diff --git a/CHANGELOG.md b/CHANGELOG.md
index 98a8bd783..dd0bb4f18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - routeros: support store mode `on_significant` (@infabo)
 - model for Grandstream HT8xx (@mklopocki)
 - Add --support option to gather system diagnostics (@robertcheramy)
+- Added 3 new models for Palo Alto PanOS firewalls and Panorama firewall-management servers
 
 ### Changed
 - input/ssh: validate that cmd is a String. See #3700 (@robertcheramy)
diff --git a/docs/Supported-OS-Types.md b/docs/Supported-OS-Types.md
index 3022e222a..0041c614b 100644
--- a/docs/Supported-OS-Types.md
+++ b/docs/Supported-OS-Types.md
@@ -153,6 +153,9 @@
 |OPNsense            |                              |[opnsense](/lib/oxidized/model/opnsense.rb)
 |Palo Alto           |PanOS API                     |[panos_api](/lib/oxidized/model/panos_api.rb)    |                 |[PanOS_API](Model-Notes/PanOS_API.md)
 |                    |PanOS                         |[panos](/lib/oxidized/model/panos.rb)
+|                    |PanOS CLI XML                 |[panosxml](/lib/oxidized/model/panosxml.rb)      |@athompson-merlin |XML without needing API access
+|                    |Panorama XML                  |[panoramaxml](/lib/oxidized/model/panoramaxml.rb)      |@athompson-merlin |XML from Panorama CLI
+|                    |Panorama "set"                |[panoramaset](/lib/oxidized/model/panoramaset.rb)      |@athompson-merlin |"set" format from Panorama
 |[Perle](https://www.perle.com)|IOLAN Console Servers|[perle](/lib/oxidized/model/perle.rb)           |@robertcheramy
 |PLANET SG/SGS Switches|                            |[planet](/lib/oxidized/model/planet.rb)
 |pfSense             |                              |[pfsense](/lib/oxidized/model/pfsense.rb)
diff --git a/lib/oxidized/model/panoramaset.rb b/lib/oxidized/model/panoramaset.rb
new file mode 100644
index 000000000..4e94408c8
--- /dev/null
+++ b/lib/oxidized/model/panoramaset.rb
@@ -0,0 +1,18 @@
+class PanoramaSet < Oxidized::Model
+
+  comment '! '
+
+  prompt /^[\w.@:()-]+[#>]\s?$/
+
+  cmd 'show' do |cfg|
+    cfg
+  end
+
+  cfg :ssh do
+    post_login 'set cli pager off'
+    post_login 'set cli config-output-format set'
+    post_login 'configure'
+    pre_logout 'exit'
+    pre_logout 'quit'
+  end
+end
diff --git a/lib/oxidized/model/panoramaxml.rb b/lib/oxidized/model/panoramaxml.rb
new file mode 100644
index 000000000..dd7dc352a
--- /dev/null
+++ b/lib/oxidized/model/panoramaxml.rb
@@ -0,0 +1,18 @@
+class PanoramaXML < Oxidized::Model
+
+  comment '! '
+
+  prompt /^[\w.@:()-]+[#>]\s?$/
+
+  cmd 'show' do |cfg|
+    cfg
+  end
+
+  cfg :ssh do
+    post_login 'set cli pager off'
+    post_login 'set cli config-output-format xml'
+    post_login 'configure'
+    pre_logout 'exit'
+    pre_logout 'quit'
+  end
+end
diff --git a/lib/oxidized/model/panosxml.rb b/lib/oxidized/model/panosxml.rb
new file mode 100644
index 000000000..c6f26462c
--- /dev/null
+++ b/lib/oxidized/model/panosxml.rb
@@ -0,0 +1,22 @@
+require 'nokogiri'
+
+class PanOSXML < Oxidized::Model
+
+  comment '! '
+
+  prompt /^[\w.@:()-]+[#>]\s?$/
+
+  cmd 'show config running' do |cfg|
+    "<?xml version=\"1.0\"?>\n" +
+    Nokogiri::XML(
+        cfg.split("\n")[2..-2].join("\n")
+    ).at('/response/result/config').to_xml(indent: 2)
+  end
+
+  cfg :ssh do
+    post_login 'set cli pager off'
+    post_login 'set cli op-command-xml-output on'
+    post_login 'set cli config-output-format xml'
+    pre_logout 'quit'
+  end
+end