Showing results for 
Search instead for 
Did you mean: 

paloalto_panos-cli NED: virtual-router interface modeling

Level 1
Level 1


I have a small issue with the current NED for paloalto PAN-OS. It seems it has been written for older versions, I am using PAN-OS 8.0 and there are couple of inconsistencies between the NED and the device, but so far I was able to add and fix everything that I need. The problem I don't know how to solve is regarding the interfaces that are assigned in virtual-router. This is the part in the model that covers VR interfaces:

leaf-list interface {

   // tailf:cli-remove-before-change; not needed really


   tailf:non-strict-leafref {

path "/network/interface/ethernet/name";


   type string {

tailf:info "<value>;;member value";



The problem with the current design is that it works if the transaction holds only one item for these interfaces, but if I in the same transaction specify more interfaces, the command which is sent to device is wrong:

"set network virtual-router default interface ethernet1/3 ethernet1/4" -> if multiple interfaces they need to be inside square brackets or specified one at a time. Using leaf-list without cli-flat-list-syntax will put them in the square brackets but then it won't work for the delete case, because there you have to specify them one by one.

Then I've changed this leaf-list to a list. And it works from the service functionality point of view. Interfaces are added and deleted one by one no matter how many of them inside a transaction and that's ok. But the NED doesn't parse them corectly when doing show command, meaning that if I put interface manually on palo alto, I can't do a sync from to retrieve it.

This is the part of the show command on Pan-OS for VR-interfaces: interface [ ethernet1/1 ethernet1/2 ethernet1/4];

I would like to solve this with yang and cli-extensions but so far I had no luck, it seems that java will have to do it's part here. Any suggestions on how to solve this elegantly?



1 Reply 1

Cisco Employee
Cisco Employee

Hi Simon

Since this is part of the Palo Alto NED, the BEST solution (and recommended one) is to Open a TAC Case, cite NSO version, NED name and Version, provide your details on the errors, and let Cisco fix the NED.

NEDs are an important in integral part of NSO - if they are not enhanced correctly, and for the benefit of everyone, it is of little benefit to the community.  The TAC process is generally very quick to result in a fix.

Best regards,