multi_move_clone_configuration

Multi-Move or Multi-Clone the configuration of the Palo Alto firewall

Server Palo Alto Networks MCP Server Suite packetracer/mcpserver
Category Write
Risk class Medium
Parameters 00 required

What multi_move_clone_configuration does on Palo Alto Networks MCP Server Suite

AI agents use multi_move_clone_configuration to create or update resources in Palo Alto Networks MCP Server Suite — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Palo Alto Networks MCP Server Suite environment.

Why multi_move_clone_configuration needs a policy

This tool modifies firewall configuration by moving or cloning settings, which are reversible write operations that could substantially alter security posture if misapplied. While not destructive (data isn't permanently deleted) or immediately dangerous like Execute operations, it ranks high severity due to the critical nature of firewall configurations—misconfiguration could expose networks to threats.

From the tool's definition Tool name and description indicate 'multi_move_clone_configuration' that performs 'Multi-Move or Multi-Clone the configuration' of firewall systems. These operations create modified copies or relocate configurations.

Questions about multi_move_clone_configuration

What does the multi_move_clone_configuration tool do? +

Multi-Move or Multi-Clone the configuration of the Palo Alto firewall. It is categorised as a Write tool in the Palo Alto Networks MCP Server Suite MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on multi_move_clone_configuration? +

Register the Palo Alto Networks MCP Server Suite MCP server in PolicyLayer and add a rule for multi_move_clone_configuration: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Palo Alto Networks MCP Server Suite. Nothing to install.

What risk level is multi_move_clone_configuration? +

multi_move_clone_configuration is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit multi_move_clone_configuration? +

Yes. Add a rate_limit block to the multi_move_clone_configuration rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block multi_move_clone_configuration completely? +

Set action: deny in the PolicyLayer policy for multi_move_clone_configuration. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides multi_move_clone_configuration? +

multi_move_clone_configuration is provided by the Palo Alto Networks MCP Server Suite MCP server (packetracer/mcpserver). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.