Introduction to the PAN-OS API¶
About the API¶
API’s are very important to Palo Alto Networks. Security automation is key to the success of any organization in preventing cyber attacks. So Palo Alto Networks products have comprehensive APIs to enable automation.
In this lab we’ll focus on the PAN-OS API, which is the API for the Palo Alto Networks Next-generation Firewall and Panorama Management Center.
When connecting to the PAN-OS API:
- Access the API on the management interface using HTTPS, just as you would connect to the GUI.
- Connections to the API are treated as general web admin access. They create a session just like you were accessing the GUI.
- Authentication requires an API key which is generated through an API call.
Some examples of how you might use the PAN-OS API include, but are not limited to:
- Read, write, verify, and commit configuration
- Download reports in XML format
- Execute operational commands to check health and status
- Collect logs and pcaps
- Update dynamic address groups
- Update user-id mappings
- And much more!
The API Browser¶
The Next-generation Firewall and Panorama have an API Browser built in which allows you to explore the API and trigger simple API calls in the browser itself.
You can access the API Browser by adding
/api to the URL after
the IP address of the firewall. For example, if your firewall is
at 10.0.0.1, the URL of the API Browser is https://10.0.0.1/api
Lab exercise: Try connecting to the API Browser on the firewall in your lab. Explore a little to get familiar, then continue with the lab.
API Command Types¶
There are several API types as shown in the main page of the API browser.
|keygen||Generate an API Key (not shown in API Browser)|
|config||Retrieve or modify the configuration|
|commit||Commit the configuration|
|export||Export files, packet captures, and keys|
|import||Import files, certificates, response pages, and branding|
|op||Operational commands (like ‘show’ commands)|
|report||Retrieve predefined, dynamic, and custom reports|
|user-id||User/IP mappings and Dynamic Address Groups|
This lab focuses on the following 5 types, but the concepts needed to understand these 5 types are the same concepts for all the other types.
Continue to Introducing pan-python in Module 1 to begin the first lab.