pan-python - How to add an address group to a policy

I would like to add/change the destination address group in a policy. 

xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='testDG']/pre-rulebase/security/rules/entry[@name='Allow_FTP']/destination

element=<destination>

HTTP application override

I need a method to allow all HTTP traffic from a group of source addresses to any destination, regardless of port or other application definition.  I thought of using the application override with a custom applicaiton but not sure how to write the cu

PAN-0S 4.1 Cacti template host template

Hello,

i have updated this cacti template:

https://live.paloaltonetworks.com/message/13477#13477

to be able to graph in the right way the PA-50XX firewalls running PAN-OS 4.1 witch cacti.

This host template monitor this variables:

• Traffic the firewall is

Importing anti-virus content using cURL and XML-API

Hi everyone

I'm writing a script to automate installation of new anti-virus content. The anti-virus content is downloaded from dynamic updates on the palo alto support site.

The problem arises when I try to import the new anti-virus content using the f

Panorama Managed Device List

What is the best way to export/retrieve the managed device list from Panorama?

I do not have access to the XML API (yet) so I would have to rely on CLI or Panorama UI (preferred if possible).

Thanks in advance,

Monica

How to create custom vulnerability signature for SIP packets?

Hi,

we are trying to create  custom vulnerability signature for triggering on the specific string in the udp packet payload with  destination port 5060. Unfortunately there is no context for SIP. We used "Pattern Match" and chose "unknown -req-udp-pay

External dashboard based on PANOS API

Hi,

I've recently started to play around with the PANOS API, and my goal is to make a dashboard containing some of the key information available from the API.

Been trying to do some XML transformation, which seems to be working... barely.

What I would l

Insert data in http stream?

My goal is the following:

have the palo alto insert something into the http stream that would allow me to detect which firewall it went through. I am working on a FW load balancing scenario in which multiple active firewalls can handle each request. 

HTTP Post methods

HI

Is there an way that i can create an custom application on PAN to block all HTTP post methods for a specific website or a group of websites? I did try by using some things as follows but dint realy work

Problem with PANOS UserID Agent and client probing using WMI.

I am having some difficulty configuring our PAN environment to take advantage of the User-ID feature.

The current configuration is as follows:

• "Enable User Identification" has been selected on all zones where user identification is required
• A PAN200 de

How to protect .net Source code

Hello All,

We are a software development company mainly in .net environment.

I would like to know if PA can protect .net source code from leaking out of the organization via email or ftp or upload via http/https  ?

Regards,

Satish

Internal Server Error - panxapi

Getting internal server error when using panxapi (both perl and python version). Anybody have any idea why?

anonymous:~$ panxapi  -sxr /config/devices/entry/vsys/entry/zone

show: LWP::UserAgent: 500 Internal Server Error

anonymous:~$

anonymous:~$

anonymou

Cisco alias

Do you know how to configure Palo Alto to achieve the same function as "cisco alias" does?

Thanks