Palo Alto Networks uses XML as the data structure for it's representation of the configuration file. Automating a firewall takes three steps.
- Creating the xml file
- Pushing the xml file to the firewall
- Committing the candidate configuration
This is going to be placed into a text file called sub-int.xml which I'll use later.
In my script I read from the file and and place it into a variable called data. I strip the newlines so that I don't have separate each line into an array.
Last you need to commit the config. One thing about the api is that the commit call needs an xml element <commit/>
When I tried it without a cmd ie. xapi.commit(), I got the following error.
pan.xapi.PanXapiError: Missing value for parameter "cmd".
This was confusing at first, until I spoke with a Palo Alto networks Solutions Architect about it and he explained that you need to tell it which type of commit you want. There are a few options such as commit, commit partial and commit full. I think there should be a default setting. Commit without any input should mean a normal commit. Maybe I'll modify a git cloned repository.
from cred import get_pan_credentials
credentials = get_pan_credentials()
xapi = pan.xapi.PanXapi(**credentials)
xpath = "/config/devices/entry/network/interface/ethernet"
#open xml file and read it into a variable called data.
with open ("sub-int.xml", "r") as myfile:
#set the config using the above xpath
#commit the config. Make sure to add the xml command.
Here's the resulting screen cap: