cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Adding object to multiple policy at once

Hi mates,

I often face with a problem and I can't find a permanent solution.

Every time that I have to add or replace a network object to all that policy where a given object is present, I should look for that object into every policy and adding/replacing with new one, and doing the same for all the policy package I got.

The operation is very timeconsuming.

Is there a way in R77.30 to add/replace object to multiple policy at once and not looking for single object in every policy package?

Thanks in advance

0 Kudos
7 Replies
Admin
Admin

Re: Adding object to multiple policy at once

I'm not aware of an easy way to do this in R77.30.

This is something vastly improved in R80.x releases and would be a good reason to upgrade your management.

R80.10 - Where Used object

Re: Adding object to multiple policy at once

Objects are used across all policies in a single Smartcenter. So when you need to change an object it will apply those changes to all policies it is used in.

When you are looking at a Multi Domain environment you can use global objects, which you can use in each policy that you apply that Global policy to, even if you only put a any any drop (cleanup) rule in it, you can choose to apply all objects to each Domain you assign the Global policy to. So then, when you change an object in the global policy, you reassign the policy and then you could even push policy to the gateways of each assigned policy.

Keep in mind that changing a Host or any other Network object it will NOT show that the Global policy has been updated!

Regards, Maarten
0 Kudos

Re: Adding object to multiple policy at once

Maarten Sjouw wrote:

 

Keep in mind that changing a Host or any other Network object it will NOT show that the Global policy has been updated!

I didn't know that... good thing we solved that with R80.10 Multi-Domain

0 Kudos

Re:  Adding object to multiple policy at once

Thanks for the answer. It's not clear the steps to follow when I should add a new secondary ip address to all the policy containing a first ip address.

So far I look for the first ip address and I manually add the secondary ip address to the policy, but it happens even that there are 20 or more policy in every policy package with the ip address involved.

Is there a way to automate this kind of process?

0 Kudos

Re: Adding object to multiple policy at once

Yes, you could use R80.10 MGMT API to query and edit objects and policies. You still need some development effort to write a specific script though

0 Kudos

Re:  Adding object to multiple policy at once

Well, in the case you have a number of items that you know will change over time, you create a number of groups and hosts in the global policy, a one time effort to convert a policy to use a number of global objects. Items where you they will need to extnded later, it makes sense to add a group with the primary object in that group. Create once use many. Later when you need to add a extra host, this is added in the global policy to the group and then you can re-assign and push all policies with one click..

Regards, Maarten
0 Kudos

Re: Adding object to multiple policy at once

Upgrade top R80.10, then you can use "where used" and replace to replace first object with group containing first and second object.

0 Kudos