openapi: 3.1.0 info: title: Palo Alto Networks SASE Configuration Orchestration API description: >- SASE Configuration Orchestration API for third-party SD-WAN integration. Enables SD-WAN partners and operators to programmatically manage remote network tunnel configurations, IKE gateway lifecycle, bandwidth allocations, and Prisma Access location data. Designed for integrating third-party SD-WAN solutions with Prisma Access for automated tunnel provisioning and management in branch office and remote network deployments. Requires partner integration credentials in addition to standard SASE OAuth 2.0 authentication. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com/config-orchestration/v1 description: SASE Configuration Orchestration API production server. security: - oauth2Bearer: [] tags: - name: Bandwidth description: Bandwidth allocation visibility. - name: Locations description: Prisma Access location data. - name: Onboarding description: Remote network onboarding status. - name: Remote Networks description: Remote network IPsec tunnel management. paths: /remote-networks: get: operationId: listRemoteNetworks summary: Palo Alto Networks List Remote Networks description: >- Returns the list of remote network tunnel configurations for the tenant. Remote networks represent branch offices or data centers connected to Prisma Access via IPsec tunnels. Each entry includes the tunnel configuration, IKE gateway parameters, and current connection status. tags: - Remote Networks parameters: - name: location in: query description: Filter remote networks by Prisma Access location. schema: type: string example: example-location - name: status in: query description: Filter by tunnel connection status. schema: type: string enum: - connected - disconnected - pending example: disconnected - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of remote networks to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Remote networks returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/RemoteNetwork' examples: ListRemoteNetworks200Example: summary: Default listRemoteNetworks 200 response x-microcks-default: true value: total: 189 offset: 294 limit: 636 items: - id: example-id name: Production Agent 92 description: Firewall policy blocked endpoint suspicious suspicious endpoint monitoring monitoring alert Security Security. location: example-location subnets: &id001 - 10.66.40.0/24 ike_gateway: peer_ip: example-peer_ip peer_id: '176162' local_ip: example-local_ip ike_version: IKEv2 authentication_type: certificate ipsec_tunnel: local_address: example-local_address remote_address: example-remote_address tunnel_interface: example-tunnel_interface tunnel_status: connected bandwidth_mbps: 309 created_at: '2024-10-27T07:17:45Z' updated_at: '2026-09-09T21:35:55Z' '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRemoteNetworks400Example: summary: Default listRemoteNetworks 400 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRemoteNetworks401Example: summary: Default listRemoteNetworks 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRemoteNetworks403Example: summary: Default listRemoteNetworks 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListRemoteNetworks500Example: summary: Default listRemoteNetworks 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createRemoteNetwork summary: Palo Alto Networks Create Remote Network description: >- Creates a new remote network tunnel configuration. Provisions an IPsec tunnel between the specified branch location and the nearest Prisma Access gateway. The IKE gateway configuration is automatically generated unless custom parameters are provided. tags: - Remote Networks requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RemoteNetworkRequest' examples: CreateRemoteNetworkRequestExample: summary: Default createRemoteNetwork request x-microcks-default: true value: name: Primary Agent 21 description: Alert activity rule blocked firewall incident activity rule. location: example-location subnets: &id002 - 10.239.225.0/24 ike_gateway: peer_ip: example-peer_ip peer_id: '846951' ike_version: IKEv2 authentication_type: pre-shared-key pre_shared_key: example-pre_shared_key bandwidth_mbps: 945 responses: '201': description: Remote network created successfully. content: application/json: schema: $ref: '#/components/schemas/RemoteNetwork' examples: CreateRemoteNetwork201Example: summary: Default createRemoteNetwork 201 response x-microcks-default: true value: id: example-id name: Production Agent 92 description: Firewall policy blocked endpoint suspicious suspicious endpoint monitoring monitoring alert Security Security. location: example-location subnets: *id001 ike_gateway: peer_ip: example-peer_ip peer_id: '176162' local_ip: example-local_ip ike_version: IKEv2 authentication_type: certificate ipsec_tunnel: local_address: example-local_address remote_address: example-remote_address tunnel_interface: example-tunnel_interface tunnel_status: connected bandwidth_mbps: 309 created_at: '2024-10-27T07:17:45Z' updated_at: '2026-09-09T21:35:55Z' '400': description: Invalid request body or configuration. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateRemoteNetwork400Example: summary: Default createRemoteNetwork 400 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateRemoteNetwork401Example: summary: Default createRemoteNetwork 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateRemoteNetwork403Example: summary: Default createRemoteNetwork 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '409': description: A remote network with this name already exists. