Delete Configuration ==================== The **panxapi.py** **-d** option performs the ``type=config&action=delete`` API request to delete objects in the configuration. The *xpath* argument specifies the object's node in the configuration. Example: Delete Secondary NTP Server ------------------------------------ :: $ XPATH="/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/secondary-ntp-server" $ panxapi.py -gr $XPATH get: success [code="19"] north-america.pool.ntp.org $ panxapi.py -dx $XPATH delete: success [code="20"]: "command succeeded" command succeeded $ panxapi.py -gx $XPATH get: success [code="7"] .. note:: The status is **success** and the code is "7" which specifies the object does not exist. The `codes `_ are documented in the PAN-OS and Panorama API Guide. Lab 10 ------ #. Use **panxapi.py** to delete the ``addr3`` member from address-group ``group1``. #. Verify results using *get* (**-g**). .. tip:: SSH to your firewall and use ``> debug cli on``, then ``> configure`` and ``# delete address-group group1 static addr3`` to determine the XPath to use in the request. Use ``# set address-group group1 static addr3`` to restore the member before proceeding with the **panxapi.py** request. .. admonition:: Solution :class: toggle :: admin@PA-VM> debug cli on admin@PA-VM> configure admin@PA-VM# delete address-group group1 static addr3 admin@PA-VM# set address-group group1 static addr3 $ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr3']" $ panxapi.py -d $XPATH delete: success [code="20"]: "command succeeded" $ panxapi.py -gx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member" get: success [code="19"] addr1 addr2 addr4 addr5 .. note:: ``text()`` is an XPath node test matching text nodes only, and is used to match the ``addr3`` member node. The XPath for ``action=delete`` can specify a node-set (> 1 node) to delete multiple objects with a single request. The following XPath expression uses the *or* operator to match multiple address-group members. Example: Get Multiple Objects ----------------------------- :: $ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr4' or text()='addr5']" $ panxapi.py -gr "$XPATH" get: success [code="19"] addr4 addr5 Lab 11 ------ #. Use **panxapi.py** to delete the ``addr1`` and ``addr2`` members from address-group ``group1``. #. Verify results using *get* (**-g**). #. Use **panxapi.py** to delete the address-group ``group1``. #. Verify results using *get* (**-g**). .. admonition:: Solution :class: toggle :: $ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr1' or text()='addr2']" $ panxapi.py -d "$XPATH" delete: success [code="20"]: "command succeeded" $ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']" $ panxapi.py -gx $XPATH get: success [code="19"] addr4 addr5 $ panxapi.py -d $XPATH delete: success [code="20"]: "command succeeded" $ panxapi.py -gx $XPATH get: success [code="7"]