03-13-2020 07:57 AM
I have a requirement to update the 100s of /32 address objects which do not have a CIDR. Does anyone know of a script or other means to do a bulk update of the addresses to append CIDR?
03-13-2020 09:24 AM - edited 03-13-2020 09:28 AM
Hi @LCMember37711 ,
I'm not a scripter so I'm sure there are better and faster ways for this ... but this worked for me 😄
Enter cli, change the CLI config-output-format to 'set' and goto configuration mode ... and do "show address":
> set cli config-output-format set
> configure
Entering configuration mode
[edit]
# show address
>>> This will spit out all your address objects with the set commands.
Copy/paste this entire output to a file called 'testing' for example.
Then use the following script on this file :
$ sed 's/$/\/32/' testing
This will add /32 to every end of line and will print the output to your screen.
Login into the CLI of your firewall again, change the CLI config-output-format to 'set' and paste the commands, including the /32 into the configuration mode :
> set cli config-output-format set
> configure
# <paste all your set commands here>
# commit
Not pretty and you might have to edit your output file a bit but it should do the trick 🙂
Aside from the above you might want to look into Expedition : https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migration_tool or have a look at panco: https://github.com/scottdware/panco
Hope it helps,
-Kiwi.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
