Automation/API Discussions

Authentication issue to Palo Alto Panorama from Ansible

Just followed some examples from https://paloaltonetworks.github.io/pan-os-ansible/ and https://github.com/PaloAltoNetworks/ansible-playbooks/ to write my first playbook. The target system is a virtual Panorama instance on AWS (software version 10.1.

...

Resolved! Need help with scripting to add member to address group using pandevice command (Python)

Hi All,

I am working to get automation script for creating address objects and binding it to address group. I was able to get the script ready and tested working for adding address objects to a firewall using API call. The script is written with pand

...

Resolved! API Commit for user specific changes

It looks like it is only possible to do full commit using API, which is not ideal on a production panorama, because it will commit the changes of all other users.

When I create the changes and login using the API username, then I can commit the user

...

XML API is truncating fields in configuration log extraction

Hi all,

I’m hoping to leverage of the wisdom of the collective here. I’m wanting to use the XML API to extract configuration logs from a Panorama instance. However I’m noticing the XML API extraction is truncating two fields I need.....before-change-p

...

a

Resolved! Netmiko output blank

Hi,

I run Netmiko for bulk packet captures in AWS. It works well but there is never output when using the Palo Alto device type. Output for Cisco works well. An example would be:

from netmiko import ConnectHandler

print("Connecting to Palo Alto to s

...

Does pan-os-python support GlobalProtect Gateway config?

Hello,

Does pan-os-python support GlobalProtect Gateway config?

From what I can tell from https://pan-os-python.readthedocs.io/en/latest/module-network.html it does not but I want to make sure I am not missing anything as most other things can be confi

...

Resolved! REST api for updating addresses

i'm trying to update a field on an address using the api (switching it from 'ip-netmask' to 'fqdn') i have called this api:

https://10.30.100.31/api/?key=<API_KEY>&type=config&action=edit&xpath=/config/shared/address as a PUT, and passed in the ent

...

"Could not get vsys info for device xxxx in dg xxxx" Error Message when commit and push via Ansible

"Could not get vsys info for device xxxx in dg xxxx" when using panos_commit_push module in Ansible.

Commit and push via Panorama GUI is successful.

Resolved! XML-API response for "show running resource-monitor ingress-backlogs"

Hi

The XML-API response for

/api/?type=op&cmd=<show><running><resource-monitor><ingress-backlogs></ingress-backlogs></resource-monitor></running></show>

does not copy the session-id into the session-details. This means there is no way to match the s

...

Resolved! unable to upload certificate to Panorama via post API

Hello,

I am restructuring my python script and with the new structure it is failing to upload certificate to Panorama.

I have a working API call:

requests.post("https://" + ip + "/api/?&type=import&category=certificate&certificate-name="+certName +

...

Resolved! Panorama Edit a security post-rule REST-API logic

Hi,

I was wondering if I'm using the edit security post-rule endpoint correctly or I'm missing something here.

I am sending an HTTP PUT request to the panorama to update an existing security rule, but according to the documentation, if I want to upda

...

IP-address is considered to be invalid in PBF policy as a forwarding next hop in ansible

hi ,

i'm trying to create PBF using ansible module , but looks like it doesn't take "forward_next_hop_type" doesnt take a value as a "ip-address" and even "forward_next_hop_value" doesnt considered as given in task...

ansible-task:

- name: pbf policy

...

Templates vs Ansible

Hello,

We are configuring all our Firewalls (PA-52xx) via Ansible playbooks with extensive usage of Ansible modules. It works totally fine for us. Configurations are consistent and reinstalling a firewall from scratch works like a charm.

We are wonde

...

Anyone using Postman for API calls?

I am new to this API stuff and I am trying to use postman to get just basic objects out of my palo. Just something as simple as "https://192.168.81.50/restapi/9.0/Objects/Addresses" the return I get it cannot get any response. I setup my api key in a

...

Discussions

Authentication issue to Palo Alto Panorama from Ansible

Resolved! Need help with scripting to add member to address group using pandevice command (Python)

Resolved! API Commit for user specific changes

XML API is truncating fields in configuration log extraction

a

Resolved! Netmiko output blank

Does pan-os-python support GlobalProtect Gateway config?

Resolved! REST api for updating addresses

"Could not get vsys info for device xxxx in dg xxxx" Error Message when commit and push via Ansible

Resolved! XML-API response for "show running resource-monitor ingress-backlogs"

Resolved! unable to upload certificate to Panorama via post API

Resolved! Panorama Edit a security post-rule REST-API logic

IP-address is considered to be invalid in PBF policy as a forwarding next hop in ansible

Templates vs Ansible

Anyone using Postman for API calls?

Output format for test/url-info-cloud and test/url-info-host

Wildfire API "Missing required field apikey"

Auto de-register devices in Panorama

Rest API not seeing template variables

Devicegroup hierarchy dump

Re: fatal: [192.168.0.120]: FAILED! => {"changed": false, "msg": "Missing required library \"pandevice\"."}

Unlock your full community experience!

Resolved! Need help with scripting to add member to address group using pandevice command (Python)

Resolved! API Commit for user specific changes

Resolved! Netmiko output blank

Resolved! REST api for updating addresses

Resolved! XML-API response for "show running resource-monitor ingress-backlogs"

Resolved! unable to upload certificate to Panorama via post API

Resolved! Panorama Edit a security post-rule REST-API logic