04-12-2018 05:08 AM
Is there any quick way to configure multiple policy objects on Panorama? especially looking to configure hundreds of fqdn objects to push them to firewalls managed through panorama so using GUI is quite a lot of work.
e.g. for standalone PA, it is quick using CLI commands
04-12-2018 06:52 AM
You could build up a cli-script or you can use the xml-api
04-13-2018 12:08 AM - edited 04-13-2018 12:10 AM
https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>
04-12-2018 06:52 AM
You could build up a cli-script or you can use the xml-api
04-12-2018 10:10 PM
Thanks for your reply. It looks to be a good solution for Shared objects.
Is there any similar method to create it for a specific Device Group?
04-12-2018 11:37 PM
Unfortunately I currently got no panorama at hand, but you can have a look for the api-calls at https://<panorama-ip/api
Maybe there is a "device group" branch on the same level as the "shared" branch.
04-13-2018 12:08 AM - edited 04-13-2018 12:10 AM
https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>
04-13-2018 04:31 AM - edited 04-13-2018 04:31 AM
As Chacko42 & vsys_remo pointed out using XML_API can be an excellent way to do this.
If you're unfamiliar with how XML API works then check out the following XML API use case examples explained on the Live Community Blog (these might not match your exact use case but can definitely help you getting started with XML API) :
Export-the-security-rulebase-using-XML-API
XML-API-Use-Case-to-Add-amp-Delete-TS-Agents
Cheers !
-Kiwi.
04-15-2018 10:03 PM
I have drilled it down through Panorama API browser to find out Devicegroup related Xpath at: /config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}]
It successfully worked using below API call (replace relevant values for variables within brackets {}):
https://{panorama-ip}/api/?key={API-Key}&type=config&action=set&xpath=/config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}']/address/entry[@name='{address-object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
