Palo Alto Networks firewalls were originally designed around XML APIs. JSON-based REST APIs were introduced later and, as a result, the implementation is currently incomplete and, as we’ll see, prone to certain errors. As noted earlier, the API documentation is available directly on the firewall: https://172.25.10.4/restapi-doc/

My recommendation is to use the REST API only for specific, well-tested tasks. In all other cases, it is preferable to rely on the XML API.

Configuration Commands via REST API

Currently, REST APIs can only be used for configuration tasks. All other operations, including commit, must still be performed using the XML API.

Let’s take the same example from the previous section and create Google’s two DNS servers on the firewall. While REST API documentation is more comprehensive, it’s sometimes incomplete and not always easy to interpret:

If we attempt to use the API without carefully reading the documentation, we receive the following error:

Continue reading the post on Patreon .