### Start Content Installation on PAN-OS Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/guides/offline-content-software-upgrade.mdx Initiates the installation of the uploaded content file on the PAN-OS device. The `skip-content-validity-check` option is used, and the operation's response is registered for tracking. ```yaml - name: Start content installation paloaltonetworks.panos.panos_op: provider: "{{ device }}" cmd: "yes{{ content_file }}" cmd_is_xml: true register: contentinstall ``` -------------------------------- ### Terraform Init Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/cloudngfw/aws/tutorials/create_cloudngfws.mdx This is an example output of the `terraform init` command. It shows the initialization process, including downloading and installing required providers like Palo Alto Cloud NGFW AWS and HashiCorp AWS. ```hcl Initializing the backend... Initializing provider plugins... - terraform.io/builtin/terraform is built in to Terraform - Finding paloaltonetworks/cloudngfwaws versions matching "1.0.8"... - Finding hashicorp/aws versions matching "~> 4.5"... - Installing paloaltonetworks/cloudngfwaws v1.0.8... - Installed paloaltonetworks/cloudngfwaws v1.0.8 (signed by a HashiCorp partner, key ID D1B17746D294B5C8) - Installing hashicorp/aws v4.52.0... - Installed hashicorp/aws v4.52.0 (signed by HashiCorp) ``` -------------------------------- ### Kubernetes Console Address Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/compute/api/welcome-prisma-cloud-apis.md Example of how to format the Console address for Kubernetes installations using a LoadBalancer. ```bash $ https://:8083 ``` -------------------------------- ### Download and Execute Client Certificate Install Script using cURL Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/certs/client-certs_get.md This example demonstrates how to download the client certificate installation script using cURL with basic authentication and pipe it directly to the shell for execution. Ensure you replace with your actual username. ```bash $ curl \ -u \ -X GET https://:8083/api/v1/certs/client-certs.sh | sh ``` -------------------------------- ### Onebox Console Address Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/compute/api/welcome-prisma-cloud-apis.md Example of how to format the Console address for Onebox installations on a stand-alone host. ```bash $ https://:8083 ``` -------------------------------- ### Getting Help for CLI Functions Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/prisma-airs-model-security/api/aisecuritymodel/sdk-aisecuritymodel.md Example of how to get help for any CLI function, listing all available parameters. ```APIDOC ## Getting Help For any CLI function, you can also list all parameters with the `--help` flag, for example: ```bash model-security list-scans --help ``` ``` -------------------------------- ### Download Defender Setup Script Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/scripts/defender_ps1_get.md Use this curl command to download the Defender setup script for Windows. Ensure you replace and with your actual credentials and console address. The script can be configured with parameters during installation. ```bash $ curl \ -u \ -H 'Content-Type: application/json' \ -X GET \ -o defender.ps1 \ https://:8083/api/v1/scripts/defender.ps1 ``` -------------------------------- ### PAN-OS Ansible Collection Output Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/tutorials/setup.mdx An example of the output when checking for the installed PAN-OS Ansible collection. The version number may vary. ```text paloaltonetworks.panos 2.11.0 ``` -------------------------------- ### Local Development Commands Source: https://github.com/paloaltonetworks/pan.dev/blob/master/AGENTS.md Commands for installing dependencies, starting the development server (full and selective builds), formatting code, and building the project for production. ```bash # Install deps (Node 20 LTS) yarn # Full dev (slow) yarn start # Fast dev products_INCLUDE=contributing yarn start # Format yarn format # Production build (for testing and development) products_INCLUDE=contributing,prisma-airs yarn build-github ``` -------------------------------- ### Start local development server with specific products Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/contributing/advanced/partial-builds.md Start a local development server including only the 'sase', 'access', and 'sdwan' product folders. This speeds up build times by avoiding processing of other product documentation. ```bash PRODUCTS_INCLUDE=sase,access,sdwan yarn start ``` -------------------------------- ### Get Job ID for Content Install Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/guides/offline-content-software-upgrade.mdx Parses the Job ID from the content installation response. This is used to monitor the installation progress. ```yaml - name: Get job ID for content install community.general.xml: xmlstring: "{{ contentinstall.stdout_xml }}" xpath: /response[@status='success']/result/job content: text register: content_jobid ``` -------------------------------- ### Get Job ID for Software Install Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/guides/offline-content-software-upgrade.mdx Parses the Job ID from the software installation response. This ID is crucial for monitoring the installation status. ```yaml - name: Get job ID for software install community.general.xml: xmlstring: "{{ softwareinstall.stdout_xml }}" xpath: /response[@status='success']/result/job content: text register: software_jobid ``` -------------------------------- ### Sample Prisma Cloud Azure Tenant Onboarding Request Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/prisma-cloud/docs/cspm/azure-account-onboarding.md Example cURL command to initiate Azure tenant onboarding with Prisma Cloud. Specifies account type, tenant ID, desired features, and deployment details. ```bash curl --request POST 'https://api.prismacloud.io/cas/v1/azure_template' \ --header 'accept: application/json' \ --header 'content-type: application/json' \ --header 'x-redlock-auth: ' \ --data-raw '{ "accountType": "tenant", "tenantId": "", "features": [ "Agentless Scanning", "Auto Protect", "Remediation", "Serverless Function Scanning" ], "deploymentType": "azure", "rootSyncEnabled": true }' ``` -------------------------------- ### Initialize and Use Async Client Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/prisma-airs/api/airuntimesecurity/management/mgmt-python-sdk.md Demonstrates initializing and using the asynchronous MgmtClientAsync. It shows both context manager usage (recommended) and manual initialization/cleanup. ```python import asyncio from airs_api_mgmt import MgmtClientAsync async def main(): # Option 1: Use async context manager (recommended) async with MgmtClientAsync( client_id="your_client_id", client_secret="your_client_secret" ) as client: # Client automatically closes when exiting context api_keys = await client.api_keys.get_all_api_keys() print(f"API Keys: {api_keys}") # Option 2: Manual initialization and cleanup client = MgmtClientAsync() try: profiles = await client.ai_sec_profiles.get_all_ai_profiles() print(f"AI Profiles: {profiles}") finally: await client.close() # Always close when done asyncio.run(main()) ``` -------------------------------- ### Execute Go Program and View CSV Output Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/panos/docs/tutorials/rulebase-to-csv.mdx This example shows how to run the Go program from the command line, specifying the firewall's hostname and credentials, and redirecting the output to a CSV file. It also displays the first two lines of the generated CSV file to verify the output format. ```console $ go run pan-export.go -hostname 192.168.10.1 -password admin -username admin > security.csv 2019/11/21 15:38:23 192.168.10.1: Retrieving API key 2019/11/21 15:38:23 (op) show system info 2019/11/21 15:38:24 Initialize ok 2019/11/21 15:38:24 WARNING: pending changes for security rulebase in candidate config $ $ head -2 security.csv Name,Type,Description,Tags,Source Zones,Source Addresses,Negate Source,Destination Zones, Destination Addresses,Negate Destination,Applications,Services,Categories,Action,Log Setting, Log Start,Log End,Disabled,Schedule,ICMP Unreachable,DSRI,Virus,Spyware,Vulnerability, Url Filtering,File Blocking,WildFire Analysis,Data Filtering rule1-1,,,,InternalL3,any,false,External,any,false,any,any,,allow,,false,true,false,,false, false,default,strict,default,LogAll,,default, ``` -------------------------------- ### Console Host Address for Onebox Install Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/compute/api/access-api-self-hosted.md Example of how to define the CONSOLE variable for a onebox installation of Prisma Cloud Compute. ```bash CONSOLE = https://:8083 ``` -------------------------------- ### Console Host Address for Kubernetes Install Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/compute/api/access-api-self-hosted.md Example of how to define the CONSOLE variable for a default Kubernetes installation of Prisma Cloud Compute. ```bash CONSLE = https://:8083 ``` -------------------------------- ### Configure HTTP Routing in Main Application Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/panos/docs/tutorials/uid-monitor.mdx Sets up routing for API and default handlers and starts the HTTP server. ```go //... mim := newManInMiddle(url) http.HandleFunc("/api/", mim.apiHandler) http.HandleFunc("/", mim.defaultHandler) log.Printf("attempting to start micro-service on %v", port) log.Fatal(http.ListenAndServe(":"+port, nil)) ``` -------------------------------- ### Get License Details Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/settings/license_get.md Retrieves the details about the installed license. ```APIDOC ## GET /settings/license ### Description Returns the details about the installed license. ### Method GET ### Endpoint /settings/license ### Parameters #### Query Parameters - **USER** (string) - Required - Username for authentication. - **CONSOLE** (string) - Required - The console address. - **VERSION** (string) - Required - The API version. ### Request Example ```bash curl \ -u \ -H 'Content-Type: application/json' \ -X GET \ "https:///api/v/settings/license" ``` ### Response #### Success Response (200) - **license_details** (object) - Contains the details of the installed license. - **serial_number** (string) - The serial number of the license. - **license_type** (string) - The type of the license. - **expiration_date** (string) - The expiration date of the license. - **features** (array) - A list of features included in the license. - **feature_name** (string) - The name of the feature. - **enabled** (boolean) - Indicates if the feature is enabled. #### Response Example ```json { "license_details": { "serial_number": "PA-VM-100-23456789", "license_type": "perpetual", "expiration_date": "2099-12-31T23:59:59Z", "features": [ { "feature_name": "Threat Prevention", "enabled": true }, { "feature_name": "URL Filtering", "enabled": true } ] } } ``` ``` -------------------------------- ### Terraform Initialization and Apply Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/swfw/gcp/cloudngfw/examples/panorama_standalone.md Initialize Terraform and apply the configuration using a variable file. Ensure you have filled in the necessary details in `example.tfvars`. ```bash terraform init terraform apply -var-file=example.tfvars ``` -------------------------------- ### Provision a New Project (Basic) Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/projects/post.md Provisions a new project with a specified ID, type, and address. Use this for basic project setup. ```bash $ curl \ -u \ -H 'Content-Type: application/json' \ -X POST \ -d \ '{ \ "_id":"my-project", \ "type":"tenant", \ "address":"https://:8083" \ }' \ https://:8083/api/v1/projects ``` -------------------------------- ### PAN-OS Python Package Output Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/tutorials/setup.mdx An example of the output when checking for installed PAN-OS related Python packages. Version numbers may differ. ```text pan-os-python 1.7.3 pan-python 0.17.0 ``` -------------------------------- ### API Response Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/cwpp/desc/trust/data_get.md This is an example of a successful response from the Data Get API when retrieving image layers. The response contains a list of SHA256 hashes. ```json { "layers": [ "sha256:efd3b1563a816d85c6414e0c139691df720c34d6f65abaa19819d37b11459b40", "sha256:bc30bde5a6578b9643d05dd47105414777adadaf5df93b493eff1785e1e07328", "sha256:77e7191206a99af5cf1718885fb45262c2e2da30ad650c5868dfa3c54739c24a", "sha256:4fcf730353158873699670f97f2556942ff470c360539ff9283d80c72f275030", "sha256:d1a8d814c41eab7ee00b94a9184f081bf4c36721d559c5b349b9653bd473d8a0" ] } ``` -------------------------------- ### Basic VMSS Module Deployment Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/swfw/azure/cloudngfw/modules/vmss.md A simple example demonstrating the deployment of a VMSS module without autoscaling, utilizing default settings where possible. Ensure to replace placeholder subnet and backend pool IDs with actual values. ```hcl module "vmss" { source = "PaloAltoNetworks/swfw-modules/azurerm//modules/vmss" name = "ngfw-vmss" resource_group_name = "hub-rg" region = "West Europe" image = { version = "10.2.901" publisher = "paloaltonetworks" offer = "vmseries-flex" sku = "byol" } authentication = { username = "panadmin" password = "c0mpl1c@t3d" disable_password_authentication = false } interfaces = [ { name = "managmeent" subnet_id = "management_subnet_ID_string" }, { name = "private" subnet_id = "private_subnet_ID_string" lb_backend_pool_ids = ["LBI_backend_pool_ID"] }, { name = "managmeent" subnet_id = "management_subnet_ID_string" lb_backend_pool_ids = ["LBE_backend_pool_ID"] appgw_backend_pool_ids = ["AppGW_backend_pool_ID"] } ] autoscaling_configuration = {} autoscaling_profiles = [] } ``` -------------------------------- ### Install Recommended Python Libraries Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/sdwan/docs/sdwan_gsg_sdk.md Install additional Python libraries such as 'requests' and 'pandas' that may be useful for scripting with the Prisma SD-WAN SDK. ```bash pip install requests pip install pandas ``` -------------------------------- ### Ansible Version Output Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/ansible/docs/panos/tutorials/setup.mdx An example of the output you should expect when checking the Ansible version. The specific version numbers and paths may vary based on your installation. ```text ansible [core 2.12.6] config file = None configured module search path = ['/Users/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /Users/username/.pyenv/versions/3.10.4/lib/python3.10/site-packages/ansible ansible collection location = /Users/username/.ansible/collections:/usr/share/ansible/collections executable location = /Users/username/.pyenv/versions/3.10.4/bin/ansible python version = 3.10.4 (main, May 24 2022, 14:08:56) [Clang 13.1.6 (clang-1316.0.21.2.5)] jinja version = 3.1.2 libyaml = True ``` -------------------------------- ### Build and Install Firewall Commit Binary Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/panos/guides/commits.md This snippet shows how to fetch the Pango library, build a custom commit binary, and install it to your PATH. Ensure the binary is executable and accessible. ```bash $ go get github.com/PaloAltoNetworks/pango $ go build firewall-commit.go $ mv firewall-commit ~/bin $ firewall-commit -h ``` -------------------------------- ### Verify Custom Vulnerabilities with GET Request Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/feeds/custom-vulnerabilities_put.md After updating, use this GET request to verify that the installed rules have been overwritten with your new rules. This confirms the successful application of your changes. ```bash $ curl \ -u \ -H 'Content-Type: application/json' \ -X GET \ https:///api/v/feeds/custom/custom-vulnerabilities ``` -------------------------------- ### Terraform Initialization and Application Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/swfw/aws/vmseries/reference-architectures/combined_design.md Run these commands to initialize Terraform and apply the infrastructure changes. ```bash terraform init terraform apply ``` -------------------------------- ### Get CVE Coverage Information Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/threat-vault/docs/examples/get-cve-coverage-information.mdx This example shows the structure of the response when requesting CVE coverage information. It includes details about signatures and vulnerabilities associated with a CVE. ```json { "data": { "signature": [ { "name": "Virus/Win32.CVE-2021-1647.d", "severity": "medium", "type": "0", "subtype": "virus", "description": "This signature detected Virus/Win32.CVE-2021-1647.d", "action": "", "id": "396564195", "create_time": "2021-01-11T12:00:48-08:00", "status": "active", "related_sha256_hashes": [ "e43bc1b90f9cfd22ce909dd02fa9fd909f567046ec139659f8159bdff9c21485" ], "release": {} }, { "name": "Exploit/Win32.cve-2021-1647.e", "severity": "medium", "type": "0", "subtype": "virus", "description": "This signature detected Exploit/Win32.cve-2021-1647.e", "action": "", "id": "483585665", "create_time": "2022-04-24T05:17:53-07:00", "status": "active", "related_sha256_hashes": [ "6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788", "638c14f53ca39c9572bee12adc1c11194b84e6abaa08b0ff30977aa56ec9ba6b" ], "release": { "antivirus": { "first_release_version": "4108", "first_release_time": "2022-06-09 11:01:14", "last_release_version": "4999", "last_release_time": "2024-11-11T17:47:34Z", "in_current_release": false }, "wildfire": { "first_release_version": "671962", "first_release_time": "2022-06-13 10:27:22", "last_release_version": "918566", "last_release_time": "2024-10-19T08:57:16Z", "in_current_release": false } } } ], "vulnerability": [ { "id": "90207", "name": "Microsoft Windows Defender Remote Code Execution Vulnerability", "description": "Microsoft Windows Defender is prone to a remote code execution vulnerability while parsing certain crafted PE files. The vulnerability is due to the lack of proper checks on PE files, leading to an exploitable remote code execution vulnerability. An attacker could exploit the vulnerability by sending a crafted PE file. A successful attack could lead to code execution with the privileges of the currently logged-in user.", "category": "code-execution", "min_version": "8.1.0", "max_version": "", "severity": "high", "default_action": "reset-both", "cve": [ "CVE-2021-1647" ], "vendor": [], "reference": [ "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-1647" ], "status": "released", "details": { "change_data": "new coverage" }, "ori_release_version": "8364", "latest_release_version": "8364", "ori_release_time": "2021-01-12T10:40:13Z", "latest_release_time": "2021-01-12T10:40:13Z" } ] }, "message": "Successful" } ``` -------------------------------- ### Start Expedition Agent (Python) Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/expedition/docs/managing_expedition_agent.mdx Use this snippet to start the Expedition agent. It bypasses SSL certificate verification and assumes default Expedition installation if no SSL certificates are generated. ```python import requests import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) print('START AGENT') url = 'https://'+ip+'/api/v1/agent/start' r = requests.get(url, verify=False, headers=hed) ``` -------------------------------- ### Show do_site Help Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/sdwan/docs/prismasdwanconfig.md Displays the help message for the `do_site` utility, outlining all available options and arguments for site configuration management. ```bash Terminal:~ sdkuser$ do_site -h usage: do_site [-h] [--timeout-offline TIMEOUT_OFFLINE] [--timeout-claim TIMEOUT_CLAIM] [--timeout-upgrade TIMEOUT_UPGRADE] [--wait-upgrade] [--timeout-state TIMEOUT_STATE] [--interval-timeout INTERVAL_TIMEOUT] [--force-update] [--site-safety-factor SITE_SAFETY_FACTOR] [--destroy] [--controller CONTROLLER] [--email EMAIL] [--password PASSWORD] [--insecure] [--noregion] [--verbose VERBOSE] [--sdkdebug SDKDEBUG] YAML CONFIG FILE Create or Destroy site from YAML config file. optional arguments: -h, --help show this help message and exit Config: These options change how the configuration is loaded. YAML CONFIG FILE Path to .yml file containing site config --timeout-offline TIMEOUT_OFFLINE Default maximum time to wait to claim if an ION is offline. --timeout-claim TIMEOUT_CLAIM Default maximum time to wait for an ION claim to complete --timeout-upgrade TIMEOUT_UPGRADE Default maximum time to wait for. --wait-upgrade When upgrading, wait for upgrade to complete. Configuration changes for major element version changes require upgrade to finish. --timeout-state TIMEOUT_STATE Default maximum time for an ION to change state(assign, un-assign). --interval-timeout INTERVAL_TIMEOUT Default timeout recheck interval for all timeouts (10-180 seconds). --force-update Force re-submission of configuration items to the API, even if the objects have not changed. --site-safety-factor SITE_SAFETY_FACTOR Maximum number of sites that can be modified at once by this script. This is a safety switch to prevent the script from inadvertently modifying a large number of sites. --destroy DESTROY site and all connected items (WAN Interfaces,LAN Networks). API: These options change how this program connects to the API. --controller CONTROLLER, -C CONTROLLER Controller URI, ex. https://api.elcapitan.cloudgenix.com Login: These options allow skipping of interactive login --email EMAIL, -E EMAIL Use this email as User Name instead of cloudgenix_settings.py or prompting --password PASSWORD, -PW PASSWORD Use this Password instead of cloudgenix_settings.py or prompting --insecure, -I Do not verify SSL certificate --noregion, -NR Ignore Region-based redirection. Debug: These options enable debugging output --verbose VERBOSE, -V VERBOSE Verbosity of script output, levels 0-3 --sdkdebug SDKDEBUG, -D SDKDEBUG Enable SDK Debug output, levels 0-2 ``` -------------------------------- ### Get Defender Install Bundle Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/defenders/install-bundle_get.md Fetches the certificate bundle for Defender to securely connect to Console. ```APIDOC ## GET /api/v/defenders/install-bundle ### Description Returns the certificate bundle that Defender needs to securely connect to Console. ### Method GET ### Endpoint /api/v/defenders/install-bundle ### Query Parameters - **consoleaddr** (string) - Required - The hostname of the Console. ### Request Example ```bash curl \ -u \ -H 'Content-Type: application/json' \ -X GET \ "https:///api/v/defenders/install-bundle?consoleaddr=" ``` ### Response #### Success Response (200) [The response body will contain the certificate bundle in a format suitable for Defender installation.] #### Response Example [Example response body demonstrating the structure of the certificate bundle.] ``` -------------------------------- ### Initialize Synchronous Client with Explicit Configuration Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/prisma-airs/api/airuntimesecurity/management/mgmt-python-sdk.md Demonstrates initializing a synchronous MgmtClient with explicit client credentials and