This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Bulk Apply Profiles

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Bulk Apply Profiles

wocomike
L1 Bithead

‎05-12-2014 12:07 PM

Hi All,


Is there any way to easily bulk-apply a threat prevention profile to a large list of Security Policies?  Maybe through the CLI?  We have about 600 security policies that do not have threat prevention turned on.  I'd like to do so, and have the profile created, I just don't know how to apply to all of the policies.

Thanks in advance,

-Mike

Labels:
0 Likes Likes
4 REPLIES 4

_slv_
L4 Transporter

‎05-12-2014 12:46 PM

I don't thing is possible to do (even in CLI), maybe with export to .xml...

Please consider to create security profiles (Object > Security Profiles Groupd) and connect them to Security Policies insted of profiles.

It's much easier to modify them in future.

Regards

SLawek

0 Likes Likes

jvalentine
L7 Applicator

‎05-12-2014 01:06 PM

The other option is to script it out.  Use the API to get a list of security policy rules, and then run through a 2nd script that adds the security profiles/security profile group to each of the policies.  You might get some additional ideas & help in the DevCenter. 

HULK
L7 Applicator
In response to jvalentine

‎05-12-2014 01:23 PM

A workaround through CLI:

admin@DADA> set cli config-output-format set

admin@DADA> configure

Entering configuration mode

[edit]

admin@DADA# show

admin@DADA# edit rulebase security

[edit rulebase security]

admin@DADA#

For example: you want to change/add the Antivirus profile into the security rules ( whether url-filtering is already added)

[edit rulebase security]

admin@DADA# show | match url-filtering

set rulebase security rules LAN-ISP profile-setting profiles url-filtering default

set rulebase security rules test-1 profile-setting profiles url-filtering default

[edit rulebase security]

Copy the output in a notepad and replace the url-filtering profile with the configured antivirus profile and paste it into the CLI.

set rulebase security rules LAN-ISP profile-setting profiles virus XYZ

set rulebase security rules test-1 profile-setting profiles virus XYZ

Thanks

ssharma
L5 Sessionator

‎05-13-2014 07:15 AM

Hi Wocomike,

Other option would be configure security group and have all anti-virus, vulnerability, spyware and url filtering. Export all config in a note pad as suggested by HULK and replace the url filtering profile with the security group. So that you have existing url- filtering profile as well as new threat profiles as well. HTH.

0 Likes Likes
  • 2939 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks