: Work With Objects (REST API)
Focus
Focus

Work With Objects (REST API)

Table of Contents

Work With Objects (REST API)

Objects are elements that you use within policy rules. The firewalls and Panorama support a large number of objects such as tags, address objects, log forwarding profiles, and security profiles.
The examples in this section show you how to perform CRUD operations with an address object. You can use this example to work with other objects of the firewall. Access the REST API reference documentation athttps://<IP address or FQDN of the firewall or Panorama>/restapi-doc/for help with the resource URIs for different objects and the structure of the request. For an overview, see PAN-OS REST API Request and Response Structure.

Create an Address Object

Make a POST request to create an address object. In the request, the query parameters must include the name and the location on where you want to create the object. And in the request body include the same name, location and other properties to define the object. For example:
curl -X POST \ 'https://10.2.1.4/restapi/v11.0/Objects/Addresses?location=shared&name=web-servers-production' \ -H 'X-PAN-KEY: LUFRPT0=' \ -d '{ "entry": [ { "@location": "shared", "@name": "web-servers-production", "description": "what is this for?", "fqdn": "docs.paloaltonetworks.com", "tag": { "member": [ "blue" ] } } ] }'

Edit an Address Object

Make a PUT request and include the name and location of the object as query parameters. Include the same location and name in the request body and define the properties of the object you’d like to change. In the following example, you are modifying the description and adding a new tag called red to the address object. If the tag does not already exist, you must first create the tag before you can reference it in the address object.
curl -X PUT \ 'https://10.2.1.4/restapi/v11.0/Objects/Addresses?location=shared&name=web-servers-production' \ -H 'X-PAN-KEY: LUFRPT0=' \ -d '{ "entry": [ { "@location": "shared", "@name": "web-servers-production", "description": "publish servers", "fqdn": "docs.paloaltonetworks.com", "tag": { "member": [ "blue", "red" ] } } ] }'
The response is
{ "@code": "20", "@status": "success", "msg": "command succeeded" }

Rename an Address Object

When renaming an object, make a POST request with the following query parameters—name of the objectname=<name>, location=<location>, and the new namenewname=<name>. The following example renames web-servers-production to web-server-publish.
curl -X POST \ 'https://10.5.196.4/restapi/v11.0/Objects/Addresses:rename?location=shared&name=web-servers-production&newname=web-server-publish' \ -H 'X-PAN-KEY: LUFRPT0='

Delete an Address Object

Make a DELETE request and include the name and the location of the object as query parameters. For example:
curl -X DELETE \ 'https://10.2.1.4/restapi/v11.0/Objects/Addresses?location=shared&name=web-server-production' \ -H 'X-PAN-KEY: LUFRPT0='

Get Address Objects

Make a GET request to retrieve a list of all address objects within a specified location. For example, the following query reads all address objects in vsys1 which is indicated withlocation=vsys&vsys=vsys1in the query parameter.
curl -X GET \ 'https://10.2.1.4/restapi/v11.0/Objects/Addresses?location=vsys&vsys=vsys1' \ -H 'X-PAN-KEY: LUFRPT0='
And the response includes the list of address objects that are configured on vsys1 on the firewall.
{ "@code": "19", "@status": "success", "result": { "@count": "3", "@total-count": "3", "entry": [ { "@location": "vsys", "@name": "fqdn1", "@vsys": "vsys1", "fqdn": "www.test.com" }, { "@location": "vsys", "@name": "Peer1", "@vsys": "vsys1", "ip-netmask": "172.0.0.1/24" }, { "@location": "vsys", "@name": "Peer2renamed", "@oldname": "Peer2", "@vsys": "vsys1", "ip-netmask": "200.0.0.1/24" } ] } }