01-17-2012 07:18 AM
I am running code verion 4.0.7 and am trying to create a new shared address, then add that address to a shared address-group. Since I am not running 4.1, I don't have the API browser and my attempts at guessing the correct path have failed. Any help is appreciated.
Ray
01-18-2012 11:08 AM
A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output. In your case you'll find you need something like: /config/shared/address-group/entry[@name='g1']/member[text()='host1'] to delete multiple group members you can do: /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']
01-17-2012 05:22 PM
To add an address object to a vsys:
http(s)://firewall/esp/restapi.esp?type=config&action=set&
xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address&
element=<entry name='test-addr'><ip-netmask>2.2.2.2/32</ip-netmask></entry>
To add the address object to a address group:
http(s)://firewall/esp/restapi.esp?type=config&action=set&
xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test-addr-grp']&
element=<member>test-addr</member>
01-18-2012 06:53 AM
Actually I was looking to add an address as shared, so that it could be used in every vsys. Turns out to add an object as shared you use
xpath=/config/shared/
I am now able to add a shared address and then add that address to a shared group. Does anyone know how to remove an address from a group? Using action=delete tries to delete the entire group even though I am specifying a member in that group to delete.
Finally, if anyone knows how to perform a commit lock on either the whole system or just 1 vsys it would also be handy.
Ray
01-18-2012 11:08 AM
A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output. In your case you'll find you need something like: /config/shared/address-group/entry[@name='g1']/member[text()='host1'] to delete multiple group members you can do: /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']
01-18-2012 12:22 PM
Thats great news! Using the cli debug I was able to determine the correct syntax to do almost everything I needed to do. Had I known that before, a great deal of time could have been saved. Thank you very much for your help.
Ray
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
