08-22-2018 03:11 PM
I am trying to commit changes to a Panorama and then have changes pushed to the firewall making API calls from a powershell script.
Using the API I can:
But I can't seem to push that template and policies to the firewall with the API.
Here is the powershell code I use to commit.
# Commit to Panorama Write-Host -foreground "Green" " Committing changes to Panorama" Write-Host "" $pancomURL = "https://panorama//api/?key=" + $panKey + "&type=commit&cmd=<commit></commit>"
Invoke-WebRequest -uri $pancomURL
Here is what I try to push the changes:
# Push to device from Panorama Write-Host -foreground "Green" " Pushing changes from Panorama to Palo Alto" Write-Host "" $pancomURL = "https://panorama//api/?key=" + $panKey + "&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name='" + $gpid + "'/></device-group></shared-policy></commit-all>"
Invoke-WebRequest -uri $pancomURL
What is the correct syntax for the pushing to the firewall using the API?
thanks
Roger
08-22-2018 04:40 PM
Pushing the policy:
https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name="DEVICEGROUPNAME"/></device-group></shared-policy></commit-all>
Pushing the template stack:
https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><template-stack><name>TEMPLATESTACKNAME</name></template-stack></commit-all>
... in my tests these API calls are working ...
08-22-2018 04:40 PM
Pushing the policy:
https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><shared-policy><device-group><entry name="DEVICEGROUPNAME"/></device-group></shared-policy></commit-all>
Pushing the template stack:
https://PANORAMA/api/?key=APIKEY&type=commit&action=all&cmd=<commit-all><template-stack><name>TEMPLATESTACKNAME</name></template-stack></commit-all>
... in my tests these API calls are working ...
08-22-2018 04:44 PM
Thanks very much.
I just came across the template push. Trying it shortly.
Sometime the syntax seems inconsistent, like:
<device-group><entry name="DEVICEGROUPNAME"/></device-group>
vs
<template-stack><name>TEMPLATESTACKNAME</name></template-stack>
in one it's entry name=, and in the other it's <name>.
But thanks again.
Roger
08-22-2018 04:50 PM
Alo, how do you change it to partial to only commit changes of the user?
thanks
Roger
08-22-2018 11:25 PM
My assumption why these commands are different is the following:
The devicegroupcommit is there already quite a while, then sometime the stack feature was added and with that a slightly new syntax (because they think it is easier this way?...). But to not break the existing implementations, the devicegroupcommit wasn't changed.
Partial commits are not possible so far with the API.
Regards,
Remo
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
