This document describes how to move security rules from the CLI.
The same options to move a rule in the CLI as in the WebGUI.
If only 1 vsys is being used:
# move rulebase security rules <rulename> <action>
The actions are: after, before, bottom and top.
If more than 1 vsys is being used:
# move vsys <vsys#> rulebase security rules <rulename> <action>
In the following example, there are three security policies configured:
To move the 3rd policy, DMZ-Trust, to the top through the CLI enter following commands:
# move rulebase security rules DMZ-Trust top
After the commit, verify the rule has been moved to the top:
It gives an error. Is there a bug with this? I tried several PA-5020s and got the same error as below.
ram.bista@pa-5020# move vsys vsys2 rulebase security rules "allow Cisco_ISE" top
Server error : Timed out while getting config lock. Please try again.ram.bista@pa-5020#
@RamBista1, I am sorry you experienced this. I have to ask:
1. Do you get the same error on other hardware models?
2. Are the other CLI commands like "> show jobs all" and a CLI commit and other CLI commands working OK when you get this error?
This may be something that you need to talk with support about if this continues or affects other commands.