06-14-2018 06:05 AM - edited 06-14-2018 06:05 AM
I am working on a script to do automation of new tenant builds. One thing I am having a tough time with is creating VLAN Zones because I need to assign them to the specifc VSYS/Location but don't seem to have a paramter to do that. I have been able to successfully add things under Objects and Policies to their specific VSYS, but this zone add is hanging me up. Here is an example of what I am trying to do:
fw = firewall.Firewall('127.0.0.1', 'user', 'pass', vsys="shared")
vsys1 = device.Vsys(name = 'vsys1', display_name = 'PRESENTATION')
fw.add(vsys1)
vsys1.create()
VLAN_zone = network.Zone(name = 'TEST_706', mode = 'layer3')
fw.add(VLAN_zone)
VLAN_zone.create()
When I attempt to create the VLAN zone I get the following error:
Traceback (most recent call last):
File "C:/Users/ttoquothty/PycharmProjects/PaloAlto/IaaS.py", line 34, in <module>
VLAN_zone.create()
File "C:\Users\ttoquothty\PycharmProjects\PaloAlto\venv\lib\site-packages\pandevice\base.py", line 576, in create
device.active().xapi.set(self.xpath_short(), element, retry_on_peer=self.HA_SYNC)
File "C:\Users\ttoquothty\PycharmProjects\PaloAlto\venv\lib\site-packages\pandevice\base.py", line 3175, in method
raise the_exception
pandevice.errors.PanDeviceXapiError: Could not find schema node for xpath /config/shared/zone
06-14-2018 10:06 AM
@gfreeman I think it is because in my 'fw' object I have the vsys set to 'shared'. Because looking more closely at the error I was getting it mentions it could not find the xpath for /config/shared/zone. I am on 0.6.3 for Pandevice so should be good there.
This is my first go at anything automation related with the Palo (and also new-ish to Python), it's been pretty cool so far!
06-14-2018 06:48 AM
I figured out my issue and figured out I'd post a update in case someone stumbles across this with the same question.
instead of doing fw.add(VLAN_zone) my script for the Zone should have been:
VLAN_zone = network.Zone(name = 'TEST_706', mode = 'layer3')
vsys1.add(VLAN_zone)
VLAN_zone.create()
Using the vsys1 I established earlier to add the Zone.
06-14-2018 09:49 AM
I'm glad that you got it working, but that should have worked. I just tested it and it does indeed work for me (since there is no vsys specified in the `fw` object, it should default to `vsys1`).
I suspect your version of `pandevice` is older, and I'd recommend making sure you're running 0.6.0, which is currently the latest.
06-14-2018 10:06 AM
@gfreeman I think it is because in my 'fw' object I have the vsys set to 'shared'. Because looking more closely at the error I was getting it mentions it could not find the xpath for /config/shared/zone. I am on 0.6.3 for Pandevice so should be good there.
This is my first go at anything automation related with the Palo (and also new-ish to Python), it's been pretty cool so far!
06-14-2018 10:19 AM
Oops, missed that. Yep, you're right 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
