Set Configuration

Use
action=set
to add or create a new object at a specified location in the PAN-OS configuration. Use the
xpath
parameter to specify the location of the object in the configuration. For example, if you are adding a new rule to the security rulebase, the xpath-value would be:
/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security
Code copied to clipboard
Unable to copy due to lack of browser support.
Use the
element
parameter to specify a value for the object you are adding or creating using XML.
Configuration Node
API Request
Create a new rule called rule1 in security policy
https://<firewall>/api/?key=apikey&type=config&action=set&key=keyvalue& xpath=xpath-value&element=element-value
Code copied to clipboard
Unable to copy due to lack of browser support.
where the xpath-value is:
/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='rule1']
Code copied to clipboard
Unable to copy due to lack of browser support.
and the element-value is:
<source><member>src</member></source><destination><member>dst</member></destination><service><member>service</member></service><application><member>application</member></application><action>action</action><source-user><member>src-user</member></source-user><option><disable-server-response-inspection>yes-or-no</disable-server-response-inspection></option><negate-source>yes-or-no</negate-source><negate-destination>yes-or-no</negate-destination><disabled>yes-or-no</disabled><log-start>yes-or-no</log-start><log-end>yes-or-no</log-end><description>description</description><from><member>src-zone</member></from><to><member>dst-zone</member></to>
Code copied to clipboard
Unable to copy due to lack of browser support.
Add an additional member to an address group or list
Include the 'list' node in the xpath using the
member[text()='name']
syntax and include the members in the element parameter. For example, to add an additional static address object named
abc
to an address group named
test
, use:
curl -X GET "https://<firewall>/api/?key=<apikey>&type=config&action=set&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/address-group/entry[@name='test']&element=<static><member>abc</member></static>"
Code copied to clipboard
Unable to copy due to lack of browser support.
Create a new IP address on a specific interface
Specify the interface and IP address in the request:
curl -X GET "https://<firewall>/api?key=<apikey>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/ip&element=<entry name='5.5.5.5/24'/>"
Code copied to clipboard
Unable to copy due to lack of browser support.
Enable or disable a security rule
curl -X GET "https://<firewall>/api/?key=<apikey>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='<vsys1>']/rulebase/security/rules/entry[@name='<rule-name>']&element=<disabled>yes</disabled>"
Code copied to clipboard
Unable to copy due to lack of browser support.
Altenatively, use
<disabled>no</disabled>
to enable a rule.

Recommended For You