pan-os-python

1.12.5 verified Fri May 01 auth: no python

Palo Alto Networks SDK for Python to interact with PanOS devices via XML API. Version 1.12.5, active development with regular bugfix releases. Supports Python >=2.7 but not 3.0-3.4.

pip install pan-os-python

Common errors

error ModuleNotFoundError: No module named 'panos' ↓

cause Package not installed or installed in wrong environment.

fix

Run 'pip install pan-os-python' (note the hyphens) to install the correct package.

error ImportError: cannot import name 'PanDevice' from 'panos' ↓

cause The PanDevice class was moved to panos.pandevice or deprecated.

fix

Use 'from panos import PanDevice' (directly from panos) or check the changelog for version changes.

error AttributeError: 'Firewall' object has no attribute 'refresh_system_info' ↓

cause Method renamed or removed in newer versions.

fix

Use fw.refresh_system_info() (note lowercase) or fw.refresh() with appropriate parameters.

Warnings

breaking In v1.9+, the 'from' attribute of SecurityRule is reserved, use 'from_' in Python code. ↓

fix Use 'from_' (with underscore) as the attribute name in Python, e.g., rule.from_

breaking The PanDevice class no longer auto-detects whether device is a firewall or panorama in v1.12+. Use explicit Firewall or Panorama constructors. ↓

fix Replace PanDevice(hostname, api_username, api_password) with Firewall(hostname, api_username, api_password) or Panorama(...).

gotcha Many objects like 'tag' are not refreshed automatically after creation. You must call refresh() or create() before accessing sub-elements. ↓

fix After adding an object to a device, call .create() on it or use .refreshall() to retrieve existing configurations.

gotcha Commit operations are not synchronous by default. The commit() method returns a job ID; you need to poll for completion. ↓

fix Use fw.commit(sync=True) to block until the commit finishes, or handle job polling manually with commit() and waitfor()

Imports

PanDevice
```
from panos import PanDevice
```
Firewall
wrong
```
from panos import Firewall
```
correct
```
from panos.firewall import Firewall
```
Firewall is in the submodule panos.firewall, not panos directly
Panorama
wrong
```
from panos import Panorama
```
correct
```
from panos.panorama import Panorama
```
Panorama class is in panos.panorama, not top-level

AddressObject

wrong

from panos import AddressObject

correct

from panos.objects import AddressObject

AddressObject is in panos.objects

Quickstart

Connect to a Palo Alto Networks firewall and list security rules.

import os
from panos.firewall import Firewall
from panos.policies import Rulebase, SecurityRule

# Connect to firewall using environment variables
fw = Firewall(os.environ.get('PANOS_HOST', ''), os.environ.get('PANOS_USER', 'admin'), os.environ.get('PANOS_PASS', 'admin'))
# Retrieve running config
fw.refresh_system_info()
print(f"Connected to {fw.hostname} running PanOS {fw.version}")

# List security rules
rulebase = Rulebase()
fw.add(rulebase)
rules = SecurityRule.refreshall(rulebase)
for rule in rules:
    print(rule.name, rule.to, rule.from_)