Get Push To Device summary via API

cancel
Showing results for 
Search instead for 
Did you mean: 

Get Push To Device summary via API

L1 Bithead

Hi,

 

I am trying to automate the push to device proccess through Panorama, I know that the xml API call for tat is commit all, but I was trying to find an API call that would shouw the device groups and templates that will be pushed (trying to get the values that appear in the dialog labeled "Push To Device" when you press on push to device in the GUI).

When I inspect the network calls in the browser, I get this request:

{"action":"PanDirect","method":"run","data":["477deaaf37548a06bfdf2637a05a92b2","ConfigChangeDirect.getInitialPushScope",["no"]],"type":"rpc","tid":85}

And the JSON response body is basically what I need, however when I use the debug page on Panorama, it does not show me this request or its response.

 

I know we can get the commit change summary from the xml API but I was hoping there would be a similar call for the push summary

 

Any one tried to do this before and succeeded? Is it all possible?

We're running Panorama 9.1!

Panorama 

1 ACCEPTED SOLUTION

Accepted Solutions

I think I would do this by looking at the status, rather than try to mimic the commit dialog box functionality.

 

For example, use https://{{host}}/api/?key={{key}}&type=op&cmd=<show><devicegroups/></show> to check 

<shared-policy-status> per device, looking for Out of Sync.
 
Similarly, use either https://{{host}}/api/?key={{key}}&type=op&cmd=<show><template-stack/></show> or https://{{host}}/api/?key={{key}}&type=op&cmd=<show><templates/></show> per device, and look for <template-status> value of Out of Sync.
 
That should allow you to build a list of devices which are out of sync, and therefore require their DG or Template/Stack to be pushed. Hope that helps?
Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

View solution in original post

4 REPLIES 4

L4 Transporter

Hi @abedJawhar, what is the goal, because I don't quite understand, sorry. You mentioned the "values from the Push to Devices dialog box", so do you mean you want to make an API call that tells you: which Device Groups have changes committed in Panorama which have not yet been pushed to the NGFWs?

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Yes that is exactly correct.. Not just device groups, but also templates and templates stacks that have been committed but not yet pushed to the firewalls!

I think I would do this by looking at the status, rather than try to mimic the commit dialog box functionality.

 

For example, use https://{{host}}/api/?key={{key}}&type=op&cmd=<show><devicegroups/></show> to check 

<shared-policy-status> per device, looking for Out of Sync.
 
Similarly, use either https://{{host}}/api/?key={{key}}&type=op&cmd=<show><template-stack/></show> or https://{{host}}/api/?key={{key}}&type=op&cmd=<show><templates/></show> per device, and look for <template-status> value of Out of Sync.
 
That should allow you to build a list of devices which are out of sync, and therefore require their DG or Template/Stack to be pushed. Hope that helps?
Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Thanks for the reply @JimmyHolland ! That works!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!