From 44bab3ed3641f7d80e78c8532ace784a974e8f9b Mon Sep 17 00:00:00 2001 From: sra Date: Fri, 24 Jan 2025 11:09:57 +0530 Subject: [PATCH 1/6] DOCS-5564 Local server starts but page shows as not found. Fixing that --- docusaurus.config.ts | 10 + .../paloaltonetworks-Remote_Networks.yaml | 2208 +++++++++++++++++ products/sase/api/config-orch/api-workflow.md | 500 ++++ products/sase/api/config-orch/introduction.md | 23 + products/sase/sidebars.ts | 5 + 5 files changed, 2746 insertions(+) create mode 100644 openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml create mode 100644 products/sase/api/config-orch/api-workflow.md create mode 100644 products/sase/api/config-orch/introduction.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 83a76db56..093f089b6 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -485,6 +485,11 @@ const config = { label: "Multitenant Interconnect", icon: "api-doc", }, + { + to: "sase/api/config-orch", + label: "Prisma Access Configuration Orchestration", + icon: "api-doc", + }, { to: "sase/api/sspm", label: "SaaS Security Posture Management", @@ -898,6 +903,11 @@ const config = { outputDir: "products/sase/api/mt-interconnect", sidebarOptions: { groupPathsBy: "tag" }, }, + configorch: { + specPath: "openapi-specs/sase/config-orch", + outputDir: "products/sase/api/config-orch", + sidebarOptions: { groupPathsBy: "tag" }, + }, sasesspm: { specPath: "openapi-specs/sase/sspm", outputDir: "products/sase/api/sspm", diff --git a/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml b/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml new file mode 100644 index 000000000..7d2c604fb --- /dev/null +++ b/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml @@ -0,0 +1,2208 @@ +components: + parameters: + LocationInfoType: + description: 'Information type. For example, region information. + + ' + in: query + name: info_type + required: false + schema: + type: string + Region: + description: 'The aggregate bandwidth region. + + ' + in: query + name: region + required: true + schema: + type: string + RemoteNetworksNames: + description: 'List of remote networks along with their names. + + ' + explode: true + in: query + name: Name + required: false + schema: + items: + type: string + type: array + style: deepObject + SpnName: + description: "The IPSec termination node. \n" + in: query + name: SpnName + required: true + schema: + type: string + SubTenantName: + description: 'Sub-tenant name in a panorama multi-tenancy setup. + + ' + in: query + name: SubTenantName + schema: + type: string + uuid: + description: 'UUID for the request. + + ' + in: query + name: id + required: true + schema: + format: uuid + type: string + responses: + access_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Forbidden + auth_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Unauthorized + bad_request_errors_basic: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Bad Request + bad_request_errors_basic_with_body: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Bad Request + default_errors: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: General Errors + not_found: + content: + application/json: + schema: + $ref: '#/components/schemas/generic_error' + description: Not Found + schemas: + BandwidthAllocation: + properties: + bandwidth: + description: bandwidth to allocate in Mbps + type: string + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + ipsec_node_list: + description: ipsec node list + items: + type: string + type: array + location: + $ref: '#/components/schemas/Location' + required: + - location + - bandwidth + type: object + BandwidthAllocationRegionNamesSet: + properties: + bandwidth_allocation_region_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + BandwidthAllocationSet: + properties: + bandwidth_allocations: + description: bandwidth allocations + items: + $ref: '#/components/schemas/BandwidthAllocation' + type: array + uuid: + $ref: '#/components/schemas/UuidResponse' + type: object + BandwidthAllocationSetV2: + properties: + bandwidth_allocations: + description: bandwidth allocations + items: + $ref: '#/components/schemas/BandwidthAllocationV2' + type: array + uuid: + $ref: '#/components/schemas/UuidResponse' + type: object + BandwidthAllocationV2: + properties: + bandwidth: + description: bandwidth to allocate in Mbps + type: string + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + ipsec_node_list: + description: ipsec node list + items: + type: string + type: array + ipsec_termination_service: + description: ipsec termination service list + items: + properties: + capacity: + type: integer + name: + type: string + type: object + type: array + location: + $ref: '#/components/schemas/Location' + required: + - location + - bandwidth + type: object + EcmpLoadBalancing: + properties: + ecmp_load_balancing_enabled: + default: disable + enum: + - enable + - disable + type: string + ecmp_tunnels: + description: ecmp_tunnels is required when ecmp_load_balancing is enable + items: + properties: + bgp: + properties: + do_not_export_routes: + type: boolean + enable: + type: boolean + local_ip_address: + type: string + originate_default_route: + type: boolean + peer_as: + type: string + peer_ip_address: + type: string + peering_type: + description: 'Exchange Routes: exchange-v4-over-v4 stands for + Exchange IPv4 routes over IPv4 peering. exchange-v4-v6-over-v4 + stands for Exchange both IPv4 and IPv6 routes over IPv4 peering. + exchange-v4-over-v4-v6-over-v6 stands for Exchange IPv4 routes + over IPv4 peer and IPv6 route over IPv6 peer. exchange-v6-over-v6 + stands for Exchange IPv6 routes over IPv6 peering.' + enum: + - exchange-v4-over-v4 + - exchange-v4-v6-over-v4 + - exchange-v4-over-v4-v6-over-v6 + - exchange-v6-over-v6 + type: string + secret: + type: string + summarize_mobile_user_routes: + type: boolean + type: object + ipsec_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + name: + type: string + required: + - name + - ipsec_tunnel + type: object + maxLength: 4 + type: array + type: object + Ike: + properties: + advanced: + $ref: '#/components/schemas/IkeAdvanced' + authentication: + properties: + pre_shared_key_auth: + description: user provided key + type: string + type: object + crypto: + oneOf: + - $ref: '#/components/schemas/IkeCryptoProfiles' + - $ref: '#/components/schemas/IkeCrypto' + type: object + local_id: + properties: + id: + description: Local ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[a-zA-Z0-9.-]+)$|^([$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + type: string + type: object + peer_address: + oneOf: + - properties: + ip: + description: peer gateway has static IP address + type: string + title: ip + type: object + - properties: + fqdn: + description: peer gateway FQDN name + maxLength: 255 + type: string + title: fqdn + type: object + - properties: + dynamic: + default: {} + description: 'enable dynamic option please set the value of this field + to {'''': ''''}' + type: object + title: dynamic + type: object + type: object + peer_id: + properties: + id: + description: Peer ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[\*a-zA-Z0-9.-]+)$|^([\*$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + enum: + - ipaddr + - keyid + - fqdn + - ufqdn + type: string + type: object + version: + enum: + - ikev1 + - ikev2 + - ikev2-preferred + type: string + required: + - authentication + - crypto + - peer_address + type: object + IkeAdvanced: + properties: + fragmentation: + properties: + enable: + default: false + enum: + - false + type: boolean + type: object + nat_traversal: + properties: + enable: + type: boolean + type: object + passive_mode: + type: boolean + type: object + IkeCrypto: + properties: + ipsec_crypto_profile: + example: + - ike_aruba + - ike_aryaka + - ike_citrix + - ike_riverbed + type: string + type: object + IkeCryptoProfiles: + properties: + authentication_multiple: + default: 0 + description: IKEv2 SA reauthentication interval equals authetication-multiple + * rekey-lifetime; 0 means reauthentication disabled + maximum: 50 + type: integer + dh_group: + items: + default: group2 + description: Phase-1 DH group + enum: + - group1 + - group2 + - group5 + - group14 + - group19 + - group20 + type: string + type: array + encryption: + description: Encryption algorithm + items: + default: aes-128-cbc + enum: + - des + - 3des + - aes-128-cbc + - aes-192-cbc + - aes-256-cbc + - aes-128-gcm + - aes-256-gcm + type: string + type: array + hash: + items: + default: sha1 + description: Hashing algorithm + enum: + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + type: string + type: array + id: + description: uuid of the resource + example: abcd-1234 + readOnly: true + type: string + lifetime: + oneOf: + - properties: + seconds: + description: specify lifetime in seconds + maximum: 65535 + minimum: 180 + type: integer + title: seconds + type: object + - properties: + minutes: + description: specify lifetime in minutes + maximum: 65535 + minimum: 3 + type: integer + title: minutes + type: object + - properties: + hours: + description: specify lifetime in hours + maximum: 65535 + minimum: 1 + type: integer + title: hours + type: object + - properties: + days: + description: specify lifetime in days + maximum: 365 + minimum: 1 + type: integer + title: days + type: object + type: object + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 31 + type: string + required: + - name + - encryption + - hash + - dh_group + type: object + IkeCryptoProfilesNamesSet: + properties: + ike_crypto_profiles_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + IkeCryptoProfilesResponse: + description: Ike Crypto Profiles Response + properties: + errors: + $ref: '#/components/schemas/error_detail_cause_infos' + result: + type: string + status: + type: string + type: object + IkeCryptoProfilesSet: + description: set of ike crypto profiles + properties: + IkeCryptoProfiles: + description: The ike crypto profile + items: + $ref: '#/components/schemas/IkeCryptoProfiles' + type: array + type: object + IkeGatewaysConfig: + properties: + authentication: + oneOf: + - properties: + pre_shared_key: + properties: + key: + type: string + type: object + title: pre_shared_key + type: object + - properties: + allow_id_payload_mismatch: + type: boolean + certificate_profile: + type: string + local_certificate: + properties: + local_certificate_name: + type: string + type: object + strict_validation_revocation: + type: boolean + use_management_as_source: + type: boolean + title: certificate + type: object + type: object + id: + description: uuid of the resource + example: abcd-1234 + readOnly: true + type: string + local_id: + properties: + id: + description: Local ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[a-zA-Z0-9.-]+)$|^([$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + type: string + type: object + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 63 + type: string + peer_address: + oneOf: + - properties: + ip: + description: peer gateway has static IP address + type: string + title: ip + type: object + - properties: + fqdn: + description: peer gateway FQDN name + maxLength: 255 + type: string + title: fqdn + type: object + - properties: + dynamic: + default: {} + type: object + title: dynamic + type: object + type: object + peer_id: + properties: + id: + description: Peer ID string + maxLength: 1024 + minLength: 1 + pattern: ^(.+\@[\*a-zA-Z0-9.-]+)$|^([\*$a-zA-Z0-9_:.-]+)$|^(([[:xdigit:]][[:xdigit:]])+)$|^([a-zA-Z0-9.]+=(\\,|[^,])+[, + ]+)*([a-zA-Z0-9.]+=(\\,|[^,])+)$ + type: string + type: + enum: + - ipaddr + - keyid + - fqdn + - ufqdn + type: string + type: object + protocol: + properties: + ikev1: + properties: + dpd: + properties: + enable: + type: boolean + type: object + ike_crypto_profile: + type: string + type: object + ikev2: + properties: + dpd: + properties: + enable: + type: boolean + type: object + ike_crypto_profile: + type: string + type: object + version: + default: ikev2-preferred + enum: + - ikev2-preferred + - ikev1 + - ikev2 + type: string + type: object + protocol_common: + properties: + fragmentation: + properties: + enable: + default: false + enum: + - false + type: boolean + type: object + nat_traversal: + properties: + enable: + type: boolean + type: object + passive_mode: + type: boolean + type: object + required: + - name + - authentication + - protocol + - peer_address + type: object + IkeGatewaysNamesSet: + properties: + ike_gateways_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + IpsecCrypto: + properties: + ipsec_crypto_profile: + example: + - ipsec_aruba + - ipsec_aryaka + - ipsec_citrix + - ipsec_riverbed + type: string + type: object + IpsecCryptoProfiles: + properties: + ah: + properties: + authentication: + items: + enum: + - md5 + - sha1 + - sha256 + - sha384 + - sha512 + type: string + type: array + required: + - authentication + type: object + dh_group: + default: group2 + description: phase-2 DH group (PFS DH group) + enum: + - no-pfs + - group1 + - group2 + - group5 + - group14 + - group19 + - group20 + type: string + esp: + properties: + authentication: + description: Authentication algorithm + items: + default: sha1 + type: string + type: array + encryption: + description: Encryption algorithm + items: + default: aes-128-cbc + enum: + - des + - 3des + - aes-128-cbc + - aes-192-cbc + - aes-256-cbc + - aes-128-gcm + - aes-256-gcm + - 'null' + type: string + type: array + required: + - encryption + - authentication + type: object + lifesize: + $ref: '#/components/schemas/Lifesize' + lifetime: + $ref: '#/components/schemas/Lifetime' + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 31 + type: string + required: + - name + - lifetime + type: object + IpsecCryptoProfilesNamesSet: + properties: + ipsec_crypto_profiles_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + IpsecCryptoProfilesResponse: + description: Ipsec Crypto Profiles Response + properties: + errors: + $ref: '#/components/schemas/error_detail_cause_infos' + result: + type: string + status: + type: string + type: object + IpsecCryptoProfilesSet: + description: set of ipsec crypto profiles + properties: + IkeCryptoProfiles: + description: The ipsec crypto profile + items: + $ref: '#/components/schemas/IpsecCryptoProfiles' + type: array + type: object + IpsecTunnel: + properties: + anti_replay: + description: Enable Anti-Replay check on this tunnel + type: boolean + copy_tos: + default: false + description: Copy IP TOS bits from inner packet to IPSec packet (not recommended) + type: boolean + crypto: + oneOf: + - $ref: '#/components/schemas/IpsecCryptoProfiles' + - $ref: '#/components/schemas/IpsecCrypto' + type: object + enable_gre_encapsulation: + default: false + description: allow GRE over IPSec + type: boolean + ike: + $ref: '#/components/schemas/Ike' + tunnel_monitor: + properties: + destination_ip: + default: '' + description: Destination IP to send ICMP probe + type: string + enable: + default: true + description: Enable tunnel monitoring on this tunnel + type: boolean + proxy_id: + description: Which proxy-id (or proxy-id-v6) the monitoring traffic + will use + type: string + type: object + required: + - ike + type: object + Lifesize: + oneOf: + - properties: + kb: + description: specify lifesize in kilobytes(KB) + maximum: 65535 + minimum: 1 + type: integer + title: kb + type: object + - properties: + mb: + description: specify lifesize in megabytes(MB) + maximum: 65535 + minimum: 1 + type: integer + title: mb + type: object + - properties: + gb: + description: specify lifesize in gigabytes(GB) + maximum: 65535 + minimum: 1 + type: integer + title: gb + type: object + - properties: + tb: + description: specify lifesize in terabytes(TB) + maximum: 65535 + minimum: 1 + type: integer + title: tb + type: object + type: object + Lifetime: + oneOf: + - properties: + seconds: + description: specify lifetime in seconds + maximum: 65535 + minimum: 180 + type: integer + title: seconds + type: object + - properties: + minutes: + description: specify lifetime in minutes + maximum: 65535 + minimum: 3 + type: integer + title: minutes + type: object + - properties: + hours: + description: specify lifetime in hours + maximum: 65535 + minimum: 1 + type: integer + title: hours + type: object + - properties: + days: + description: specify lifetime in days + maximum: 365 + minimum: 1 + type: integer + title: days + type: object + type: object + Location: + description: Site Public IP or approximate gps coordinates + properties: + public-ip: + $ref: '#/components/schemas/PublicIp' + region-cordinates: + $ref: '#/components/schemas/RegionCordinates' + type: object + LocationInformationResponse: + description: Location Information Response + properties: + errors: + $ref: '#/components/schemas/error_detail_cause_infos' + result: + $ref: '#/components/schemas/LocationInformationSet' + status: + type: string + type: object + LocationInformationSet: + description: information for a set of locations + properties: + bandwidth_allocations: + $ref: '#/components/schemas/BandwidthAllocationSet' + info_type: + type: string + location_region_info: + $ref: '#/components/schemas/LocationRegionInfoSet' + type: object + LocationRegionInfo: + properties: + compute_location: + description: aggregate compute region + type: string + edge_location: + description: edge location for given lat/long/ip + type: string + location: + $ref: '#/components/schemas/Location' + required: + - location + - compute_location + - edge_location + type: object + LocationRegionInfoSet: + properties: + regions_info: + description: regions mapped info + items: + $ref: '#/components/schemas/LocationRegionInfo' + type: array + required: + - location + type: object + LocationSet: + description: set of locations + properties: + description: + description: optional user description + type: string + locations: + description: locations + items: + $ref: '#/components/schemas/Location' + type: array + type: object + PublicIp: + description: Public IP to detect region + properties: + PublicIp: + description: Public IP to detect region + format: ipv4 + type: string + type: object + RegionCordinates: + description: approximate longitude latitude of the region + properties: + latitude: + description: Approximate Latitude for the site location + type: string + longitude: + description: Approximate Longitude for the site location + type: string + type: object + RemoteNetworksConfiguration: + properties: + ecmp_load_balancing: + default: disable + enum: + - enable + - disable + type: string + ecmp_tunnels: + description: ecmp_tunnels is required when ecmp_load_balancing is enable + items: + properties: + ipsec_tunnel: + type: string + name: + type: string + protocol: + properties: + bgp: + $ref: '#/components/schemas/RemoteNetworksProtocolBgp' + type: object + required: + - name + - ipsec_tunnel + - protocol + type: object + maxLength: 4 + type: array + id: + description: uuid of the resource + example: abcd-1234 + readOnly: true + type: string + inbound_access: + properties: + applications: + items: + properties: + dedicated_ip: + default: false + description: Dedicated IP address for this application + type: boolean + port: + description: Destination port + maximum: 65535 + minimum: 1 + type: integer + private_ip: + description: Private IP address + type: string + protocol: + description: Protocol used by this application + enum: + - TCP + - UDP + type: string + type: object + type: array + enabled: + default: false + description: Enable Inbound Access + type: boolean + public_ip: + default: 5 + enum: + - 5 + - 10 + type: string + snat_enabled: + default: true + description: Enable source NAT + type: boolean + type: object + ipsec_tunnel: + description: ipsec_tunnel is required when ecmp_load_balancing is disable + type: string + license_type: + default: FWAAS-AGGREGATE + description: New customer will only be on aggregate bandwidth licensing + minLength: 1 + type: string + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 63 + type: string + override_spn_name: + default: false + description: Enable/disable the ability to override the remote-network's + spn-name at site level + type: boolean + protocol: + description: setup the protocol when ecmp_load_balancing is disable + properties: + bgp: + $ref: '#/components/schemas/RemoteNetworksProtocolBgp' + bgp_peer: + description: secondary bgp routing as bgp_peer + properties: + local_ip_address: + type: string + peer_ip_address: + type: string + secret: + type: string + type: object + type: object + region: + minLength: 1 + type: string + secondary_ipsec_tunnel: + description: specify secondary ipsec_tunnel if needed + type: string + spn_name: + description: spn-name is needed when license_type is FWAAS-AGGREGATE + type: string + subnets: + items: + type: string + type: array + required: + - name + - region + - license_type + type: object + RemoteNetworksIpsecTunnel: + properties: + bgp: + properties: + bgp_peer: + properties: + local_ip_address: + type: string + peer_ip_address: + type: string + secret: + type: string + type: object + do_not_export_routes: + type: boolean + enable: + type: boolean + local_ip_address: + type: string + originate_default_route: + type: boolean + peer_as: + type: string + peer_ip_address: + type: string + peering_type: + description: 'Exchange Routes: exchange-v4-over-v4 stands for Exchange + IPv4 routes over IPv4 peering. exchange-v4-v6-over-v4 stands for Exchange + both IPv4 and IPv6 routes over IPv4 peering. exchange-v4-over-v4-v6-over-v6 + stands for Exchange IPv4 routes over IPv4 peer and IPv6 route over + IPv6 peer. exchange-v6-over-v6 stands for Exchange IPv6 routes over + IPv6 peering.' + enum: + - exchange-v4-over-v4 + - exchange-v4-v6-over-v4 + - exchange-v4-over-v4-v6-over-v6 + - exchange-v6-over-v6 + type: string + secret: + type: string + summarize_mobile_user_routes: + type: boolean + type: object + ecmp-load-balancing: + $ref: '#/components/schemas/EcmpLoadBalancing' + ipsec-termination-node: + description: ipsec termination node + type: string + name: + description: 'Alphanumeric string begin with letter: [0-9a-zA-Z._-]' + maxLength: 63 + type: string + primary_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + region: + minLength: 5 + type: string + secondary_tunnel: + $ref: '#/components/schemas/IpsecTunnel' + subnets: + items: + type: string + type: array + required: + - name + - region + type: object + RemoteNetworksIpsecTunnelResponse: + properties: + name: + description: rn name + type: string + pre_shared_key: + description: Pre Shared Key for the Ipsec Tunnel + type: string + service_ip: + description: Service Ip for the provisioned remote network tunnel + format: ipv4 + type: string + tunnel_id: + description: tunnel id + type: string + type: object + RemoteNetworksIpsecTunnelResponseSet: + properties: + remote_networks_ipsec_tunnel_response_set: + items: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelResponse' + type: array + type: object + RemoteNetworksIpsecTunnelSet: + properties: + name: + description: provide a name to use as a suffix for bulk operations + type: string + remote_networks_ipsec_tunnels: + items: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnel' + maxItems: 100 + minItems: 1 + type: array + uniqueItems: true + required: + - name + type: object + RemoteNetworksNamesSet: + properties: + remote_networks_names: + items: + type: string + maxItems: 100 + minItems: 0 + type: array + uniqueItems: true + type: object + RemoteNetworksProtocolBgp: + properties: + do_not_export_routes: + type: boolean + enable: + description: To setup bgp protocol, enable need to set as true + type: boolean + local_ip_address: + type: string + originate_default_route: + type: boolean + peer_as: + type: string + peer_ip_address: + type: string + peering_type: + description: 'Exchange Routes: exchange-v4-over-v4 stands for Exchange IPv4 + routes over IPv4 peering. exchange-v4-v6-over-v4 stands for Exchange both + IPv4 and IPv6 routes over IPv4 peering. exchange-v4-over-v4-v6-over-v6 + stands for Exchange IPv4 routes over IPv4 peer and IPv6 route over IPv6 + peer. exchange-v6-over-v6 stands for Exchange IPv6 routes over IPv6 peering.' + enum: + - exchange-v4-over-v4 + - exchange-v4-v6-over-v4 + - exchange-v4-over-v4-v6-over-v6 + - exchange-v6-over-v6 + type: string + secret: + type: string + summarize_mobile_user_routes: + type: boolean + type: object + RemoteNetworksReadResult: + properties: + configuration: + $ref: '#/components/schemas/RemoteNetworksConfiguration' + error: + additionalProperties: true + type: object + name: + type: string + networkDetails: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelResponse' + status: + type: string + required: + - name + type: object + RemoteNetworksResponse: + description: Remote Networks Response + properties: + errors: + $ref: '#/components/schemas/error_detail_cause_infos' + result: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelResponseSet' + status: + type: string + type: object + UuidResponse: + properties: + uuid: + format: uuid + type: string + readOnly: true + type: object + error_detail_cause_info: + properties: + code: + type: string + details: + type: object + help: + type: string + message: + type: string + title: Cause Info + type: object + error_detail_cause_infos: + items: + $ref: '#/components/schemas/error_detail_cause_info' + type: array + generic_error: + properties: + _errors: + $ref: '#/components/schemas/error_detail_cause_infos' + _request_id: + type: string + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: support@paloaltonetworks.com + description: "\nTo create a Remote Network that is part of Prisma Access, Configuration\ + \ Orchestration APIs enable you \nto configure Remote Network tunnels directly.\n\ + \nPrisma Access Configuration Orchestration API\u2019s provide common API interface\ + \ to orchestrate Remote Network tunnels. \nThis API is supported for Prisma Access\ + \ deployments that are managed by both Panorama and Strata Cloud Manager and \n\ + facilitates the onboarding of third-party SD-WAN branches or sites to Prisma Access\ + \ Remote Networks.\n\nThese APIs use the common SASE authentication mechanism\ + \ and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ + \ guide for more information.\n\nThis Open API spec file was created on January\ + \ 23, 2025. To check for a more recent version of this file, see\n[Configuration\ + \ Orchestration APIs on pan.dev](https://pan.dev/sase/api/remote-networks/remote-networks.html).\ + \ \n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ + \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ + \nAll other marks mentioned herein may be trademarks of their respective companies.\n" + title: Configuration Orchestration API + version: '1.0' + x-audience: external-public +openapi: 3.0.3 +paths: + /v1/bandwidth-allocations: + delete: + description: 'Allows you to delete an aggregated bandwidth region. + + ' + operationId: delete-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/Region' + - $ref: '#/components/parameters/SpnName' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete bandwidth region + tags: + - Bandwidth Allocations + get: + description: 'Get the status of aggregated bandwidth regions and allocations, + which includes a list of regions and allocations. + + ' + operationId: get-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: Aggregated bandwidth regions or allocations set. + security: + - Bearer: [] + summary: Status of aggregated bandwidth regions and allocations + tags: + - Bandwidth Allocations + post: + description: 'Allocate aggregated bandwidth for the regions based on location + data. + + ' + operationId: post-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: The aggregated bandwidth region/allocations to be created + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Allocate aggregated bandwidth + tags: + - Bandwidth Allocations + put: + description: 'Modify an aggregated bandwidth regions. + + ' + operationId: put-v1-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: Modify the aggregated bandwidth region or allocations. + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit aggregated bandwidth regions + tags: + - Bandwidth Allocations + /v1/bandwidth-allocations-read: + get: + description: 'Retrieve the bandwidth allocation configurations for a specified + set of regions. + + ' + operationId: get-v1-bandwidth-allocations-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSet' + description: List of bandwidth allocation configurations. + security: + - Bearer: [] + summary: 'Bandwidth allocation configurations list + + ' + tags: + - Bandwidth Allocations + post: + description: 'Create a request to read bandwidth allocation configuration. + + ' + operationId: post-v1-bandwidth-allocations-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationRegionNamesSet' + description: Request to read the list of bandwidth allocation regions. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Read bandwidth allocation configuration + + ' + tags: + - Bandwidth Allocations + /v1/ike-crypto-profiles: + delete: + description: "Delete an IKE Crypto Profiles. \n" + operationId: delete-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: IKE Crypto Profile name. + in: query + name: name + required: true + schema: + type: string + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete IKE Crypto Profiles + tags: + - IKE Crypto Profiles + get: + description: "Provides a status of Internet Key Exchange(IKE) Crypto Profiles\ + \ created along with the UUID. \n" + operationId: get-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfilesResponse' + description: Status of the created IKE Crypto Profiles. + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Get IKE crypto profile + tags: + - IKE Crypto Profiles + post: + description: "Create an IKE Crypto Profiles. \n" + operationId: post-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfiles' + description: Create the IKE Crypto Profile. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IKE Crypto Profile + tags: + - IKE Crypto Profiles + put: + description: "Edit an IKE Crypto Profiles. \n" + operationId: put-v1-ike-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfiles' + description: Edit the IKE Crypto Profile. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit IKE Crypto Profile + tags: + - IKE Crypto Profiles + /v1/ike-crypto-profiles-read: + get: + description: 'Read the list of IKE Crypto Profiles. + + ' + operationId: get-v1-ike-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + $ref: '#/components/schemas/IkeCryptoProfilesSet' + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of IKE Crypto Profiles configurations. + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Read IKE Crypto Profiles list + tags: + - IKE Crypto Profiles + post: + description: 'Create a request to read the list of IKE Crypto Profiles. + + ' + operationId: post-v1-ike-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeCryptoProfilesNamesSet' + description: Read the list of IKE Crypto Profiles. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create a request to read IKE Crypto Profiles + tags: + - IKE Crypto Profiles + /v1/ike-gateways-read: + get: + description: 'Retrieve the list of IKE gateway configurations for the specified + UUID. + + ' + operationId: get-v1-ike-gateways-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + allOf: + - items: + $ref: '#/components/schemas/IkeGatewaysConfig' + type: array + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of ike gateways configurations + security: + - Bearer: [] + summary: IKE gateway configurations by UUID + tags: + - IKE Gateway + post: + description: 'Request to read the remote network IKE gateways for the specified + IKE gateway names. + + ' + operationId: post-v1-ike-gateways-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IkeGatewaysNamesSet' + description: Read the list of IKE gateways. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Read IKE gateways for specified names + tags: + - IKE Gateway + /v1/ipsec-crypto-profiles: + delete: + description: 'Delete an IPSec crypto profile. + + ' + operationId: delete-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: IPSEC Crypto Profile name. + in: query + name: name + required: true + schema: + type: string + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete IPSec crypto profile + tags: + - IPSec Crypto Profiles + get: + description: 'Lists the status of IPSec Crypto Profiles. Shows results of create, + modify, and delete actions with their associated UUIDs. + + Users can perform these actions and then use this GET request to verify the + status by referencing the UUID received during the initial action. + + ' + operationId: get-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfilesResponse' + description: Status of the created IPSEC Crypto Profiles. + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: IPSec crypto profiles list + tags: + - IPSec Crypto Profiles + post: + description: 'Create an IPSec crypto profile. + + ' + operationId: post-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfiles' + description: Create the IPSEC Crypto Profile. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IPSec crypto profile + tags: + - IPSec Crypto Profiles + put: + description: 'Edit an IPSec crypto profile. + + ' + operationId: put-v1-ipsec-crypto-profiles + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfiles' + description: Edit The IPSEC Crypto Profile. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Modify IPSec Crypto Profile + tags: + - IPSec Crypto Profiles + /v1/ipsec-crypto-profiles-read: + get: + description: "You can read a list of Internet Protocol Security (IPSec) crypto\ + \ profiles configurations that are created. \n" + operationId: get-v1-ipsec-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + properties: + data: + $ref: '#/components/schemas/IpsecCryptoProfilesSet' + limit: + default: 200 + type: number + offset: + default: 0 + type: number + total: + type: number + type: object + description: List of IPSEC Crypto Profiles configurations. + '400': + $ref: '#/components/responses/bad_request_errors_basic' + '401': + $ref: '#/components/responses/auth_errors' + '403': + $ref: '#/components/responses/access_errors' + '404': + $ref: '#/components/responses/not_found' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Read IPSec Crypto Profiles configuration list + tags: + - IPSec Crypto Profiles + post: + description: 'Create a request to read a list IPSec Crypto Profile. + + ' + operationId: post-v1-ipsec-crypto-profiles-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/IpsecCryptoProfilesNamesSet' + description: Read the list of IPSEC Crypto Profiles. + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create a request to read IPSec Crypto Profile + tags: + - IPSec Crypto Profiles + /v1/location-informations: + get: + description: 'Get the location information status of the given request ID. + + ' + operationId: get-v1-location-informations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/LocationInformationResponse' + description: List of location mapped information and configurations. + security: + - Bearer: [] + summary: Get status for the request ID + tags: + - Location Information + post: + description: Retrieve location-mapped information or configuration through a + POST request and returns the request ID. + operationId: post-v1-location-informations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/LocationInfoType' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/LocationSet' + description: List of location information. + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: 'Get location-mapped information + + ' + tags: + - Location Information + /v1/remote-networks: + delete: + description: 'Allows you to delete the set of IPSec tunnels. + + ' + operationId: delete-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + - description: remote networks prefix for bulk deletion + in: query + name: remote_networks_prefix + required: true + schema: + type: string + - $ref: '#/components/parameters/RemoteNetworksNames' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Bulk delete IPSec tunnels + tags: + - Remote Networks + get: + description: 'Get remote networks IPSec tunnel details for create, modify, or + delete by ID. + + ' + operationId: get-v1-remote-networks + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksResponse' + description: Remote networks IPSEC tunnel details. + security: + - Bearer: [] + summary: Get IPSec tunnel details + tags: + - Remote Networks + post: + description: 'Create remote network IPSec tunnels. + + ' + operationId: post-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelSet' + description: Create the remote network IPSEC tunnels. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Create IPSec tunnels + tags: + - Remote Networks + put: + description: 'Modify remote network IPSec tunnels. + + ' + operationId: put-v1-remote-networks + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksIpsecTunnelSet' + description: Modify the remote network IPSEC tunnels. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Modify IPSec tunnels + tags: + - Remote Networks + /v1/remote-networks-read: + get: + description: 'Read the remote networks IPSec tunnel status by UUID. + + ' + operationId: get-v1-remote-networks-read + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksReadResult' + description: Get the remote networks IPSEC tunnel status by UUID. + security: + - Bearer: [] + summary: Read IPSec tunnel details + tags: + - Remote Networks + post: + description: 'Create a request to read remote network IPSec tunnels. + + ' + operationId: post-v1-remote-networks-read + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemoteNetworksNamesSet' + description: Request to read remote networks IPSEC tunnels. + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Request to read IPSec tunnels + tags: + - Remote Networks + /v2/bandwidth-allocations: + delete: + description: 'Delete an aggregated bandwidth region. + + ' + operationId: delete-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + - $ref: '#/components/parameters/Region' + - $ref: '#/components/parameters/SpnName' + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Delete an aggregated bandwidth region + tags: + - Bandwidth Allocations + get: + description: 'Get an aggregated bandwidth regions based on the location data. + + ' + operationId: get-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/uuid' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: Status for the given IS + security: + - Bearer: [] + summary: Get an aggregated bandwidth regions + tags: + - Bandwidth Allocations + post: + description: 'Status for the given request ID. + + ' + operationId: post-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: The aggregated bandwidth region you want to create. + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Request ID status + tags: + - Bandwidth Allocations + put: + description: 'Modify aggregated bandwidth regions. + + ' + operationId: put-v2-bandwidth-allocations + parameters: + - $ref: '#/components/parameters/SubTenantName' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/BandwidthAllocationSetV2' + description: The aggregated bandwidth region you want to create. + required: true + responses: + '202': + content: + application/json: + schema: + $ref: '#/components/schemas/UuidResponse' + description: Successful operation + '400': + $ref: '#/components/responses/bad_request_errors_basic_with_body' + default: + $ref: '#/components/responses/default_errors' + security: + - Bearer: [] + summary: Edit aggregated bandwidth regions + tags: + - Bandwidth Allocations +servers: +- url: https://api.sase.paloaltonetworks.com +tags: +- description: 'IPSec Crypto Profiles. + + ' + name: Internet Protocol Security Crypto Profiles +- description: 'IKE Crypto Profiles. + + ' + name: Internet Key Exchange Crypto Profiles +- description: 'Allocation of the bandwidth. + + ' + name: Bandwidth allocations +- description: "Information on the location. \n" + name: Location Information +- description: 'Status of the Remote Networks. + + ' + name: Remote Network Status +- description: 'IKE gateways + + ' + name: Internet Key Exchange Gateways diff --git a/products/sase/api/config-orch/api-workflow.md b/products/sase/api/config-orch/api-workflow.md new file mode 100644 index 000000000..c8f00a592 --- /dev/null +++ b/products/sase/api/config-orch/api-workflow.md @@ -0,0 +1,500 @@ +--- +id: api-workflow +title: API Workflow +sidebar_label: API Workflow for Configuration Orchestration +slug: /sase/api/api-workflow +keywords: + - SASE + - Reference + - API +--- + +The purpose of this topic is to guide users on how to interact with the APIs step-by-step to accomplish specific tasks or goals. This includes detailing the sequence of API calls required, inputs needed, expected outputs, and any prerequisites or dependencies. + +This workflow is designed to ensure clarity and simplicity, making it easier for first-time users and experienced developers to integrate the APIs effectively. + +### 1. Create Location Information +**Step**: Use the `/v1/location-informations` endpoint to submit longitude and latitude. This retrieves the most accurate location data required for the setup. + +**API Reference**: [Location Information](/sase/api/config-orch/post-v-1-location-informations/) + +**Code Snippet (Example using cURL)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/location-informations' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +-d '{ + "description": "string", + "locations": [ + { + "public-ip": { + "PublicIp": "198.51.100.42" + }, + "region-cordinates": { + "latitude": "string", + "longitude": "string" + } + } + ] + +``` + +**Response**: +- **Status Code**: `200 (Success)` +- **Body**: +```json +{ + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" +} +``` + +### 2. Allocate Bandwidth +**Step**: Use the `[bandwidth allocations](/sase/api/config-orch/post-v-1-bandwidth-allocations/) endpoint to define and allocate the necessary bandwidth. + +**Code Snippet (Example using cURL)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/bandwidth-allocations' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +-d '{ + "bandwidth_allocations": [ + { + "bandwidth": "string", + "compute_location": "string", + "edge_location": "string", + "ipsec_node_list": [ + "string" + ], + "location": { + "public-ip": { + "PublicIp": "198.51.100.42" + }, + "region-cordinates": { + "latitude": "string", + "longitude": "string" + } + } + } + ] +}' +``` + +**Response**: +- **Status Code**: `200 (Success)` +- **Body**: +```json +{ + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" +} +``` + +### 3. Set Up Crypto Profiles +**Step**: Configure the required cryptographic profiles: +- Use [IKE Crypto Profiles](/sase/api/config-orch/post-v-1-ike-crypto-profiles/) to create an IKE crypto profile. +- Use [IPSec Crypto Profiles](/sase/api/config-orch/post-v-1-ipsec-crypto-profiles/) to create an IPSec crypto profile. + +**Code Snippet (Example using cURL for IKE Crypto Profiles)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/ike-crypto-profiles' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +-d '{ + "authentication_multiple": 0, + "dh_group": [ + "group2" + ], + "encryption": [ + "aes-128-cbc" + ], + "hash": [ + "sha1" + ], + "lifetime": { + "seconds": 0 + }, + "name": "string" +}' +``` + +**Response**: +- **Status Code**: `200 (Success)` +```json +{ + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" +} +``` +**Code Snippet (Example using cURL for IPSec Crypto Profiles)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/ipsec-crypto-profiles' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +-d '{ + "ah": { + "authentication": [ + "md5" + ] + }, + "dh_group": "group2", + "esp": { + "authentication": [ + "sha1" + ], + "encryption": [ + "aes-128-cbc" + ] + }, + "lifesize": { + "kb": 0 + }, + "lifetime": { + "seconds": 0 + }, + "name": "string" +}' +``` + +**Response**: +- **Status Code**: `200 (Success)` +```json + { + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" + } +``` + +### 4. Create the Remote Network +**Step**: Once the prerequisites are complete, use the [create remote networks](/sase/api/config-orch/post-v-1-remote-networks/) endpoint to create and deploy the remote network. + +**Code Snippet (Example using cURL)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/remote-networks' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +-d '{ + "name": "string", + "remote_networks_ipsec_tunnels": [ + { + "bgp": { + "bgp_peer": { + "local_ip_address": "string", + "peer_ip_address": "string", + "secret": "string" + }, + "do_not_export_routes": true, + "enable": true, + "local_ip_address": "string", + "originate_default_route": true, + "peer_as": "string", + "peer_ip_address": "string", + "peering_type": "exchange-v4-over-v4", + "secret": "string", + "summarize_mobile_user_routes": true + }, + "ecmp-load-balancing": { + "ecmp_load_balancing_enabled": "disable", + "ecmp_tunnels": [ + { + "bgp": { + "do_not_export_routes": true, + "enable": true, + "local_ip_address": "string", + "originate_default_route": true, + "peer_as": "string", + "peer_ip_address": "string", + "peering_type": "exchange-v4-over-v4", + "secret": "string", + "summarize_mobile_user_routes": true + }, + "ipsec_tunnel": { + "anti_replay": true, + "copy_tos": false, + "crypto": { + "ah": { + "authentication": [ + "md5" + ] + }, + "dh_group": "group2", + "esp": { + "authentication": [ + "sha1" + ], + "encryption": [ + "aes-128-cbc" + ] + }, + "lifesize": { + "kb": 0 + }, + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "enable_gre_encapsulation": false, + "ike": { + "advanced": { + "fragmentation": { + "enable": false + }, + "nat_traversal": { + "enable": true + }, + "passive_mode": true + }, + "authentication": { + "pre_shared_key_auth": "string" + }, + "crypto": { + "authentication_multiple": 0, + "dh_group": [ + "group2" + ], + "encryption": [ + "aes-128-cbc" + ], + "hash": [ + "sha1" + ], + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "local_id": { + "id": "string", + "type": "string" + }, + "peer_address": { + "ip": "string" + }, + "peer_id": { + "id": "string", + "type": "ipaddr" + }, + "version": "ikev1" + }, + "tunnel_monitor": { + "destination_ip": "string", + "enable": true, + "proxy_id": "string" + } + }, + "name": "string" + } + ] + }, + "ipsec-termination-node": "string", + "name": "string", + "primary_tunnel": { + "anti_replay": true, + "copy_tos": false, + "crypto": { + "ah": { + "authentication": [ + "md5" + ] + }, + "dh_group": "group2", + "esp": { + "authentication": [ + "sha1" + ], + "encryption": [ + "aes-128-cbc" + ] + }, + "lifesize": { + "kb": 0 + }, + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "enable_gre_encapsulation": false, + "ike": { + "advanced": { + "fragmentation": { + "enable": false + }, + "nat_traversal": { + "enable": true + }, + "passive_mode": true + }, + "authentication": { + "pre_shared_key_auth": "string" + }, + "crypto": { + "authentication_multiple": 0, + "dh_group": [ + "group2" + ], + "encryption": [ + "aes-128-cbc" + ], + "hash": [ + "sha1" + ], + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "local_id": { + "id": "string", + "type": "string" + }, + "peer_address": { + "ip": "string" + }, + "peer_id": { + "id": "string", + "type": "ipaddr" + }, + "version": "ikev1" + }, + "tunnel_monitor": { + "destination_ip": "string", + "enable": true, + "proxy_id": "string" + } + }, + "region": "string", + "secondary_tunnel": { + "anti_replay": true, + "copy_tos": false, + "crypto": { + "ah": { + "authentication": [ + "md5" + ] + }, + "dh_group": "group2", + "esp": { + "authentication": [ + "sha1" + ], + "encryption": [ + "aes-128-cbc" + ] + }, + "lifesize": { + "kb": 0 + }, + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "enable_gre_encapsulation": false, + "ike": { + "advanced": { + "fragmentation": { + "enable": false + }, + "nat_traversal": { + "enable": true + }, + "passive_mode": true + }, + "authentication": { + "pre_shared_key_auth": "string" + }, + "crypto": { + "authentication_multiple": 0, + "dh_group": [ + "group2" + ], + "encryption": [ + "aes-128-cbc" + ], + "hash": [ + "sha1" + ], + "lifetime": { + "seconds": 0 + }, + "name": "string" + }, + "local_id": { + "id": "string", + "type": "string" + }, + "peer_address": { + "ip": "string" + }, + "peer_id": { + "id": "string", + "type": "ipaddr" + }, + "version": "ikev1" + }, + "tunnel_monitor": { + "destination_ip": "string", + "enable": true, + "proxy_id": "string" + } + }, + "subnets": [ + "string" + ] + } + ] +}' +``` + +**Response**: +- **Status Code**: `200 (Success)` +- **Body**: +```json +{ + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" +} +``` + +### 4. Get Service IP and network details +**Step**: Once remote network is created, use the [get IPSec details](/sase/api/config-orch/get-v-1-remote-networks/) endpoint to get Service IP and network details to form tunnels. + +**Code Snippet (Example using cURL)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/remote-networks' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' + +**Response**: +- **Status Code**: `200 (Success)` +- **Body**: +```json +{ + "errors": [ + { + "code": "string", + "details": {}, + "help": "string", + "message": "string" + } + ], + "result": { + "remote_networks_ipsec_tunnel_response_set": [ + { + "name": "branch-office-2", + "pre_shared_key": "anotherSecureKey456!", + "service_ip": "198.51.100.42", + "tunnel_id": "tn-0987654321fedcba" + } + ] + }, + "status": "string" +} +``` + + + + +For actions such as editing or deleting a remote network, refer to the relevant API References [here](/sase/api/config-orch/). \ No newline at end of file diff --git a/products/sase/api/config-orch/introduction.md b/products/sase/api/config-orch/introduction.md new file mode 100644 index 000000000..cd95a49b1 --- /dev/null +++ b/products/sase/api/config-orch/introduction.md @@ -0,0 +1,23 @@ +--- +id: introduction +title: Prisma Access Configuration Orchestration API +sidebar_label: Configuration Orchestration API +slug: /sase/api/introduction +keywords: + - SASE + - Reference + - API +--- + +To create Remote Network firewall which is part of Prisma Access, Configuration Orchestration APIs allows you to directly configure Remote Network tunnels. + +For example, +SD-WAN OEM vendor is looking to integrate their SD-WAN solution with our cloud security services to simplify the onboarding process for their customers' SD-WAN branches. However, they encounter the following challenges: + +**Different APIs for Panorama and Strata Cloud Manager:** An organization has to work with different APIs for our various management platforms. This not only doubles their integration efforts but also introduces additional complexity for their end customers. + +**Security and Accessibility Concerns:** For on-premises deployments, customers are required to configure their edge firewalls to allow traffic to Panorama. This is perceived as a security risk and is also a cumbersome requirement for their customers. + +To solve these problems, Configuration Orchestration APIs allow you to configure Remote Network Tunnel across Panorama managed and Strata Cloud Manager managed Prisma Access, streamlining the integration process and enhancing security and accessibility. + +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. \ No newline at end of file diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index d9547b789..431308dbd 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -303,6 +303,11 @@ module.exports = { "sase/api/mt-interconnect/mt-interconnect", require("./api/mt-interconnect/sidebar"), ], + configorch: [ + "sase/api/config-orch/introduction", + "sase/api/config-orch/api-workflow", + require("./api/config-orch/sidebar"), + ], securityposture: [ "sase/api/sspm/sspm-introduction", "sase/api/sspm/sspm-api-workflow", From f50abe3414b16907232b92e2a063ca0e66648ce7 Mon Sep 17 00:00:00 2001 From: sra Date: Fri, 24 Jan 2025 12:27:52 +0530 Subject: [PATCH 2/6] DOCS-5564 Local server builds --- docusaurus.config.ts | 2 +- .../sase/config-orch/paloaltonetworks-Remote_Networks.yaml | 4 ++-- products/sase/api/config-orch/api-workflow.md | 6 ++---- products/sase/docs/home.mdx | 1 + products/sase/docs/release-notes/changelog.md | 3 +++ 5 files changed, 9 insertions(+), 7 deletions(-) diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 093f089b6..bdc57f9a6 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -486,7 +486,7 @@ const config = { icon: "api-doc", }, { - to: "sase/api/config-orch", + to: "/sase/api/introduction", label: "Prisma Access Configuration Orchestration", icon: "api-doc", }, diff --git a/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml b/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml index 7d2c604fb..48b6053c4 100644 --- a/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml +++ b/openapi-specs/sase/config-orch/paloaltonetworks-Remote_Networks.yaml @@ -1260,9 +1260,9 @@ info: \ Remote Networks.\n\nThese APIs use the common SASE authentication mechanism\ \ and base URL. See the\n[Prisma SASE API Get Started](https://pan.dev/sase/docs/getstarted)\ \ guide for more information.\n\nThis Open API spec file was created on January\ - \ 23, 2025. To check for a more recent version of this file, see\n[Configuration\ + \ 24, 2025. To check for a more recent version of this file, see\n[Configuration\ \ Orchestration APIs on pan.dev](https://pan.dev/sase/api/remote-networks/remote-networks.html).\ - \ \n\n\xA9 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ + \ \n\n\xA9 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark\ \ of Palo\nAlto Networks. A list of our trademarks can be found at\n\n[https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html)\n\ \nAll other marks mentioned herein may be trademarks of their respective companies.\n" title: Configuration Orchestration API diff --git a/products/sase/api/config-orch/api-workflow.md b/products/sase/api/config-orch/api-workflow.md index c8f00a592..5ee15aef4 100644 --- a/products/sase/api/config-orch/api-workflow.md +++ b/products/sase/api/config-orch/api-workflow.md @@ -14,10 +14,8 @@ The purpose of this topic is to guide users on how to interact with the APIs ste This workflow is designed to ensure clarity and simplicity, making it easier for first-time users and experienced developers to integrate the APIs effectively. ### 1. Create Location Information -**Step**: Use the `/v1/location-informations` endpoint to submit longitude and latitude. This retrieves the most accurate location data required for the setup. - -**API Reference**: [Location Information](/sase/api/config-orch/post-v-1-location-informations/) - +**Step**: Use the [`/v1/location-informations`](/sase/api/config-orch/post-v-1-location-informations/)) endpoint to submit longitude and latitude. This retrieves the most accurate location data required for the setup. + **Code Snippet (Example using cURL)**: ```bash curl -L 'https://api.sase.paloaltonetworks.com/v1/location-informations' \ diff --git a/products/sase/docs/home.mdx b/products/sase/docs/home.mdx index 156cecc8c..c77a6a62d 100644 --- a/products/sase/docs/home.mdx +++ b/products/sase/docs/home.mdx @@ -32,6 +32,7 @@ Currently, Prisma SASE offers the following APIs: - [Prisma Access Insights](/access/docs/insights) - [Prisma Access Browser](/access/api/browser-mgmt/browser-mgmt-api/) - [SaaS Security Posture Management](/sase/api/sspm/) +- [Prisma Access Configuration Orchestration](/sase/api/introduction) Most of these APIs use a common authentication mechanism and base URL. See [Get Started](/sase/docs/getstarted) for details. diff --git a/products/sase/docs/release-notes/changelog.md b/products/sase/docs/release-notes/changelog.md index 82c2850fb..b2e403592 100644 --- a/products/sase/docs/release-notes/changelog.md +++ b/products/sase/docs/release-notes/changelog.md @@ -13,6 +13,9 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Jan 29th, 2025 | Added [Prisma Access Configuration Orchestration](/sase/api/introduction/). +| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/browser-mgmt-api/). + | Jan 9th, 2025 | Added [SaaS Security Posture Management](/sase/api/sspm/). | Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/browser-mgmt-api/). | | Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | From 76572ed8761ba599f5c655f17ce7799d613a0cb1 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 29 Jan 2025 12:07:27 +0530 Subject: [PATCH 3/6] DOCS-5564 updated the changelog --- products/sase/docs/release-notes/changelog.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/products/sase/docs/release-notes/changelog.md b/products/sase/docs/release-notes/changelog.md index b2e403592..42689eae3 100644 --- a/products/sase/docs/release-notes/changelog.md +++ b/products/sase/docs/release-notes/changelog.md @@ -13,11 +13,9 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Jan 29th, 2025 | Added [Prisma Access Configuration Orchestration](/sase/api/introduction/). -| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/browser-mgmt-api/). - +| Oct 18, 2024 | Added [Prisma Access Configuration Orchestration APIs](/sase/api/introduction/). | Jan 9th, 2025 | Added [SaaS Security Posture Management](/sase/api/sspm/). -| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/browser-mgmt-api/). | +| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/). | | Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | | July 22, 2024 | Added [Multitenant Interconnect APIs](/sase/api/mt-interconnect/). | | April 15, 2024 | Added [Multitenant Notification APIs](/sase/api/mt-notifications/). | From afad76650c21cc5268c2f7a6249db9e94a9443c6 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 5 Feb 2025 11:12:44 +0530 Subject: [PATCH 4/6] DOCS-5564 Added 1b step under api workflow for location information --- products/sase/api/config-orch/api-workflow.md | 75 ++++++++++++++++++- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/products/sase/api/config-orch/api-workflow.md b/products/sase/api/config-orch/api-workflow.md index 5ee15aef4..512bec03e 100644 --- a/products/sase/api/config-orch/api-workflow.md +++ b/products/sase/api/config-orch/api-workflow.md @@ -13,9 +13,9 @@ The purpose of this topic is to guide users on how to interact with the APIs ste This workflow is designed to ensure clarity and simplicity, making it easier for first-time users and experienced