10-07-2025 07:53 AM
Hi All
I am trying to get details of particular address object( not all address present in shared location) .
Any pointer for XML API or any suggestion to used panos python SDK
10-08-2025 05:45 PM
I can't provide any specifics for the panos Python SDK, I personally hate using abstracted libraries to interact with a devices API since you'll eventually run into a situation where you have to do things natively anyways.
Reminder that you can use the API browser to get help with the XML API by just going to https://<myfirewallip>/api once you have an authenticated session. Getting the details of a single address object is straightfoward, instead of targeting /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address you would just target the actual entry with /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='files.pythonhosted.org'].
So via Python and using that files.pythonhosted.org FQDN address object as an example, you could do something like this:
import requests
palo_api_key = "MYKEY" #This can come from a secrets engine or just be set
firewallFQDN = "myfirewall.lab.local"
headers = {'X-PAN-KEY': str(palo_api_key)} #Use the X-PAN-KEY header for authentication
test = requests.get("https://" + str(firewallFQDN) + "/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='files.pythonhosted.org']",headers=headers, verify=False) #Assuming you dont trust the management cert
You can then use that collection however you wish. I would personally use something like xmltodict to interact with the return easier, but I'm not sure what you're really trying to do with just collecting the object. You could do something like this:
import xmltodict
validate_dict = xmltodict.parse(test.content)
objectConfiguration = validate_dict['response']['result']['entry']
print(objectConfiguration)
That should give you the building blocks to put something together not knowing what you're actually doing. You could use that as a way to validate that objectConfiguration matches what you're expecting and then alerting if it doesn't as an example.
10-31-2025 01:21 PM
You can return the addresses through the following, just adjust the xpath to account for where you're actually looking for the objects (IE: shared versus vsys1):
gather_addresses = requests.get(myFirewallFQDN + "/api/?type=config&action=get&xpath=/config/shared/address']/vsys/entry[@name='vsys1']/address",headers=headers, verify=False)
result_dict = xmltodict.parse(gather_addresses.content)
addresses = result_dict['response']['result']['address']['entry']
for address in addresses:
if '172.16.' in str(address):
print(address)
This will return every address object that you will then need to parse down to find the value that matches what you are looking for. The reason where doing a substring match in the entire address object is because it's easier than getting the actual address object value due to the way that the different object types are structured. You could do a direct value match if you wanted, you would just need to parse every object type properly.
10-08-2025 02:10 AM
HI@BPry
Any feedback/suggestion here. Trying to pull directly specific address object instead of first pull all address object and then pull specific one.
10-08-2025 05:45 PM
I can't provide any specifics for the panos Python SDK, I personally hate using abstracted libraries to interact with a devices API since you'll eventually run into a situation where you have to do things natively anyways.
Reminder that you can use the API browser to get help with the XML API by just going to https://<myfirewallip>/api once you have an authenticated session. Getting the details of a single address object is straightfoward, instead of targeting /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address you would just target the actual entry with /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='files.pythonhosted.org'].
So via Python and using that files.pythonhosted.org FQDN address object as an example, you could do something like this:
import requests
palo_api_key = "MYKEY" #This can come from a secrets engine or just be set
firewallFQDN = "myfirewall.lab.local"
headers = {'X-PAN-KEY': str(palo_api_key)} #Use the X-PAN-KEY header for authentication
test = requests.get("https://" + str(firewallFQDN) + "/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='files.pythonhosted.org']",headers=headers, verify=False) #Assuming you dont trust the management cert
You can then use that collection however you wish. I would personally use something like xmltodict to interact with the return easier, but I'm not sure what you're really trying to do with just collecting the object. You could do something like this:
import xmltodict
validate_dict = xmltodict.parse(test.content)
objectConfiguration = validate_dict['response']['result']['entry']
print(objectConfiguration)
That should give you the building blocks to put something together not knowing what you're actually doing. You could use that as a way to validate that objectConfiguration matches what you're expecting and then alerting if it doesn't as an example.
10-29-2025 07:39 AM
HI @BPry
Have one more query , lets say if we don't know the address object name , then assuming we need to first pull all address object and then filter it ?
In my case we have around 50 k address object.. so trying to check what is efficient way to do .
Thanks ,
Deepak
10-31-2025 01:21 PM
You can return the addresses through the following, just adjust the xpath to account for where you're actually looking for the objects (IE: shared versus vsys1):
gather_addresses = requests.get(myFirewallFQDN + "/api/?type=config&action=get&xpath=/config/shared/address']/vsys/entry[@name='vsys1']/address",headers=headers, verify=False)
result_dict = xmltodict.parse(gather_addresses.content)
addresses = result_dict['response']['result']['address']['entry']
for address in addresses:
if '172.16.' in str(address):
print(address)
This will return every address object that you will then need to parse down to find the value that matches what you are looking for. The reason where doing a substring match in the entire address object is because it's easier than getting the actual address object value due to the way that the different object types are structured. You could do a direct value match if you wanted, you would just need to parse every object type properly.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
