Wednesday, March 8, 2017

Palo Alto Networks - How to Import Address Objects from a .csv File

Although there are a variety of ways to accomplish this task, I thought I would put together a quick script to satisfy this particular requirement.

Let's say you are trying to migrate from a firewall that isn't supported via the Migration Tool, and you have 1000's of address objects. What would be a simple way to get this data imported into a Palo Alto Networks firewall from a .csv file?

Step 1:

Install Python and Jinja2 (easy_install jinja2 or pip install jinja2) on a machine (I did this on a VM running Ubuntu). Create a directory somewhere on the machine for the files you will be creating.

Step 2:

Rename your existing .csv file to "device_data.csv". Here is an example.

Step 3:

Create a jinja2 file called "conf_template.j2" with the configuration parameters and variables that reference each column in the .csv file. Here is an example.

Step 4:

Create a python script called "make_config.py" so that upon execution it will use the information from your jinja and csv files to create a configuration file. Here is an example.

Step 5:

Place all three files (.csv, .j2, and .py) in the directory you previously created.

Step 6:

Open the terminal and navigate to the directory where the files are stored (in Ubuntu, cd ~/Desktop/scripts/address-objects/)

Step 7:

Run the script (in Ubuntu, sudo python make_config.py). This will produce a file in the same directory called, "address_objects.conf". Here is an example.

Step 8:

Open the "address_objects.conf" file and copy and paste the contents into the cli of the firewall. Don't forget to commit the configuration.

In summary, this methodology can be applied in a variety of scenarios (here is one example), but the main goal is to save time and avoid doing things manually.

1 comment: