This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

About Automation/API Discussions

Threads in this discussion area are now read-only. If you have a question about Automation/API products please visit our product discussions.

Discussions

Start a conversation

Resolved! panos remove address object script messes up the device group setup.

Hi All,So far I'm getting the hang of python panos, which allows me to connect via panorama to make changes and push to firewalls. I've been able to create address objects and modify contents of address groups and security rules with no issues.Recently I'm trying to create a script that would delete an address object using python panos. What hap...

API Call to gather Vsys Stats

Good Day, I was wondering if someone will be able to assist me with a API Call that can return stats for a vsys "vsys1".The type of stats I would like to get using the API call is: CPU (per core or %)Mem (%) Is this possible to get this type of stats per Vsys?I've tried searching the forms/Internet and event tried ChatGPT but don't seem to get a...

Resolved! pandevice newbie issues with fetching objects (addressobject, addressgroup, serviceobject...

Hello, I'm not pretending to be a pandevice guru... moreover, I'm not pretending to be python guru. Rather basic skills in both. I've got a task to retrieve firewall configuration (rules + object definitions) from two datacenters (primary & DR, separate setups), store this in some reasonable format and compare to find differences and make su...

Resolved! Add existing local User to existing User Group

Hi all - I've been stuck trying to figure out a way to fix an issue I'm having while running this task in Ansible:- name: Add existing local User to existing User Group paloaltonetworks.panos.panos_type_cmd: provider: "{{ provider }}" cmd: set xpath: | /config/devices/entry[@name='localhost.localdomain'] /vsys/entry[@na...

panos_Security_rule Module not working when Using a Private IP

Hello Palo Alto Community I noticed something really interesting when using the panos_security_rule module that I been troubleshooting for a long time without success For some reason, When I try to configure rules in a Palo Alto VM-500 using the Public IP of the mgmt Interface, it works like a charm configures the rules as expected. But If I use...

Panorama Certificate management/Certificates pan-os-python functions availibility

I am new to PAN and PAN automation. I started using pan-os-python module for my PAN automation activities and am quite satisfied with it. Now I need to work on automation of individual FW certificate renewals, basically what is manually done today through Panorama under Certificate management/Certificates.I am looking at pan-os-python docs, but...

error: certfile should be a valid filesystem path

Hi Team,I am trying to automate palo alto version 10.2.3-h2. Initially I tried to use Ansible: palo_security_rule module to push a security rule to palo alto, but I got error "hip_profiles unexpected here". The workaround for this error as looked up in google was to load current config in palo alto, which was not accepted as a feasible solution ...

Resolved! policy rules hit count from API

I am trying to figure out how to get the hit count for rules via the REST API. I used the REST API browser and found that the URI path ishttps://URL-to-Palo/api/?type=op&cmd=<show><rule-hit-count></rule-hit-count></show>&key=<key>. However when I run the comamnd in a rest client (Insomnia or postman)I get a...

Resolved! Modify GlobalProtect Device Block List via API

I am trying to automate blocking GlobalProtect clients via API calls. Our firewall is running PanOS 9.1.15-h1 and is controlled by a onsite Panorama instance on 10.1.8-h2. Due to the version mismatch GlobalProtect device blocks must be implemented directly on the firewall because the blocking mechanism for GlobalProtect clients changed between P...

show running security-policy API limit

Hello, If I try to get all the running security policy via an API call https://FW/api/?type=op&cmd=<show><running><security-policy></security-policy></running></show> it works, but I can only get around 1900 policies. All the rest is not shown. Is there any "start-at" of offset, pagging, or anything to be ...

kremiq by L0 Member
  • 2298 Views
  • 2 replies
  • 0 Likes

Resolved! Terraform object in multiple Panorama Address Groups

I have a use case for being able to apply set objects (address, service, etc. ) across multiple Panorama device groups in 3 Panorama appliances. How can I do that by defining each of object only once? The object only allows a single device group reference: resource "panos_address_object" "addr1" { device_group = panos_device_group.DG1.nam...

batd2 by L4 Transporter
  • 5613 Views
  • 5 replies
  • 0 Likes

Resolved! PAN-OS SDK Device Group Hierarchy

Is there a way to create device under a parent or move a device group using the sdk. Similar to Operational command:> request move-dg dg1 new-parent-dg dg1_parent create-dg yes I am aware of the dg_hierarchy opstate, which helps finding the device group, but how can I set the parent when creating a new group? DeviceGroup.create() method just ...

batd2 by L4 Transporter
  • 4776 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex API (get_alerts) Error 'Got an invalid input while processing XDR public API'

I was able to use "get_endpoints" because in that instance, the PARAMS are just {}. But with /public_api/v1/alerts/get_alerts/ : >>> PARAMS = {"request_data": {"filters": [{"field": "alert_id_list","operator": "in","value": [88299]}]}}>>> r = requests.post(url=url,headers=headers,params=PARAMS)>>> print(r.json()){'repl...

user9891 by L0 Member
  • 3182 Views
  • 1 replies
  • 0 Likes

PAN-OS SDK panorama default rules

I see the classes in PAN-OS SDK for post- and pre- rulebases: panos.policies.PostRulebase, panos.policies.PostRulebase, but how do you get the Panorama default rulebase?

batd2 by L4 Transporter
  • 1949 Views
  • 1 replies
  • 0 Likes

Way to automate Palo Alto commands that are not seen in the API, using TCP Expect and SSH.

Hello to All, I decided to share this article that shows ways to automate some palo alto NGFW commands that are not exposed in the API, using TCP Expect and SSH: https://live.paloaltonetworks.com/t5/general-articles/automating-the-palo-alto-ngfw-s-process-deamon-restarts/tac-p/535460#M602

  • 1031 Posts
  • 68 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks