How to create multiple policy objects using Panorama

Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create multiple policy objects using Panorama

L1 Bithead


Is there any quick way to configure multiple policy objects on Panorama? especially looking to configure hundreds of fqdn objects to push them to firewalls managed through panorama so using GUI is quite a lot of work.


e.g. for standalone PA, it is quick using CLI commands

2 accepted solutions

Accepted Solutions

L4 Transporter

https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

View solution in original post


L4 Transporter

You could build up a cli-script or you can use the xml-api

Best Regards

Thanks for your reply. It looks to be a good solution for Shared objects.

Is there any similar method to create it for a specific Device Group?

Unfortunately I currently got no panorama at hand, but you can have a look for the api-calls at https://<panorama-ip/api


Maybe there is a "device group" branch on the same level as the "shared" branch.

Best Regards

https://{panorama-ip}/api/?key={API-key}&type=config&action=set&xpath=/config/device-group[@name='{devicegroup-name}']/address/entry[@name='{object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

Community Team Member



As Chacko42 & vsys_remo pointed out using XML_API can be an excellent way to do this.


If you're unfamiliar with how XML API works then check out the following XML API use case examples explained on the Live Community Blog (these might not match your exact use case but can definitely help you getting started with XML API) :







Cheers !


LIVEcommunity team member, CISSP
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.



Thanks for your replies.



I have drilled it down through Panorama API browser to find out Devicegroup related Xpath at: /config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}]


It successfully worked using below API call (replace relevant values for variables within brackets {}):

https://{panorama-ip}/api/?key={API-Key}&type=config&action=set&xpath=/config/devices/entry[@name='{localhost.localdomain}']/device-group/entry[@name='{device-group name}']/address/entry[@name='{address-object-name}'] &element=<ip-netmask>{ip-address/mask}</ip-netmask>

  • 2 accepted solutions
  • 7 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!