This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Security Rule API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Security Rule API

Ntripp
L1 Bithead

‎01-10-2018 10:16 AM

I've got a powershell script working that copies my security rules from one device to another but I need to control the order that they are inserted at the destination. I haven't been able to find this in the API browser or other examples. Does anyone know how to get the rule number or order? Or on the insert side?

1 person had this problem.
0 Likes Likes
4 REPLIES 4

nigelswift
L4 Transporter

‎01-10-2018 11:54 AM

Are you doing the rules one by one, or all the rules at once? If you use the following call, you could retain the order of the entire rulebase and use indexing in your logic.

 

/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security

 

 

The other thing that comes to mind is the action=move call on the configuration like so:

/api/?type=config&action=move&xpath=/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']&where=after&dst=rule2
0 Likes Likes

Ntripp
L1 Bithead
In response to nigelswift

‎01-10-2018 01:08 PM - edited ‎01-10-2018 01:11 PM

I'm pulling them with that xpath:

 

 

but then I have to loop through the elements to push them:

"?type=config&action=show&key="+ $key + "&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/vsys/entry/rulebase/security"

 

 

foreach ($k in ($rules.response.Selectnodes("//entry[@name]"))){

$uri = $papa + "?type=config&action=set&key=" + $key + "&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='" +$k.name+']' + "&xpath-value&element=" + $k.InnerXml
invoke-webrequest -uri $uri
}

 

is there a way to bulk load them? This was the only way I could make the xml usable to push into the other device. 

0 Likes Likes

nigelswift
L4 Transporter
In response to Ntripp

‎01-11-2018 06:22 AM

Yes. This is what the first call I supplied does. If you do a get just for the rulebase and then a set of the same xml at the rulebase xpath with the element that you pass, you should be able to move over the entire rulebase.

0 Likes Likes

Ntripp
L1 Bithead
In response to nigelswift

‎01-19-2018 10:12 AM

I was able to get the whole rulebase which is the command you supplied (I was already doing that).  I was not able to push them all at once and required looping through. Did you have the xpath for set an entire rulebase?

 

What I plan to do is is add tags to the rules add and move them.  Seems like there should be a function for rule order placement on the set instead of adding then moving but this is all I have been able to find so far. 

0 Likes Likes
  • 2605 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks