Add shared Object in REST API

Reply
Highlighted
L1 Bithead

Add shared Object in REST API

I am running code verion 4.0.7 and am trying to create a new shared address, then add that address to a shared address-group.  Since I am not running 4.1, I don't have the API browser and my attempts at guessing the correct path have failed.  Any help is appreciated.

Ray


Accepted Solutions
Highlighted
L3 Networker

A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output.  In your case you'll find you need something like:  /config/shared/address-group/entry[@name='g1']/member[text()='host1']  to delete multiple group members you can do:  /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']

View solution in original post


All Replies
Highlighted
L4 Transporter

To add an address object to a vsys:

http(s)://firewall/esp/restapi.esp?type=config&action=set&

xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address&

element=<entry name='test-addr'><ip-netmask>2.2.2.2/32</ip-netmask></entry>

To add the address object to a address group:

http(s)://firewall/esp/restapi.esp?type=config&action=set&

xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test-addr-grp']&

element=<member>test-addr</member>


Highlighted
L1 Bithead

Actually I was looking to add an address as shared, so that it could be used in every vsys.  Turns out to add an object as shared you use

xpath=/config/shared/

I am now able to add a shared address and then add that address to a shared group.  Does anyone know how to remove an address from a group?  Using action=delete tries to delete the entire group even though I am specifying a member in that group to delete.

Finally, if anyone knows how to perform a commit lock on either the whole system or just 1 vsys it would also be handy.

Ray

Highlighted
L3 Networker

A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output.  In your case you'll find you need something like:  /config/shared/address-group/entry[@name='g1']/member[text()='host1']  to delete multiple group members you can do:  /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']

View solution in original post

Highlighted
L1 Bithead

Thats great news!  Using the cli debug I was able to determine the correct syntax to do almost everything I needed to do.  Had I known that before, a great deal of time could have been saved.  Thank you very much for your help.

Ray

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!