How to create multiple policy objects using Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to create multiple policy objects using Panorama

L1 Bithead

 

Is there any quick way to configure multiple policy objects on Panorama? especially looking to configure hundreds of fqdn objects to push them to firewalls managed through panorama so using GUI is quite a lot of work.

 

e.g. for standalone PA, it is quick using CLI commands

2 accepted solutions

Accepted Solutions

L4 Transporter

https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

View solution in original post

7 REPLIES 7

L4 Transporter

You could build up a cli-script or you can use the xml-api

https://live.paloaltonetworks.com/t5/Management-Articles/Add-a-Shared-Address-Object-Using-XML-API-t...

Best Regards
Chacko

Thanks for your reply. It looks to be a good solution for Shared objects.

Is there any similar method to create it for a specific Device Group?

Unfortunately I currently got no panorama at hand, but you can have a look for the api-calls at https://<panorama-ip/api

 

Maybe there is a "device group" branch on the same level as the "shared" branch.

Best Regards
Chacko

https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

Community Team Member

@SunilGajjar,

 

As Chacko42 & vsys_remo pointed out using XML_API can be an excellent way to do this.

 

If you're unfamiliar with how XML API works then check out the following XML API use case examples explained on the Live Community Blog (these might not match your exact use case but can definitely help you getting started with XML API) :

 

Export-the-security-rulebase-using-XML-API

XML-API-Use-Case-to-Add-amp-Delete-TS-Agents

The-Power-of-XML-API

 

 

Cheers !

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

@kiwi@Remo@Chacko42

 

Thanks for your replies.

@Chacko42

 

I have drilled it down through Panorama API browser to find out Devicegroup related Xpath at: /config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}]

 

It successfully worked using below API call (replace relevant values for variables within brackets {}):

https://{panorama-ip}/api/?key={API-Key}&type=config&action=set&xpath=/config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}']/address/entry[@name='{address-object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

  • 2 accepted solutions
  • 6235 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!