This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Panorama import address group

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama import address group

PA200-1
L1 Bithead

‎09-09-2021 10:18 AM

Howdy,

I couldn't the Panorama discussions so I apologize.

I am being asked to import the US sites from this link,

https://docs.microsoft.com/en-us/power-automate/limits-and-config

 

I didn't find an import topic for address groups.

Surely there a way to import a lot of non segment ips into Panorama into a new address group?

CSV sheet maybe?

Thank you

Pan OS 9.1.10

Certified Languages
0 Likes Likes
3 REPLIES 3

S.Cantwell
Cyber Elite
Cyber Elite

‎09-09-2021 04:49 PM

Hello,   you can put up to 50 addresses into a single address group.  You cannot use CSV, but you can bang on the keyboard and do a similar command of:

 

panorama>configure

 

Then you need to create the address objects first, and then add them to an address-group, like below:

 

set shared address Proofpoint-1 ip-netmask 67.231.152.0/22
set shared address Proofpoint-2 ip-netmask 67.231.156.0/24
set shared address Proofpoint-3 ip-netmask 67.231.144.0/22
set shared address Proofpoint-4 ip-netmask 67.231.148.0/24
set shared address Proofpoint-5 ip-netmask 67.231.149.0/24
set shared address Proofpoint-6 ip-netmask 148.163.128.0/19
set shared address-group Proofpoint static [ Proofpoint-1 Proofpoint-2 Proofpoint-3 Proofpoint-4 Proofpoint-5 Proofpoint-6 ]

 

It is tedious, but this is what you will need to do.  Obviously, substitute names and IPs from your list.

Help the community: Like helpful comments and mark solutions

BPry
Cyber Elite
Cyber Elite

‎09-09-2021 08:33 PM

@PA200-1,

Easiest way to do this, and what I would recommend, is that you see if these addresses are published somewhere in an easier to digest format and pull them into an EDL or build out a MineMeld Miner for them if you have that deployed. That way as long as Microsoft is keeping the list up-to-date, you can simply let automation keep your firewall up-to-date.

Otherwise, typing them out manually as @S.Cantwell is the most direct answer. You can whip up something in the API to add any address or range inputed into a CSV easily enough if this is something you plan on doing regularly. 

TomYoung
Cyber Elite
Cyber Elite

‎09-09-2021 10:57 PM

Hello @PA200-1,

I looked at your URL, and it has 26 objects for the US, or 35 if you include Preview US.  Using @S.Cantwell's method, you could knock it out in a matter of minutes.  You can create IP Range objects for the ranges.  You will need to manually check it from time to time to keep it up to date, which is why an @BPry's EDL method is the best long term.  However, I don't think there is an EDL for that list.

Thanks,

Tom

 

Help the community: Like helpful comments and mark solutions.
  • 3060 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks