Thanks @JimmyHolland, you were spot on. I had been close with a few commands I had tried throughout the day, and after this post had figured out I needed [@name='localhost.localdomain'], but still couldn't quite get the syntax correct. On my system since I use curl running from Windows and have a WebUI certificate issued from the device itself I needed a few little tweaks to your command. This was the winner for me: curl -X GET "https://<firewall-fqdn>/api/?key=<key>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='IPSec-Tunnel-Name']&element=<disabled>yes</disabled>" --ssl-no-revoke 1> I had to add the double quotes to the command to keep Windows happy. 2> Adding the --ssl-no-revoke element to the command to avoid to schannel revocation error. Of interest, this device is not managed by panorama so it is a bit strange that initial error I was getting, I too thought it was behaving like the config was pushed by Panorama. However it’s not, this firewall is stand alone and not managed by any panorama instance, as such there is no override command to use. Thanks again for helping, much appreciated. Chris.
... View more