- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Global vs Local rule bases
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Global vs Local rule bases
Is it possible to extract the global and local rules within a CMA with one API call? Or is it a requirement to extract both separately and then "insert" the local rules into the "Placeholder for domain rules" section? I am attempting to emulate what was delivered using cp_merge.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I have answered my own question.... the "local" rules query will contain the global rules, but the rule base is not in the order I was expecting.... global-pre-local and global-post-local are included prior to the local rules but not included in the "total". Apologies for not digging in more detail before posting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can only get the Domain you have logged into from the API, so when you need the Global rules, you need to collect them from the MDS level domain. For each domain/CMA you need to login with the -d parameter to get the info from that specific domain/CMA. And this cannot be done within the same call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the domain will also show me the global rules that have been assigned. I need to make two calls like this
to get global policy rules as currently assigned to domain
mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_GlobalPol Security" limit 100 use-object-dictionary true --format json
to get local rules for the domain
mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_LocalPol Security" limit 100 use-object-dictionary true --format json
I can combine the results and "insert" the local rule at the "place holder for domain rules slot" but was wondering if there was a command to pull back the combined rule base as cp_merge did previously?
If I connect to the MDS level and extract the global rules, i get the view of the rules at the MDS level which, in some circumstances, may not match that which is assigned to the domain level.