deleting all addresses in Palo Alto Networks firewall

if you somehow end up having hundreds of address objects in a PAN firewall and you would like to delete all of them, good luck!
probably to prevent accidental removal there is no way on GUI as of now on 7.1.x releases (or I don’t know yet)
but if you want to you can use the following CLI option.

>set cli config-output-format set
#show address 

copy the output you get on the previous “show address” command and paste into a file e.g “address.txt” in a Linux host then do
grab the first 3 lines

for example our file may contain the followings;

set address subnet10 ip-netmask
set address subnet172 ip-netmask
set address subnet192 ip-netmask
set address subnet127 ip-netmask
set address subnet169 ip-netmask
set address subnet224 ip-netmask
cat address.txt | sed 's/set/delete/g' | awk '{print $1 " " $2 " " $3}'

by doing this you create the delete statements of address objects. Your output should be like this

delete address subnet10
delete address subnet172
delete address subnet192
delete address subnet127
delete address subnet169
delete address subnet224

now you need to paste this on PAN cli. Depending on the number of objects you may need to enable scripting mode

> set cli scripting-mode on
> config

and then paste the delete commands and commit. That should be it!

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.