Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sudhir_mirajkar
Participant

Adding Service Group in a access-rule

i am facing issue adding a service group to an access rule while creating a new rule.

i have a rule where i need to add services and service groups.

i get error the the entry is not unique.

below is the syntax i am using.

add access-rule layer "standard" name "test" position 10 source "node a" destination "nodeb" destination.1 "nodec" service "ssh" service.1 "shiva_vpn_group" action "accept"

i am  not able to find anything in API Doc or the community.

thanks

0 Kudos
4 Replies
Sigbjorn
Advisor

Can you show the exact error message you're getting?

Two things that stick out to me, layer would usually be "Network" or "Application" if the policy package is Standard (Default behavior) - You can verify the layer by opening Manage policies and layers and looking at the Layers -> Access Control section

And when adding several objects, I would use service.1 and service.2 instead of service and service.1 (Same for dst)

0 Kudos
sudhir_mirajkar
Participant

Hi,

here is the error i get
code: "generic_err_object_field_not_unique"
message: "Requested object name [pcANYWHERE] is not unique."

the layer name in the question is a typo its a Network layer

i tried your suggestion of using service.1 and service.2 but it give me the same error.

i can either add only service or service-group in a API call but not both in one call.

thanks...
 

0 Kudos
Sigbjorn
Advisor

If you search for pcANYWHERE, you will probably find more then one object, maybe a host and a network object by the same name?

If you have objects by the same name, you should first try to rename one of the objects. (It's likely to cause you even more pain down the road otherwise.)

The other option would be to specify the object by uid instead of name.

0 Kudos
sudhir_mirajkar
Participant

HI,

i was not aware that even if we call service to be added it will look at other objects as well for the name.

i do see the same name is used for an app category.

so looks like i will have to go with UID for this.

thanks for your help here. 

0 Kudos