How to write a script

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to write a script

L3 Networker

Hello Support, 

 

Can someone show me how to compile a script that will delete a number of configurations. For example, I would like to delete the following configurations shown in the image. However, it will take a long time to issue the command delete ...  for all the lines shown. Alternatively, is there one delete command that will delete all configurations? (I don't want to do a factory reset).

 

Cheers

 

Carltondeletepa.png

1 accepted solution

Accepted Solutions

You would need to right click on it and open it into something like notepad or wordpad on a windows machine, or really any basic text editor such as sublime. Once their you can delete out anything that you don't want (for example anything between <security> and </security> would delete out your security policies)

View solution in original post

7 REPLIES 7

L3 Networker

Hi Community,

 

Any thoughts on this question?

 

Cheers

I'm a little lost on what you are looking to do I guess. It sounds like you would like to delete all of the actual configuration changes on your device, much akin to what a factory reset would do; however you don't want to do an actual factory reset because of something correct? 

Unless my view of scripting for the Palo Alto is way out of line, which it very well could actually be, I don't think there is a way to do this effectively without typing out everything once anyways. Your screenshot displays everything you could actually delete with the delete command, so unless you forgot to include another screenshot then it doesn't give anybody much insight to what you actually want to do besides the fact that you want to delete all of the configuration off of the device, but don't want to actually reset the device. If you give us the reason why you don't want to reset the device we may be able to help a little more. 

Hi BPry,

 

Thanks for responding. You have pretty much got it - I want wipe the entire configs on the PA VM but I don't want to do a factory reset because it would mean me wiping the license on the VM.

 

Is there a way of achieving this?

 

Cheers

maybe this is too simple. but you could download the config. used a text editor to remove everything you didn't want and then re-upload the config. once you apply it you will get errors if you missed something.

 

Chris, 

 

Thats a thought.

 

Let me check it out...

 

Cheers

Chris,

 

Below is a snapshot of some of the downloaded configuration. 

 

<?xml version="1.0"?>
<config version="7.0.0" urldb="paloaltonetworks">
<mgt-config>
<users>
<entry name="admin">
<phash>fnRL/G5lXVMug</phash>
<permissions>
<role-based>
<superuser>yes</superuser>
</role-based>
</permissions>
</entry>
<entry name="ip-admin">
<permissions>
<role-based>
<custom>
<profile>Policy Admins</profile>
</custom>
</role-based>
</permissions>
<phash>$1$omitmqqh$cilyvM4o4JVbsIOHKbHkQ.</phash>
</entry>
</users>
</mgt-config>
<shared>
<application/>
<application-group/>
<service/>
<service-group/>
<botnet>
<configuration>
<http>
<dynamic-dns>
<enabled>yes</enabled>
<threshold>5</threshold>
</dynamic-dns>
<malware-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</malware-sites>
<recent-domains>
<enabled>yes</enabled>
<threshold>5</threshold>
</recent-domains>
<ip-domains>
<enabled>yes</enabled>
<threshold>10</threshold>
</ip-domains>
<executables-from-unknown-sites>
<enabled>yes</enabled>
<threshold>5</threshold>
</executables-from-unknown-sites>
</http>
<other-applications>

 

Can you show me how I would edit the file to remove all the configs?

 

Cheers

You would need to right click on it and open it into something like notepad or wordpad on a windows machine, or really any basic text editor such as sublime. Once their you can delete out anything that you don't want (for example anything between <security> and </security> would delete out your security policies)

  • 1 accepted solution
  • 4728 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!