supposdly the paloalto.py file below should work def paloalto_rule_add(pa_ip,pa_key,rule_params): # Add a new rule on Palo Alto gateway # Input: Palo Alto gateway IP, Palo Alto Access Key, and rule_params # rule_params are the parameters to be configured for the new rule. It is a dictionary with the following values: # rule_params['name']: name of the rule # rule_params['dstZone']: destination zone # rule_params['srcZone']: source zone # rule_params['srcIP']: list of source IP addresses # rule_params['dstIP']: list of destination IP addresses # rule_params['application']: application # rule_params['service']: service # rule_params['action']: rule action (allow, deny) # rule_params['spg']: name of security group profile to be set # Output: returns 'success' or 'fail' depending on the result ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE cmd = "/api/?type=config&action=set&" parameters = {'xpath':"/config/devices/entry[@name=\'localhost.localdomain\']/vsys/entry[@name=\'vsys1\']/rulebase/security/rules/entry[@name=\'"+rule_params['name']+"\']",'element':"<to><member>"+rule_params['dstZone']+"</member></to><from><member>"+rule_params['srcZone']+"</member></from><source>"+rule_source_ip+"</source><destination>"+rule_destination_ip+"</destination><application><member>"+rule_params['application']+"</member></application><service><member>"+rule_params['service']+"</member></service><action>"+rule_params['action']+"</action><profile-setting><group><member>"+rule_params['spg']+"</member></group></profile-setting>"} url = "https://"+pa_ip+cmd+"Key="+pa_key+"&"+urllib.urlencode(parameters) response = urllib2.urlopen(url, context=ctx) contents= ET.fromstring(response.read()) result = 'success' return result
... View more