Create Bulk address objects & address groups on Palo Alto Firewall

The below program is written in PHP that is used to create automatic bulk IP Addresses on the Palo Alto Networks firewall. You just need to provide the IP Addresses, and/or IP Addresses with CIDR (Classless Inter-Domain Routing) Prefix.

For Example:

Currently, you can’t define the subnet mask in binary notation, i.e.,,

You must need to define the IP Addresses separately with space or anything.

We will automatically create separate address groups with 500 IP addresses in each group.


Note: Read carefully before using this program:

1. You must need to define a new Group Name. The existing Group can create unexpected results.

2. Read the generated script carefully before implementing it on the device.

3. The subnet mask & IP Address must be in the range. As of now, we can’t provide any exceptions if the supplied information is wrong.

4. Don’t run the large scripts directly, it may consume a large amount of CPU and/or memory.

5. This program is designed with the best effort and does not provide any guarantee. We suggest you please test the scripts in your lab environment first!

Please share your valuable feedback and suggestions using Contacting Us.

Support our work:

If you appreciate what we do and would like to contribute to our efforts, we kindly ask you to consider buying us a coffee. Your small donation can go a long way in helping us cover the costs of hosting, maintenance, and further development.

Please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us Support Us

We are always thankful for your never-ending support.


  1. How we can edit the security policy in Palo Alto Firewall through CLI

    Like we need more IP Address into the security policy without creating object and Group.

    We call IPs directly into the policy as the address Object limit exhausted/Fully occupied.

    So we created a policy and adding the IPs into that policy one by one and we required to add bulk of IPs in the existing policy

  2. This is a wonderful tool, and I appreciate the video that pointed me to it. This doesn’t process IPv6 addresses. Any chance you can make it work on those?

Leave a Reply

Your email address will not be published. Required fields are marked *