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateRemoteNetwork409Example: summary: Default createRemoteNetwork 409 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateRemoteNetwork500Example: summary: Default createRemoteNetwork 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK /remote-networks/{id}: get: operationId: getRemoteNetwork summary: Palo Alto Networks Get Remote Network description: Returns full details for a specific remote network tunnel configuration. tags: - Remote Networks parameters: - name: id in: path required: true description: Unique identifier of the remote network. schema: type: string example: example-id responses: '200': description: Remote network details returned. content: application/json: schema: $ref: '#/components/schemas/RemoteNetwork' examples: GetRemoteNetwork200Example: summary: Default getRemoteNetwork 200 response x-microcks-default: true value: id: example-id name: Production Agent 92 description: Firewall policy blocked endpoint suspicious suspicious endpoint monitoring monitoring alert Security Security. location: example-location subnets: *id001 ike_gateway: peer_ip: example-peer_ip peer_id: '176162' local_ip: example-local_ip ike_version: IKEv2 authentication_type: certificate ipsec_tunnel: local_address: example-local_address remote_address: example-remote_address tunnel_interface: example-tunnel_interface tunnel_status: connected bandwidth_mbps: 309 created_at: '2024-10-27T07:17:45Z' updated_at: '2026-09-09T21:35:55Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetRemoteNetwork401Example: summary: Default getRemoteNetwork 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetRemoteNetwork403Example: summary: Default getRemoteNetwork 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '404': description: Remote network not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetRemoteNetwork404Example: summary: Default getRemoteNetwork 404 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetRemoteNetwork500Example: summary: Default getRemoteNetwork 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateRemoteNetwork summary: Palo Alto Networks Update Remote Network description: Updates an existing remote network tunnel configuration. tags: - Remote Networks parameters: - name: id in: path required: true description: Unique identifier of the remote network to update. schema: type: string example: example-id requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RemoteNetworkRequest' examples: UpdateRemoteNetworkRequestExample: summary: Default updateRemoteNetwork request x-microcks-default: true value: name: Primary Agent 21 description: Alert activity rule blocked firewall incident activity rule. location: example-location subnets: *id002 ike_gateway: peer_ip: example-peer_ip peer_id: '846951' ike_version: IKEv2 authentication_type: pre-shared-key pre_shared_key: example-pre_shared_key bandwidth_mbps: 945 responses: '200': description: Remote network updated successfully. content: application/json: schema: $ref: '#/components/schemas/RemoteNetwork' examples: UpdateRemoteNetwork200Example: summary: Default updateRemoteNetwork 200 response x-microcks-default: true value: id: example-id name: Production Agent 92 description: Firewall policy blocked endpoint suspicious suspicious endpoint monitoring monitoring alert Security Security. location: example-location subnets: *id001 ike_gateway: peer_ip: example-peer_ip peer_id: '176162' local_ip: example-local_ip ike_version: IKEv2 authentication_type: certificate ipsec_tunnel: local_address: example-local_address remote_address: example-remote_address tunnel_interface: example-tunnel_interface tunnel_status: connected bandwidth_mbps: 309 created_at: '2024-10-27T07:17:45Z' updated_at: '2026-09-09T21:35:55Z' '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateRemoteNetwork400Example: summary: Default updateRemoteNetwork 400 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateRemoteNetwork401Example: summary: Default updateRemoteNetwork 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateRemoteNetwork403Example: summary: Default updateRemoteNetwork 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '404': description: Remote network not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateRemoteNetwork404Example: summary: Default updateRemoteNetwork 404 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdateRemoteNetwork500Example: summary: Default updateRemoteNetwork 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteRemoteNetwork summary: Palo Alto Networks Delete Remote Network description: >- Deletes a remote network tunnel configuration and tears down the associated IPsec tunnel. tags: - Remote Networks parameters: - name: id in: path required: true description: Unique identifier of the remote network to delete. schema: type: string example: example-id responses: '204': description: Remote network deleted successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteRemoteNetwork401Example: summary: Default deleteRemoteNetwork 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteRemoteNetwork403Example: summary: Default deleteRemoteNetwork 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '404': description: Remote network not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteRemoteNetwork404Example: summary: Default deleteRemoteNetwork 404 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: DeleteRemoteNetwork500Example: summary: Default deleteRemoteNetwork 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK /remote-networks/{id}/refresh-ike-gateway: post: operationId: refreshIKEGateway summary: Palo Alto Networks Refresh IKE Gateway description: >- Initiates an IKE gateway refresh for a remote network tunnel. Use this endpoint to re-establish an IPsec tunnel that has failed or to apply updated IKE parameters after a configuration change. tags: - Remote Networks parameters: - name: id in: path required: true description: Unique identifier of the remote network. schema: type: string example: example-id responses: '200': description: IKE gateway refresh initiated successfully. content: application/json: schema: type: object properties: id: type: string description: Remote network identifier. status: type: string enum: - refreshing description: Current refresh status. initiated_at: type: string format: date-time examples: RefreshIkegateway200Example: summary: Default refreshIKEGateway 200 response x-microcks-default: true value: id: example-id status: refreshing initiated_at: '2024-06-11T09:35:45Z' '400': description: Invalid request. