06-14-2024 11:38 AM
We use the Permitted IP Addresses list (Panorama>Setup>Interfaces) to restrict access to Panorama to our public IPs. The problem we run into is that some of our devices use cellular as backup (new public IP every two days) or worse--Starlink (who change your public IP several times per day).
Since this list only uses IP, not DNS, I can't just use a dynamic DNS entries. My solution is to update the list manually every time I need to push a config. I'd like to use a script that makes API calls, but I can't find any documentation for the API calls that gets to anything in the Panorama>Setup area. Any idea where these commands might be hiding? Or is the API limited to only select commands? Maybe I need to just script accessing the CLI and editing it there, but I'm not sure I've seen those commands either...
06-14-2024 02:30 PM
Hi @JDBailey ,
The XPath you are looking for is shown below.
/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/permitted-ip/entry[@name='172.16.0.0/12']
That example adds 172.16.0.0/12 with no description to the Permitted IP Addresses of the Panorama management interface.
There are a few ways to find an XML Path.
Thanks,
Tom
PS The CLI command is 'set deviceconfig system permitted-ip 172.16.0.0/12'.
06-14-2024 02:30 PM
Hi @JDBailey ,
The XPath you are looking for is shown below.
/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/permitted-ip/entry[@name='172.16.0.0/12']
That example adds 172.16.0.0/12 with no description to the Permitted IP Addresses of the Panorama management interface.
There are a few ways to find an XML Path.
Thanks,
Tom
PS The CLI command is 'set deviceconfig system permitted-ip 172.16.0.0/12'.
06-14-2024 02:33 PM
Thank you! I've been looking for this for years, but every time I start my search some network emergency pulled me away. I'll give it a test and if it works, I'll accept the solution. Wasn't expecting a reply this week, honestly. You've made my week!
06-21-2024 01:08 PM
TomYoung's advice helped me find exactly what I was looking for at this time as well as helping me see how to use the debugger to figure out x-path for other things I'm trying to do. I was surprised at how well ChatGPT did at writing clean Python code to do what I wanted. I just had to tweak my prompt a few times. The following prompt yielded the code below (I comment out the place where I fixed how to access a particular piece of data) that will retrieve the allowed IPs into a Python dict.
create a python script that will retrieve the xml data from panorama x-path /config/devices/entry[@name="localhost.localdomain"]/deviceconfig/system/permitted-ip using an api key for authentication and convert it to a dictionary keyed off of description
import requests
import xml.etree.ElementTree as ET
############# Start Unique Vallues ###############
# Panorama API endpoint for retrieving permitted IPs
panorama_url = 'https://my.panarama.url/api/'
# API key for authentication
api_key = 'myApiKey'
############# End Unique Vallues ###############
# Parameters for the API request
params = {
'type': 'config',
'action': 'get',
'key': api_key,
'xpath': '/config/devices/entry[@name="localhost.localdomain"]/deviceconfig/system/permitted-ip'
}
def retrieve_xml_data():
try:
# Make the API request to Panorama
response = requests.get(panorama_url, params=params, verify=False) # Set verify=True to verify SSL certificates
if response.status_code == 200:
# Parse the XML response
root = ET.fromstring(response.text)
# Initialize dictionary to store permitted IPs keyed off of 'description'
permitted_ips = {}
# Iterate over <entry> elements under <address> to extract data
for entry in root.findall('.//entry'):
description = entry.find('description').text.strip()
ip_address = entry.attrib["name"] # entry.find('address').text.strip()
permitted_ips[description] = ip_address
return permitted_ips
else:
print(f"Failed to retrieve XML data. Status code: {response.status_code}")
return None
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
return None
# Example usage:
if __name__ == "__main__":
xml_data_dict = retrieve_xml_data()
if xml_data_dict:
print("Permitted IPs:")
for description, ip_address in xml_data_dict.items():
print(f"{description}: {ip_address}")
else:
print("Failed to retrieve XML data.")06-21-2024 01:12 PM
That rocks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
