I have been using the REST interface for pulling reporting and config data using constructed URLs in scripts. All that works well. What I have been unable to do is use the set action for config. I am using a key generated for a sysadmin user, but consistently get an "Unauthorized request" message:
<response status="unauth" code="16"><msg><line>Unauthorized request</line>
I am using the syntax from the Using the XML API document to send the request:
Is this incorrect? Is there more documentation somewhere that can give more detail on how these API URLs should be constructed?
I am using PANOS 4.0.4
I can give details of what I actually am trying to do:
1. Custom report that tells me top source IPs of blocked traffic
2. Use API to retrieve list
3. Based on list, create an address object for each source IP
4. Add each address object to an address group that is denied access
The the deny rule and the address group is already setup, I just need a way for my scripts to manage the addresses in the address group.
I now have a script that looks at the top x unauthenticated blocked users in the last 24 hours, and if the repeat count is high enough, it creates an address entry for the ddns FQDN address (so it follows them), adds that address to an address group, which has a captive portal rule applied to force authentication. That way, "good" users are not forced to authenticate, and "bad" users are.
You can use 'edit' or 'set. Edit will replace the existing config, Set will add to it. Keep in mind when you use Edit you have to specify the element you're replacing. Here are examples of set and edit used to modify the 'fqdn' of the address object:
For an example like this, set and edit are basically the same, but if you were performing set or edit on the address object, then they are different because set is non-destrictive and will merge the existing config with the new element, while edit is destrictive and will replace the existing address object with the new element.
Since you're using pan-python, you might also be interested in a new library from Palo Alto Networks called the Device Framework. It allows you to interact with the API without having touch XML or XPaths. Everything is object oriented so you just create and modify objects in python like you would on the firewall GUI or CLI.
With the Device Framework, the above address object could be created easily using this code. No XML, XPaths, or API-Key required:
from pandevice import firewall, objects fw = firewall.Firewall('10.0.0.1', 'admin', 'yourpassword') address_obj = objects.AddressObject('test', 'test.domain.edu', 'fqdn') fw.add(address_obj) address_obj.create()
More information about the Palo Alto Networks Device Framework is available here:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!