PAN Config Viewer API Documentation¶
A powerful REST API for querying and analyzing PAN-OS Panorama configurations
🚀 Features¶
-
Advanced Filtering
Powerful filtering system with 15+ operators for precise queries -
RESTful API
Clean, intuitive REST endpoints following industry best practices -
High Performance
Optimized for large configurations with efficient caching -
Comprehensive Docs
Detailed documentation with examples for every endpoint -
:material-pagination: Smart Pagination
Efficient pagination for handling large result sets -
Type Safety
Full Pydantic validation for all request/response models
📊 What Can You Query?¶
The PAN Config Viewer API provides read-only access to your Panorama configuration, allowing you to:
- Address Objects: Query IP addresses, FQDNs, and IP ranges
- Service Objects: Search services by port, protocol, or name
- Security Rules: Filter policies by source, destination, application, or action
- NAT Rules: Analyze NAT configurations with complex filters
- Device Groups: Browse hierarchical device group structures
- Templates & Stacks: Access template configurations
- Security Profiles: Query antivirus, anti-spyware, and other profiles
- And much more!
🎯 Key Use Cases¶
Security Auditing¶
Analyze your security posture by querying rules with specific conditions:
# Find all rules allowing "any" source to "any" destination
GET /api/v1/configs/{config}/rules/security?filter.source.in=any&filter.destination.in=any
Configuration Analysis¶
Search for specific objects across your entire configuration:
# Find all addresses in the 10.0.0.0/8 network
GET /api/v1/configs/{config}/addresses?filter.ip.starts_with=10.
Compliance Reporting¶
Generate compliance reports by filtering on specific criteria:
# Find all disabled security rules
GET /api/v1/configs/{config}/rules/security?filter.disabled.equals=true
Change Impact Analysis¶
Understand the impact of changes by querying related objects:
# Find all rules using a specific address object
GET /api/v1/configs/{config}/rules/security?filter.source.contains=webserver-01
🔍 Powerful Filtering System¶
Our advanced filtering system supports multiple operators for precise queries:
| Operator | Description | Example |
|---|---|---|
equals / eq |
Exact match | filter.name.equals=firewall-01 |
contains |
Substring match | filter.description.contains=production |
starts_with |
Prefix match | filter.ip.starts_with=192.168. |
ends_with |
Suffix match | filter.fqdn.ends_with=.example.com |
gt, lt, gte, lte |
Numeric comparisons | filter.port.gte=8000 |
in, not_in |
List membership | filter.tag.in=critical |
regex |
Pattern matching | filter.name.regex=^srv-.*-prod$ |
📖 Quick Examples¶
Basic Query¶
Filtered Query¶
curl -X GET "http://localhost:8000/api/v1/configs/panorama/addresses?\
filter.type.equals=fqdn&\
filter.fqdn.ends_with=.internal.com"
Complex Multi-Filter Query¶
curl -X GET "http://localhost:8000/api/v1/configs/panorama/rules/security?\
filter.source_zone.in=DMZ&\
filter.action.equals=allow&\
filter.application.contains=web&\
filter.disabled.equals=false"
🚦 Getting Started¶
- Quick Start - Get up and running quickly
- Filtering Guide - Master the filtering system
- All Operators - Detailed operator reference
- API Examples - Real-world usage examples
📚 Documentation Structure¶
- Quick Start - Get up and running quickly
- Filtering Guide - Deep dive into filtering capabilities
- Operator Reference - All operators with examples
- Address Objects API - Address endpoint documentation
- Service Objects API - Service endpoint documentation
- Security Rules API - Security rules documentation
- Complex Examples - Real-world usage examples
🤝 Contributing¶
We welcome contributions! Please see our GitHub repository for details.
📄 License¶
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
🆘 Support¶
- 🐛 Issues: GitHub Issues
- 📧 Contact: Create an issue
- 📖 Docs: Read the Docs