Home > Palo Alto > Palo Alto – bulk object creation – Method 1

Palo Alto – bulk object creation – Method 1

Sometimes you need to create a lot of objects and GUI is not the best place for this.There are two methods of how you can achieve this on PA:

  1. Cut/paste relevant commands (dumb but quick :))
  2. Script this via XML API calls (elegant but requires some effort put into preparation :))

In this post I will explain the first one (doing Address object creation as an example).

Given input: a CSV file that contains host name, IP address, description

Desired result: relevant Address objects created on the firewall

How to: 

  1. I have put together a “quick and dirty” script that transforms the incoming CSV file into a sequence of CLI commands

    #cs —————————————————————————-

    AutoIt Version: 3.3.10.2
    Author: Nikolay Matveev (03/06/2014)

    Script Function:
    translates a CSV file (hostname, ip address, description) into CLI commands
    to bulk create objects on Palo Alto firewall

    #ce —————————————————————————-
    #include <FileConstants.au3>
    #include <MsgBoxConstants.au3>
    $host_name_prefix = “PA1-HST-”
    $host_name_suffix = “- ESXi Host”

    $file_src = FileOpenDialog(“Choose a CSV file with host objects”, @ScriptDir, “Comma delimeted files (*.csv)”)
    $source = FileOpen($file_src)
    $dest = FileOpen(@ScriptDir & “\cli-commands.txt”, $FO_OVERWRITE )

    ; file format <host name>,<ip address>,<description>
    While 1

    $line = FileReadLine($source)
    If @error Then ExitLoop

    $split_line = StringSplit($line, “,”)

    $hName = $host_name_prefix & $split_line[1] & $host_name_suffix
    $hAddr = $split_line[2]
    $hDesc = $split_line[3]

    FileWriteLine($dest, ‘set address ‘ & ‘”‘ & $hName & ‘” description “‘ & $hDesc & ‘” ip-netmask ‘ & $hAddr)

    WEnd

    FileClose($file_src)
    FileClose($dest)

     

    as you can see you can add prefix/suffix to the object name – in case your naming convention requires that (mine does), if you do not need that you can replace them with empty strings.

    I use AutoIT for all my Windows automation and highly recommend it to everyone who has not seen it yet – worth every minute spent on learning it.

  2. Open the file produced by the script (cli-commands.txt in the same folder with the script) and do Ctrl+A and Ctrl+C
  3. Log onto the firewall and do

    set cli scripting-mode on
    configure

  4. Do Ctrl+V – now all you objects will be created in a matter of seconds even on entry level boxes
  5. Then you can turn off the scripting mode:

    set cli scripting-mode off

    new objects are available for use in the rules straight away

Probably you can achieve all above with just Excel or a text editor with search/replace functions but I’m going to extend the script to include API support – hence the effort put into its creation (hopefully will pay off in a long term :))

There is a better way of doing this though. My most recent weapon of choice is Python + REST API.

Advertisements
Categories: Palo Alto Tags:
  1. June 19, 2015 at 5:54 pm

    Awesome idea! Question. Did you run into any issues copy and pasting in a lot of lines? I seem to only be able to copy in 10 lines at a time.

    • August 29, 2015 at 10:10 pm

      No, not really.. though I have not tried hundreds or thousands of lines to be honest. As far as I remember it was about 80-100 in one go.

      p.s. sorry for late reply – changed my mobile phone and was not getting any notifications about comments on the blog…

  2. Motasem Salah
    May 10, 2016 at 8:47 pm

    Great !! Thank you Nikolay you helped me appreciate it.
    keep up the good stuff ; )

  3. Trinath
    October 28, 2018 at 12:32 am

    Can you pleast post method 2

    • October 28, 2018 at 12:45 am

      Sure. I will try to post it tomorrow. I have a python script that does this via REST API…

    • November 3, 2018 at 3:10 am

      Done. Sorry for the delay.

  1. November 3, 2018 at 3:02 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: