Bulk Apply Profiles

Reply
Highlighted
L1 Bithead

Bulk Apply Profiles

Hi All,


Is there any way to easily bulk-apply a threat prevention profile to a large list of Security Policies?  Maybe through the CLI?  We have about 600 security policies that do not have threat prevention turned on.  I'd like to do so, and have the profile created, I just don't know how to apply to all of the policies.

Thanks in advance,

-Mike

Highlighted
L4 Transporter

I don't thing is possible to do (even in CLI), maybe with export to .xml...

Please consider to create security profiles (Object > Security Profiles Groupd) and connect them to Security Policies insted of profiles.

It's much easier to modify them in future.

Regards

SLawek

Highlighted
L7 Applicator

The other option is to script it out.  Use the API to get a list of security policy rules, and then run through a 2nd script that adds the security profiles/security profile group to each of the policies.  You might get some additional ideas & help in the DevCenter. 

Highlighted
L7 Applicator

A workaround through CLI:

admin@DADA> set cli config-output-format set

admin@DADA> configure

Entering configuration mode

[edit]

admin@DADA# show

admin@DADA# edit rulebase security

[edit rulebase security]

admin@DADA#

For example: you want to change/add the Antivirus profile into the security rules ( whether url-filtering is already added)

[edit rulebase security]

admin@DADA# show | match url-filtering

set rulebase security rules LAN-ISP profile-setting profiles url-filtering default

set rulebase security rules test-1 profile-setting profiles url-filtering default

[edit rulebase security]

Copy the output in a notepad and replace the url-filtering profile with the configured antivirus profile and paste it into the CLI.

set rulebase security rules LAN-ISP profile-setting profiles virus XYZ

set rulebase security rules test-1 profile-setting profiles virus XYZ

Thanks

Highlighted
L5 Sessionator

Hi Wocomike,

Other option would be configure security group and have all anti-virus, vulnerability, spyware and url filtering. Export all config in a note pad as suggested by HULK and replace the url filtering profile with the security group. So that you have existing url- filtering profile as well as new threat profiles as well. HTH.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!