pan.dev icon indicating copy to clipboard operation
pan.dev copied to clipboard
verified publisher icon PaloAltoNetworks

Issue/Help with "Create remote networks"

Open cdot65 opened this issue 3 years ago • 1 comments

Documentation link

Creating Remote Networks

Describe the problem

Inaccurate schema, bgp-peer resides at the root level of the payload, not nested within protocol

Documentation Schema

{
  "ecmp_load_balancing": "disable",
  "ecmp_tunnels": [
    {
      "do_not_export_routes": true,
      "ipsec_tunnel": "string",
      "local_ip_address": "string",
      "name": "string",
      "originate_default_route": true,
      "peer_as": "string",
      "peer_ip_address": "string",
      "peering_type": "exchange-v4-over-v4",
      "secret": "string",
      "summarize_mobile_user_routes": true
    }
  ],
  "ipsec_tunnel": "string",
  "license_type": "FWAAS-AGGREGATE",
  "name": "string",
  "protocol": {
    "bgp": {
      "do_not_export_routes": true,
      "enable": true,
      "local_ip_address": "string",
      "originate_default_route": true,
      "peer_as": "string",
      "peer_ip_address": "string",
      "peering_type": "exchange-v4-over-v4",
      "secret": "string",
      "summarize_mobile_user_routes": true
    },
    "bgp_peer": {
      "local_ip_address": "string",
      "peer_ip_address": "string",
      "secret": "string"
    }
  },
  "region": "string",
  "secondary_ipsec_tunnel": "string",
  "spn_name": "string",
  "subnets": [
    "string"
  ]
}

Actual Schema

{
    "@name": "GUI Test",
    "@uuid": "716ecc8a-7662-4825-a5bd-5a62ecf83569",
    "license-type": "FWAAS-AGGREGATE",
    "secondary-wan-enabled": "yes",
    "region": "us-south",
    "spn-name": "us-south-raspberry",
    "ecmp-load-balancing": "disabled",
    "ipsec-tunnel": "GUI-Test-Tunnel",
    "bgp-peer": {
        "same-as-primary": "yes",
        "peer-ip-address": "192.168.1.2",
        "local-ip-address": "192.168.1.1",
        "secret": "-AQ==+F8ptFHmuHl2N7t7GhLndoipWxI=omWBwMOx2xCzmJ1As2z9tcWiCg0H8EkM6OkXlsggFSM="
    },
    "protocol": {
        "bgp": {
            "enable": "yes",
            "originate-default-route": "yes",
            "summarize-mobile-user-routes": "yes",
            "peer-ip-address": "192.168.1.2",
            "peer-as": "65002",
            "local-ip-address": "192.168.1.1",
            "secret": "-AQ==+F8ptFHmuHl2N7t7GhLndoipWxI=omWBwMOx2xCzmJ1As2z9tcWiCg0H8EkM6OkXlsggFSM="
        }
    },
    "secondary-ipsec-tunnel": "GUI-Test-Tunnel2"
}

Suggested fix

Move the bgp-peer key/value pair out from under protocol, as shown in the example above

cdot65 avatar Mar 06 '23 16:03 cdot65

notably "secondary-wan-enabled" and "bgp-peer"."same-as-primary" is also missing.

zbuchheit avatar Sep 27 '24 16:09 zbuchheit