Thanks  Tal_Paz-Fridman.  I tried that before, but it didn't display the source/destination/service as what is shown in SmartConsole (ie, source/destination =  abc.company.com, 1.1.1.1, service = tcp_1000). 

If I recalled correctly, ranges were shown instead, not the actually values shown in SmartConsole.

Maybe I am missing something or mispeaking?  Can you provide an example API?

You're right - it only shows ranges but if the start and end are the same its a single value.

I created an Order layer or Inline where the second rule is:

The IP of host_for_server10 is 10.10.10.10

I ran the command:

mgmt_cli show access-rulebase name "Layer name" show-as-ranges "true" --format json

The is the command output (I highlighted the relevant values):

}, {
"uid" : "4960587a-7376-450c-b8b6-00b766eda078",
"type" : "access-rule",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"enabled" : true,
"comments" : "",
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1725646212468,
"iso-8601" : "2024-09-06T21:10+0300"
},
"last-modifier" : "cc",
"creation-time" : {
"posix" : 1725646212468,
"iso-8601" : "2024-09-06T21:10+0300"
},
"creator" : "cc"
},
"available-actions" : {
"clone" : "not_supported"
},
"install-on" : [ "6c488338-8eec-4103-ad21-cd461ac2c476" ],
"tags" : [ ],
"source-ranges" : {
"ipv4" : [ {
"start" : "10.10.10.10",
"end" : "10.10.10.10"
} ],
"ipv6" : [ ],
"others" : [ ],
"excluded-others" : [ ]
},
"destination-ranges" : {
"ipv4" : [ {
"start" : "0.0.0.0",
"end" : "255.255.255.255"
} ],
"ipv6" : [ {
"start" : "0:0:0:0:0:0:0:0",
"end" : "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
} ],
"others" : [ ],
"excluded-others" : [ ]
},
"service-ranges" : {
"tcp" : [ {
"start" : "80",
"end" : "80"
} ],
"udp" : [ ],
"others" : [ ],
"excluded-others" : [ ]
},
"vpn" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
"action" : "6c488338-8eec-4103-ad21-cd461ac2c472",
"action-settings" : {
"enable-identity-captive-portal" : false
},
"content" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
"content-negate" : false,
"content-direction" : "any",
"time" : [ "97aeb369-9aea-11d5-bd16-0090272ccb30" ],
"custom-fields" : {
"field-1" : "",
"field-2" : "",
"field-3" : ""
},
"rule-number" : 2,
"track" : {
"type" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
"per-session" : false,
"per-connection" : false,
"accounting" : false,
"enable-firewall-session" : false,
"alert" : "none"
}
}, {

@PhoneBoy I thought I tried that flag before as well, but didn't see what I was looking for.  I can try again.  

I set both "show-as-ranges" and "use-object-dictionary" to true and tried.  I got a mixed of results, some are good (clear texts like in SmarConsole, but in ranges), some are object ID's (which requires me to use show-access-rulebase again).

So, it seems there is no better solution than what I described initially.

{"uid": "obj-id-xxx",
"limit": 500,
"offset": 0,
"details-level": "standard",
"show-as-ranges": true,
"use-object-dictionary": true
}

},
"source-ranges": {
"ipv4": [
{
"start": "1.1.1.1",
"end": "1.1.1.1"
}
],
"ipv6": [
],
"others": [
],
"excluded-others": [
]
},
"destination-ranges": {
"ipv4": [
],
"ipv6": [
],
"others": [
"obj-id-xxx"
],
"excluded-others": [
]
},
"service-ranges": {
"tcp": [
{
"start": "1000",
"end": "1000"
}
],

"source-ranges": {
"ipv4": [
{
"start": "0.0.0.0",
"end": "255.255.255.255"
}
],
"ipv6": [
{
"start": "0:0:0:0:0:0:0:0",
"end": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
}
],
"others": [
],
"excluded-others": [
]
},
"destination-ranges": {
"ipv4": [
{
"start": "0.0.0.0",
"end": "255.255.255.255"
}
],
"ipv6": [
{
"start": "0:0:0:0:0:0:0:0",
"end": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
}