Add or remove application in a security rule

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Add or remove application in a security rule

L2 Linker

Hello.......
curl -k -X GET "https://10.10.10.10/api/?key=LUFRPT16R......................Mg==&type=config&action=set&xpath=/confi...<source><member>any</member></source><destination><member>any</member></destination><service><member>any</member></service><application><member>zoom</member><member>quic</member></application><action>allow</action><source-user><member>any</member></source-user><option><disable-server-response-inspection>no</disable-server-response-inspection></option><negate-source>no</negate-source><negate-destination>no</negate-destination><disabled>no</disabled><log-start>yes</log-start><log-end>yes</log-end><description>description</description><from><member>trust</member></from><to><member>untrust</member></to>"
Using the above command I can create a policy. But If I want to add or delete applications in the same policy then what will be the way? I tried edit option instead of set but it shows  <response status="error" code="12"><msg><line>Edit breaks config validity</line></msg></response> . Also I tried delete option to remove the application but it removes the Policy itself.  
Maybe I am missing something. My goal is to update the policy by adding or removing applications using api. 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @ssovee ,

 

The following URLs worked for me:

 

  • To add an application to an existing rule:  

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<member>zoom</member>

  • To delete an application from an existing rule:  

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application/member[text()='zoom']

  • To replace all applications in an existing rule:

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<application><member>zoom</member><member>webex</member><member>ms-teams-audio-video</member></application>

Here is a list of XML API actions:  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-request-types/pan-os...

 

The action works on the xpath, which is why for set (add) and edit (replace) the application xpath is listed with specifics part of &element.  Since the delete action requires an xpath to the specific application, the /member[text()=''] is used.

 

Depending upon the automation desired, the REST API may be more consistent.  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-rest-ap...

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hi @ssovee ,

 

The following URLs worked for me:

 

  • To add an application to an existing rule:  

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<member>zoom</member>

  • To delete an application from an existing rule:  

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application/member[text()='zoom']

  • To replace all applications in an existing rule:

    https://<fw ip>/api/?key=<API-KEY>&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='Test']/application&element=<application><member>zoom</member><member>webex</member><member>ms-teams-audio-video</member></application>

Here is a list of XML API actions:  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/pan-os-xml-api-request-types/pan-os...

 

The action works on the xpath, which is why for set (add) and edit (replace) the application xpath is listed with specifics part of &element.  Since the delete action requires an xpath to the specific application, the /member[text()=''] is used.

 

Depending upon the automation desired, the REST API may be more consistent.  https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-panorama-api/get-started-with-the-pan-os-rest-ap...

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hi TomYoung,

Thanks for the reply. It is very helpful. Add & Edit works for me. But delete didn't. Here below is the status of that.

[root@ansible-manager-stg ~]# curl -k -X GET "https: //10.10.10.10/api/?key=LUFRPT16Rzg0ek03S3NINWZEanBPTFZmVFg0SFcyNWc9..........xdUUvenoyK0RkbTZOQ05Ga3dOTlFUMg==&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='GP']/pre-rulebase/security/rules/entry[@name='Dcup']/application/member[text()='zoom']"
curl: (3) bad range in URL position 291:
https: //10.10.10.10/api/?key=LUFRPT16Rzg0ek03S3NINWZEanBPTFZmVFg0SFcyNWc9..........xdUUvenoyK0RkbTZOQ05Ga3dOTlFUMg==&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='GP']/pre-rulebase/security/rules/entry[@name='Dcup']/application/member[text()='zoom']

Cyber Elite
Cyber Elite

Hi @ssovee ,

 

I do not see the ] at the end of your delete URL.  Is it missing?  I promise I tested the delete syntax above.

 

Also, you should change your API key since you have posted it on this forum.  😊

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hi TomYoung

Could you please give me the exact delete URL based on my given URL. Somehow I do not understand about missing ].

Cyber Elite
Cyber Elite

Hi @ssovee ,

 

Sorry!  I have been busy.  You should be able to get the exact URL from your API browser on Panorama and then add the /member[text()='zoom'] part to the end.  In order for a successful delete, the App-ID zoom will need to be in the rule.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

action=delete with the following syntax is not working for me

 

https://firewall/api/?type=config&action=delete&key=key&xpath=/config/shared/pre-rulebase/security/r...

 

throwing the following error

<response status="error" code="10">
<msg>
<line>
<![CDATA[ shared -> pre-rulebase -> security -> rules -> 45205-XXDOE-77787 -> service is invalid. Missing service value ]]>
</line>
</msg>
</response>
  • 1 accepted solution
  • 2080 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!