/
Appendix
Document toolboxDocument toolbox

Appendix

Owned by Shirly Tsang
Jun 04, 2024

Alternatively curl commands can be used to create Palo Alto objects.

Dynamic Address Groups commands

  1. Command to register tag to an IP:

curl -k https://[firewall]/api/?key=[key]&type=user-id&cmd=<uid- message><version>2.0</version><type>update</type><payload><register><entry ip="[addressIP]"><tag><member>[tag]</member></tag></entry></register></payload></uid-message>

For example:

https://172.0.0.10/api/?key=xxxxx&type=user-id&cmd=<uid- message><version>2.0</version><type>update</type><payload><register><entry ip="10.0.0.1"><tag><member>allow</member></tag></entry></register></payload></uid-message>

 

  1. Command to unregister tag from an IP:

curl -k https://[firewall]/api/?key=[key]&type=user-id&cmd=<uid- message><version>2.0</version><type>update</type><payload><unregister><entry ip="[IP- address]"><tag><member>[tag]</member></tag></entry></unregister></payload></uid-message>

 

Static Address Groups commands

  1. Command to add address to list of addresses:

curl -k https://[firewall]/api/?key=[key]&type=config&action=set&xpath=/config/shared/address/entry[@name='[address name']&element=<ip-netmask>[addressIP]</ip-netmask>

For example:

https://172.0.0.10/api/?key=xxxxx&type=config&action=set&xpath=/config/shared/address/entry[@name='10.0.0.0']& element=<ip-netmask>10.0.0.0</ip-netmask>

 

  1. Commands to add address to static address group:

curl -k https://[firewall]/api/?key=[key]&action=set&xpath=/config/shared/address-group/entry[@name='[address group name’]&element=<static><member>[addressIP]</member></static>
curl -k https://172.0.0.10/api/?key=xxxxx&action=set&xpath=/config/shared/address- group/entry[@name='IBlox_Host_Allow’]&element=<static><member>10.0.0.0 </member></static>

 

  1. Commit to firewall:

curl -k https://[firewall]/api/?key=[key]&type=commit&cmd=<commit><force></force></commit>

Related content