Create Post-Security-Rule - RestAPI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Create Post-Security-Rule - RestAPI

L2 Linker

I have Panorama managing my firewalls. I would like to leverage Postman to make API POSTS to Panorama for new security policies. 

 

Can someone provide an example of a filled-out body with bogus data to show me how the API wants it?

 

I'm particularily getting stuck on the first part of the body.. I have a device group called "firewalls" and the device is named "firewall1"

 

{

            "entry": {

                        "@name": "testrule",

                        "target": {

                              "devices": {

                                       "entry": [

                                             null

                                        ]

                              },

 

 

2 accepted solutions

Accepted Solutions

L5 Sessionator

If you're doing PAN-OS automation and aren't using any of the integrations that already exist (aka - Terraform or Ansible) and you need to figure out how to format calls to the XML API, your best course of action is to use the debug GUI functionality.

 

  • Open a browswer tab and go to https://<pan-os-ip-address>
  • Navigate to the screen you want information about
  • Open another browser tab and go to https://<pan-os-ip-address>/debug
  • Click "Clear" in the debug tab
  • Perform the action you are trying to automate
  • Click "Refresh" in the debug tab

 

This is just one of the three ways available.  The other two are detailed here (the link is from PAN-OS 7.1, but the information is still accurate now):

 

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api...

 

Hope this helps!

 

View solution in original post

Neither Terraform nor Ansible force specific workflows on the user, so you are free to use whatever workflow you want.  Using either of them however gets you away from having to start from nothing.

 

As to whether you should use Terraform or Ansible, I think that it becomes a matter of preference.  Sometimes a company is already using one or the other internally, so it makes sense to stick with that tool.  But if no one is using either already and you are free to choose, I think I'd suggest playing with them both and figuring out which you like more.

 

Palo Alto Networks has had a Terraform & Ansible lab the past few years at Ignite.  Here's the 2019 lab (the description has the link to the lab guide as HTML):

 

https://github.com/PaloAltoNetworks/multicloud-automation-lab

View solution in original post

3 REPLIES 3

L5 Sessionator

If you're doing PAN-OS automation and aren't using any of the integrations that already exist (aka - Terraform or Ansible) and you need to figure out how to format calls to the XML API, your best course of action is to use the debug GUI functionality.

 

  • Open a browswer tab and go to https://<pan-os-ip-address>
  • Navigate to the screen you want information about
  • Open another browser tab and go to https://<pan-os-ip-address>/debug
  • Click "Clear" in the debug tab
  • Perform the action you are trying to automate
  • Click "Refresh" in the debug tab

 

This is just one of the three ways available.  The other two are detailed here (the link is from PAN-OS 7.1, but the information is still accurate now):

 

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api...

 

Hope this helps!

 

Do you suggest that I work on using Ansible? I want to automate our firewall changes. Can you give me a brief rundown of an example workflow that you or someone else has created for firewall changes? Hoping that I'll have an idea of what to work toward.. Right now, it's trying to mess with Postman. 

Neither Terraform nor Ansible force specific workflows on the user, so you are free to use whatever workflow you want.  Using either of them however gets you away from having to start from nothing.

 

As to whether you should use Terraform or Ansible, I think that it becomes a matter of preference.  Sometimes a company is already using one or the other internally, so it makes sense to stick with that tool.  But if no one is using either already and you are free to choose, I think I'd suggest playing with them both and figuring out which you like more.

 

Palo Alto Networks has had a Terraform & Ansible lab the past few years at Ignite.  Here's the 2019 lab (the description has the link to the lab guide as HTML):

 

https://github.com/PaloAltoNetworks/multicloud-automation-lab

  • 2 accepted solutions
  • 5321 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!