To programmatically create or configure SD-WAN interfaces, the application must use the Palo Alto Networks REST API. The specific API endpoint for this task targets the firewall device directly. The object type used to manage these configurations is SDWANInterfaces. An API call, such as a POST request to the /restapi/v11.0/Objects/SDWANInterfaces endpoint on the firewall, allows the application to define the properties for an interface to be part of the SD-WAN fabric. This aligns with the requirement for the application to make changes directly to the devices.

A. The sdwanInterfaceprofiles object is used to configure SD-WAN Interface Profiles on Panorama, which are templates for settings, not the actual interface configuration on a specific firewall.

C. The XML API XPath sdwanprofiles/interfaces is not a valid configuration path. SD-WAN configuration is managed under a different node in the XML structure on Panorama or the firewall.

D. The XML API XPath InterfaceProfiles/sdwan is an invalid path. Interface Profiles and SD-WAN settings are configured under separate, distinct hierarchies within the PAN-OS XML configuration tree.

---

1. Palo Alto Networks PAN-OS 11.0 REST API Reference Guide:

Reference: The guide details the API structure for configuration objects. The SDWANInterfaces object is specifically for configuring SD-WAN interfaces on a firewall.

Location: In the API reference

navigate to Configuration APIs > Objects > SDWANInterfaces. The documentation shows the endpoint is .../Objects/SDWANInterfaces and it is configured on a firewall

identified by its vsys. This directly supports option B.

Source: Palo Alto Networks. (2023). PAN-OS 11.0 REST API Reference. Retrieved from the Palo Alto Networks Technical Documentation portal.

2. Palo Alto Networks PAN-OS 11.0 XML API Reference Guide:

Reference: This guide provides the complete XML configuration tree (schema) for PAN-OS devices. Reviewing the schema confirms that the XPaths mentioned in options C and D are invalid.

Location: The correct XPath to configure SD-WAN settings on an existing Ethernet interface is /config/devices/entry[@name='localhost.localdomain']/network/interface/ethernet/entry[@name='']/sdwan-link-settings. This demonstrates the incorrectness of the paths in options C and D.

Source: Palo Alto Networks. (2023). PAN-OS 11.0 XML API Reference Guide. Retrieved from the Palo Alto Networks Technical Documentation portal.