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RefreshIkegateway400Example: summary: Default refreshIKEGateway 400 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RefreshIkegateway401Example: summary: Default refreshIKEGateway 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RefreshIkegateway403Example: summary: Default refreshIKEGateway 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '404': description: Remote network not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RefreshIkegateway404Example: summary: Default refreshIKEGateway 404 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RefreshIkegateway500Example: summary: Default refreshIKEGateway 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK /bandwidth-allocations: get: operationId: getBandwidthAllocations summary: Palo Alto Networks Get Available Bandwidth Allocations description: >- Returns the available bandwidth allocations per Prisma Access location. Use this data to determine remaining capacity before creating remote network tunnels or to monitor utilization against licensed bandwidth. tags: - Bandwidth parameters: - name: location in: query description: Filter by specific Prisma Access location name. schema: type: string example: example-location responses: '200': description: Bandwidth allocations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/BandwidthAllocation' examples: GetBandwidthAllocations200Example: summary: Default getBandwidthAllocations 200 response x-microcks-default: true value: total: 75 items: - location: example-location region: us-east-1 licensed_bandwidth_mbps: 771 allocated_bandwidth_mbps: 191 available_bandwidth_mbps: 791 - location: example-location region: us-east-1 licensed_bandwidth_mbps: 771 allocated_bandwidth_mbps: 191 available_bandwidth_mbps: 791 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetBandwidthAllocations401Example: summary: Default getBandwidthAllocations 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetBandwidthAllocations403Example: summary: Default getBandwidthAllocations 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetBandwidthAllocations500Example: summary: Default getBandwidthAllocations 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK /locations: get: operationId: listPrismaAccessLocations summary: Palo Alto Networks List Prisma Access Locations description: >- Returns the list of available Prisma Access gateway locations. Location data includes the geographic region, country, city, and available services at each location. tags: - Locations responses: '200': description: Prisma Access locations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/PrismaAccessLocation' examples: ListPrismaAccessLocations200Example: summary: Default listPrismaAccessLocations 200 response x-microcks-default: true value: total: 546 items: - name: Production Agent 47 display_name: Carlos Garcia region: eu-west-1 country: US city: example-city status: available - name: Production Agent 47 display_name: Carlos Garcia region: eu-west-1 country: US city: example-city status: available '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPrismaAccessLocations401Example: summary: Default listPrismaAccessLocations 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPrismaAccessLocations403Example: summary: Default listPrismaAccessLocations 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPrismaAccessLocations500Example: summary: Default listPrismaAccessLocations 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK /onboarding-status/{id}: get: operationId: getOnboardingStatus summary: Palo Alto Networks Get Remote Network Onboarding Status description: >- Returns the onboarding status for a remote network including provisioning progress, configuration push status, and tunnel establishment state. Use this endpoint to monitor the lifecycle of a newly created remote network. tags: - Onboarding parameters: - name: id in: path required: true description: Unique identifier of the remote network. schema: type: string example: example-id responses: '200': description: Onboarding status returned. content: application/json: schema: $ref: '#/components/schemas/OnboardingStatus' examples: GetOnboardingStatus200Example: summary: Default getOnboardingStatus 200 response x-microcks-default: true value: id: example-id status: failed steps: &id003 - step: example-step status: completed message: Network traffic suspicious violation malware alert. completed_at: '2026-10-13T10:26:35Z' error_message: example-error_message started_at: '2024-02-24T21:09:42Z' completed_at: '2024-04-28T11:33:26Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetOnboardingStatus401Example: summary: Default getOnboardingStatus 401 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetOnboardingStatus403Example: summary: Default getOnboardingStatus 403 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '404': description: Remote network not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetOnboardingStatus404Example: summary: Default getOnboardingStatus 404 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetOnboardingStatus500Example: summary: Default getOnboardingStatus 500 response x-microcks-default: true value: error: example-error message: Configured activity investigation policy detected violation blocked. request_id: 3ab20120-828b-4af3-9110-53521ee47614 x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2Bearer: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 Bearer token for SASE platform authentication with partner integration credentials. Obtain using the client_credentials grant with your SASE