- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-08-2020 04:13 AM
Hi everyone,
I was just able to batch add address objects via the cli on Panorama and now I want to add those addresses to an address group that I created. I tried using the command that Palo gives us for firewalls (shown below), but it does not work. I tried modifying the command by adding the location/device group, but that does not work either. Does anyone know if there is a command to do this in Panorama?
# set address-group testgroup static test1
01-08-2020 12:39 PM - edited 01-08-2020 12:54 PM
This worked for me in Panorama:
set device-group <DG name> address 10.1.1.0 ip-netmask 10.1.1.0/24
set device-group <DG name> address 10.1.1.0 description "10.1.1.0-VLAN10"
set device-group <DG name> address-group <AG name> static 10.1.1.0
Hope that helps.
01-08-2020 12:39 PM - edited 01-08-2020 12:54 PM
This worked for me in Panorama:
set device-group <DG name> address 10.1.1.0 ip-netmask 10.1.1.0/24
set device-group <DG name> address 10.1.1.0 description "10.1.1.0-VLAN10"
set device-group <DG name> address-group <AG name> static 10.1.1.0
Hope that helps.
01-08-2020 01:02 PM
Yes, this did work and it saved me a ton of time. Thank you for the help!
01-21-2020 07:55 AM
Can you share the syntax you used to do this? Thanks
01-21-2020 09:47 AM
@drewdown , I'm not sure I understand what you mean. The syntax I used is the one listed above and it's for Panorama. For firewalls it will be slightly different, i.e. no device-groups etc.
01-21-2020 02:40 PM - edited 01-21-2020 02:41 PM
I know this topic is on CLI, not API, but since it's in the API discussion board, here's a convenient way to bulk add Address Object and Groups via API for anyone who happens upon this thread in the future:
https://pandevice.readthedocs.io/en/latest/howto.html#optimize-with-bulk-operations
This example uses python.
12-03-2021 02:22 AM
Many thanks for this solution..
Just one quick question - any idea how to create these objects straight into the "Shared" device-group - the command doesn't list it as one of available device-groups to choose from?
12-13-2021 05:08 AM
The command to show the shared address-group, "My_Address_Group" in version 9.1 is;
show shared address-group My_Address_Group
Unfortunately the list only includes the address-object names. I'm curious to know if there's a way to show the address-group and the IP address for each address-object.
12-13-2021 05:18 AM - edited 12-13-2021 05:24 AM
If you're trying to do this in CLI, it looks like this is your command;
Panorama# set shared address-group My_Address_Group static [ Member_1 Member_2 ]
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!