This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Joshua_Peterson
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Joshua_Peterson
03-13-2023
5Posts
1Like
1Solution
Mar 13, 2023Last Visited
User
Activity
User
Profile
Latest posts by Joshua_Peterson
| Subject | Views | Posted |
|---|---|---|
| 1953 | 10-10-2021 02:25 AM | |
| 2003 | 10-09-2021 02:27 PM | |
| 2021 | 10-09-2021 01:07 PM | |
| 2036 | 10-09-2021 12:27 PM | |
| 2072 | 10-09-2021 06:55 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-10-2021 02:25 AM |
User Badges
Community Statistics
| Member Since | 03-04-2020 02:56 PM |
| Date Last Visited | 03-13-2023 02:00 PM |
| Posts | 5 |
| Total Likes Received | 1 |
10-10-2021
02:25 AM
1 Kudo
I think this is boiling down to the quotes I was using in windows command prompt. I was using double-quotes on the outside, and all single quotes on the parameters, but it did not like that in CMD. Upon further inspection, the browser changed all the single quotes but for the ike-gateway name to %27, and had no double-quotes for the request in the browser. I changed my quotes in the cmd request to %27 as well and it worked like a charm. I wasn't opening and closing my quotes in a way command prompt could understand.
... View more
10-09-2021
02:27 PM
Well, never mind. I accidentally ran the command with action=get instead of action=set, and that always works. Back to the drawing board.
... View more
10-09-2021
01:07 PM
This is absolutely BIZZAR. I ran the command "set network tunnel ipsec asdf auto-key ike-gateway test1" from the CLI with "debug cli on" and found there was an error "Server error : asdf -> auto-key constraints failed : default crypto profile doesn't exist asdf -> auto-key is invalid" I have no 'default' crypto policies. I had seen this before and assumed it was an order of operation issue, and so I set the crypto profile before I set the ike-gateway by doing <auto-key><ipsec-crypto-profile>asdf</ipsec-crypto-profile><ike-gateway><entry name="test1"/></ike-gateway></auto-key> (the ipsec policy is set before the gateway, so it doesn't need to worry about the default crypto policy) but that did not help. So of all the stupid things I have ever had to do, it added a ipsec policy called 'default'. Bam, it works just fine now. It's so stupid I can't even be happy I've solved it. SUMMARY: If you want to use the API, don't go deleting your 'defaults'... (┛◉Д◉)┛彡┻━┻
... View more
10-09-2021
12:27 PM
Looking through the API browser it gave me a xpath for /api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='api-test']/auto-key/ike-gateway/entry[@name='test1'] (forgive me for changing the tunnel and ike-gateway names, I'm trying to see if there is some character or term it doesn't like) If I try to run this it tells me there is a error for the configuration target. That makes send to me, because up to this point the [@name="thing"] syntax has only been used for the target of a change, and I am not trying to change "thing" in this case but rather trying to apply it as a setting, as is, to the tunnel.
... View more
10-09-2021
06:55 AM
I am at my wits end with this. Can anybody tell me what I am doing wrong here? I'm trying to make a script that will use the API to stand up L2L VPN tunnels, and there is something in this request that is making the firewall puke (error 18 "Malformed Request"). The API calls: making the gateway, this works just fine: curl --globoff -X GET "https://palo.mydomain.com/api?key=<censored>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/ike/gateway/entry[@name='test']&element=<authentication><pre-shared-key><key>PASSWORD</key></pre-shared-key></authentication><protocol><ikev1><dpd><enable>yes</enable></dpd><ike-crypto-profile>API-Test</ike-crypto-profile></ikev1><ikev2><dpd><enable>yes</enable></dpd></ikev2></protocol><local-address><ip>1.1.1.1</ip><interface>ethernet1/4</interface></local-address><protocol-common><nat-traversal><enable>no</enable></nat-traversal><fragmentation><enable>no</enable></fragmentation></protocol-common><peer-address><ip>IP-1.1.1.1</ip></peer-address><local-id><id>1.1.1.1</id><type>ipaddr</type></local-id><peer-id><id>2.2.2.2</id><type>ipaddr</type></peer-id>" Making the ipsec tunnel, this one pukes only for the ike-gateway parameter: curl --globoff -X GET "https://palo.mydomain.com/api?key=<censored>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='tunnel_name']/auto-key/ike-gateway&element=<entry name='Test'/>" <response status="error" code="18"><msg><line>Malformed Request</line></msg></response> I have also tried and get the same error: curl --globoff -X GET "https://palo.mydomain.com/api?key=<censored>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='tunnel_name']&element=<auto-key><ike-gateway><entry name="test"/></ike-gateway></auto-key>" The Error: <response status="error" code="18"><msg><line>Malformed Request</line></msg></response> The CLI Debug: user@PA# set network tunnel ipsec tunnel_name auto-key ike-gateway Test (container-tag: network container-tag: tunnel container-tag: ipsec container-tag: entry key-tag: name value: tunnel_name container-tag: auto-key container-tag: ike-gateway container-tag: entry key-tag: name value: Test) ((eol-matched: . #t) (xpath-prefix: . /config/devices/entry[@name='localhost.localdomain']) (context-inserted-at-end-p: . #f)) (network (tunnel (ipsec (entry (@ (name tunnel_name)) (auto-key (ike-gateway (entry (@ (name Test))))))))) (entry (@ (name Test))) <request cmd="set" obj="/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='tunnel_name']/auto-key/ike-gateway" cookie=""><entry name='Test'/></request> 2021-10-09 09:21:23 <response status="success" code="20"><msg>command succeeded</msg></response> This is a lab device running 10.0. I can't figure out what I'm doing wrong here. Am I nuts?
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks