Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to delete multiple address objects via CLI

The firewall has accumulated over 28000 Rogue AP address objects. It's a gen6 NSA4650. This prevents to export the settings and convert them successfully via the migration tool to a gen7 compatible file. Anyone with an idea or working script how to delete all 28000 Rogue APs via the CLI using a wildcard or a variable? The exact format of the address objects is: "Rogue AP xx:xx:xx:xx:xx:xx".

Category: Mid Range Firewalls
Reply

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited May 2023

    @Lucho isn't the "All Rogue Access Points" just a simple Address Group?

    Quick and dirty would be my approach here, no:

    ssh to appliance
    no cli pager session
    show address-group ipv4 All\ Rogue\ Access\ Points 
    #copy the address-object lines from the output into a text editor
    #replace "address-object" with "no address-object"
    configure
    address-group ipv4 All\ Rogue\ Access\ Points
    #paste the text from the text editor in here
    end
    

    This should end up in an empty Group (hopefully). You might consider to delete the address-objects the same way to shrink your configuration.

    --Michael@BWC

  • LuchoLucho Newbie ✭

    I get the following:


    admin@xxxxxxxxxxxxxx> show address-group ipv4 All\ Rogue\ Access\ Points

    % Error encountered at '^' marker:

      show address-group ipv4 All\ Rogue\ Access\ Points

    The '^' marker is under the word 'All'

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Lucho I tried a Copy&Paste on my home appliance and it worked right away.

    Try a "show address-groups ipv4" to list all of your groups and check for the right name, it should be "All Rogue Access Points". It has auto completion, you could hit the TAB-Key for every space in the group name, maybe something is messed up with the Backslash, but it worked for me by copying the text from above.

    --Michael@BWC

  • LuchoLucho Newbie ✭

    Apparently on this firewall "All Rogue Access Points" is a mixed ipv4 and ipv6 address object. I have to use the syntax:

    show address-group ipv6 All\ Rogue\ Access\ Points

    and then it worked.

    I don't really have to remove the individual objects from the group. I can just list them, copy in batches of 100 and delete them. But it's a very slow process. And then 'commit' takes very long time.

    Isn't there a way to use one line with regex which matches all individual objects "Rogue AP xx:xx:xx:xx:xx:xx"?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Lucho that is what you get CLI-wise:

    IMHO there are no programming features baked into the CLI which support regex. Sorry that I can provide no better option.

    --Michael@BWC

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    I am never slow to suggest using the CLI for this kind of thing but if you have to interact with it, slowly, for every batch of 100, then you might as well be just ticking 100 address objects at a time and deleting them with the web interface!

    I asked ChatGPT to generate an 'expect' script to bulk-delete address objects from a Sonicwall SonicOS CLI and it produced something that looked quite plausible, so that would be the route I would pursue. I have to caveat this by saying that every script and regex I've asked ChatGPT to produce for whatever purpose has looked quite plausible, and been wrong in some subtle way. So don't expect it to work on the first attempt.

  • LarryLarry All-Knowing Sage ✭✭✭✭

    Necroposting because I am migrating a TZ350 to a TZ470 and there are about 400 Rogue AP address objects that are unnecessary (and will probably be replaced in actual use).

    I searched for / filtered the list for "Rogue AP" and clicked the box at the top of the list to select all.

    I then click the Delete button in the table header. I selected Delete incremental and the pop-up window prompted me with "Are you sure you want to delete selected 27 address(s)?"

    That's odd, so I clicked the box at the top to select all, scrolled down the list and kept clicking to select more, and when I tried to delete, I got "Too Many address object(s) to Delete - Selected 107 address object(s), but only up to 80 address object(s) can be deleted at a time."

    TIL - address object selection and delete function have limits…

  • ArkwrightArkwright Community Legend ✭✭✭✭✭

    Not just address objects, I went crazy trying to find a local user on Gen7, name starting with 'a', who just was not there, but I couldn't create him because he already exists. Sorting alphabetically showed some a's first, but not this guy. It wasn't until I scroll-scroll-scrolled to the bottom of the list, then sorted, that I found him. So irritating!

Sign In or Register to comment.