In R80, a policy package can hold more than one access layer (rulebase). The same layer can be shared and re-used across multiple policy packages.
Since the same layer can be used in several policy-packages, the APIs that change a rulebase do not use the name of the policy-package as an identifier.
The APIs for add-access-rule, set-access-rule, show-access-rulebase and others, requires a mandatory parameter called “layer” and this parameter identifies the layer/rulebase that the API should work with.
How do I discover the name / UID of a layer in a given policy package?
Using the “show-package” API, you can see the list of all the layers in a policy package.
Example:
The policy package, “my_package”, contains two access layers called “layer1” and “layer2”:
[Expert@gw-8b3711:0]# mgmt_cli show package name my_package --format json --root true
{
"uid" : "5b6dc5bd-44d0-4563-89a5-1aa337d362bb",
"name" : "my_package",
"type" : "package",
"domain" : {
"name" : "SMC User",
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"domain-type" : "domain"
},
"access" : true,
"access-layers" : [ {
"uid" : "4985a80d-c969-408a-82e9-33ed1ea62f23",
"name" : "layer1",
"type" : "access-layer",
"domain" : {
"name" : "SMC User",
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"domain-type" : "domain"
}
}, {
"uid" : "3d03f5eb-4a2d-4949-ad49-8a8caeb62e97",
"name" : "layer2",
"type" : "access-layer",
"domain" : {
"name" : "SMC User",
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"domain-type" : "domain"
}
} ],
"vpn-traditional-mode" : false,
"nat-policy" : true,
"qos" : false,
"qos-policy-type" : "recommended",
"desktop-security" : false,
"threat-prevention" : false,
"installation-targets" : "all",
"comments" : "",
"color" : "black",
"icon" : "Blades/Access",
"tags" : [ ],
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1461482968507,
"iso-8601" : "2016-04-24T10:29+0300"
},
"last-modifier" : "aa",
"creation-time" : {
"posix" : 1461482968507,
"iso-8601" : "2016-04-24T10:29+0300"
},
"creator" : "aa"
},
"read-only" : true
}
[Expert@gw-8b3711:0]#