This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Problems overriding a Panorama template via the XML API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problems overriding a Panorama template via the XML API

MattBurnett
L0 Member

‎08-26-2021 08:04 AM - edited ‎08-26-2021 10:13 AM

I'm trying to disable via the XML API a IPSEC tunnel on a firewall which was configured using Panorama. I can manage to disable a locally created tunnel with the following GET request:

 

https://CENSORED/api/?key=CENSORED&type=config&action=edit&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='CENSORED']/disabled&element=<disabled>yes</disabled>

 

However when I change the action from edit to override it gives me a seemingly nonsensical and contradictory error:

 

<response status="error" code="12">
<msg>
<line>Object cannot be overridden </line>
</msg>
</response>​

 

According to the documentation, error code 12 means an invalid xpath or element. I dont think this is accurate considering that the xpath and element work fine when the action is edit. And the message doesnt make sense considering that I can override this object via the web UI. Is anyone here familiar with doing overrides via the XML API and know what i'm doing wrong? 

 

And if I use the debug cli on on command and create an override via the CLI, it tells me XML request is

<request cmd="override" obj="/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='Azure-DR']" cookie="9297669682826545"></request>

According to this KB article, the GET request should be

https://CENSORED/api/?key=CENSORED&type=config&action=override&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='CENSORED']&element=

But that gives me the error:

<response status="error" code="400">
<result>
<msg>Missing value for parameter "element".</msg>
</result>
</response>

If I remove the element parameter it gives me the same error, and any value I specify for the element parameter gives me the error :

<response status="error" code="12">
<msg>
<line>Request doesn't have an object to be added</line>
</msg>
</response>
1 person had this problem.
0 Likes Likes
0 REPLIES 0
  • 2086 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks