This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

About Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

Discussions

Start a conversation

Bulk update of service groups via API

I have a requirement to do a bulk update of a custom service group in Panorama (11.0.1) via the API. This is reading in a list of services from a CSV file. However it only ever applies the last entry in the CSV. What am i doing wrong? I've tried PUT & POST. Post simply errors with a duplicate entry. A PUT to an existing group only inserts t...

GLSparks by L1 Bithead
  • 2831 Views
  • 4 replies
  • 0 Likes

issues with concurrent api call

Hello, We have had a problem with concurrent API call for a long time and it gets worse as we have more equipment.Sometimes if we have too much API call in the same time, we have errors: timeout, error 5xx or others strange erros.The too much API call is realy really low, if we have 2 or 3 on the same time we have an issueFor example, in the tra...

antoinek by L1 Bithead
  • 4797 Views
  • 1 replies
  • 0 Likes

Remove address object from policy

I have a ansible playbook that search after a specific ip and removes it from all addressgroups. However i would also like to remove it from all security rules aswell. The problem is that I would need to build some logic to disable/remove rules if the object is the only one in src/dst, otherwise it would become "any" . Has anyone done this kind ...

zol123 by L1 Bithead
  • 1520 Views
  • 0 replies
  • 0 Likes

Resolved! Devicegroup hierarchy dump

Hello, im trying to come with a way to being provided with a devicegroup name, be able to get the objects from the current devidegroup, butalso form each parent devicegroup. With the idea ti try to clean duplicated objects, the issue here is that no matter how i try to get to that i find no method or property to be able to identify parent info....

Panorama REST API python script examples

Hi all, I have been using Panorama's REST API interface lately and I would like to share with you some of the useful python scripts that I have been using in an operational enviroment: Requirements:1. Install Python software (Windows, Linux or MAC) 2. Install the following Python modules:pip install requests -> Allows to execute CURL command...

Resolved! Ansible PFX Cert Upload not adding key

I'm using the Ansible module to upload a certificate to a Template: - name: Import PFX certificate to Template paloaltonetworks.panos.panos_import: provider: '{{ provider }}' template: 'my template' category: 'certificate' certificate_name: 'my_test_cert' format: 'pkcs12' filename: 'mydomain.pfx' passphrase: 'vndfjgo7854wy8pt74e...

SimonT_0-1689057360119.png
SimonT_1-1689057397493.png
SimonT by L2 Linker
  • 3030 Views
  • 1 replies
  • 1 Likes

Security rule automation via "panos_security_rule" returned error

I am new to Ansible and trying to set up automation for PA security rule via Ansible for customer. We have installed the panos module from Ansible galaxy and the required python libraries like pan-os-python. However, we encountered two issues when we tried to use the panos_security_rule module in our playbook.1. If we include the log_setting par...

kenchung by L0 Member
  • 2902 Views
  • 1 replies
  • 0 Likes

Default Username/Password - AWS Palo Alto VM spin up

I am spinning up a Palo Alto VM 300 on AWS via terraform bootstrapping the vFW via using user data only. This is VM300 on 10.2.3 code. The vFW comes up ok and i dont see any errors in bootstrap as per AWS logs. I am not able to login to vFW for the first time via console using admin/admin. its not giving me any option to change the password as ...

Im confused how to get the member list of a dynamic address group from a specific device-group using my rest api from panorama.

I have the following working code.. which gives me the specific dynamic address groups which match my use case, and tells me the snippet of tag info i want to display to the consumers of my script. now i want to include the member list for each of these DAG as well and I cant seem to formulate the proper api call.. import requestsimport jsonfro...

Ansible Palo Alto LDAP Server Profile

Hello, I have an Ansible playbook developed to automatically change the password of the account used by Palo Alto to connect to an Active Directory. On the Palo Alto side, Integrated User-ID and an LDAP Server Profile is configured to use this password. The task to change the Integrated User-ID user works fine: paloaltonetworks.panos.panos_conf...

brisonjf by L0 Member
  • 1529 Views
  • 0 replies
  • 0 Likes

Performing a push to Shared using panos panorama gives error PanDeviceXapiError: commit-all is missing 'commit-all'

Hi All, I'm trying to create a shared address object using panos.panorama. However I'm not able to proceed with pushing the configuration to the firewalls. I could create objects within device groups and push them successfully to the firewalls under the device group, but I haven't been successful with shared yet. Below is my code. from panos.pan...

How to execute operational commands via XML API for selected virtual system

Hi, Is it possible to execute operational commands via XML API for selected virtual system. E.g ?https://<IP_address>/api/?type=op&cmd=<SOME_COMMAND_HERE>&key=<API_KEY> Can I specify somehow in context of which VSYS this should be executed ? Is there any property which can be used ? Regards,Piotr

miduchp by L0 Member
  • 6072 Views
  • 3 replies
  • 0 Likes

Eliminate a interface from a template

Hello! I am trying to eliminate an interface from a zone in Panorama´s template using the following query: https://'ipFirewall'/api/?key='keyValue'&type=config&action=delete&xpath=/config/devices/entry/template/entry[name='nameTemplate']/config/devices/entry/vsys/entry[name='vsys1']/zone/entry[name='namezone']/network/layer3/entry[me...

Create Address Groups with postman runner and csv file

Hi,how can i create 1 address groups with multiple addresses using postman with csv file. I tried but can only post 1 value in group with body in postman:POST "https://10.x.x.x/restapi/v10.1/Objects/AddressGroups?location=vsys&vsys=vsys1&name={{name}}" { "entry": [ { "@name": "{{name}}", "stati...

PAnh by L0 Member
  • 1348 Views
  • 1 replies
  • 0 Likes

Monitor Authentication Cookie Certs

Hello All, Recently we had an outage where users not able to log in because authentication cookie cert on panarama expired. I am attempting to monitor these certificates by API, but was not able to find these authentication cookie cert in the sslmgr-store or anywhere else. type=op&cmd=<show><sslmgr-store><config-certificate-i...

  • 1031 Posts
  • 68 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks