How to Generate a ticket for disabling GlobalProtect Agent using an API call
25578
Created On 02/27/19 09:59 AM - Last Modified 07/25/23 07:30 AM
Objective
- Disable the GlobalProtect Windows App using tickets.
- Use API call to generate the ticket and eliminate the need to provide Firewall Access for ticket generation.
- API call can be integrated with another application where the Administrators enter the portal name, duration, request number & template name.
Environment
- Palo Alto Firewall with GlobalProtect configured.
- GlobalProtect Windows App
Procedure
- Generate an API key and familiarize with how to make API calls to the Firewall.
- The following document provides details regarding the API calls :-
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/get-started-with-the-pan-os-xml-api
- Use the following API op cmd for generating the ticket :-
<request><global-protect-portal><ticket><duration>DURATION</duration><portal>PORTAL</portal><tpl>Template Name</tpl><request>REQUEST</request></ticket></global-protect-portal></request>
- In the above API call, the variables are :-
- DURATION - Duration in minutes
- PORTAL - Name of the Portal
- REQUEST - Request number which is generated when disabling the GlobalProtect App
- TPL - Template name (If templates are using in Panorama)
- Here is an example of the complete API call used from a browser (Without Template):-
https://192.168.1.1//api/?type=op&cmd=<request><global-protect-portal><ticket><duration>10</duration><portal>Portal1</portal><request>5961-BABA</request></ticket></global-protect-portal></request>&key=ABCDEFG
- Here is an example of the complete API call used from a browser (With Template):-
https://192.168.1.1//api/?type=op&cmd=<request><global-protect-portal><ticket><duration>10</duration><portal>Portal1</portal><request>5961-BABA</request><tpl>firewall_template</tpl></ticket></global-protect-portal></request>&key=ABCDEFG
Additional Information
- Information on methods for disabling GlobalProtect app for windows :-