This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

About Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

Discussions

Start a conversation

Loading partial configuration snapshot

Hello,I am new to Palo Alto and its API, and I am a bit lost: I need to load a named configuration snapshot, which may be uploaded from a third party, without changing the/config/shared/local-user-database-user-database entry. I am currently downloading the snapshot, editing it and re-uploading it in a very messy fashion: From the documentation ...

Ansible problem - The task includes an option with an undefined variable. The error was: 'provider'

So i am very new to using ansible with Panorama/Palo Alto firewall. I am doing a test on my test lab pano to see if i can push test rule over to panorama. Here is my yml file ---- name: Create test new rule playbookhosts: allconnection: localroles:- role: paloaltonetworks.paloaltonetworkstasks:- name: Add test pre-rule to panoramapanos_security_...

PAN firewall automation: A new thorough approach

Hi, I would like to introduce a completely new thorough approach to the PAN firewall automation with you by sharing the part of my ongoing work. I would consider this as an equivalent of pandevice even though there are still a lot of work to be done.firelib: A core Python library designed as the foundation of the firewall automation. It consists...

hstsvn by L1 Bithead
  • 3038 Views
  • 0 replies
  • 2 Likes

Resolved! How to handle the element provided by operation command in python

Hi, I have this little script, the idea is show in the console all address that I have in the running config. But, when I work with the xml element. the print not show the addresses. This is the result or rest api. to operation command "show config running" I need to extract from xml the name object and ip-netmask.

image.png
image.png

test security policy from Panorama using pandevice

@gfreeman , @btorresgil Just checking can we use test security policy using Panorama . In version 9 under GUI option i can see that ( Device grp ---> Policy ) I was trying using pandevice but getting exception error : andevice\base.py", line 3486, in methodraise the_exceptionPanDeviceXapiError: test -> security-policy-match is unexpected...

deepak12 by L3 Networker
  • 3560 Views
  • 2 replies
  • 0 Likes

Manage On-prem IPSEC config with PAN TF provider

Here is my use-case, We have a bunch of VPCs,VNETs in different cloud providers. When we spin up a VPC, we configure the VPN back to the on prem which is a Palo Alto firewall. The VPN configuration on the Palo alto firewall is manual. I m wondering if this can automated with TF on our On-prem firewall. basically something like this Interfaces...

pbomma by L0 Member
  • 2970 Views
  • 1 replies
  • 0 Likes

Resolved! fw.refresh_ha_active() functionality

Hi @gfreeman and all I am trying to use refresh_ha_active() functionality so that script always run on active device. As per my understanding once i set the peer it will check internally and run it on active box or my understanding is wrong here ? I am trying to run test route cmd to pull interface details and then later run test security cmd...

deepak12 by L3 Networker
  • 5961 Views
  • 4 replies
  • 0 Likes

Resolved! test_security_policy_match limitation with pan version 8

HI, @gfreeman and all , Just wanted to confirm , if we have limitation for test_security_policy_match cmd for Pan version 8 , getting error while pulling security rule name ? Same cmd is working fine for me if i am running for firewall having version 9 . I tried to pull output using fw.xapi.op as well but same result . Thanks

deepak12 by L3 Networker
  • 6505 Views
  • 6 replies
  • 0 Likes

Building an Automation host in AWS

Hi All,having just painfully struggled through getting my first ansible automation to work I figured I'd share my findings here for other total beginners. It turns out my fight wasn't about getting Ansible talking to the firewall but about getting Ansible talking. And realizing that just because there's a file listing dependencies and the instal...

Automating PANOS - the Ansible and Terraform "no question is too dumb" post

I'm currently in the process of teaching myself automation. Lots of things I end up beating my head against a wall over dumb stuff. "How do I open the ~/.ssh directory so I can drop the private key in there for SSH?". Huh, who knew that it's not that it's a secret or a hidden directory, it just doesn't exist until you first create it. Yes, that ...

Resolved! How to handle file generate fw.op in python

Hi, I have the following code to check the vpn status, this code execute op "show vpn flow'I'm ussing pandevice library in my importsdef check_vpn_status(fw): #check vpn status vpn_ike = fw.op(cmd= "show vpn flow", xml=True) with open('vpn_status.xml', 'wb') as file: file.write(vpn_ike) print(type(vpn_ike)). and generate an ...

Pulling interface and zone details for an IP using PAN device framework

@btorresgil and all , I am trying to pull interface and zone details for an IP using PAN device framework. Could you please help me on this. My end goal is to run test_security match cmd to find if rule is allow or not .Current i can do this using fw.op() but i need to put pull zone details manually . Thanks

deepak12 by L3 Networker
  • 7402 Views
  • 7 replies
  • 0 Likes

Ansible beginner ping to PA firewall

I am new to ansible and i am trying to do a simple ping test to a host that i want to test. I enter the command "ansible all -m ping" and got this error 10.2x.x.x | UNREACHABLE! => {"changed": false,"msg": "Failed to connect to the host via ssh: This system is for the use of authorized users only. Individuals\nusing this computer system witho...

Resolved! Panorama API URL log job limit

Hello,I am trying to use API calls to retrieve url logs from Panorama following guide:https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-panorama-api/pan-os-xml-api-request-types/retrieve-logs-api/example-use-the-api-to-retrieve-traffic-logs.htmlI have about 300 urls that I would like to check and not sure if I can submit 300 jobs and then retr...

  • 1031 Posts
  • 68 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks