Use XPath to Get Active Configuration
Table of Contents
PAN.OS 11.1 & Later
Expand all | Collapse all
-
- Upgrade a Firewall to the Latest PAN-OS Version (API)
- Show and Manage GlobalProtect Users (API)
- Query a Firewall from Panorama (API)
- Upgrade PAN-OS on Multiple HA Firewalls through Panorama (API)
- Automatically Check for and Install Content Updates (API)
- Enforce Policy using External Dynamic Lists and AutoFocus Artifacts (API)
- Configure SAML 2.0 Authentication (API)
- Quarantine Compromised Devices (API)
- Manage Certificates (API)
-
- Asynchronous and Synchronous Requests to the PAN-OS XML API
- Run Operational Mode Commands (API)
- Apply User-ID Mapping and Populate Dynamic Groups (API)
- Get Version Info (API)
-
- PAN-OS REST API
- Access the PAN-OS REST API
- Resource Methods and Query Parameters (REST API)
- PAN-OS REST API Request and Response Structure
- PAN-OS REST API Error Codes
- Work With Objects (REST API)
- Create a Security Policy Rule (REST API)
- Work with Policy Rules on Panorama (REST API)
- Create a Tag (REST API)
- Configure a Security Zone (REST API)
- Configure an SD-WAN Interface (REST API)
- Create an SD-WAN Policy Pre Rule (REST API)
- Configure an Ethernet Interface (REST API)
- Update a Virtual Router (REST API)
- Work With Decryption (APIs)
Use XPath to Get Active Configuration
Useaction=show with
no additional parameters to retrieve the entire active configuration.
- Use thexpath parameter
to target a specific portion of the configuration. For example,
to retrieve just the security rulebase:xpath=/config/devices/entry/vsys/entry/rulebase/security: curl -X POST 'https://firewall/api?type=config&action=show&xpath=/config/devices/entry/vsys/entry/rulebase/security"There is no trailing backslash character at the end of the XPath.
- Confirm that the XML response for the query looks similar to the following (truncated):
<response status="success"> <result> <security> <rules><entry name="IT DNS Services"><profile-setting><group><member>best-practice</member></group></profile-setting><to><member>untrust</member></to><from><member>trust</member></from><source><member>any</member></source><destination><member>Data Center</member></destination><source-user><member>any</member></source-user><category><member>any</member></category><application><member>dns</member></application><service><member>application-default</member></service><hip-profiles><member>any</member></hip-profiles><action>allow</action><tag><member>Best Practice</member></tag><log-start>no</log-start><log-setting>default</log-setting></entry> ... </rules> </security> </result> </response> - Confirm that the XML response for the query looks similar to the following (truncated):