Panorama and PANOS API Overview - PaloAltoNetworks/iron-skillet GitHub Wiki
The Panorama/PAN-OS API and XML
API Overview
For extended reading about the API, you can access the documentation for 8.1 here:
The configuration file and api calls are XML specific. XML is based on XML nodes with the xpath specifying the node in the tree to be referenced. Thus in order to use the API, two configuration items are needed:
- The xpath pointing to the node to be configured
- The xml snippet to be used as the element in the configuration
Along with these two items, the IP address of the device and a user-based API are required to modify the configuration.
Reference values contained in the repo
| Panorama | PAN-OS |
|---|---|
| xpaths list | xpaths list |
| config snippets folder | config snippets folder |
| snippet load order | snippet load order |
-
xpaths list: a python dictionary that can be used within scripts. The key is the reference name for the xpath and the value is the xpath name. The key and value will be referenced in the table below to show load order.
-
config snippets folder: set of xml files named according to config element; referenced as the value in the snippet load order dictionary
-
snippet load order: A python Ordered Dictionary used to show the config load order. The key is the xpath name from the xpaths list and the value is the config snippet file name. Load order is critical since some configuration elements like security rules rely on predefined objects such as EDLs, logging profiles, and security profiles.
With the xpath, snippet, and load order various tools such as pan-python, curl, and postman can be used to add configuration using the API. Other tools such as Ansible and Terraform use the same concept but have their own template format to create playbooks and responders.