service account client ID and client secret. schemas: RemoteNetwork: type: object properties: id: type: string description: Unique identifier of the remote network. example: example-id name: type: string description: Display name of the remote network. example: Production Agent 92 description: type: string description: Description of the remote network's location or purpose. example: Firewall policy blocked endpoint suspicious suspicious endpoint monitoring monitoring alert Security Security. location: type: string description: Prisma Access gateway location for this tunnel. example: example-location subnets: type: array items: type: string description: Network subnets at the remote site (CIDR notation). example: *id001 ike_gateway: $ref: '#/components/schemas/IKEGateway' ipsec_tunnel: $ref: '#/components/schemas/IPsecTunnel' tunnel_status: type: string enum: - connected - disconnected - pending - error description: Current IPsec tunnel connection status. example: connected bandwidth_mbps: type: integer description: Allocated bandwidth in Mbps for this remote network. example: 309 created_at: type: string format: date-time example: '2024-10-27T07:17:45Z' updated_at: type: string format: date-time example: '2026-09-09T21:35:55Z' RemoteNetworkRequest: type: object required: - name - location - subnets - ike_gateway properties: name: type: string description: Display name for the remote network. example: Primary Agent 21 description: type: string description: Optional description. example: Alert activity rule blocked firewall incident activity rule. location: type: string description: Prisma Access gateway location name. example: example-location subnets: type: array items: type: string description: Network subnets at the remote site in CIDR notation. example: *id002 ike_gateway: $ref: '#/components/schemas/IKEGatewayConfig' bandwidth_mbps: type: integer description: Requested bandwidth allocation in Mbps. example: 945 IKEGateway: type: object properties: peer_ip: type: string description: Public IP address of the remote peer gateway. example: example-peer_ip peer_id: type: string description: IKE peer identity. example: '176162' local_ip: type: string description: Prisma Access local IKE gateway IP address. example: example-local_ip ike_version: type: string enum: - IKEv1 - IKEv2 description: IKE protocol version. example: IKEv2 authentication_type: type: string enum: - pre-shared-key - certificate description: IKE authentication method. example: certificate IKEGatewayConfig: type: object required: - peer_ip properties: peer_ip: type: string description: Public IP address of the remote peer gateway. example: example-peer_ip peer_id: type: string description: IKE peer identity. Defaults to the peer IP if omitted. example: '846951' ike_version: type: string enum: - IKEv1 - IKEv2 default: IKEv2 example: IKEv2 authentication_type: type: string enum: - pre-shared-key - certificate default: pre-shared-key example: pre-shared-key pre_shared_key: type: string description: Pre-shared key for IKE authentication. writeOnly: true example: example-pre_shared_key IPsecTunnel: type: object properties: local_address: type: string description: Local tunnel IP address assigned by Prisma Access. example: example-local_address remote_address: type: string description: Remote tunnel IP address. example: example-remote_address tunnel_interface: type: string description: Tunnel interface name. example: example-tunnel_interface BandwidthAllocation: type: object properties: location: type: string description: Prisma Access location name. example: example-location region: type: string description: Geographic region. example: us-east-1 licensed_bandwidth_mbps: type: integer description: Total licensed bandwidth at this location in Mbps. example: 771 allocated_bandwidth_mbps: type: integer description: Bandwidth currently allocated to remote networks in Mbps. example: 191 available_bandwidth_mbps: type: integer description: Remaining available bandwidth in Mbps. example: 791 PrismaAccessLocation: type: object properties: name: type: string description: Location identifier used in API requests. example: Production Agent 47 display_name: type: string description: Human-readable location name. example: Carlos Garcia region: type: string description: Geographic region (e.g., americas, europe, asia-pacific). example: eu-west-1 country: type: string description: Country code (ISO 3166-1 alpha-2). example: US city: type: string description: City name. example: example-city status: type: string enum: - available - limited - unavailable description: Current availability status. example: available OnboardingStatus: type: object properties: id: type: string description: Remote network identifier. example: example-id status: type: string enum: - pending - provisioning - configuring - tunnel_establishing - completed - failed description: Current onboarding phase. example: failed steps: type: array description: Individual onboarding steps and their completion state. items: type: object properties: step: type: string description: Step name. example: example-step status: type: string enum: - pending - in_progress - completed - failed example: completed message: type: string description: Status message or error detail for this step. example: Policy network network network alert alert applied. completed_at: type: string format: date-time example: '2026-08-17T21:25:30Z' example: *id003 error_message: type: string description: Error description if onboarding failed. example: example-error_message started_at: type: string format: date-time example: '2024-02-24T21:09:42Z' completed_at: type: string format: date-time example: '2024-04-28T11:33:26Z' ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Configured activity investigation policy detected violation blocked. request_id: type: string description: Request identifier for support correlation. example: 3ab20120-828b-4af3-9110-53521ee47614