01-06-2012 12:04 PM
We need to create a large number host objects (i.e. IP address objects). Tech support only pointed us to a KP article "Using the XML API" which is Greek to me. Does anyone have any suggestions/solutions? I would think that someone would have needed to do this before me and found a way. Thanks.
01-06-2012 11:42 PM
the XML API is a great feature so im sure youre right and there'll be tons of people with scripts laying around that may help you out (i may even be one of them lol) - have you got a little more detail about what format the input is (as im guessing if you were trying to migrate from another vendor such as netscreen/cisco/checkpoint support would have passed you on to the migration tool) - so are you looking at reading in from a csv/newline seperated file/xml doc/db table or something?
Have you also tried the simple approach of mangling the text with find/replace in a text editor to get it into the appropriate format (using the cli admin guide as your reference (e.g set address "address-name" ip-netmask (or ip-range/fqdn and with optional descritpion field) ip/mask (or fqdn))) and then cutting/pasting into the device via the command line?
cheers
damian
01-09-2012 06:53 AM
We did not use the migration tool as we wanted to build from scratch (to avoid importing 15 years worth of "old" objects and rules). So, we want to be able to create hundreds of new address objects. If there was a way of using XML API to make it easier that would be great. As for doing something via the CLI, I have a vague idea as to what you are saying. One thing that comes to mind though is the CLI command "set address" does not seem have the options for a description or more importantly the option to specify an object as "shared". If these options are possible to be included in the command, is it possible to script from a text file? Thanks
01-09-2012 11:37 AM
I know the joys of 'old' objects - thats essentially why i had to write some scripts to clean up my netscreen configs - however as we ran out of time for our migration and needed to get something into production quickly, im about to write some more stuff to clean up my palo ;O)
As an example to clarify the manual approach of mangling an input file with a text editor to get the right format, have a quick look at the palo document below on importing firewall configurations into panorama - the first few steps give the general idea...this kind of approach has saved my arse many times for many different firewall types over the years ;O)
https://live.paloaltonetworks.com/docs/DOC-1742
in either case (CLI or API), youll likely need some form of text based input that you can manipulate - are you able to generate such a file and if so, do you want to post a line or two as an example so people can determine if they have anything that will help you parse it?
cheers
damian
01-10-2012 02:22 AM
e.g. you can use excel to generate lines. For example from this field,
="set device-group ""DEVICE_GROUP"" address name-"&C52&"-field description """&B52&""" ip-range "&M52&"-"&N52
you can get this line of text:
set device-group "DEVICE_GROUP address name-SOME-field description "some text" ip-range 192.168.1.1-192.168.1.23
You can drag the field down to replate across different source lines.
Of course, your sysadmin friends may be perl, awk, sed, *sh, ed, vi, vim etc. 🙂
01-30-2012 07:27 AM
Thanks RNC. This was exactly what I was looking for. I had seen the "set" commands in the CLI guide but there was not much for explanation/detail/examples. After some more trial and error and speaking with a great new engineer with PAN support I was able to achieve what I wanted. Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
