04-30-2021 05:46 AM
Hi,
I was wondering if anybody has experience working with the scripting mode in the way I need.
Using the following commands, it is possible to add a single application or service to a rule:
set device-group INTERNAL post-rulebase security rules SEC-APP application [ ssl ]
set device-group INTERNAL post-rulebase security rules WEB-APP service [ http ]
I would like to know if the opposite is feasible: is there a command to remove a single service or a single application from a rule without having to reconfigure the whole rule?
If this is not possible then the only way is to delete the rule and reconfigure it altogether?
Thanks
04-30-2021 07:19 AM
You wouldn't use set to remove an application or service member, you would use delete.
04-30-2021 06:37 AM
This should work perfectly fine, at least on 9.1 and 10.0. You can go through and add a single application or service and remove them as needed without removing the entire entry.
04-30-2021 07:11 AM
Thanks for your reply BPry but what is the set command line to remove a single app or service?
04-30-2021 07:19 AM
You wouldn't use set to remove an application or service member, you would use delete.
04-30-2021 08:07 AM
Thank you very much BPry
Just an FYI.
I first tried this: delete device-group INTERNAL post-rulebase security rules SEC-APP application [ ssl ]
But that didn't work because of the [ ]
I removed the [ ] and all was fine.
Thanks again! Much appreciated!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
