Batch add applications to policy?

Reply
Highlighted
L1 Bithead

Batch add applications to policy?

We have 3 PA-3020 firewalls, one at each of our main branches. For the first month I blocked a few high risk applications then allowed service ports 80 and 443.  After collecting log data for about a month, I combined all 3 location's logs to one spreadsheet and deleted everything except the Application column as well as sorted to remove duplicate applications. 

This left me with every application our employees used or attempted to use over the past month.  I went down the list and removed the applications I didn't want to allow, but this still left me with 140 applications.  I manually added them one-by-one to the first firewall's "Whitelisted Applications" security policy.  This was a long and boring process.  Now I need the same applications added to our other 2 firewalls, is there a way I can add all of the applications below to an Application Group, or Security Policy without having to manually add them one at a time?  I've searched all over the CLI doc for something to use, but came up with nothing. It really seems like I should be able to copy and paste this list into the web gui, but that doesn't seem possible.  Any help would be greatly appreciated.

Thanks

adobe-flash-socketpolicy-server
aim-base
aim-express-base
aim-mail
akamai-client
amazon-cloud-player
amazon-instant-video
apple-appstore
apple-game-center
apple-maps
apple-push-notifications
apple-update
apt-get
barracuda-backup
blog-posting
cbs-video
comcast-webmail
constant-contact
cox-webmail
dell-update
disqus
dns
docusign
evernote
facebook-apps
facebook-base
facebook-social-plugin
facetime
firefox-update
flash
flexnet-installanywhere
flickr-base
flixster
flixwagon-base
foursquare
gmail-base
google-app-engine
google-calendar-base
google-desktop
google-docs-base
google-maps
google-picasa
google-play
google-plus-base
google-safebrowsing
google-talk-base
google-talk-gadget
google-translate-auto
google-translate-base
google-translate-manual
google-update
gotomeeting
grooveshark
hotmail
hp-update
http-audio
http-video
icloud-base
icloud-mail
iheartradio
instagram
itunes-base
itunes-mediastore
jabber
lastpass
linkedin-base
linkedin-mail
linkedin-posting
livejournal
meetup
mega
meraki-cloud-controller
mlb.tv
ms-groove
ms-lync-online
msn-base
ms-office365-base
myspace-base
myspace-im
naver-line
nbc-video
netflix-base
netsuite
new-relic
ning-base
nokia-here-maps
ntp
ocsp
ooyala
orb
outlook-web-online
paloalto-updates
paloalto-wildfire-cloud
pan-db-cloud
pandora
photobucket
ping
pinterest
quora
rdio
rss
salesforce-base
salesforce-chatter
samsung-updates
sharepoint-base
sharepoint-online
shoutcast
shutterfly
sightspeed
silverlight
skydrive-base
skype
slacker
soundcloud
spotify
square
ssl
trillian
tumblr-base
tumblr-posting
tunein
twitpic
twitter-base
vbulletin-posting
vimeo-base
vine-base
virustotal
watch-abc
weather-desktop
web-browsing
websocket
wechat-base
windows-azure
windows-push-notifications
yahoo-calendar
yahoo-im-base
yahoo-mail
yammer
youtube-base
youtube-posting
L1 Bithead

Re: Batch add applications to policy?

24 views and zero replies? 

L4 Transporter

Re: Batch add applications to policy?

An application group would be the best way to accomplish this.  You can create the application group from the CLI with the "set application-group <name> [ app1 app2 .. ]" command.

admin@pan# set application-group Test [ facebook gmail web-browsing ssl ]

[edit]

admin@pan# show application-group Test

set application-group Test [ facebook gmail web-browsing ssl ]

Each application should be listed with a space as a delimiter.

Once created here the application group will be visible on the web UI and can be used in a security policy for the application criteria.

Hope that helps.

L1 Bithead

Re: Batch add applications to policy?

Awesome, I'll give it a shot and let you know.  Thank you!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!