This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

XML-API Use Case to Add & Delete TS-Agents

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

XML-API Use Case to Add & Delete TS-Agents

kiwi
Community Team Member
‎03-19-2018 05:11 AM

As I explained in a previous blog, XML API can be a very useful and powerful tool to work with. Having different use case examples can help overcome some of the initial hurdles when using XML API. 

 

The following use case was created by our very own @vsathiamoo

Check out how to go about adding/deleting TS-agents using the XML API:

 

Additional resources

 

Getting Started with XML API

API Labs with pan-python

 

To use the API, generate the API key required for authenticating API calls.

 

Resources

 

Get API Key

URL Encoding

 

Using the following command, the Palo Alto Networks firewall running configuration can be retrieved:

 

Command Syntax (Running Configuration)

 

 

https://<<FW-IP>>/api/?type=op&cmd=<show><config><running></running></config></show>&key=<<API-KEY>>

 

Example (if your host is 10.192.16.170 and you obtained your key with admin/admin credentials):

 

 

https://10.192.16.170/api/?type=op&cmd=<show><config><running></running></config></show>&key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09

 

2018-03-19_12-25-25.jpg

 

 

The above example shows that there is a Terminal Services Agent (TEST-AGENT1 in our example) configured and the XPATH to use to configure a new Terminal Services Agemt would be the following :
 
XPATH
 
/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='MYTSAGENT']

 

Using action=set you can add or create a new object at a specified location in the configuration hierarchy.  Use the xpath parameter to specify the location of the object in the configuration.

 

In the example below, we will add a Terminal Services Agent (TS-AGENT2).  The IP address and Port of the TS agent will be populated with the following API call.

 

Command Syntax (Add TS Agent)

 

https://<<FW-IP>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENT NAME']&element=<host>IP ADDRESS</host><port>5009</port>

Example

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']&element=<host>10.1.1.2</host><port>5009</port>

 

Command Syntax (Add TS Agent with Alternative IP Addresses)

 

 

https://<<FW-IP>>/api?key=<<API-KEY>>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS AGENTNAME']&element=<host>IP1</host><port>5009</port><ip-list><member>Alternate IP1</member><member>Alternate IP2</member></ip-list>

  

Parameter Description
FW-IP Palo Alto Networks Firewall Management IP.
API-KEY API key for an administrator account
TSAGENTNAME A name to identify the TS agent.
IP1 IP address of the terminal server where the TS agent is installed
Alternate IP1 Additional IP addresses of TS agent
Alternate IP2 Additional IP addresses of TS agent (Note: TS agents can have upto 8 additional IP addresses)

 

Example

 

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']&element=<host>10.1.1.2</host><port>5009</port

  2018-03-19_12-48-13.jpg

 

The same command can be used to modify Terminal Services Agent properties (Host IP and Port).

 

Resources:

 

XPATH

XML API Request types

 

In a similar way, you can remove  a Terminal Services Agent (TS-AGENT2) from the firewall.

 

Command Syntax (Remove TS Agent)

 

https://<<FW-IP>>/api?key=<<API-KEY>>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TSAGENTNAME']

Example

 

https://10.192.16.170/api?key=LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='TS-AGENT2']

 
2018-03-19_13-01-30.jpg

 

 

 

There are plenty of XML API resources available on Live for you to get started. This is just one of many possible use cases where XML API can be useful for you!

 

Feel free to ask questions or share your XML API examples in the comments section below!

 

-Kiwi out!

 

2 Comments
  • 23276 Views
  • 2 comments
  • 3 Likes
Register or Sign-in
Labels
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks