This is an old revision of the document!

PAN-OS API Set Configuration

Prefix all commands with

https://10.1.1.1/api/?key=API_KEY

General Firewall Setup

Set Hostname

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<hostname>HOSTNAME_2</hostname>

Set Timezone

&type=config=&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<timezone>Europe/London</timezone>

Set NTP

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<ntp-servers><primary-ntp-server><ntp-server-address>139.143.5.30</ntp-server-address><authentication-type><none/></authentication-type></primary-ntp-server><secondary-ntp-server><ntp-server-address>139.143.5.31</ntp-server-address><authentication-type><none/></authentication-type></secondary-ntp-server></ntp-servers>

Set DNS

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<dns-setting><servers><primary>1.1.1.1</primary><secondary>1.0.0.1</secodary></servers></dns-setting>

Enable "Verify Update Server

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<server-verification>yes</server-verification>

Disable Insecure Management Services

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<service><disable-telnet>yes</disable-telnet><disable-http>yes</disable-http></service>

Dynamic Updates

Set Dynamic Update Schedule - Anti-Virus

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/update-schedule/anti-virus&element=<recurring><hourly><at>36</at><action>download-and-install</action></hourly></recurring>

Set Dynamic Update Schedule - Apps & Threats

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/update-schedule/threats&element=<recurring><hourly><at>30</at><action>download-and-install</action></hourly><threshold>2</threshold><new-app-threshold>12</new-app-threshold></recurring>

Set Dynamic Update Schedule - GlobalProtect Datafile

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/update-schedule/global-protect-datafile&element=<recurring><hourly><at>55</at><action>download-and-install</action></hourly></recurring>

Set Dynamic Update Schedule - GlobalProtect Clientless VPN Datafile

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/update-schedule/global-protect-clientless-vpn&element=<recurring><hourly><at>40</at><action>download-and-install</action></hourly></recurring>

Set Dynamic Update Schedule - WildFire

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/update-schedule/wildfire&element=<recurring><every-15-mins><at>5</at><action>download-and-install</action></every-15-mins></recurring>

Set Dynamic Update Schedule - All

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system&element=<update-schedule><threats><recurring><hourly><at>30</at><action>download-and-install</action></hourly><threshold>2</threshold><new-app-threshold>8</new-app-threshold></recurring></threats><global-protect-datafile><recurring><hourly><at>55</at><action>download-and-install</action></hourly></recurring></global-protect-datafile><global-protect-clientless-vpn><recurring><hourly><at>40</at><action>download-and-install</action></hourly></recurring></global-protect-clientless-vpn><anti-virus><recurring><hourly><at>15</at><action>download-and-install</action></hourly></recurring></anti-virus><wildfire><recurring><every-15-mins><at>5</at><action>download-and-install</action></every-15-mins></recurring></wildfire></update-schedule>

WildFire Settings

However, to do all WildFire with Curl, we must skip the “ symbols.

Set WildFire Public Cloud to EU Data Centre

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire&element=<public-cloud-server>eu.wildfire.paloaltonetworks.com</public-cloud-server>

Set WildFire to Log Benign Files

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire&element=<report-benign-file>yes</report-benign-file>

Set WildFire to Log Grayware Files

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire&element=<report-grayware-file>yes</report-grayware-file>

Set WildFire Size Limits and Update Server and Logging

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting&element=<wildfire><public-cloud-server>eu.wildfire.paloaltonetworks.com</public-cloud-server><report-benign-file>no</report-benign-file><report-grayware-file>yes</report-grayware-file><file-size-limit><entry%20name="pe"><size-limit>10</size-limit></entry><entry%20name="apk"><size-limit>30</size-limit></entry><entry%20name="pdf"><size-limit>1000</size-limit></entry><entry%20name="ms-office"><size-limit>1000</size-limit></entry><entry%20name="jar"><size-limit>5</size-limit></entry><entry%20name="flash"><size-limit>5</size-limit></entry><entry%20name="MacOSX"><size-limit>1</size-limit></entry><entry%20name="archive"><size-limit>10</size-limit></entry><entry%20name="linux"><size-limit>2</size-limit></entry></file-size-limit></wildfire>

Set WildFire Size Limits Individually

PE File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='pe']&element=<size-limit>18</size-limit>

APK File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='apk']&element=<size-limit>11</size-limit>

PDF File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='pdf']&element=<size-limit>3070</size-limit>

MS Office File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='ms-office']&element=<size-limit>16380</size-limit>

Jar File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='jar']&element=<size-limit>4</size-limit>

Flash File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='flash']&element=<size-limit>4</size-limit>

MaOSX Executable

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='MacOSX']&element=<size-limit>9</size-limit>

