Get Candidate Configuration

Get the candidate configuration from a firewall by specifying the portion of the configuration to get. Use the following request, including the
xpath
parameter to specify the portion of the configuration to get.
curl -X GET "https://<firewall>/api/?type=config&action=get&xpath=<path-to-config-node>&key=<apikey>"
Configuration Node
API Request
Firewall candidate configuration
curl -X GET "https://<firewall>/api/?type=config&action=get&xpath=/config/devices/entry/vsys/entry[@name='vsys1']&key=<api_key>"
Firewall candidate configuration through Panorama
https://<panorama>/api/?type=config&action=get& xpath=/config/devices/entry/vsys/entry[@name='vsys1'] &target=<serial>&key=<panorama_api_key>
Firewall candidate configuration through Panorama without specifying a firewall
curl -X GET "https://<panorama>/api/?type=config&action=get&xpath=/config/devices/entry/*[name()!='vsys']|/config/devices/entry/vsys/entry[@name='vsys1']&key=<panorama_api_key>"
Address objects in a virtual system (vsys).
curl -X GET "https://<firewall>//api/?type=config&action=get&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/address&key=<apikey>"
The response looks similar to the following:
<response status="success" code="19"> <result total-count="1" count="1"> <address admin="name" dirtyId="8" time="2015/10/20 15:32:36"><entry name="testobject"><ip-netmask>192.0.2.2</ip-netmask></entry><entry name="test1"><ip-netmask>192.0.2.12</ip-netmask></entry> ...</address> </result> </response>
Pre-rules pushed from Panorama.
curl -X GET "https://<firewall>//api/?type=config&action=get&xpath=/config/panorama/vsys/entry[@name='vsys']/pre-rulebase/security&key=<apikey>"
Full list of all applications.
curl -X GET "https://<firewall>/api/?type=config&action=get&xpath=/config/predefined/application&key=<apikey>"
Details on the specific application.
curl -X GET "https://<firewall>/api/?type=config&action=get&xpath=/config/predefined/application/entry[@name='hotmail']&key=<apikey>"

Recommended For You