We have made some progress on automating our PanOS firewall devices. I am working toward a system where the source of truth about the firewall is an XML file in a git repository. Each time we make a change, we make it as a pull request, then we load the entire XML file of the configuration into the devices.
I’m working in a test device with a minimal set of configuration. I exported the configuration, made some changes, and am trying to load the changed config back into the firewall device. I’ve tried loading the entire file with a panos_loadcfg task. I’ve tried using two tasks, one with panos_import and one with panos_loadcfg. I’ve tried using panos_op with a partial config file and an XML command.
The panos_import task succeeds, but the panos_loadcfg and panos_op tasks fail with the error load -> config -> from is invalid or load -> config -> partial -> from is invalid. I’m not sure what this is telling me. Is the task not finding the file? (My repository has the XML files in the root directory and a playbook in a sub-directory called playbooks. The playbook refers to the files as ../filename.xml.) Or does it find the file but the XML is malformed in some way, and therefore invalid?
I’m sure I’m missing something simple. I’d like to compare my XML file with a valid example of PanOS configuration.
I’m looking for a working example of an XML file (with fake data - full config or partial config) and a task the successfully loads it. I’ve found some sample tasks, but none with matching sample XML files.
All help/pointers/ideas gratefully received!