Thursday, May 4, 2023

Simple PANOS api examples

The REST-api or XML-api is very simple to use. I'm going to show you a few examples.

1st with RESTapi you have to call your API-KEY as a header "X-PAN-KEY: biglogapikey". 

tip:

You have to specify the API version also. if you specify the wrong version you will received a error similar to;


:[{"code":1,"module":"panui_restapi","description":"Version Not Supported: v10.1"}]}]}%


tip:

If you have typos , the key will not work


tip:

Do not add the key as a HTTP query string 


examples;


restapi


# retrieve all objects from fw


curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Objects/Addresses?location=vsys&vsys=vsys1"


# all services


curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Objects/services?location=vsys&vsys=vsys1"


# addressGroups


curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Objects/AddressGroups?location=vsys&vsys=vsys1"



# security polices


curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Policies/SecurityRules?location=vsys&vsys=vsys1"



# NAT rules

curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Policies/NatRules?location=vsys&vsys=vsys1"


# zones


curl -H "X-PAN-KEY:LUFRPT1zQ05XOHhPbXpFWk9GWTVFcXVaMkhDVTY4dEE9bFg3VnFtc3RlSGN1L1U2eGd1bVA3NGJRN0wwaUxkcEZVVlYvN1o5VTZ6cklsRi9QZjA4NEhqc1NkblJqd3FROQ=="  -k "https://192.168.11.99/restapi/v10.0/Network/zones?location=vsys&vsys=vsys1"


The XML-API can use the key within a http query string, just append it to the HTTP get query.



xml-api



#list devices XPath



 curl  -k  'https://csockets-panorama01.socpuppets.net/api/?type=op&cmd=<show><config><running><xpath>devices</xpath></running></config></show>&key=LUFRPT1wWno4WEprSHlqV1hkNGtuWllXckxXaVFtOWM9a0ZmdTlKMFQxZWRVMVhkd29pSVlqZU1JL2UvcVF6L1AvbmZKYUR3Yi8xeXdkS0XnedRscXk2Z043OWJMbEtpdw=='


# list shared xpath

curl  -k  'https://csockets-panorama01.socpuppets.net/api/?type=op&cmd=<show><config><running><xpath>shared</xpath></running></config></show>&key=LUFRPT1wWno4WEprSHlqV1hkNGtuWllXckxXaVFtOWM9a0ZmdTlKMFQxZWRVMVhkd29pSVlqZU1JL2UvcVF6L1AvbmZKYUR3Yi8xeXdkS0XnedRscXk2Z043OWJMbEtpdw==' 



# check operational mode


curl  -k  'https://panorama01.socpuppets.net/api/?type=op&cmd=<show><operational-mode></operational-mode></show>&key=LUFRPT1lL0I0YkFhMFNIOUs1SDSiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVXVyV21YREFSeFFnZmFXVzUrb0luZw=='



# fetch license


curl  -k  'https://panorama01.socpuppets.net/api/?type=op&cmd=<request><license><fetch/></license></request>&key=LUFRPT1lL0I0YkFhMFNIOUs1SDSiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVXVyV21YREFSeFFnZmFXVzUrb0luZw=='



curl  -k  'https://panorama01.socpuppets.net/api/?type=op&cmd=<request><license><info/></license></request>&key=LUFRPT1lL0I0YkFhMFNIOUs1SDSiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVXVyV21YREFSeFFnZmFXVzUrb0luZw=='



# display the license details


 curl  -k  'https://panorama01.socpuppets.net/api/?type=op&cmd=<show><system><info></info></system></show>&key=LUFRPT1lL0I0YkFhMFNIOUs1SDSiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVXVyV21YREFSeFFnZmFXVzUrb0luZw=='


# save the config file


curl  -k  'https://panorama01.socpuppets.net/api/?type=op&cmd=<save><config><to>config.save</to></config></save>&key=LUFRPT1lL0I0YkFhMFNIOUs1SDSiUFFBVDAvOXdxNjQ9WmNaa1JrblVuMEVubFBBNlVJT3loWk9VT0F5VThiK0s1UmFjTVhwa0oyVXVyV21YREFSeFFnZmFXVzUrb0luZw=='




here's an example of a license info







XML is sometimes slightly harder but you have multiple items that can be done from show operational and commit commands.


RESTapi is easier but if you ever upgrade your FW and have hardcoded scripts, the API version will come back and haunt you.


I've always found myself using a combination of REST and XML API calls.









NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \


Posted by at No comments:
Subscribe to: Posts (Atom)