https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404176#M91872 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167567">@FrancoisNoel</a>,</P> <P>This should work perfectly fine, at least on 9.1 and 10.0. You can go through and add a single application or service and remove them as needed without removing the entire entry.&nbsp;</P> Fri, 30 Apr 2021 13:37:43 GMT BPry 2021-04-30T13:37:43Z https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404157#M91870 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;I was wondering if anybody has experience working with the scripting mode in the way I need.</P><P>Using the following commands, it is possible to add a single application or service to a rule:</P><P>set device-group INTERNAL post-rulebase security rules SEC-APP application [ ssl ]</P><P>set device-group INTERNAL post-rulebase security rules WEB-APP service [ http ]</P><P>&nbsp;</P><P>I would like to know if the opposite is feasible: is there a command to remove a single service or a single application from a rule without having to reconfigure the whole rule?</P><P>&nbsp;</P><P>If this is not possible then the only way is to delete the rule and reconfigure it altogether?</P><P>&nbsp;</P><P>Thanks</P> Fri, 30 Apr 2021 12:46:29 GMT https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404157#M91870 FrancoisNoel 2021-04-30T12:46:29Z https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404176#M91872 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167567">@FrancoisNoel</a>,</P> <P>This should work perfectly fine, at least on 9.1 and 10.0. You can go through and add a single application or service and remove them as needed without removing the entire entry.&nbsp;</P> Fri, 30 Apr 2021 13:37:43 GMT https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404176#M91872 BPry 2021-04-30T13:37:43Z https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404193#M91877 <P>Thanks for your reply BPry but what is the set command line to remove a single app or service?</P><P>&nbsp;</P> Fri, 30 Apr 2021 14:11:20 GMT https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404193#M91877 FrancoisNoel 2021-04-30T14:11:20Z https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404203#M91879 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/167567">@FrancoisNoel</a>,</P> <P>You wouldn't use set to remove an application or service member, you would use delete.&nbsp;</P> Fri, 30 Apr 2021 14:19:58 GMT https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404203#M91879 BPry 2021-04-30T14:19:58Z https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404224#M91881 <P>Thank you very much BPry</P><P>Just an FYI.</P><P>I first tried this:&nbsp;<SPAN>delete device-group INTERNAL post-rulebase security rules SEC-APP application [ ssl ]&nbsp;</SPAN></P><P><SPAN>But that didn't work because of the [ ]</SPAN></P><P><SPAN>I removed the [ ] and all was fine.</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks again! Much appreciated!</SPAN></P> Fri, 30 Apr 2021 15:07:03 GMT https://live.paloaltonetworks.com/t5/general-topics/using-scripting-mode-to-modify-existing-security-rules/m-p/404224#M91881 FrancoisNoel 2021-04-30T15:07:03Z