Pushing from Panorama to firewall with API
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

The Enhanced LIVEcommunity Experience is finally here! Learn all about it.

Pushing from Panorama to firewall with API

L2 Linker

I am trying to commit changes to a Panorama and then have changes pushed to the firewall making API calls from a powershell script.

 

Using the API I can:

  • add the firewall to the panorama
  • add the firewall to an existing template in the panorama
  • create a new device group on the panorama and add the firewall to it
  • Add rules (policies) to the device group.
  • Commit changes.

But I can't seem to push that template and policies to the firewall with the API.

Here is the powershell code I use to commit.

 

# Commit to Panorama
 Write-Host -foreground "Green" " Committing changes to Panorama"
 Write-Host ""
 $pancomURL = "https://panorama//api/?key=" + $panKey + "&type=commit&cmd=<commit></commit>"

Invoke-WebRequest -uri $pancomURL

Here is what I try to push the changes:

 

# Push to device from Panorama
 Write-Host -foreground "Green" " Pushing changes from Panorama to Palo Alto"
 Write-Host ""
 $pancomURL = "https://panorama//api/?key=" + $panKey + 
 "&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name='" + $gpid + "'/></device-group></shared-policy></commit-all>"
 
Invoke-WebRequest -uri $pancomURL

What is the correct syntax for the pushing to the firewall using the API?

thanks

Roger

1 ACCEPTED SOLUTION

Accepted Solutions

Cyber Elite
Cyber Elite

Pushing the policy:

https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name="DEVICEGROUPNAME"/></device-group></shared-policy></commit-all>

Pushing the template stack:

https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><template-stack><name>TEMPLATESTACKNAME</name></template-stack></commit-all>

 

... in my tests these API calls are working ... 

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Pushing the policy:

https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name="DEVICEGROUPNAME"/></device-group></shared-policy></commit-all>

Pushing the template stack:

https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><template-stack><name>TEMPLATESTACKNAME</name></template-stack></commit-all>

 

... in my tests these API calls are working ... 

View solution in original post

Thanks very much. 

I just came across the template push. Trying it shortly.

Sometime the syntax seems inconsistent, like:

 

<device-group><entry name="DEVICEGROUPNAME"/></device-group>

vs

<template-stack><name>TEMPLATESTACKNAME</name></template-stack>

 

in one it's entry name=, and in the other it's <name>.

 

But thanks again.

 

Roger

 

 

Alo, how do you change it to partial to only commit changes of the user?

thanks

 

Roger

Hi @RogerMccarrick

 

My assumption why these commands are different is the following:

The devicegroupcommit is there already quite a while, then sometime the stack feature was added and with that a slightly new syntax (because they think it is easier this way?...). But to not break the existing implementations, the devicegroupcommit wasn't changed.

 

Partial commits are not possible so far with the API.

 

Regards,

Remo

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!