Bulk creation of host objects

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Bulk creation of host objects

L0 Member

We need to create a large number host objects (i.e. IP address objects).  Tech support only pointed us to a KP article "Using the XML API" which is Greek to me.  Does anyone have any suggestions/solutions?  I would think that someone would have needed to do this before me and found a way.  Thanks.

5 REPLIES 5

L1 Bithead

the XML API is a great feature so im sure youre right and there'll be tons of people with scripts laying around that may help you out (i may even be one of them lol) - have you got a little more detail about what format the input is (as im guessing if you were trying to migrate from another vendor such as netscreen/cisco/checkpoint support would have passed you on to the migration tool) - so are you looking at reading in from a csv/newline seperated file/xml doc/db table or something?

Have you also tried the simple approach of mangling the text with find/replace in a text editor to get it into the appropriate format (using the cli admin guide as your reference (e.g set address "address-name" ip-netmask (or ip-range/fqdn and with optional descritpion field) ip/mask (or fqdn))) and then cutting/pasting into the device via the command line?

cheers

damian

We did not use the migration tool as we wanted to build from scratch (to avoid importing 15 years worth of "old" objects and rules).  So, we want to be able to create hundreds of new address objects.  If there was a way of using XML API to make it easier that would be great.  As for doing something via the CLI, I have a vague idea as to what you are saying.  One thing that comes to mind though is the CLI command "set address" does not seem have the options for a description or more importantly the option to specify an object as "shared".  If these options are possible to be included in the command, is it possible to script from a text file?  Thanks

I  know the joys of 'old' objects - thats essentially why i had to write  some scripts to clean up my netscreen configs - however as we ran out of  time for our migration and needed to get something into production  quickly, im about to write some more stuff to clean up my palo ;O)

As  an example to clarify the manual approach of mangling an input file  with a text editor to get the right format, have a quick look at the  palo document below on importing firewall configurations into panorama -  the first few steps give the general idea...this kind of approach has  saved my arse many times for many different firewall types over the  years ;O)
https://live.paloaltonetworks.com/docs/DOC-1742

in  either case (CLI or API), youll likely need some form of text based  input that you can manipulate - are you able to generate such a file and  if so, do you want to post a line or two as an example so people can  determine if they have anything that will help you parse it?

cheers
damian

e.g. you can use excel to generate lines. For example from this field,

="set device-group ""DEVICE_GROUP"" address name-"&C52&"-field description """&B52&""" ip-range "&M52&"-"&N52

you can get this line of text:

set device-group "DEVICE_GROUP address name-SOME-field description "some text" ip-range 192.168.1.1-192.168.1.23

You can drag the field down to replate across different source lines.

Of course, your sysadmin friends may be perl, awk, sed, *sh, ed, vi, vim etc. 🙂

Thanks RNC.  This was exactly what I was looking for.  I had seen the "set" commands in the CLI guide but there was not much for explanation/detail/examples.  After some more trial and error and speaking with a great new engineer with PAN support I was able to achieve what I wanted.  Thanks again.

  • 3838 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!