Batch add address objects to address group in Panorama?

cancel
Showing results for 
Search instead for 
Did you mean: 

Batch add address objects to address group in Panorama?

L1 Bithead

Hi everyone,

 

I was just able to batch add address objects via the cli on Panorama and now I want to add those addresses to an address group that I created. I tried using the command that Palo gives us for firewalls (shown below), but it does not work. I tried modifying the command by adding the location/device group, but that does not work either. Does anyone know if there is a command to do this in Panorama?

 

  1. Assign the address object to an address group:
    # set address-group testgroup static test1
1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

This worked for me in Panorama:

 

set device-group <DG name> address 10.1.1.0 ip-netmask 10.1.1.0/24

set device-group <DG name> address 10.1.1.0 description "10.1.1.0-VLAN10"

set device-group <DG name> address-group <AG name> static 10.1.1.0

 

Hope that helps.

View solution in original post

9 REPLIES 9

L1 Bithead

This worked for me in Panorama:

 

set device-group <DG name> address 10.1.1.0 ip-netmask 10.1.1.0/24

set device-group <DG name> address 10.1.1.0 description "10.1.1.0-VLAN10"

set device-group <DG name> address-group <AG name> static 10.1.1.0

 

Hope that helps.

Yes, this did work and it saved me a ton of time. Thank you for the help!

Can you share the syntax you used to do this?  Thanks 

@drewdown , I'm not sure I understand what you mean. The syntax I used is the one listed above and it's for Panorama. For firewalls it will be slightly different, i.e. no device-groups etc.

I know this topic is on CLI, not API, but since it's in the API discussion board, here's a convenient way to bulk add Address Object and Groups via API for anyone who happens upon this thread in the future:

 

https://pandevice.readthedocs.io/en/latest/howto.html#optimize-with-bulk-operations

 

This example uses python.

how we could validate any address or address group through cli?

Many thanks for this solution..

Just one quick question - any idea how to create these objects straight into the "Shared" device-group - the command doesn't list it as one of available device-groups to choose from?

The command to show the shared address-group, "My_Address_Group" in version 9.1 is;

show shared address-group My_Address_Group

 

Unfortunately the list only includes the address-object names. I'm curious to know if there's a way to show the address-group and the IP address for each address-object.

Regards,
Travis

If you're trying to do this in CLI, it looks like this is your command;

 

Panorama# set shared address-group My_Address_Group static [ Member_1 Member_2 ]

Regards,
Travis
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!