This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to Use the PAN-OS REST API

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Blogs
2 min read

How to Use the PAN-OS REST API

JayGolf
Community Team Member
‎06-09-2022 12:25 PM

 

Screen Shot 2022-06-09 at 11.27.31 AM.png

 

 

The PAN-OS REST API allows you to manage Firewalls and Panorama. It is a WEB API that uses HTTP or HTTPs and requests are authenticated via an API key. Request bodies and responses are formatted in JSON. 

 

To use the REST API, enable API access for approved administrators and retrieve your API key

 

Now, to get started, understand that the REST API URL format includes a base path and the URI for the endpoint. 

 

curl -X METHOD "https://<IP address or FQDN>/restapi/<PAN-OS version>/<resource URI>

 

Method

GET - Read lists of resources

POST - Create a resource, rename a resource, and move a policy rule

PUT - Modify a resource

DELETE - Delete a resource

 

Resource URI

The PAN-OS REST API makes it simple and uses Objects, Policies, Network, and Device URI for its requests. Here are some available resource endpoints you can reference in your request:

 

# OBJECTS 
/restapi/9.0/Objects/Addresses
/restapi/9.0/Objects/AddressGroups
/restapi/9.0/Objects/Applications
/restapi/9.0/Objects/Services
/restapi/9.0/Objects/ServiceGroups

# POLICIES 
/restapi/9.0/Policies/SecurityRules
/restapi/9.0/Policies/NATRules
/restapi/9.0/Policies/QoSRules
/restapi/9.0/Policies/PolicyBasedForwardingRules
/restapi/9.0/Policies/DecryptionRules

 

Not seeing something you would like to work with? Take a look at all the available URI's.

 

Creating a Security Policy

 

 

 

curl -X POST \

  'https://firewall/restapi/pan-os_version/Policies/SecurityRules?location=vsys&vsys=vsys1&name=rule-example1' \
  -H 'X-PAN-KEY: LUFRPT=' \
  -d '{
    "entry": [
        {
            "@location": "vsys",
            "@name": "test",
            "@vsys": "vsys1",
            "action": "allow",
            "application": {
                "member": [
                    "ssl"
                ]
            },
            "category": {
                "member": [
                    "any"
                ]
            },
            "destination": {
                "member": [
                    "any"
                ]
            },
            "from": {
                "member": [
                    "internal"
                ]
            },
            "hip-profiles": {
                "member": [
                    "any"
                ]
            },
            "service": {
                "member": [
                    "application-default"
                ]
            },
            "source": {
                "member": [
                    "any"
                ]
            },
            "source-user": {
                "member": [
                    "any"
                ]
            },
            "to": {
                "member": [
                    "any"
                ]
            }
        }
    ]
}'

 

 

 

 

 

Additional Resources:

Building Next-Gen Automation

PAN-OS and Panorama API Usage Guide

Palo Alto Networks Github

 

 

Thank you for taking time to read this blog. I hope you found this interesting and helpful. Feel free to share your REST API examples in the comments section below!

 

Don't forget to hit the Like (thumbs up) button and to Subscribe to the LIVEcommunity Blog area.

 

Until next time,

JayGolf

Labels:
1 Comment
Amin2
L2 Linker
‎10-04-2024 08:25 AM
‎10-04-2024 08:25 AM

Hi Jay

 

Thank you for posting use of REST API on PAN OS.  I am just starting out and learning automation.  I am using PAN OS 10.2 on PA 820 lab device.  When I try to use a use the GET Method to query addresses, the restapi-doc shows: https://10.x.x.x/restapi/v10.2/Objects/Addresses  .  I am using the following curl command and get the following response:

 

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   171  100   171    0     0    422      0 --:--:-- --:--:-- --:--:--   423

{

  "code": 3,

  "message": "Invalid Query Parameter: key",

  "details": [

    {

      "@type": "CauseInfo",

      "causes": [

        {

          "code": 8,

          "module": "pan_api",

          "description": "Invalid Query Parameter: key"

        }

      ]

    }

  ]

}

 

I don’t see the “"Invalid Query Parameter: key".  Could it be that my API key is bad or invalid?  Below is my curl command I was using

 

curl -k -X GET "https://10.x.x.x.x/restapi/v10.2/Objects/Addresseslocation=vsys&vsys=vsys1&key=LUF7************==" | jq

 

Thanks

-Amin

0 Likes Likes
  • 7786 Views
  • 1 comments
  • 5 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks