XML-API Use Case to Add & Delete TS-Agents

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

As I explained in a previous blog, XML API can be a very useful and powerful tool to work with. Having different use case examples can help overcome some of the initial hurdles when using XML API. 


The following use case was created by our very own @vsathiamoo

Check out how to go about adding/deleting TS-agents using the XML API:



To use the API, generate the API key required for authenticating API calls.




Get API Key

URL Encoding


Using the following command, the Palo Alto Networks firewall running configuration can be retrieved:


Command Syntax (Running Configuration)





Example (if your host is and you obtained your key with admin/admin credentials):<show><config><running></running></config></show>&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09           





The above example shows that there is a Terminal Services Agent (TEST-AGENT1 in our example) configured and the XPATH to use to configure a new Terminal Services Agemt would be the following :


Using action=set you can add or create a new object at a specified location in the configuration hierarchy.  Use the xpath parameter to specify the location of the object in the configuration.


In the example below, we will add a Terminal Services Agent (TS-AGENT2).  The IP address and Port of the TS agent will be populated with the following API call.


Command Syntax (Add TS Agent)


https://<<FW-IP>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENT NAME']&element=<host>IP ADDRESS</host><port>5009</port>



Command Syntax (Add TS Agent with Alternative IP Addresses)



https://<<FW-IP>>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENTNAME']&element=<host>IP1</host><port>5009</port><ip-list><member>Alternate IP1</member><member>Alternate IP2</member></ip-list>


Parameter Description
FW-IP Palo Alto Networks Firewall Management IP.
API-KEY API key for an administrator account
TSAGENTNAME A name to identify the TS agent.
IP1 IP address of the terminal server where the TS agent is installed
Alternate IP1 Additional IP addresses of TS agent
Alternate IP2 Additional IP addresses of TS agent (Note: TS agents can have upto 8 additional IP addresses)





The same command can be used to modify Terminal Services Agent properties (Host IP and Port).





XML API Request types


In a similar way, you can remove  a Terminal Services Agent (TS-AGENT2) from the firewall.


Command Syntax (Remove TS Agent)








There are plenty of XML API resources available on Live for you to get started. This is just one of many possible use cases where XML API can be useful for you!


Feel free to ask questions or share your XML API examples in the comments section below!


-Kiwi out!


Register or Sign-in
Top Liked Authors