Palo alto config modification

Looking to make simple changes to a Palo Alto config from Slack… basically hand it a policy name and an argument (enable/disable) to allow us to easily turn on/off a couple of rules.

I’ve been able to determine that the xpath of the rule is:
/config/devices/entry[@name=‘localhost.localdomain’]/vsys/entry[@name=‘vsys1’]/rulebase/security/rules/entry[@name=‘InsightConnect State’]

but I’m unclear on the next step, handing the element over to do the change. If I want to simply disable the “InsightConnect State” rule, what would the element be? Something like /member[@name=‘disabled’]=True?


Figured it out… in this case, the xpath is:
/config/devices/entry[@name=‘localhost.localdomain’]/vsys/entry[@name=‘vsys1’]/rulebase/security/rules/entry[@name=‘RULE NAME’]

element is <disabled>yes</disabled>


Glad you figured it out @shawn_preston. We will update our documentation to include more examples to help others. If you have any more l