Skip to Content

Palo Alto Panorama

Starting from TKU March 2026 imlicit discovery of devices via Palo Alto Panorama XML API is supported.

Compatibility

The Palo Alto Panorama discovery feature via XML API is supported starting from BMC Discovery version 24.2 (14.0). For older versions or standard scanning, SNMP remains the primary method.

Prerequisites

  • API Key: An API key must be generated in the Panorama console.
  • Credentials: Valid Palo Alto Panorama XML API credentials.

Panorama-cred.png

  • Network Access: The Discovery appliance must have HTTPS (default port 443) access to the Panorama management IP address.

How it Works

Devices managed by Panorama are scanned implicitly. Discovery sends requests to the Panorama XML API to retrieve data about the management system itself and all connected firewalls (Managed Devices).

During the Discovery process, the following API calls are executed:

API callAPI endpointDescription

Panorama.ShowSystemInfo

{api_url}/api/?type=op&cmd=<show><system><info></info></system></show>

Show system info for Panorama instance itself

Panorama.ShowDevicesAll

{api_url}/api/?type=op&cmd=<show><devices><all></all></devices></show>

Show all the devices managed by Palo Alto Networks Panorama

Panorama.ShowDeviceSystemInfo

{api_url}/api/?type=op&cmd=<show><system><info></info></system></show>&target={serial}

Show system info for an individual device managed by Palo Alto Networks Panorama

Panorama.ShowDeviceInterfaces

{api_url}/api/?type=op&cmd=<show><interface>all</interface></show>&target={serial}

Show all interfaces on a device managed by Palo Alto Networks Panorama

Panorama.ShowDeviceTunnel

{api_url}/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&target={serial}

Show IPsec info on a device managed by Palo Alto Networks Panorama

Running a Palo Alto Panorama API Scan

To trigger the scan:

  1. Go to Manage > Discovery.
  2. Click Add New Run.
  3. Select API > Palo Alto Networks Panorama as the provider.
  4. Select the appropriate credentials from the list.
  5. Click OK.

Panorama-start-scan.png

As devices scanned implicitly, for each individual device DiscoveryAccess node is created with the serial used as endpoint. See below examples of the DiscoveryRun and list of DiscoveryAccesses.

1770983223420-241.png

Panorama-DA-list.png

Example of the Palo Alto Network Device discovered via Palo Alto XML API in shown in the example below.

Panorama-device.png

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Discovery content reference