Archive File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='archive']&element=<size-limit>49</size-limit>

Linux ELF File

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='linux']&element=<size-limit>49</size-limit>

Script

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/wildfire/file-size-limit/entry[@name='script']&element=<size-limit>19</size-limit>

Security Settings

https://10.1.1.1/api/?type=config&key=APIKEY&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting&element=<tcp><drop-zero-flag>yes</drop-zero-flag><bypass-exceed-oo-queue>no</bypass-exceed-oo-queue><check-timestamp-option>yes</check-timestamp-option></tcp>

Set “Forward segments exceeding TCP App-ID inspection queue” settings in Device→Setup→Content-ID

https://10.1.1.1/api/?type=config&key=APIKEY&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting&element=<application><bypass-exceed-queue>no</bypass-exceed-queue></application>

Set the “Forward segments exceeding TCP content inspection queue” and “Forward datagrams exceeding UDP content inspection queue” settings in Device→Setup→Content-ID

https://10.1.1.1/api/?type=config&key=APIKEY&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting&element=<ctd><udp-bypass-exceed-queue>no</udp-bypass-exceed-queue><tcp-bypass-exceed-queue>no</tcp-bypass-exceed-queue></ctd>

Set URL Proxy for SSL Decrypt. This allows proper response pages to be delivered even when decryption is not enabled.

https://10.1.1.1/api/?type=config&key=APIKEY&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting&element=<ssl-decrypt><url-proxy>yes</url-proxy></ssl-decrypt>

Terminal Service Agent Config

Create TS Agent Entry

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent&element=<entry%20name="name-of-ts-entry"><host>10.1.2.3</host><port>5009</port></entry>

Delete TS Agent Entry

&type=config&action=delete&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/ts-agent/entry[@name='name-of-ts-entry']

HA Configuration

Set Interface as HA Interface

&type=config&action=set&xpath=/config/devices/entry[@name="localhost.localdomain"]/network/interface/ethernet&element=<entry%20name="ethernet1/6"><ha/></entry>

Main HA Settings

Within <ha1></ha1>, if you do not set <port>x</port>, then the firewall will use HA1. You can set ha1-a, ha1-b' or management. To enabled decryption, add<encryption><enabled>yes</enabled></encryption>' to <ha1></ha1>'''.

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/deviceconfig&element=<high-availability><interface><ha1><port>ethernet1/6</port><ip-address>1.1.1.1</ip-address><netmask>255.255.255.252</netmask><encryption><enabled>no</enabled></encryption></ha1><ha1-backup><port>management</port></ha1-backup><ha2><port>ethernet1/7</port><ip-address>2.2.2.1</ip-address><netmask>255.255.255.252</netmask></ha2></interface><group><state-synchronization><ha2-keep-alive><enabled>yes</enabled></ha2-keep-alive></state-synchronization><election-option><device-priority>101</device-priority><timers><recommended/></timers></election-option><mode><active-passive><passive-link-state>auto</passive-link-state></active-passive></mode><group-id>23</group-id><peer-ip>1.1.1.2</peer-ip><peer-ip-backup>192.168.2.1</peer-ip-backup></group></high-availability>

Set HA Link Monitoring Settings

&type=config&action=set&xpath=/config/devices/entry[@name="localhost.localdomain"]/deviceconfig&element=<high-availability><group><monitoring><link-monitoring><enabled>yes</enabled><link-group><entry%20name="HA-LNK_GRP"><interface><member>ethernet1/8</member></interface></entry></link-group></link-monitoring></monitoring></group></high-availability>

Disable HA Path Monitoring

&type=config&action=set&xpath=/config/devices/entry[@name="localhost.localdomain"]/deviceconfig&element=<high-availability><group><monitoring><path-monitoring><enabled>no</enabled></path-monitoring></monitoring></group></high-availability>

Enable HA

&type=config&action=set&xpath=/config/devices/entry[@name="localhost.localdomain"]/deviceconfig&element=<high-availability><enabled>yes</enabled></high-availability>

Disable HA

&type=config&action=set&xpath=/config/devices/entry[@name="localhost.localdomain"]/deviceconfig&element=<high-availability><enabled>no</enabled></high-availability>

Objects

Create Address Objects

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address&element=<entry%20name="ADDRESS_OBJECT_NAME"><ip-netmask>IP_VALUE</ip-netmask><tag><member>TAG_NAME_IF_APPLICABLE</member></tag></entry>

Edit Address Object

&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address/entry[@name='ADDRESS_OBJECT']&element=<ip-netmask>NEW_VALUE</ip-netmask>

Saucepan

Table of Contents