Security Profiles - URL Filtering - Update Multiple Categories within all Profiles

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Security Profiles - URL Filtering - Update Multiple Categories within all Profiles

L1 Bithead

Hello all, I'm looking for some suggestions, or information on how I can quickly update all security profiles, with 3 select objects at once. In total, our Panorama has 129 profiles, so I would need to login to all 129 profiles, and update 3 categories in them to block.

 

By way of the gui, I think the only way would be able to edit 1 profile at a time, and search all 3 categories, and update them accordingly. Can anyone suggest any easier way to maybe resolve this?

2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @PingMyServer ,

 

They were probably only thinking of the GUI.  Are you familiar with the CLI?  If not, direct message (DM) me and we can do a quick screen share session.  It won't take too long.  We build the CLI for one security profile.  We then use some CLI magic to parse the 129 profile names and append the command to each one.  Then paste.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

View solution in original post

L1 Bithead

After doing further research, I found through the CLI you can do this fairly easy. Using the following commands. You can pull your profile names from the command "set device-group GROUP1 profiles" and pressing tab. It takes a little work, but with excel you can get all the commands you need fairly quickly

 

set device-group GROUP1 profiles url-filtering PROFILE_NAME block ransomware
set device-group GROUP1 profiles url-filtering PROFILE_NAME block encrypted-dns
set device-group GROUP1 profiles url-filtering PROFILE_NAME block real-time-detection

View solution in original post

7 REPLIES 7

Community Team Member

Hi @PingMyServer ,

 

For mass changes, I found Expedition very helpful. You are able to multi-select items and apply changes to them. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Sorry, but you can use this to change Palo Alto's own rules on their own Panorama and apply them to the same panorama? Reading about it, sounds like a migration tool, I need to change rules on our current live Palo Alto devices.

Cyber Elite
Cyber Elite

Hi @PingMyServer ,

 

Yes, Expedition can make changes directly to a device via API.  You start by adding the device to Expedition.  https://www.youtube.com/watch?v=r_l_NjGHv90

 

You could also use the CLI.  I have found that to be very useful for bulk changes.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Interesting Palo Alto support told me today it's not possible to bulk edit URL Security Profile objects. Told me I would have to go in, to each one, select the 3 URL Categories, then I can change 3 at once. But there is no way to modify multiple profile objects at once.

Cyber Elite
Cyber Elite

Hi @PingMyServer ,

 

They were probably only thinking of the GUI.  Are you familiar with the CLI?  If not, direct message (DM) me and we can do a quick screen share session.  It won't take too long.  We build the CLI for one security profile.  We then use some CLI magic to parse the 129 profile names and append the command to each one.  Then paste.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

L1 Bithead

After doing further research, I found through the CLI you can do this fairly easy. Using the following commands. You can pull your profile names from the command "set device-group GROUP1 profiles" and pressing tab. It takes a little work, but with excel you can get all the commands you need fairly quickly

 

set device-group GROUP1 profiles url-filtering PROFILE_NAME block ransomware
set device-group GROUP1 profiles url-filtering PROFILE_NAME block encrypted-dns
set device-group GROUP1 profiles url-filtering PROFILE_NAME block real-time-detection

Community Team Member

Thanks for sharing!

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 2 accepted solutions
  • 3655 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!