developers to integrate the APIs effectively. -### 1. Create Location Information +### 1 a. Get Location-mapped Information **Step**: Use the [`/v1/location-informations`](/sase/api/config-orch/post-v-1-location-informations/)) endpoint to submit longitude and latitude. This retrieves the most accurate location data required for the setup. - + **Code Snippet (Example using cURL)**: ```bash curl -L 'https://api.sase.paloaltonetworks.com/v1/location-informations' \ @@ -47,6 +47,77 @@ curl -L 'https://api.sase.paloaltonetworks.com/v1/location-informations' \ } ``` +### 1 b. Get status for the request ID +**Step**: Use the [`/v1/location-informations`](/sase/api/config-orch/post-v-1-location-informations/) endpoint to get the location information status for the request ID (UUID). This retrieves the location information status of the given request ID. + +**Code Snippet (Example using cURL)**: +```bash +curl -L 'https://api.sase.paloaltonetworks.com/v1/location-informations' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' +``` + +**Response**: +- **Status Code**: `200 (Success)` +- **Body**: +```json +{ + "errors": [ + { + "code": "string", + "details": {}, + "help": "string", + "message": "string" + } + ], + "result": { + "bandwidth_allocations": { + "bandwidth_allocations": [ + { + "bandwidth": "string", + "compute_location": "string", + "edge_location": "string", + "ipsec_node_list": [ + "string" + ], + "location": { + "public-ip": { + "PublicIp": "198.51.100.42" + }, + "region-cordinates": { + "latitude": "string", + "longitude": "string" + } + } + } + ], + "uuid": { + "uuid": "3fa85f64-5717-4562-b3fc-2c963f66afa6" + } + }, + "info_type": "string", + "location_region_info": { + "regions_info": [ + { + "compute_location": "string", + "edge_location": "string", + "location": { + "public-ip": { + "PublicIp": "198.51.100.42" + }, + "region-cordinates": { + "latitude": "string", + "longitude": "string" + } + } + } + ] + } + }, + "status": "string" +} +``` + ### 2. Allocate Bandwidth **Step**: Use the `[bandwidth allocations](/sase/api/config-orch/post-v-1-bandwidth-allocations/) endpoint to define and allocate the necessary bandwidth. From 61e871a059030fd5074a82af78d1319b333d4b77 Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 6 Feb 2025 09:32:13 +0530 Subject: [PATCH 5/6] DOCS-5564 Updated content in intro.md as per the feedback. --- products/sase/api/config-orch/introduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/products/sase/api/config-orch/introduction.md b/products/sase/api/config-orch/introduction.md index cd95a49b1..51574d4bd 100644 --- a/products/sase/api/config-orch/introduction.md +++ b/products/sase/api/config-orch/introduction.md @@ -18,6 +18,6 @@ SD-WAN OEM vendor is looking to integrate their SD-WAN solution with our cloud s **Security and Accessibility Concerns:** For on-premises deployments, customers are required to configure their edge firewalls to allow traffic to Panorama. This is perceived as a security risk and is also a cumbersome requirement for their customers. -To solve these problems, Configuration Orchestration APIs allow you to configure Remote Network Tunnel across Panorama managed and Strata Cloud Manager managed Prisma Access, streamlining the integration process and enhancing security and accessibility. +To solve these problems, Configuration Orchestration API enables our customers and partners to integrate third party SD-WAN products with Prisma Access to offer Cloud security services over their SD-WAN solution. This API is supported across both Panorama or Strata Cloud Management managed Prisma Access and makes it easier to automate onboarding of third party SD-WAN branches to Prisma Access Remote Networks. These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. \ No newline at end of file From 4ded30e861720f759b0691ea3881be2b47a0a9a0 Mon Sep 17 00:00:00 2001 From: svc-techpubs-tools Date: Thu, 6 Feb 2025 13:56:44 -0800 Subject: [PATCH 6/6] DOCS-5564: Fixed changelog. Added orchestration APIs to SCM home page --- products/sase/docs/release-notes/changelog.md | 12 ++++++------ products/scm/docs/release-notes/changelog.md | 9 +++++---- src/pages/strata-cloud-manager/index.js | 5 +++++ 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/products/sase/docs/release-notes/changelog.md b/products/sase/docs/release-notes/changelog.md index 42689eae3..b728087c6 100644 --- a/products/sase/docs/release-notes/changelog.md +++ b/products/sase/docs/release-notes/changelog.md @@ -13,12 +13,12 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Oct 18, 2024 | Added [Prisma Access Configuration Orchestration APIs](/sase/api/introduction/). -| Jan 9th, 2025 | Added [SaaS Security Posture Management](/sase/api/sspm/). -| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/). | -| Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | -| July 22, 2024 | Added [Multitenant Interconnect APIs](/sase/api/mt-interconnect/). | -| April 15, 2024 | Added [Multitenant Notification APIs](/sase/api/mt-notifications/). | +| Feb 6, 2025 | Added [Prisma Access Configuration Orchestration APIs](/sase/api/introduction/). | +| Jan 9th, 2025 | Added [SaaS Security Posture Management APIs](/sase/api/sspm/). | +| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/). | +| Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | +| July 22, 2024 | Added [Multitenant Interconnect APIs](/sase/api/mt-interconnect/). | +| April 15, 2024 | Added [Multitenant Notification APIs](/sase/api/mt-notifications/). | | September 28, 2023 | Added [Autonomous DEM APIs](/access/docs/adem) and [ADEM API Examples](/access/docs/adem/examples/application-performance/mu-experience-score-for-an-app/). | | May 16, 2023 | Added [Custom Roles](/sase/api/iam/custom-roles/) and [Permission Sets](/sase/api/iam/permission-sets/) to the Identity and Access Management APIs. | | April 26, 2023 | Added [ZTNA Connector APIs](/sase/docs/release-notes/release-notes/#april-2023) and miscellanous other changes. | diff --git a/products/scm/docs/release-notes/changelog.md b/products/scm/docs/release-notes/changelog.md index 0378406a1..2905e97c5 100644 --- a/products/scm/docs/release-notes/changelog.md +++ b/products/scm/docs/release-notes/changelog.md @@ -12,12 +12,13 @@ keywords: | Date | Description | | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Feb 6, 2025 | Added [Prisma Access Configuration Orchestration APIs](/sase/api/introduction/). | | Jan 9th, 2025 | Added [SaaS Security Posture Management APIs](/sase/api/sspm/). | Nov 15, 2024 | Added Strata Cloud Manager configuration APIs, along with a [Strata Cloud Manager landing page](/strata-cloud-manager/). See the [release notes](/scm/docs/release-notes/november2024) for more information. | -| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/). | -| Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | -| July 22, 2024 | Added [Multitenant Interconnect APIs](/sase/api/mt-interconnect/). | -| April 15, 2024 | Added [Multitenant Notification APIs](/sase/api/mt-notifications/). | +| Oct 18, 2024 | Added [Prisma Access Browser APIs](/access/api/browser-mgmt/). | +| Oct 11, 2024 | Added additional [Aggregate Monitoring APIs](/sase/api/mt-monitor/). | +| July 22, 2024 | Added [Multitenant Interconnect APIs](/sase/api/mt-interconnect/). | +| April 15, 2024 | Added [Multitenant Notification APIs](/sase/api/mt-notifications/). | | September 28, 2023 | Added [Autonomous DEM APIs](/access/docs/adem) and [ADEM API Examples](/access/docs/adem/examples/application-performance/mu-experience-score-for-an-app/). | | May 16, 2023 | Added [Custom Roles](/sase/api/iam/custom-roles/) and [Permission Sets](/sase/api/iam/permission-sets/) to the Identity and Access Management APIs. | | April 26, 2023 | Added [ZTNA Connector APIs](/sase/docs/release-notes/release-notes/#april-2023) and miscellanous other changes. | diff --git a/src/pages/strata-cloud-manager/index.js b/src/pages/strata-cloud-manager/index.js index 348335693..8415012af 100644 --- a/src/pages/strata-cloud-manager/index.js +++ b/src/pages/strata-cloud-manager/index.js @@ -186,6 +186,11 @@ export default function SCMLandingPage() { label: "Prisma Access Browser", icon: "api-doc", }, + { + to: "/sase/api/introduction/", + label: "Prisma Access Configuration Orchestration", + icon: "api-doc", + }, { to: "/sase/api/sspm/", label: "SaaS Security Posture Management",