How to Move Security Rules Through the CLI

Printer Friendly Page

Overview

This document describes how to move security rules from the CLI.

 

Details

The same options to move a rule in the CLI as in the WebGUI.

 

If only 1 vsys is being used:

> configure

# move rulebase security rules <rulename> <action>

# commit

The actions are: after, before, bottom and top.

 

If more than 1 vsys is being used:

> configure

# move vsys <vsys#> rulebase security rules <rulename> <action>

# commit

The actions are: after, before, bottom and top.

 

In the following example, there are three security policies configured:

security-policies.PNG

 

To move the 3rd policy, DMZ-Trust, to the top through the CLI enter following commands:

> configure

# move rulebase security rules DMZ-Trust top

# commit

 

 

After the commit, verify the rule has been moved to the top:

security-policies1.PNG

 

owner: ashaikh

Comments

It gives an error. Is there a bug with this? I tried several PA-5020s and got the same error as below.

 

ram.bista@pa-5020# move vsys vsys2 rulebase security rules "allow Cisco_ISE" top

Server error : Timed out while getting config lock. Please try again.
[edit]
ram.bista@pa-5020

@RamBista1, I am sorry you experienced this.  I have to ask:

1. Do you get the same error on other hardware models?

2. Are the other CLI commands like  "> show jobs all" and a CLI commit and other CLI commands working OK when you get this error?

 

This may be something that you need to talk with support about if this continues or affects other commands.