How to Monitor VPN State through XML API

How to Monitor VPN State through XML API

16838
Created On 09/25/18 19:21 PM - Last Modified 04/20/20 22:37 PM


Resolution

Overview

In addition to the WebUI and a Command Line Interface (CLI), PAN-OS provides an XML API to manage Palo Alto Networks devices.

Steps

The following steps allow the user to monitor the state of the VPN on the device.

  1. Generate the API key. Use the URL below, replace the hostname, username, and password with the appropriate values. Any special characters in the password must be URL/percent-encoded.
    http(s)://hostname/api/?type=keygen&user=username&password=password

    The result will be an XML block that contains the key. It should look like the following:
    <response status="success">
    <result>
    <key>gJlQWE56987nBxIqyfa62sZeRtYuIo2BgzEA9UOnlZBhU</key>
    </result>
    </response>

  2. Pull data on the existing tunnels using the following URL:
    http(s)://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=gJlQWE56987nBxIqyfa62sZeRtYuIo2BgzEA9UOnlZBhU

    The result will be an XML block that contains multiple details on VPN tunnels. In case the VPN is up, a variable state will equal active:
    <state>active</state>

    In case VPN is down, a variable state will equal inactive:
    <state>inactive</state>

owner: mdjeric



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWUCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language