PAN-OS® and Panorama™ API Usage Guide
    : Set Configuration
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS® and Panorama™ API Usage Guide
    4. PAN-OS XML API Request Types
    5. Configuration (API)
    6. Set Configuration
    Download PDF

    PAN-OS® and Panorama™ API Usage Guide

    Set Configuration

    Table of Contents
    End-of-Life (EoL)

    Set Configuration

    Use
    action=set
     to add or create a new object at a specified location in the PAN-OS configuration. Use the
    xpath
     parameter to specify the location of the object in the configuration. For example, if you are adding a new rule to the security rulebase, the xpath-value would be: 
    
			
    /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security
    Use the
    element
     parameter to specify a value for the object you are adding or creating using XML.
    Configuration Node
    API Request
    Create a new rule called rule1 in security policy
    
								
    curl -X GET "https://<firewall>/api/?key=apikey&type=config&action=set&xpath=xpath-value&element=element-value"
    where the xpath-value is: 
    
								
    /config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='rule1']
    and the element-value is: 
    
								
    <source><member>src</member></source><destination><member>dst</member></destination><service><member>service</member></service><application><member>application</member></application><action>action</action><source-user><member>src-user</member></source-user><option><disable-server-response-inspection>yes-or-no</disable-server-response-inspection></option><negate-source>yes-or-no</negate-source><negate-destination>yes-or-no</negate-destination><disabled>yes-or-no</disabled><log-start>yes-or-no</log-start><log-end>yes-or-no</log-end><description>description</description><from><member>src-zone</member></from><to><member>dst-zone</member></to>
    Add an additional member to an address group or list
    Include the 'list' node in the xpath using the
    member[text()='name']
     syntax and include the members in the element parameter. For example, to add an additional static address object named
    abc
     to an address group named
    test
    , use: 
    
								
    curl -X GET "https://<firewall>/api/?key=apikey&type=config&action=set&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/address-group/entry[@name='test']&element=<static><member>abc</member></static>"
    Create a new IP address on a specific interface
    Specify the interface and IP address in the request:
    
								
    curl -X GET "https://<firewall>/api?key=<apikey>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/ip&element=<entry name='5.5.5.5/24'/>"
    Enable or disable a security rule
    
								
    curl -X GET "https://<firewall>/api/?key=<apikey>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='<vsys1>']/rulebase/security/rules/entry[@name='<rule-name>']&element=<disabled>yes</disabled>"
    Altenatively, use
    <disabled>no</disabled>
     to enable a rule.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.