Add shared Object in REST API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Add shared Object in REST API

L1 Bithead

I am running code verion 4.0.7 and am trying to create a new shared address, then add that address to a shared address-group.  Since I am not running 4.1, I don't have the API browser and my attempts at guessing the correct path have failed.  Any help is appreciated.

Ray

1 accepted solution

Accepted Solutions

A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output.  In your case you'll find you need something like:  /config/shared/address-group/entry[@name='g1']/member[text()='host1']  to delete multiple group members you can do:  /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']

View solution in original post

4 REPLIES 4

L4 Transporter

To add an address object to a vsys:

http(s)://firewall/esp/restapi.esp?type=config&action=set&

xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address&

element=<entry name='test-addr'><ip-netmask>2.2.2.2/32</ip-netmask></entry>

To add the address object to a address group:

http(s)://firewall/esp/restapi.esp?type=config&action=set&

xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test-addr-grp']&

element=<member>test-addr</member>


Actually I was looking to add an address as shared, so that it could be used in every vsys.  Turns out to add an object as shared you use

xpath=/config/shared/

I am now able to add a shared address and then add that address to a shared group.  Does anyone know how to remove an address from a group?  Using action=delete tries to delete the entire group even though I am specifying a member in that group to delete.

Finally, if anyone knows how to perform a commit lock on either the whole system or just 1 vsys it would also be handy.

Ray

A nice way to determine XPath and XML needed when using the API is in operational mode do 'debug cli on' then in configuration mode execute the set/delete/show/etc command you want to duplicate and observe the debug output.  In your case you'll find you need something like:  /config/shared/address-group/entry[@name='g1']/member[text()='host1']  to delete multiple group members you can do:  /config/shared/address-group/entry[@name='g1']/member[text()='host1' or text()='host2']

Thats great news!  Using the cli debug I was able to determine the correct syntax to do almost everything I needed to do.  Had I known that before, a great deal of time could have been saved.  Thank you very much for your help.

Ray

  • 1 accepted solution
  • 3148 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!