PAN-OS OpenConfig Administrator’s Guide
    : PAN-OS OpenConfig XML API
    Focus
    Download PDF
    Focus
    1. Home
    2. OpenConfig
    3. PAN-OS OpenConfig Administrator’s Guide
    4. PAN-OS Models
    5. PAN-OS OpenConfig XML API
    Download PDF

    PAN-OS OpenConfig Administrator’s Guide

    PAN-OS OpenConfig XML API

    Table of Contents

    PAN-OS OpenConfig XML API

    Behavior and examples for using the XML API OpenConfig model to interact with PAN-OS firewalls.
    OpenConfig versions 2.1.1 and later You can interact with the firewall using the XML API OpenConfig plugin model enabling you to automate and manage your network using native data models. PAN-OS's XML APIs provide a structured and standardized approach to exchanging data.
    You can view paths and options for the PAN-OS XML API by navigating to the /api directory on your firewall.

    Behavior

    Exploring the API can give you a better sense about the potential inputs and outputs available with the PAN-OS data model. Using the XML API along with regular telemetry intervals can you give you a way to stream custom data to your endpoint.

    Usage

    The following GNMIC command uses the PAN-OS XML API model to run a show system info command.
    gnmic -u user -p * -a firewall:9339 subscribe --mode once --encoding PROTO --timeout 300s --path "pan/xmlapi[cmd=show system info]
    A successful call returns the results in the message attribute.
    {
  "source": "firewall:9339",
  "subscription-name": "default-1718289066",
  "timestamp": 1718289066000000000,
  "time": "2024-06-13T07:31:06-07:00",
  "updates": [
    {
      "Path": "/pan/xmlapi",
      "values": {
        "/pan/xmlapi": {
          "client_type": "dial_in",
          "code": 200,
          "message": "{\"response\": {\"-status\": \"success\", \"result\": {\"system\": {\"mac-address\": \"00:50:56:a3:b1:1a\", \"uptime\": \"10 days, 9:13:34\", \"vm-mode\": \"VMware ESXi\", \"threat-version\": \"0\", \"logdb-version\": \"11.2.1\", \"advanced-routing\": \"off\", \"device-certificate-status\": \"Valid\", \"vm-cpuid\": \"ESX:F1060400FFFBAB1F\", \"av-version\": \"0\", \"wildfire-version\": \"0\", \"global-protect-datafile-release-date\": \"unknown\", \"ipv6-link-local-address\": \"fe80::250:56ff:fea3:b11a/64\", \"device-dictionary-version\": \"132-510\", \"operational-mode\": \"normal\", \"vpn-disable-mode\": \"off\", \"public-ip-address\": \"unknown\", \"global-protect-clientless-vpn-version\": \"0\", \"global-protect-datafile-version\": \"unknown\", \"family\": \"vm\", \"vm-uuid\": \"42231D29-EBB8-28A5-E407-749463554B34\", \"is-dhcp\": \"no\", \"duplicate-ip\": \"Disabled\", \"hostname\": \"Rad-PA-VM-107-212\", \"wf-private-version\": \"0\", \"default-gateway\": \"10.5.104.1\", \"model\": \"PA-VM\", \"serial\": \"007099000022068\", \"device-dictionary-release-date\": \"2024/06/13 03:35:15 PDT\", \"app-version\": \"8825-8650\", \"devicename\": \"Rad-PA-VM-107-212\", \"app-release-date\": \"2024/03/19 14:10:42 PDT\", \"wf-private-release-date\": \"unknown\", \"multi-vsys\": \"off\", \"vm-mem\": \"8112148\", \"cloud-mode\": \"non-cloud\", \"sw-version\": \"12.1.0-c94251.PR55581_94251\", \"plugin_versions\": {\"entry\": [{\"-name\": \"dlp\", \"-version\": \"5.0.0\", \"pkginfo\": \"dlp-5.0.0-c46.dev\"}, {\"-name\": \"openconfig\", \"-version\": \"2.0.2\", \"pkginfo\": \"openconfig-2.0.2-c49.dev\"}, {\"-name\": \"vm_series\", \"-version\": \"6.0.0\", \"pkginfo\": \"vm_series-6.0.0-c2364.main\"}]}, \"is-dhcp6\": \"no\", \"vm-cap-tier\": \"6.5 GB\", \"vm-cores\": \"4\", \"global-protect-client-package-version\": \"0.0.0\", \"platform-family\": \"vm\", \"ip-address\": \"10.5.104.217\", \"ipv6-address\": \"unknown\", \"time\": \"Thu Jun 13 07:31:06 2024\", \"vm-license\": \"VM-100\", \"wildfire-rt\": \"Disabled\", \"vm-mac-count\": \"256\", \"threat-release-date\": \"2024/03/19 14:10:42 PDT\", \"url-db\": \"paloaltonetworks\", \"url-filtering-version\": \"0000.00.00.000\", \"netmask\": \"255.255.252.0\", \"vm-mac-base\": \"12:AB:11:83:30:00\", \"relicense\": \"0\"}}}}\n",
          "query_warning_error_message": "",
          "request_id": "dial_in_request",
          "time_taken": 0
        }
      }
    }
  ]
    The following GNMIC command uses the PAN-OS XML API model to run a show system services command.
    gnmic -u user -p * -a firewall:9339 subscribe --mode once --encoding PROTO --timeout 300s --path "pan/xmlapi[cmd=show system services]"
    A successful call returns the results in the message attribute.
    
{
  "source": "firewall:9339",
  "subscription-name": "default-1718289583",
  "timestamp": 1718289583000000000,
  "time": "2024-06-13T07:39:43-07:00",
  "updates": [
    {
      "Path": "/pan/xmlapi",
      "values": {
        "/pan/xmlapi": {
          "client_type": "dial_in",
          "code": 200,
          "message": "{\"response\": {\"-status\": \"success\", \"result\": {\"member\": [\"https\", \"http\", \"icmp\", \"ssh\"]}}}\n",
          "query_warning_error_message": "",
          "request_id": "dial_in_request",
          "time_taken": 0
        }
      }
    }
  ]
}

    © 2024 Palo Alto Networks, Inc. All rights reserved.