Work With Objects (REST API)

Objects are elements that you use within policy rules. The firewalls and Panorama support a large number of objects such as tags, address objects, log forwarding profiles, and security profiles.
The examples in this section show you how to perform CRUD operations with an address object. You can use this example to work with other objects of the firewall. Access the REST API reference documentation at
https://<IP address or FQDN of the firewall or Panorama>/restapi-doc/
for help with the resource URIs for different objects and the structure of the request. For an overview, see PAN-OS REST API Request and Response Structure.

Create an Address Object

Make a POST request to create an address object. In the request, the query parameters must include the name and the location on where you want to create the object. And in the request body include the same name, location and other properties to define the object. For example:
curl -X POST \ 'https://10.1.1.4/restapi/v10.1/Objects/Addresses?location=shared&name=web-servers-production' \ -H 'X-PAN-KEY: LUFRPT0=' \ -d '{ "entry": [ { "@location": "shared", "@name": "web-servers-production", "description": "what is this for?", "fqdn": "docs.paloaltonetworks.com", "tag": { "member": [ "blue" ] } } ] }'
Code copied to clipboard
Unable to copy due to lack of browser support.

Edit an Address Object

Make a PUT request and include the name and location of the object as query parameters. Include the same location and name in the request body and define the properties of the object you’d like to change. In the following example, you are modifying the description and adding a new tag called red to the address object. If the tag does not already exist, you must first create the tag before you can reference it in the address object.
curl -X PUT \ 'https://10.1.1.4/restapi/v10.1/Objects/Addresses?location=shared&name=web-servers-production' \ -H 'X-PAN-KEY: LUFRPT0=' \ -d '{ "entry": [ { "@location": "shared", "@name": "web-servers-production", "description": "publish servers", "fqdn": "docs.paloaltonetworks.com", "tag": { "member": [ "blue", "red" ] } } ] }'
Code copied to clipboard
Unable to copy due to lack of browser support.
The response is
{ "@code": "20", "@status": "success", "msg": "command succeeded" }
Code copied to clipboard
Unable to copy due to lack of browser support.

Rename an Address Object

When renaming an object, make a POST request with the following query parameters—name of the object
name=<name>
, l
ocation=<location>
, and the new name
newname=<name>
. The following example renames web-servers-production to web-server-publish.
curl -X POST \ 'https://10.5.196.4/restapi/v10.1/Objects/Addresses:rename?location=shared&name=web-servers-production&newname=web-server-publish' \ -H 'X-PAN-KEY: LUFRPT0='
Code copied to clipboard
Unable to copy due to lack of browser support.

Delete an Address Object

Make a DELETE request and include the name and the location of the object as query parameters. For example:
curl -X DELETE \ 'https://10.1.1.4/restapi/v10.1/Objects/Addresses?location=shared&name=web-server-production' \ -H 'X-PAN-KEY: LUFRPT0='
Code copied to clipboard
Unable to copy due to lack of browser support.

Get Address Objects

Make a GET request to retrieve a list of all address objects within a specified location. For example, the following query reads all address objects in vsys1 which is indicated with
location=vsys&vsys=vsys1
in the query parameter.
curl -X GET \ 'https://10.1.1.4/restapi/v10.1/Objects/Addresses?location=vsys&vsys=vsys1' \ -H 'X-PAN-KEY: LUFRPT0='
Code copied to clipboard
Unable to copy due to lack of browser support.
And the response includes the list of address objects that are configured on vsys1 on the firewall.
{ "@code": "19", "@status": "success", "result": { "@count": "3", "@total-count": "3", "entry": [ { "@location": "vsys", "@name": "fqdn1", "@vsys": "vsys1", "fqdn": "www.test.com" }, { "@location": "vsys", "@name": "Peer1", "@vsys": "vsys1", "ip-netmask": "172.0.0.1/24" }, { "@location": "vsys", "@name": "Peer2renamed", "@oldname": "Peer2", "@vsys": "vsys1", "ip-netmask": "200.0.0.1/24" } ] } }
Code copied to clipboard
Unable to copy due to lack of browser support.

Recommended For You