PAN-OS-Python Framework Quickstart
#
InstallationThe easiest method to install pan-os-python is using pip (pan-os-python only supports Python3):
pip install pan-os-python
Or, if you have virtualenvwrapper installed:
mkvirtualenv pan-os-pythonpip install pan-os-python
Pip will install the pan-python library as a dependency.
Upgrade to the latest version:
pip install --upgrade pan-os-python
#
How to importTo use Palo Alto Networks Device Framework in a project:
import panos
You can also be more specific about which modules you want to import:
from panos import firewallfrom panos import network
#
A few examplesFor configuration tasks, create a tree structure using the classes in each module. Nodes hierarchy must follow the model in the Configuration Tree.
The following examples assume the modules were imported as such:
from panos import firewallfrom panos import network
#
Create a subinterface and commit:fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")eth = fw.add(network.EthernetInterface("ethernet1/1", mode="layer3"))subeth = eth.add(network.Layer3Subinterface("ethernet1/1.30", ip="4.4.4.4/24", tag=30))subeth.create()fw.commit()
show system info
#
Perform fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")print fw.op("show system info")
Some operational commands have methods to refresh the variables in an object:
# populates the version, serial, and model variables from the live devicefw.refresh_system_info()
tip
See more examples in the How to Guides.
#
Upgrade from pandeviceThis pan-os-python package is the evolution of the older pandevice package. To upgrade from pandevice to pan-os-python, follow these steps.
#
Step 1. Ensure you are using python3Python2 is end-of-life and not supported by pan-os-python.
#
Step 2. Uninstall pandevicepip uninstall pandevice
#
Step 3. Install pan-os-pythonpip3 install pan-os-python
#
Step 4. Change the import statements in your code from pandevice to panosimport pandevicefrom pandevice.firewall import Firewall
would change to
import panosfrom panos.firewall import Firewall
#
Step 5. Test your script or applicationThere are no known breaking changes between pandevice v0.14.0 and pan-os-python v1.0.0, but it is a major upgrade so please verify everything works as expected.
#
Connecting to PAN-OS 8.0 and higherPAN-OS 8.0 by default does not allow connections to the API with TLS 1.0. Unfortunately, the latest OSX and many linux distros come with OpenSSL versions that don't support TLS 1.1 or 1.2. OpenSSL 1.0.1 or higher is needed to connect to PAN-OS 8.0. If you try to connect with a lower version of OpenSSL, you'll get a connection error. There are two solutions:
Option 1: Upgrade OpenSSL (more secure)
Mac OSX: In Mac OSX you can't upgrade the built-in OpenSSL, but you can install your own python and OpenSSL using Homebrew. Follow this guide to get set up: Definitive guide to python on OSX
Linux: Use the instructions for your distribution's package manager to upgrade OpenSSL to 1.0.1 or higher.
Option 2: Enable TLS 1.0 on PAN-OS (less secure)
Follow the direction in the PAN-OS Administrator Guide: Replace the Certificate for Inbound Management Traffic