Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-01-2023 10:40 AM
Hello.......
curl -k -X GET "https://10.10.10.10/api/?key=LUFRPT16R......................Mg==&type=config&action=set&xpath=/confi...<source><member>any</member></source><destination><member>any</member></destination><service><member>any</member></service><application><member>zoom</member><member>quic</member></application><action>allow</action><source-user><member>any</member></source-user><option><disable-server-response-inspection>no</disable-server-response-inspection></option><negate-source>no</negate-source><negate-destination>no</negate-destination><disabled>no</disabled><log-start>yes</log-start><log-end>yes</log-end><description>description</description><from><member>trust</member></from><to><member>untrust</member></to>"
Using the above command I can create a policy. But If I want to add or delete applications in the same policy then what will be the way? I tried edit option instead of set but it shows <response status="error" code="12"><msg><line>Edit breaks config validity</line></msg></response> . Also I tried delete option to remove the application but it removes the Policy itself.
Maybe I am missing something. My goal is to update the policy by adding or removing applications using api.
10-02-2023 07:54 AM
Hi @ssovee ,
The following URLs worked for me:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<member>zoom</member>
To delete an application from an existing rule:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application/member[text()='zoom']
To replace all applications in an existing rule:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<application><member>zoom</member><member>webex</member><member>ms-teams-audio-video</member></application>
Here is a list of XML API actions: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-request-types/pan-os...
The action works on the xpath, which is why for set (add) and edit (replace) the application xpath is listed with specifics part of &element. Since the delete action requires an xpath to the specific application, the /member[text()=''] is used.
Depending upon the automation desired, the REST API may be more consistent. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-rest-ap...
Thanks,
Tom
10-02-2023 07:54 AM
Hi @ssovee ,
The following URLs worked for me:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<member>zoom</member>
To delete an application from an existing rule:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application/member[text()='zoom']
To replace all applications in an existing rule:
https://<fw ip>/api/?key=<API-KEY>&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<application><member>zoom</member><member>webex</member><member>ms-teams-audio-video</member></application>
Here is a list of XML API actions: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-request-types/pan-os...
The action works on the xpath, which is why for set (add) and edit (replace) the application xpath is listed with specifics part of &element. Since the delete action requires an xpath to the specific application, the /member[text()=''] is used.
Depending upon the automation desired, the REST API may be more consistent. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-rest-ap...
Thanks,
Tom
10-02-2023 10:05 PM - edited 10-02-2023 10:08 PM
Hi TomYoung,
Thanks for the reply. It is very helpful. Add & Edit works for me. But delete didn't. Here below is the status of that.
[root@ansible-manager-stg ~]# curl -k -X GET "https: //10.10.10.10/api/?key=LUFRPT16Rzg0ek03S3NINWZEanBPTFZmVFg0SFcyNWc9..........xdUUvenoyK0RkbTZOQ05Ga3dOTlFUMg==&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='GP']/pre-rulebase/security/rules/entry[@name='Dcup']/application/member[text()='zoom']"
curl: (3) bad range in URL position 291:
https: //10.10.10.10/api/?key=LUFRPT16Rzg0ek03S3NINWZEanBPTFZmVFg0SFcyNWc9..........xdUUvenoyK0RkbTZOQ05Ga3dOTlFUMg==&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='GP']/pre-rulebase/security/rules/entry[@name='Dcup']/application/member[text()='zoom']
10-02-2023 10:13 PM
Hi @ssovee ,
I do not see the ] at the end of your delete URL. Is it missing? I promise I tested the delete syntax above.
Also, you should change your API key since you have posted it on this forum. 😊
Thanks,
Tom
10-03-2023 12:46 AM
Hi TomYoung
Could you please give me the exact delete URL based on my given URL. Somehow I do not understand about missing ].
10-04-2023 06:43 AM
Hi @ssovee ,
Sorry! I have been busy. You should be able to get the exact URL from your API browser on Panorama and then add the /member[text()='zoom'] part to the end. In order for a successful delete, the App-ID zoom will need to be in the rule.
Thanks,
Tom
12-12-2023 12:22 PM
action=delete with the following syntax is not working for me
throwing the following error
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
