05-12-2020 09:52 AM
So I have been REPLACING tags and zones with the xml API with great success. What I have yet to do is figure out how to ADD tags or zones without disturbing the existing objects...or even replace them with multiple tags/zones
Working replacement of a zone-
xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{Location}}']/post-rulebase/security/rules/entry[@name='{{Name}}']/from/member&element=<member>gp_vpn_general</member>
This works to replace a single zone....fails if you run it against a rule with multiple zones.
I've tried putting multiple members in the element but it only sees and inserts the first one
xpath=/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='{{Location}}']/post-rulebase/security/rules/entry[@name='{{Name}}']/from/member&element=<member>gp_vpn_general</member><member>pci</member>
That puts the vpn zone in and ignores the pci zone, if I switch them it will put the pci zone in and ignore the vpn zone.
So the function seems a 1 for 1 REPLACE
Can anyone nudge me in the direction for making additions?
05-22-2020 09:24 AM
So the fix was that I needed to expand the element to include not only the member but the "from"
after that. Poof!
05-12-2020 10:53 AM
Hello @ScottHammond
What happens if you add the zones one by one (instead of all at once)?
If I remember it right, there are several ways to call the API. Are you using a "simple" POST or are you different various http methods?
05-12-2020 12:20 PM
Doing a POST
If I run it again it replaces whatever is there one for one.
THis is using the edit function. (set doesnt work because the rule already exists)
I see there is a method to add multiple members to address groups via the API, and you would think it would be the same for zones...but no joy
05-12-2020 01:59 PM
If I add zones from the cli with a debug running (clearing running a set command) the debug says
<request cmd="set" obj="/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Location']/post-rulebase/security/rules/entry[@name='Name']/from" cookie="8038565277332854"><member>gp_vpn_general</member></request>
05-12-2020 02:12 PM
Okay so that didnt look right and I changed it to
/from/member&element=<member>gp_vpn_general</member>
resulting in
05-22-2020 09:24 AM
So the fix was that I needed to expand the element to include not only the member but the "from"
after that. Poof!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
