Don't Fear the XML

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
L4 Transporter

Just saying 'XML' in various circles causes cringing and eye rolling. With other, more human-friendly file formats such as JSON available, XML (eXtensible Markup Language) can get a bad rap. However when dealing with PAN-OS configuration and system information, a basic working knowledge can actually enhance NGFW interactions.


The fundamentals of XML include basic terms and file structure: the xpath, xml elements, attributes, tags, and text. The tutorial video below explores these fundamentals by showing XML in relation to both HTTP and file folder structures. All through the lens of a PAN-OS config file.




The reality is that pretty much every NGFW or Panorama interaction is based on XML. The CLI? The web UI? Yep. You can use the CLI commands debug cli on and show cli config-output format xml to look behind the curtain. The same with the web UI debug capability.


You'll also see XML appear in the load config partial command when adding the to-xpath and from-xpath. Thanks to @fhu_omi for providing an example in the HTTP response code quickplay comments. A quick hack to create a pseudo XML file and xpath to load this quickplay without any API tools.


What about pan-os-python, pango, and the PAN-OS REST API that are designed to keep me away from XML? Well much like the CLI and web UI, they create an abstraction layer above XML and do the XML magic in the background. They also rely on raw XML for configuration elements not currently supported. So while powerful and simplify NGFW interactions, its still good practice to be versed in XML to have full access to most of the configuration options.


So yes XML is designed for the machines and isn't the most readable format. However for API and some CLI interactions with the NGFW it isn't a bad idea to consider XML as a friend and not a foe.






Register or Sign-in