Commit-All to Specific Device Using API in Powershell

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Commit-All to Specific Device Using API in Powershell

L4 Transporter

I am using Powershell to make API requests to Panorama which cause various commands to be executed on specific NGFWs. I would like to do a commit-all to a specific firewall, not the entire DG/template stack. The documentation Commit-All (paloaltonetworks.com) lists the following command:

curl -X GET "https://<panorama>/api/?key=apikey&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name="<device-group-name>"><devices><entry name="<serial_number>"></devices><entry/></device-group></shared-policy></commit-all>"

 

However, when I try this (using Invoke-RestMethod in Powershell as well as just trying in my web browser), I get an error saying "Request is not a valid XML." 

 

Can anyone help me out w/ the syntax?

2 REPLIES 2

Cyber Elite
Cyber Elite

Hi @OwenFuller ,

 

You can verify the XMP path by logging into the XML API Browser of Panorama at x.x.x.x/api.  Then drill down into the menu tree (e.g., Commit > all > shared-policy etc.) and you will see the XML API URL on the bottom of the web page.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Thanks for the suggestion. Unfortunately, the guidance at /api doesn't get that granular for commit-all.

 

It turns out that the answer was to add a </entry> tag after the serial number entry as shown:

 

<entry name="<serial_number>"></entry>

 

 Then, to get it to run properly in Powershell, add backticks to escape quotation marks around the DG name and serial number.

  • 2865 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!