Expand all | Collapse all
PAN-OS OpenConfig Config
PAN-OS OpenConfig Config support information.
Review the
YANG model before using the pan-os config data
model to familiarize yourself with supported paths.
View the
PAN-OS documentation on configuration for more
information on previewing configuration changes and using deltas in your configuration
previews.
When using the config with PAN-OS, you can either get the full firewall or
panorama configuration delivered in JSON format or only get the difference of
configurations.
You can all use the
data_push_url to send the configuration to a custom
endpoint. You can then use the your endpoint to further process conditions and use the
other available config models to manipulate your PAN-OS firewall configuration. You can
use the configuration model in conjunction with the other
OpenConfig Models to modify
your firewall settings.
Retrieving a Full Configuration
You can use the following query to retrieve the entire stored configuration settings
for your specified firewall. The response contains the available leaf nodes in JSON
format.
gnmic -u USER -p PASSWORD -a IP:9339 subscribe --mode once --encoding JSON_IETF --timeout 300s --skip-verify --path "pan/config/full_config"
Retrieving a Delta Configuration
The following query retrieves a delta config which is a difference of the proposed
configuration and the committed configuration:
gnmic -u USER -p PASSWORD -a IP:9339 subscribe --mode once --encoding JSON_IETF --timeout 300s --skip-verify --path "pan/config/delta_config"
The following is a response from the provided query
above:
{
"source": "10.124.160.118:9339",
"subscription-name": "default-1683621498",
"timestamp": 1683621501000000000,
"time": "2023-05-09T14:08:21+05:30",
"updates": [
{
"Path": "/pan/config/delta_config",
"values": {
"/pan/config/delta_config": {
"code": 200,
"message": "No diff"
}
}
}
]
}
