I have a project for automation operational firewall NGFW Version 10.1..
I read the API documentation & talk to google but nothing.
My first question : Can I search specific address with specific ip_netmask value and fqdn value ? I mean about search is like contains or match in sql query.
Last question : Can I search specific rule with specific source member address value and destination member address value ?
Hello @Bogi_Farizna, today it would be achieved by exporting the section of config you want to search through (e.g. address objects, or rules) and filtering on the API client-side for the search term.
Today we have API operations for the various types of objects including: add, remove, edit/rename, list...
A pattern match on the returned list of address objects, for example, should be relatively simple in whatever language/script is being used to execute against the API?
Hello @JimmyHolland , sure, I read that API documentation PAN.. but I did'nt find the object search feature by value, but only found the search feature by name. Did I miss it?.
his is the API URL I found to search for objects by name:
Hi @Bogi_Farizna, personally I use the XML API with a request like this to get all the address objects from a Panorama DeviceGroup:
The results looks like this, so you can easily filter the results and search for name of object, or IP address of object:
<response status="success" code="19"> <result total-count="1" count="1"> <address> <entry name="Test-Server-Portal"> <ip-netmask>172.17.0.5/32</ip-netmask> </entry> <entry name="Windows_Desktop"> <ip-netmask>172.16.10.123/32</ip-netmask> </entry> <entry name="192.168.1.1"> <ip-netmask>192.168.1.1/32</ip-netmask> </entry> <entry name="10.0.0.1"> <ip-netmask>10.0.0.1/32</ip-netmask> </entry> <entry name="10.0.2.1"> <ip-netmask>10.0.2.1/32</ip-netmask> </entry> <entry name="10.0.4.1"> <ip-netmask>10.0.4.1/32</ip-netmask> </entry> <entry name="10.0.0.0-24"> <ip-netmask>10.0.0.0/24</ip-netmask> </entry> <entry name="22.214.171.124"> <ip-netmask>126.96.36.199/32</ip-netmask> </entry> </address> </result> </response>
hello @JimmyHolland , wohoo you are using XML.. ok, I know the API PAN have the ability to get all address and get by address name. but if i'm using get all address function and then filtering at client it need more time cause in my environment have more than 20k object address. so I ask you about ability API PAN to get by address value (ip-netmask or ip-range). is it possible ? if possible do you have a example request ?
I'm afraid I don't have example of that @Bogi_Farizna. If you want to discuss this with your SE/reseller/partner that would be the most appropriate next step. I can put you in touch with the right person if you want to share your company name (via DM on this forum if you wish to preserve privacy).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!