Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Custom URL Category update via API returns "Edit breaks config validity" error

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Custom URL Category update via API returns "Edit breaks config validity" error

L1 Bithead

Hi all.

Thanks to excellent guidance found elsewhere (using panxapi to update a custom-url-category profile from a file), I was successfully and reliably able to add and update custom URL categories via the API.  Recently something changed that caused my scripts to fail.  Whenever the API is used to update a custom URL category, it returns "Edit breaks config validity".  This happens when updates are made to existing ones or when new lists are added.  I can import the file via the GUI or do the same thing via the command line, and they work fine.  I've removed the categories, saved, committed, everything I can think of, but the API always returns the same result.  I cannot think of a change recently that would have caused this to happen.

Below is a transcript of a config attempt I just made:

eric@leela:~$ cat testurl.xml

<list><member>www.foobarbaz.com</member></list>

eric@leela:~$ ~/PAN-perl-20120107/bin/panxapi -t panorama -e testurl.xml "/config/shared/profiles/custom-url-category/entry[@name='BrandNewList']/list"

edit: Edit breaks config validity status="error" code="12"

eric@leela:~$

eric@leela:~$ ssh panapi@panorama

Password:

Welcome panapi.

panapi@Panorama> configure

Entering configuration mode

[edit]

panapi@Panorama# set shared profiles custom-url-category BrandNewList list [ www.foobarbaz.com ]

[edit]

panapi@Panorama# commit

.99%.......100%

Configuration committed successfully

[edit]

panapi@Panorama#

Thanks for your help.

Eric

5 REPLIES 5

L7 Applicator

The API is a community-supported function, and you may have better luck at the DevCenter, where scripts and such are posted:

https://live.paloaltonetworks.com/community/devcenter

You can always take a look at your config from a time you knew the script was working under Device > Config Audit, and selecting the current config and comparing it to one at a time the script worked. Maybe a change to something on the firewall is preventing the script from running correctly.

Hope this helps,

Greg

Yes, I have done a config audit and nothing stands out at this time.

L1 Bithead

Were you ever able to figure this out?

I did... I think it turned out to be a bug in my script, but I can't remember exactly what it was.

I think the problem is '-e testurl.xml' should be '-e ./testurl.xml'; otherwise it is not read as a file.


using the Python panxapi.py you could specify '-e testurl.xml'

  • 6520 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!