03-30-2016 09:57 AM
I would like to create a new IP address on an interface with xml api. I tried different requests but no one worked.
I tried to use config set wiht the xpath which ended to
[@name='interface']/ip and after &element=<ip><entry name="x.x.x.x/x"/></ip> and similar settings but the response is always '406 Not Acceptable'.
03-30-2016 12:15 PM - edited 03-30-2016 12:17 PM
When using 'set', the element should not contain the end of the xpath (you don't need the <ip></ip> part of the element). This is only needed when using 'edit'.
Also, you're missing the layer3 element in the xpath.
xpath should end with: entry[@name='ethernet1/1']/layer3/ip
element should be: <entry name='x.x.x.x/x'/>
So here are a few examples of setting an ip address on ethernet1/1 using the API:
With a browser:
https://<fw ip>/api?key=<apikey>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/ip&element=<entry name='5.5.5.5/24'/>
With pan-python:
pan-python is available here: https://github.com/kevinsteves/pan-python
pan-python abstracts out much of the API into simple parameters on a command line or python script. It also handles encoding and other 'under-the-hood' complexity for you. On a linux CLI, with pan-python installed, you can make the same API call like this:
panxapi.py -h <fw ip> -K <apikey> -S "<entry name='5.5.5.5/24'/>" "/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/3']/layer3/ip"
With pandevice framework (python SDK):
pandevice is available here: https://github.com/PaloAltoNetworks/pandevice
It's a python SDK that allows you to interact with the API at an object level. No XPath or XML is required. pandevice is also natively vsys and HA aware.
This example accomplishes the same thing, but using objects in python without XPaths or XML:
from pandevice import firewall, network
fw = firewall.Firewall("<fw ip>", "admin", "password")
fw.add(network.EthernetInterface("ethernet1/1", ip="5.5.5.5/24")).create()
03-31-2016 03:21 AM
The things are a bit more complicated but I didn't write all details. We use Panorama, and the interface is a subinterface of an aggregate interface. But I tried the similar way. The current request is:
/api/?type=config&action=set&key=myapikey&xpath=/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='templatename']/config/devices/entry[@name='localhost.localdomain']/network/interface/aggregate-ethernet/entry[@name='ae6']/layer3/units/entry[@name='ae6.16']/ip&element=<entry name='10.20.30.40/24'/>
But I get 406 Not Acceptable
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
