Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mikesleath
Participant

Global vs Local rule bases

Is it possible to extract the global and local rules within a CMA with one API call? Or is it a requirement to extract both separately and then "insert" the local rules into the "Placeholder for domain rules" section? I am attempting to emulate what was delivered using cp_merge. 

0 Kudos
3 Replies
mikesleath
Participant

I think I have answered my own question.... the "local" rules query will contain the global rules, but the rule base is not in the order I was expecting.... global-pre-local and global-post-local are included prior to the local rules but not included in the "total". Apologies for not digging in more detail before posting.

0 Kudos
Maarten_Sjouw
Champion
Champion

You can only get the Domain you have logged into from the API, so when you need the Global rules, you need to collect them from the MDS level domain. For each domain/CMA you need to login with the -d parameter to get the info from that specific domain/CMA. And this cannot be done within the same call.

Regards, Maarten
0 Kudos
mikesleath
Participant

I think the domain will also show me the global rules that have been assigned. I need to make two calls like this

to get global policy rules as currently assigned to domain

mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_GlobalPol Security" limit 100 use-object-dictionary true --format json

to get local rules for the domain

mgmt_cli -d DOMAIN1 -r true show access-rulebase name "DOMAIN1_LocalPol Security" limit 100 use-object-dictionary true --format json

I can combine the results and "insert" the local rule at the "place holder for domain rules slot" but was wondering if there was a command to pull back the combined rule base as cp_merge did previously?

If I connect to the MDS level and extract the global rules, i get the view of the rules at the MDS level which, in some circumstances, may not match that which is assigned to the domain level.

 

0 Kudos