deleting all addresses in Palo Alto Networks firewall
if you somehow end up having hundreds of address objects in a PAN firewall and you would like to delete all of them, good luck!
probably to prevent accidental removal there is no way on GUI as of now on 7.1.x releases (or I don’t know yet)
but if you want to you can use the following CLI option.
>set cli config-output-format set >config #show address
copy the output you get on the previous “show address” command and paste into a file e.g “address.txt” in a Linux host then do
grab the first 3 lines
for example our file may contain the followings;
set address subnet10 ip-netmask 10.0.0.0/8 set address subnet172 ip-netmask 172.16.0.0/12 set address subnet192 ip-netmask 192.168.0.0/16 set address subnet127 ip-netmask 127.0.0.0/8 set address subnet169 ip-netmask 169.254.0.0/16 set address subnet224 ip-netmask 224.0.0.0/3
cat address.txt | sed 's/set/delete/g' | awk '{print $1 " " $2 " " $3}'
by doing this you create the delete statements of address objects. Your output should be like this
delete address subnet10 delete address subnet172 delete address subnet192 delete address subnet127 delete address subnet169 delete address subnet224
now you need to paste this on PAN cli. Depending on the number of objects you may need to enable scripting mode
> set cli scripting-mode on > config
and then paste the delete commands and commit. That should be it!
Thanks Rtoodtoo, just what I was looking for.
you’re welcome!