Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JozkoMrkvicka
Authority
Authority
Jump to solution

How to found out Policy Package from R77.30 CLI

Hello guys,

I am currently working on small script which will install Policy from R77.30 management on given Gateway.

We are using many Gateways and each one has unique policy package, for example:

Gateway NamePolicy Package Name
AppleFruit
CucumberVegetables
CarVehicle

I know that installation is possible from Management CLI using following syntax:

fwm load <Policy Package Name> <Gateway Name>‍‍‍‍

But is there easy way how to find out corresponding Policy Package Name of given Gateway ? Via CLI or dbedit ?

Please be aware that I want to use it within R77.30, not for R80.10 management (as in R80.10 this is easy to archive via API)

My idea is to just specify Gateway Name and the Policy Package will be automatically checked and used in fwm load command as first parameter.

For example:

./Install_Policy.sh Apple

and the output of this script will be:

fwm load Fruit Apple

If someone has good idea how to deal with this situation, please, let me know Smiley Happy

Thank you very much.

Kind regards,
Jozko Mrkvicka
1 Solution

Accepted Solutions
Olavi_Lentso
Contributor

If XML is not your best friend, then maybe the following is useful. In this example there are 2 policy packages and 2 gateways and a query in the management server displays which gateways are installable targets of each policy:

cpmiquerybin attr "" policies_collections "" -a __name__,installable_targets

The result
SamplePolicyPackage01       Name: testfwobj01 (Table: network_objects)
Standard        Name: testfwobj02 (Table: network_objects)

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

Probably the easiest way is to query the gateway directly and ask what policy package is already installed, either with fw stat or cpstat -f policy fw.

Then install that one.

Otherwise, I'm not sure how you'd achieve that with dbedit.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

you can get all policies and targets with dbedit / printxml policies_collections

Can't give you more than that as it depends if you run MDS or regular mgmt and if you have multiple targets per policy

But XML output looks like this

<policies_collections_object>vs-example-rulebase<all_internal_modules>false</all_internal_modules>
<color><![CDATA[black]]></color>
<comments><![CDATA[]]></comments>
<default>0</default>
<installable_targets>
     <unnamed_element setname="">ReferenceObject
     <Name>vs-example</Name>
     <Table>network_objects</Table>
     <Uid>{939CA8AC-8D77-4540-B7E7-93F06C86AC99}</Uid>
     </unnamed_element>
</installable_targets>
<type><![CDATA[policies_collection]]></type>
</policies_collections_object>‍‍‍‍‍‍‍‍‍‍‍‍‍
Kaspars_Zibarts
Employee Employee
Employee

And from GuiDBedit

Olavi_Lentso
Contributor

If XML is not your best friend, then maybe the following is useful. In this example there are 2 policy packages and 2 gateways and a query in the management server displays which gateways are installable targets of each policy:

cpmiquerybin attr "" policies_collections "" -a __name__,installable_targets

The result
SamplePolicyPackage01       Name: testfwobj01 (Table: network_objects)
Standard        Name: testfwobj02 (Table: network_objects)

JozkoMrkvicka
Authority
Authority

Hi Olavi,

This is exactly what I searched for !

Thank you very much.

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Authority
Authority

Found 2 options:

cpmiquerybin attr "" policies_collections "" -a installable_targets,__name__ | grep <CLUSTER_NAME> | awk '{print $5}'

echo -e "query policies_collections, type='policies_collection'\nquit" | dbedit -local | grep <CLUSTER_NAME> -B 13 | head -n 1 | awk '{print $3}'

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events