How to delete a firewall user name from the security rule set using the XML API ???

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

How to delete a firewall user name from the security rule set using the XML API ???

L1 Bithead

I need help with the XMP API to delete a firewall user from a security rule set.

I'm getting an XPath error code = 3 (internal API error) from the following scenario


When I do a config command with action = show, I get a XML structure like this:

<response status="success">




    <entry name="My-Big-Fat-FW-Rules">









       .... lots of xml stuff ...


      <next entry...>

       ....  more xml stuff ...






when I issue the following XPATH command:

<...preamble http stuff...>&action=edit&xpath=/config/devices/entry/vsys/entry/rulesbase/security/rules[@name='My-Big-Fat-FW-Rules']/source-user/member[@name='xyz\123456']&element=<member name='xya\10203040'/>"


the API returns

<response status="error" code="3"><msg><line>Could not get schema node for xpath /config/devices/entry/vsys/entry/rulesbase/security/rules[@name='My-Big-Fat-FW-Rules']/source-user/member[@name='xyz\123456']</line></msg></response>




The XML API guide says response code=3 is an internal API error.


My question:

Is the above XPATH statement the right syntax to navigate to rename the user 'xyz\123456' to 'xyz\10203040' ?


My second question is:

Can the Xpath edit action be used to remove the rule by editing 'xyz\123456' to '' ?


My third question is:

Since I want to delete this user from this rule, will the above XPATH syntax work with a config request and action=delete ?


My final question concerns commit locks:

Is it necessary for me to do a get on the commit-locks and issue an API commit to make the changes take effect ?

Is there a sequence diagram of the message flows for this ?


Thanks for your help!!!



L1 Bithead

I can comment on editting. The delete action was answered in your other post.

If you want to edit a member object, then you need to reference the original member object with member[text()='<value>'] and then use the element parameter for the modified member object value: element=<xml code>


You were pretty close.

For example using curl if the original member is xyz\123456 and you want to change it to xya\10203040

$ curl -k "https://<fw ip>/api/?type=config&action=edit&xpath=/config/devices/entry\[@name='localhost.localdomain'\]/vsys/entry\[@name='<vsys name>'\]/rulebase/security/rules/entry\[@name='<rulename>'\]/source-user/member\[text()='xyz\123456'\]&element=<member>xya\10203040</member>&key=<API-KEY>"

<response status="success" code="20"><msg>command succeeded</msg></response>

L1 Bithead

Here is an example on how to delete a something from a rule.  If this is truly a user in the rule, you could add this <source-user>user1</source-user>


curl --globoff -k "https://x.x.x.x/api/?type=config&action=delete&key=$KEY&xpath=/config/devices/entry[@name='localhost...


Michael Clark

Palo Alto Networks

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!