https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/183030#M7771 <P>All works,&nbsp; one observation I wanted to add a section heading as well, and noted that you have do this last, keeping in mind you want everything to be added under and existing uid.</P> <P>session=`mgmt_cli -r true login --format json| jq -r '.sid'`<BR />mgmt_cli --session-id $session add group name "GROUP1" color "Sea Green" comments "Test Group"</P> <P>mgmt_cli --session-id $session set group name "GROUP1" members.add.1 HOST1</P> <P>mgmt_cli --session-id $session add access-rule name "Test Rule" layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" source "HOST2" destination "GROUP1" action "accept" service.1 "microsoft-ds" service.2 "nbsession" track "log" comments "New rule added"</P> <P>mgmt_cli --session-id $session add access-section layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" name "Section for new rule"</P> <P>mgmt_cli --session-id $session publish</P> Fri, 02 Jun 2023 10:03:21 GMT genisis__ 2023-06-02T10:03:21Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81145#M4684 <P>I done the following with mgmt_cli:</P><P>set access-rule rule-number 1 layer "Test Network" source.add "Test_Host1"</P><P>set access-rule rule-number 1 layer "Test Network" source.add "Test_Host2"</P><P>set access-rule rule-number 1 layer "Test Network" source.add "Test_Host3"</P><P>set access-rule rule-number 1 layer "Test Network" source.add "Test_Host4"</P><P>set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host1"</P><P>set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host2"</P><P>set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host3"</P><P>set access-rule rule-number 1 layer "Test Network" destination.remove "Test_Host4"</P><P>&nbsp;</P><P>How can I do the same with curl?</P><P>source.add as well destination.remove gets the error</P><P>"code" : "generic_err_invalid_syntax",<BR />"message" : "Payload is not a valid JSON"</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 07 Apr 2020 14:00:14 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81145#M4684 PeterH 2020-04-07T14:00:14Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81229#M4690 What precisely did you try? Wed, 08 Apr 2020 00:31:15 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81229#M4690 PhoneBoy 2020-04-08T00:31:15Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81262#M4692 <P>Hi PhoneBoy</P><P>As you can see I added Test_Host1 to Test_Host4 into the source column of the existing Rule 1 in Policy Package Test, as well removing Test_Host1 to Test_Host4 from the destination column in the same Rule and Policy. I did that successful within the mgmt_cli tool, but would like to do the same with curl or curl_cli.</P><P>The problem is the syntax in the curly brackets of curl&nbsp; ...set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source.add" : "Test_Host5"}'</P><P>&nbsp;</P> Wed, 08 Apr 2020 06:49:37 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81262#M4692 PeterH 2020-04-08T06:49:37Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81312#M4697 <P>Hi PhoneBoy</P><P>In the meantime I found a workarround for the problem.<BR />Simply list all sources or destinations in the rule and then add or remove selectiv.</P><P>- add Test_Host1 to Test_Host4 into source column<BR />set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host1","Test_Host2","Test_Host3","Test_Host4"]}</P><P>- remove Test_Host1 from source column<BR />set-access-rule -d '{"rule-number" : "1", "layer" : "Test Network", "source" : ["Test_Host2","Test_Host3","Test_Host4"]}</P><P>The same for destionation.</P><P>I think there should be a simpler solution for that.</P> Wed, 08 Apr 2020 11:18:41 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81312#M4697 PeterH 2020-04-08T11:18:41Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81325#M4698 <P>For the source/destination/service fields we can use the add/remove functions of the set-access-rule api call.</P> <P>Here is an example in JSON of adding hosts as a source to a rule.&nbsp; This will add the three hosts to the source of the rule without having to specify all of the sources that are there already.</P> <P>{<BR />"name" : "Test Rule",<BR />"layer" : "Network",<BR />"source" : { "add" : ["host1", "host2", "host3"]<BR />&nbsp; &nbsp;}<BR />}</P> <P>&nbsp;</P> <P>Hope this helps.</P> Wed, 08 Apr 2020 13:26:00 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81325#M4698 Ryan_Darst 2020-04-08T13:26:00Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81330#M4699 Many thanks, much easier than my workarround Wed, 08 Apr 2020 14:37:28 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/81330#M4699 PeterH 2020-04-08T14:37:28Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182730#M7746 <P>I'm trying to do something similar where I want to use a single command to add a new rule which contains a few sources and destination below an existing rule.</P> <P>I did this:<BR />mgmt_cli add access-rule uid &lt;uid reference&gt; layer "Standard Network" position.below "&lt;uid reference&gt;" name "Test Rule" source "HOST1","HOST2" destination "GROUP1" service "http" action "Accept" track type "Log"<BR /><BR />This does not work, and I cannot find an example on the Checkpoint API reference site.&nbsp; The site does not show example of all the parameters you can use for a given action ie. in this case 'add access-rule'.</P> Wed, 31 May 2023 14:11:05 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182730#M7746 genisis__ 2023-05-31T14:11:05Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182764#M7749 <P>I got this working in a test environment.</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="markup">[Expert@cptestenv:0]# mgmt_cli -r true add access-rule name "Access to GROUP1" layer "Network" position.below "44b0b0fc-524b-40c4-b0a2-581312446dc8" source.1 "HOST1" source.2 "HOST2" destination "GROUP 1" action "accept" service.1 "http" service.2 "https" track "log" --------------------------------------------- Time: [18:12:14] 31/5/2023 --------------------------------------------- "Publish operation" succeeded (100%)</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>Looking at <EM>set access-rule</EM>&nbsp;there is the .add action you can append to either source, destination or objects to make a batch import but it doesn't seem to be present in <EM>add access-rule</EM>. So depending of the size of your list to import you could create a rule with&nbsp;<EM>add access-rule</EM> then batch import sources or destinations in it with a CSV by calling <EM>set access-rule source.add</EM>, <EM>destination.add, service.add</EM> in one call referencing the name or uid of the rule in question.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 31 May 2023 16:43:04 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182764#M7749 Alex- 2023-05-31T16:43:04Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182777#M7751 <P>Thanks Alex.<BR /><BR />Would use .csv for large imports, for small changes the above is great.&nbsp; I'll certainly give this ago.</P> <P>&nbsp;</P> <P>What frustrates me is there are no examples for the different action you can have on the API reference pages, would&nbsp; be nice if Checkpoint provided an example for every parameter scenario (I know this is allot) it would save allot of time.</P> <P>&nbsp;</P> Wed, 31 May 2023 17:34:44 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/182777#M7751 genisis__ 2023-05-31T17:34:44Z https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/183030#M7771 <P>All works,&nbsp; one observation I wanted to add a section heading as well, and noted that you have do this last, keeping in mind you want everything to be added under and existing uid.</P> <P>session=`mgmt_cli -r true login --format json| jq -r '.sid'`<BR />mgmt_cli --session-id $session add group name "GROUP1" color "Sea Green" comments "Test Group"</P> <P>mgmt_cli --session-id $session set group name "GROUP1" members.add.1 HOST1</P> <P>mgmt_cli --session-id $session add access-rule name "Test Rule" layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" source "HOST2" destination "GROUP1" action "accept" service.1 "microsoft-ds" service.2 "nbsession" track "log" comments "New rule added"</P> <P>mgmt_cli --session-id $session add access-section layer "Network" position.below "7216a217-6d28-449a-9e04-eb6e6aa4b01b" name "Section for new rule"</P> <P>mgmt_cli --session-id $session publish</P> Fri, 02 Jun 2023 10:03:21 GMT https://community.checkpoint.com/t5/API-CLI-Discussion/API-set-access-rule-Adding-removing-Source-or-destination/m-p/183030#M7771 genisis__ 2023-06-02T10:03:21Z