Learn about PAN-OS OpenConfig benefits and capabilities
Palo Alto Networks OpenConfig plugin
allows you to programmatically access the firewall based on OpenConfig
data models and protocols to automate configuration and telemetry
retrieval. To Learn more about OpenConfig, visit https://www.openconfig.net.
The OpenConfig interface uses gRPC Network Management Interface
(gNMI) protocol for configuration management, telemetry based on
the OpenConfig data models, and gRPC Network Operations Interface
(gNOI) for operational services defined by OpenConfig.
Using the plugin, you can manage configuration, generate streaming
telemetry, and carry out operational services on the firewall. The
OpenConfig plugin is supported on the hardware and VM-Series firewalls.
The gMNI protocol uses a client-server messaging model. The OpenConfig
plugin implements a gNMI server that listens for client requests
and supports all of the gNMI request types: Set, Get, Subscribe,
and Capabilities. The Set request carries out transaction based
edit operations whether it be single or multiple requests.
Models Supported with v1.0.0
These models
are supported with the first version of the plugin:
Download the plugin by selecting DevicePlugins on
a PAN-OS firewall.
Select the version of the plugin and click Install in
the Actions column to install the plugin. PAN-OS will alert you
when the plugin is complete.
Target Address
The PAN-OS OpenConfig plugin listens for requests on
the management interface’s assigned IP address on port 9339. To
send gNMI requests to the firewall, use the management IP address,
for example: 10.0.0.1:9339.
If you want to change the IP address for gNMI requests, you should
first configure the management interface for the firewall. How to Configure the Management
Interface IP shows how you can set the management IP of a
firewall.
