- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-09-2021 10:18 AM
Howdy,
I couldn't the Panorama discussions so I apologize.
I am being asked to import the US sites from this link,
https://docs.microsoft.com/en-us/power-automate/limits-and-config
I didn't find an import topic for address groups.
Surely there a way to import a lot of non segment ips into Panorama into a new address group?
CSV sheet maybe?
Thank you
Pan OS 9.1.10
09-09-2021 04:49 PM
Hello, you can put up to 50 addresses into a single address group. You cannot use CSV, but you can bang on the keyboard and do a similar command of:
panorama>configure
Then you need to create the address objects first, and then add them to an address-group, like below:
set shared address Proofpoint-1 ip-netmask 67.231.152.0/22
set shared address Proofpoint-2 ip-netmask 67.231.156.0/24
set shared address Proofpoint-3 ip-netmask 67.231.144.0/22
set shared address Proofpoint-4 ip-netmask 67.231.148.0/24
set shared address Proofpoint-5 ip-netmask 67.231.149.0/24
set shared address Proofpoint-6 ip-netmask 148.163.128.0/19
set shared address-group Proofpoint static [ Proofpoint-1 Proofpoint-2 Proofpoint-3 Proofpoint-4 Proofpoint-5 Proofpoint-6 ]
It is tedious, but this is what you will need to do. Obviously, substitute names and IPs from your list.
09-09-2021 08:33 PM
Easiest way to do this, and what I would recommend, is that you see if these addresses are published somewhere in an easier to digest format and pull them into an EDL or build out a MineMeld Miner for them if you have that deployed. That way as long as Microsoft is keeping the list up-to-date, you can simply let automation keep your firewall up-to-date.
Otherwise, typing them out manually as @S.Cantwell is the most direct answer. You can whip up something in the API to add any address or range inputed into a CSV easily enough if this is something you plan on doing regularly.
09-09-2021 10:57 PM
Hello @PA200-1,
I looked at your URL, and it has 26 objects for the US, or 35 if you include Preview US. Using @S.Cantwell's method, you could knock it out in a matter of minutes. You can create IP Range objects for the ranges. You will need to manually check it from time to time to keep it up to date, which is why an @BPry's EDL method is the best long term. However, I don't think there is an EDL for that list.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!