API endpoint configurations. This example shows how to override default URLs. ```python from airs_api_mgmt import MgmtClient client = MgmtClient( client_id="your_client_id", client_secret="your_client_secret", base_url="https://api.sase.paloaltonetworks.com/aisec", token_base_url="https://auth.apps.paloaltonetworks.com/am/oauth2/access_token" ) ``` -------------------------------- ### cURL Request to Get Install Bundle Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/defenders/install-bundle_get.md Use this cURL command to request the Defender install bundle from the Console API. Ensure you replace placeholders like , , and with your specific values. ```bash $ curl \ -u \ -H 'Content-Type: application/json' \ -X GET \ "https:///api/v/defenders/install-bundle?consoleaddr=" ``` -------------------------------- ### Basic VMSS Module Deployment Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/swfw/azure/vmseries/modules/vmss.md A simple example demonstrating the deployment of a VMSS module for Next Generation Firewalls in Azure, using default settings where possible. It specifies the module source, resource group, region, image details, and authentication credentials. ```hcl module "vmss" { source = "PaloAltoNetworks/swfw-modules/azurerm//modules/vmss" name = "ngfw-vmss" resource_group_name = "hub-rg" region = "West Europe" image = { version = "10.2.901" publisher = "paloaltonetworks" offer = "vmseries-flex" sku = "byol" } authentication = { username = "panadmin" password = "c0mpl1c@t3d" disable_password_authentication = false } interfaces = [ { name = "managmeent" subnet_id = "management_subnet_ID_string" }, { name = "private" subnet_id = "private_subnet_ID_string" lb_backend_pool_ids = ["LBI_backend_pool_ID"] }, { name = "managmeent" subnet_id = "management_subnet_ID_string" lb_backend_pool_ids = ["LBE_backend_pool_ID"] appgw_backend_pool_ids = ["AppGW_backend_pool_ID"] } ] autoscaling_configuration = {} autoscaling_profiles = [] } ``` -------------------------------- ### Expedition API Example - List Address Objects Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/expedition/docs/expedition_apiInt.md This example demonstrates how to list existing address objects within a project using the Expedition API. It utilizes the GET HTTP verb to retrieve a collection of resources. ```APIDOC ## GET /api/v1/project/{project_id}/object/address ### Description Retrieves a list of existing address objects within a specified project. ### Method GET ### Endpoint /api/v1/project/{project_id}/object/address ### Parameters #### Path Parameters - **project_id** (string) - Required - The unique identifier of the project. ### Response #### Success Response (200) - The response will contain a list of address objects, with each object detailing its properties. #### Response Example { "example": "[List of address objects]" } ``` -------------------------------- ### Start local development server for Network Security Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/contributing/advanced/partial-builds.md Use this command to start a local development server specifically for Network Security documentation. ```bash yarn start:netsec ``` -------------------------------- ### Get Location-mapped Information Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/sase/api/config-orch/api-workflow.md Submits longitude and latitude to the /v1/location-informations endpoint to retrieve accurate location data for setup. ```APIDOC ## POST /v1/location-informations ### Description Retrieves location data by submitting longitude and latitude. ### Method POST ### Endpoint /v1/location-informations ### Parameters #### Request Body - **locations** (array) - Required - An array of location objects. - **public-ip** (object) - Required - Public IP address information. - **PublicIp** (string) - Required - The public IP address. - **region-cordinates** (object) - Required - Geographical coordinates. - **latitude** (string) - Required - The latitude. - **longitude** (string) - Required - The longitude. ### Request Example ```json { "locations": [ { "public-ip": { "PublicIp": "198.51.100.42" }, "region-cordinates": { "latitude": "string", "longitude": "string" } } ] } ``` ### Response #### Success Response (200) - **uuid** (string) - The unique identifier for the request. #### Response Example ```json { "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" } ``` ``` -------------------------------- ### Sample Interface Details Output Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/panos/docs/panos-upgrade-assurance/api/firewall_proxy.md Example of the detailed information returned for a network interface. ```json { 'dp': 'dp0', 'ifnet': { 'addr': None, 'addr6': None, 'circuitonly': 'False', 'counters': { 'hw': None, 'ifnet': { 'entry': { 'flowstate': '0', 'ibytes': '0', 'icmp_frag': '0', 'idrops': '0', 'ierrors': '0', 'ifwderrors': '0', 'ipackets': '0', 'ipspoof': '0', 'l2_decap': '0', 'l2_encap': '0', 'land': '0', 'macspoof': '0', 'name': 'ethernet1/6.123', 'neighpend': '0', 'noarp': '0', 'nomac': '0', 'noneigh': '0', 'noroute': '0', 'obytes': '0', 'opackets': '0', 'other_conn': '0', 'pod': '0', 'sctp_conn': '0', 'tcp_conn': '0', 'teardrop': '0', 'udp_conn': '0', 'zonechange': '0' } } }, 'dad': 'False', 'df_ignore': 'False', 'dhcpv6_client': 'False', 'dyn-addr': None, 'fwd_type': 'vr', 'gre': 'False', 'id': '138', 'inherited': 'False', 'ipv6_client': 'False', 'mgt_subnet': 'False', 'mode': 'layer3', 'mssadjv4': '0', 'mssadjv6': '0', 'mtu': '900', 'name': 'ethernet1/6.123', 'ndpmon': 'False', 'policing': 'False', 'proxy-protocol': 'no', 'ra': 'False', 'sdwan': 'False', 'service': None, 'tag': '123', 'tcpmss': 'False', 'tunnel': None, 'vr': 'default', 'vsys': 'vsys6', 'zone': 'N/A' } } ``` -------------------------------- ### Terraform Apply Output Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/terraform/docs/swfw/azure/vmseries/reference-architectures/vmseries_transit_vnet_common.md Example output after a successful Terraform apply, showing resource counts and output variables like IP addresses and credentials. ```console Apply complete! Resources: 53 added, 0 changed, 0 destroyed. Outputs: lb_frontend_ips = { "private" = { "ha-ports" = "1.2.3.4" } "public" = { "palo-lb-app1" = "1.2.3.4" } } password = username = "panadmin" vmseries_mgmt_ips = { "fw-1" = "1.2.3.4" "fw-2" = "1.2.3.4" } ``` -------------------------------- ### Example cURL Response for Container WAAS Audit Events Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/audits/waas_container_timeslice_get.md This is an example of the JSON response you might receive when querying for container WAAS audit events. It includes the start and end times of the bucket and the count of audit occurrences. ```json { "start": "2022-11-16T10:35:57Z", "end": "2022-11-16T15:23:57Z", "count": 46 } ``` -------------------------------- ### Version 1.0 API Full URL Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/access/docs/insights/pai-faqs.md Provides an example of a complete URL for a version 1.0 API request, including the base URL and specific resource. ```bash https://pa-us01.api.prismaaccess.com/api/sase/v1.0/resource/tenant/{super_tenant_id}/query/prisma_sase_external_alerts_current ``` -------------------------------- ### List Address Objects using GET Request Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/expedition/docs/expedition_apiInt.md This example demonstrates how to list existing address objects within a project using a GET request to the Expedition API. Ensure you replace `{project_id}` with the actual project ID. ```console GET https://localhost/api/v1/project/{project_id}/object/address ``` -------------------------------- ### Python checks_configuration Parameter Example Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/panos/docs/panos-upgrade-assurance/configuration_details.mdx Provides an example of the `checks_configuration` list in Python, including running all checks, excluding specific checks, and configuring a particular check. ```python checks_configuration = [ 'all', '!ha', { 'content_version': { 'version': '8634-7678' } } ] ``` -------------------------------- ### Example cURL Response for Serverless Timeslice Audit Events Source: https://github.com/paloaltonetworks/pan.dev/blob/master/openapi-specs/compute/desc/audits/runtime_serverless_timeslice_get.md This is an example of the JSON response you can expect when querying for serverless timeslice audit events. It includes the start and end times of the bucket and the count of audit occurrences within that bucket. ```json { "start": "2022-10-23T06:35:50.254Z", "end": "2022-10-24T04:58:47.103Z", "count": 4 } ``` -------------------------------- ### Getting DAG State from PAN-OS XML API Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/panos/docs/tutorials/uid-monitor.mdx This example shows how to query the PAN-OS XML API to retrieve the current DAG state, including IP addresses and associated tags. It uses a simple HTTP GET request. ```text GET https:///api ?key= &type=op &cmd= HTTP/1.1 200 OK tag10 tag10 2 ``` -------------------------------- ### Start local development server for SASE Source: https://github.com/paloaltonetworks/pan.dev/blob/master/products/contributing/advanced/partial-builds.md Use this command to start a local development server specifically for SASE documentation. ```bash yarn start:sase ```