Next-Generation Firewall
XPath Node Selection
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
XPath Node Selection
When making requests, construct an HTTPS POST request with the correct type and action along
with the correct XPath. Here is an example API request:
curl -X POST 'https://firewall/api?type=config&action=show&key=<APIkey>&xpath=/config/devices/entry/vsys/entry/rulebase/security"
Ensure you replace variables such as <hostname> and <APIkey> with the IP address or
hostname of your firewall or Panorama and API key, respectively.
When making configuration requests (type=config), you can use XPath, a
syntax for selecting nodes from within an XML document. Use the XPath to isolate and modify
portions of your configuration. The XML configuration within PAN-OS uses four different types
of nodes as shown here:
<users> <entry name="admin"> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> <entry name="guest"> <permissions> <role-based> <custom> <profile>NewUser</profile> </custom> </role-based> </permissions> </entry> </users>
- Root nodes are top-level nodes with no parent. Requesting the root node returns all child elements.
- Element nodes represent containers of information. Element nodes can contain other element nodes or simply act as a container of information. Example:<permissions></permissions>
- Attribute nodes are nodes that contain name/value pairs. Example:<entry name="admin"></entry>
- Text nodes contain plain text. Example:<superuser>yes</superuser>
There are various ways to specify the XPath for an XML
node in an API request. The simplest is to use the location path
of the resource. For example, to select all users within your management
configuration, use the following path:
/config/mgt-config/users
The above path specifies the following XML node that includes
all users:
<users> <entry name="admin"> <permissions> <role-based> <superuser>yes</superuser> </role-based> </permissions> </entry> <entry name="guest"> <permissions> <role-based> <custom> <profile>NewUser</profile> </custom> </role-based> </permissions> </entry> </users>
Targeting multiple nodes in an XPath using nested elements results
in a successful command, but will not update all of the nodes. To update each node, send the
configuration to each node using multiple successive calls. For
example:
To successfully update each node, target each node individually, for example:/entry[@name='TEST_IKE_PAN']/protocol/ikev1/dpd&element=<enable>yes</enable></dpd></ikev1><version>ikev2-preferred</version></protocol>&/ikev2&element=<ike-crypto-profile>default</ike-crypto-profile></ikev2>&/peer-address&element=<ip>1.2.3.4</ip>
entry[@name='TEST_IKE_PAN']/peer-address&element=<ip>1.2.3.4</ip>
Another method for selecting the XPath for an XML node is to
select the specific node, such as thesuperuser orNewUser node
within the node shown above. Use XPath syntax similar to the following
to drill-down and select a specific node:
XML Node | XPath Syntax |
---|---|
![]() |
|
![]() |
|