Tag Archives: API

Editing Palo Configs by Scripts: pan-os-php

2025-06-25Palo Alto Networks, Tutorial/HowtoAPI, Docker, Palo Alto Networks, PAN-OS, pan-os-php, Panorama, Script, WSLJohannes Weber

There are recurring cases where tasks cannot be edited quickly and easily using the classic Palo Alto Networks GUI or Panorama. For example, editing multiple policies at once, such as during a zone migration. Or checking which policies haven’t log forwarding enabled, hence enabling it directly. Or finding unused objects, including deleting them.

For these situations (and many more!), there’s a tool with a wealth of predefined scripts: pan-os-php. This first blog post covers installation and some initial use cases.

Continue reading Editing Palo Configs by Scripts: pan-os-php →

Which KPIs to monitor on a Palo Alto Firewall?

2025-03-14Monitoring, Palo Alto NetworksAPI, global counters, KPI, metrics, Monitoring, Palo Alto Networks, XMLJohannes Weber

We wanted to monitor some of our Palo firewalls from our monitoring system via the API. But: Which enhanced metrics/KPIs shall we monitor? While there are some obvious ones such as interface counters, uptime, software versions, license expiry dates, or HA-states, we dug a little deeper to get more out of it, such as mgmt-/data-plane stats, packet rates, drop counters (all global counters?), and routing entries.

Here are some ideas on which values a monitoring system could observe. I’m listing the required API calls along with some demo values that can be used to develop monitoring tools/scripts.

Continue reading Which KPIs to monitor on a Palo Alto Firewall? →

Getting started with the APIs from Palo Alto Ntwks

2024-09-02API, Palo Alto Networks, Tutorial/HowtoAPI, JSON, Palo Alto Networks, Postman, REST, XMLJohannes Weber

You can talk to firewalls and Panorama from Palo Alto Networks in various ways. The well-known GUI (which I really love, by the way) and the CLI are quite common at first glance. Nearly everyone using the Palos is familiar with these configuration options.

When it comes to automation at some point, either to configure those devices or just to read out some KPIs for your monitoring, APIs are in place. Plural because Palo has two APIs: The so-called “XML API” and the “REST API“. Let’s get started with both of them:

Continue reading Getting started with the APIs from Palo Alto Ntwks →

Cisco APIC: New Certificate

2022-03-02API, Certificate, Cisco SystemsAPI, Certificate, Cisco ACI, Cisco APIC, Postman, X.509Johannes Weber

This post is about adding an own (trusted) X.509 certificate for the HTTPS GUI of the Cisco Application Policy Infrastructure Controller aka APIC. You can do this via the GUI itself or via the API. Here are both ways:

Continue reading Cisco APIC: New Certificate →

Weberblog.net

IT-Security, Networks, IPv6, VPN, DNSSEC, NTP

Tag Archives: API

Editing Palo Configs by Scripts: pan-os-php

Which KPIs to monitor on a Palo Alto Firewall?

Getting started with the APIs from Palo Alto Ntwks

Cisco APIC: New Certificate