PAN-OS OpenConfig Administrator’s Guide
    : Manage Firewall Zones
    Focus
    Download PDF
    Focus
    1. Home
    2. OpenConfig
    3. PAN-OS OpenConfig Administrator’s Guide
    4. OpenConfig Models
    5. Firewall Zones
    6. Manage Firewall Zones
    Download PDF

    PAN-OS OpenConfig Administrator’s Guide

    Manage Firewall Zones

    Table of Contents

    Manage Firewall Zones

    How to automate firewall zones configuration with PAN-OS using openconfig models.

    Create a Zone

    The following request creates a new zone and sets the firewall zone type to layer3.
    gnmic -a localhost --port 9339 -u username -p password --timeout 300s --skip-verify -e JSON_IETF set --update-path "/zones" --update-file new-zone.json
    The contents of new-zone.json are as follows:
    

{

    "zone": [

        {

            "fw-zone-type": "pan-fw-zones-deviations:layer3",

            "openconfig-fw-zones:interfaces": {

                "interface": []

            },

            "openconfig-fw-zones:name": "openconfig-test"

        }

    ]

}
    A successful request returns the output below:
    Set Response:

{

    "results": [

        {

            "operation": "UPDATE",

            "path": "zones/zone[name=opencofig-test]/interfaces/interface/id"

        }

    ]

}
    The following command adds interface1/5 the zone named testzone:
    gnmic -a localhost --port 9339 -u username -p password --timeout 300s --skip-verify -e JSON_IETF set --update "/zones/zone[name=openconfig-tet]/interfaces/interface/id:::string:::ethernet1/5"
    A successful request returns the output below:
    

{

    "results": [

        {

            "operation": "UPDATE",

            "path": "zones/zone[name=openconfig-test]/interfaces/interface/id"

        }

    ]

}
    The following is displayed in PAN-OS after making the previous updates:

    Retrieving Zones

    The following command provides the output retrieved after setting the example above.
    gnmic -a localhost --port 9339 -u username -p password --e JSON_IETF get --path "/zones"
    [

  {

    "time": "1969-12-31T16:00:00-08:00",

    "updates": [

      {

        "Path": "zones/zone[name=openconfig-test]",

        "values": {

          "zones/zone": {

            "config": {

              "fw-zone-type": "pan-fw-zones-deviations:layer3",

              "name": "openconfig-test"

            },

            "interfaces": {

              "interface": [

                {

                  "config": {

                    "id": "ethernet1/4"

                  },

                  "id": "ethernet1/4",

                  "state": {

                    "id": "ethernet1/4"

                  }

                },

                {

                  "config": {

                    "id": "ethernet1/4.1"

                  },

                  "id": "ethernet1/4.1",

                  "state": {

                    "id": "ethernet1/4.1"

                  }

                },

                {

                  "config": {

                    "id": "ethernet1/5"

                  },

                  "id": "ethernet1/5",

                  "state": {

                    "id": "ethernet1/5"

                  }

                },

                {

                  "config": {

                    "id": "ethernet1/5.1"

                  },

                  "id": "ethernet1/5.1",

                  "state": {

                    "id": "ethernet1/5.1"

                  }

                }

              ]

            },

            "name": "openconfig-test",

            "state": {

              "fw-zone-type": "pan-fw-zones-deviations:layer3",

              "name": "openconfig-test"

            }

          }

        }

      }

    ]

  }

]

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.