Palo Alto Networks Device Framework

The Device Framework is a mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The Device Framework is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.

Latest version released on PyPi Build status from Travis Documentation Status Chat on Gitter


  • Object model of Firewall and Panorama configuration
  • Multiple connection methods including Panorama as a proxy
  • All operations natively vsys-aware
  • Support for high availability pairs and retry/recovery during node failure
  • Batch User-ID operations
  • Device API exception classification


Palo Alto Networks Device Framework is considered alpha. It is fully tested and used in many production environments, but it maintains alpha status because the API interface could change at any time without notification. Please be prepared to modify your scripts to work with each subsequent version of this package because backward compatibility is not guaranteed.


Install using pip:

pip install pandevice

Upgrade to the latest version:

pip install --upgrade pandevice

If you have poetry installed, you can also add pandevice to your project:

poetry add pandevice

How to import

To use Palo Alto Networks Device Framework in a project:

import pandevice

You can also be more specific about which modules you want to import:

from pandevice import firewall
from pandevice import network

A few examples

For configuration tasks, create a tree structure using the classes in each module. Nodes hierarchy must follow the model in the Configuration Tree.

The following examples assume the modules were imported as such:

from pandevice import firewall
from pandevice import network

Create an interface and commit:

fw = firewall.Firewall("", api_username="admin", api_password="admin")
eth1 = network.EthernetInterface("ethernet1/1", mode="layer3")

Operational commands leverage the ‘op’ method of the device:

fw = firewall.Firewall("", api_username="admin", api_password="admin")
print fw.op("show system info")

Some operational commands have methods to refresh the variables in an object:

# populates the version, serial, and model variables from the live device

See more examples in the Usage Guide.


Thank you to Kevin Steves, creator of the pan-python library: