REST API based configuration management for Palo Alto devices

Network Configuration Manager now provides REST APIs in Palo Alto devices to help users achieve a simplified UI usage. Palo Alto device users need not worry about command syntax and configuration hierarchy, instead they can just focus on one particular part of the configuration.

Palo Alto - REST API based configuration management support

If you are not using a Palo Alto device, but require REST API support, please reach out to Network Configuration Manager Support, in case you want us to add support for a particular vendor.

REST API based configuration management works with REST Configlets.

Palo Alto REST Credentials

To use REST API features in your Palo Alto device, Network Configuration Manager needs REST credentials to connect to your Palo Alto device before executing the REST APIs. These credentials can be provided directly from the "Apply Credentials" slide.

  • While connecting with REST APIs, a Palo Alto device will need its parameters to be set for authentication.
  • Network Configuration Manager provides the fields for each of these parameters with their default values.
  • You can choose to either manage your Palo Alto device with just REST Credentials or with a combination of CLI and REST credentials.
  • For important functions like Enabling/Disabling Syslog Change Detection, it is recommended to manage your Palo Alto device by using a combination of CLI and REST credentials.

Please refer to the following steps to know more about associating REST credentials to a Palo Alto device.

  1. Go to Inventory > Devices.
  2. Select the devices on which you want to apply the REST Credentials.
  3. Select "Apply Credentials" from the options.
  4. Select "REST API" as the protocol in case you want to manage the devices with REST credentials alone. Otherwise, select your desired protocol, provide proper CLI credentials and then select the REST API tab to provide REST credentials.
  5. Check "Use REST API for communication whenever applicable". (This will be available only while using REST credentials along with CLI protocol.)
  6. Provide all the required parameters in the form and save the credentials.

Rest Configlets - Palo Alto

Rest configlets are configuration objects such as address, policy, security rules etc. You can access Rest Configlets by going to Config Automation > Configlets > Rest Configlets.

Each configlet comes with a different set of operations such as Add, Edit, View, Delete, Rename, View All, Clone, Execute etc.

Let us see what each operation means in a Palo Alto device

1. ADD : Allows you to add a new object to the device configuration.

2. Edit : Provides a list of objects available in the Palo Alto device. You can then select a particular object. The details about the selected object will be fetched from the device and will be shown to you. You can update any particular detail/parameter for that object and then execute the configlet to save the changes in device.

3. View: This provides a list of objects available in the Palo Alto device. You can then select a particular object. The details about the selected object will be fetched from the device and shown to you in read only mode.

4. View All: This shows all the available objects in your Palo Alto device in a grid along with their details.

5. Delete: Provides a list of objects available in the Palo Alto device. You can select a particular object and execute the configlet to delete the object.

6. Rename: You can select a particular object and provide a new name to rename the object in the device.

7. Clone: You can select a particular object and provide a new name to clone the object in the device with the name provided along with its properties.

Palo Alto REST API based configuration management - Benefits

  • Palo Alto REST APIs provide a GUI that is similar to the device's GUI (Eg: Firewall GUI) and this makes it easy to update a part of the configuration directly from Network Configuration Manager.
  • While backing up whole configurations, Palo Alto device REST APIs are faster.
  • You do not have to memorize command syntaxes during the updation of part in a configuration.
  • The important objects in a configuration can be viewed in a grid format in Network Configuration Manager.
  • You don't have to worry about the hierarchy of objects in a configuration.