We have 3 PA-3020 firewalls, one at each of our main branches. For the first month I blocked a few high risk applications then allowed service ports 80 and 443. After collecting log data for about a month, I combined all 3 location's logs to one spreadsheet and deleted everything except the Application column as well as sorted to remove duplicate applications.
This left me with every application our employees used or attempted to use over the past month. I went down the list and removed the applications I didn't want to allow, but this still left me with 140 applications. I manually added them one-by-one to the first firewall's "Whitelisted Applications" security policy. This was a long and boring process. Now I need the same applications added to our other 2 firewalls, is there a way I can add all of the applications below to an Application Group, or Security Policy without having to manually add them one at a time? I've searched all over the CLI doc for something to use, but came up with nothing. It really seems like I should be able to copy and paste this list into the web gui, but that doesn't seem possible. Any help would be greatly appreciated.
Solved! Go to Solution.
An application group would be the best way to accomplish this. You can create the application group from the CLI with the "set application-group <name> [ app1 app2 .. ]" command.
admin@pan# set application-group Test [ facebook gmail web-browsing ssl ]
admin@pan# show application-group Test
set application-group Test [ facebook gmail web-browsing ssl ]
Each application should be listed with a space as a delimiter.
Once created here the application group will be visible on the web UI and can be used in a security policy for the application criteria.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!