM spin up

I am spinning up a Palo Alto VM 300 on AWS via terraform bootstrapping the vFW via using user data only. This is VM300 on 10.2.3 code. The vFW comes up ok and i dont see any errors in bootstrap as per AWS logs. 

I am not able to login to vFW for the

Im confused how to get the member list of a dynamic address group from a specific device-group using my rest api from panorama.

I have the following working code.. which gives me the specific dynamic address groups which match my use case, and tells me the snippet of tag info i want to display to the consumers of my script. now i want to include the member list for each of th

Ansible Palo Alto LDAP Server Profile

Hello,

I have an Ansible playbook developed to automatically change the password of the account used by Palo Alto to connect to an Active Directory.  On the Palo Alto side, Integrated User-ID and an LDAP Server Profile is configured to use this passw

Performing a push to Shared using panos panorama gives error PanDeviceXapiError: commit-all is missing 'commit-all'

Hi All, I'm trying to create a shared address object using panos.panorama. However I'm not able to proceed with pushing the configuration to the firewalls. I could create objects within device groups and push them successfully to the firewalls under

How to execute operational commands via XML API for selected virtual system

Hi,

Is it possible to execute operational commands via XML API for selected virtual system. E.g ?

 Can I specify somehow in context of which VSYS this should be executed ? Is ther

Eliminate a interface from a template

Hello!

I am trying to eliminate an interface from a zone in Panorama´s template using the following query:

https://'ipFirewall'/api/?key='keyValue'&type=config&action=delete&xpath=/config/devices/entry/template/entry[name='nameTemplate']/config/devic

Create Address Groups with postman runner and csv file

Hi,

how can i create 1 address groups with multiple addresses using postman with csv file. I tried but can only post 1 value in group with body in postman:

POST   "https://10.x.x.x/restapi/v10.1/Objects/AddressGroups?location=vsys&vsys=vsys1&name={{nam

Monitor Authentication Cookie Certs

Hello All,

Recently we had an outage where users not able to log in because authentication cookie cert on panarama expired.  I am attempting to monitor these certificates by API, but was not able to find these authentication cookie cert in the sslmgr