cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

How to found out Policy Package from R77.30 CLI

Jump to solution

Hello guys,

I am currently working on small script which will install Policy from R77.30 management on given Gateway.

We are using many Gateways and each one has unique policy package, for example:

Gateway NamePolicy Package Name
AppleFruit
CucumberVegetables
CarVehicle

I know that installation is possible from Management CLI using following syntax:

fwm load <Policy Package Name> <Gateway Name>‍‍‍‍

But is there easy way how to find out corresponding Policy Package Name of given Gateway ? Via CLI or dbedit ?

Please be aware that I want to use it within R77.30, not for R80.10 management (as in R80.10 this is easy to archive via API)

My idea is to just specify Gateway Name and the Policy Package will be automatically checked and used in fwm load command as first parameter.

For example:

./Install_Policy.sh Apple

and the output of this script will be:

fwm load Fruit Apple

If someone has good idea how to deal with this situation, please, let me know Smiley Happy

Thank you very much.

Kind regards,
Jozko Mrkvicka
1 Solution

Accepted Solutions

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

If XML is not your best friend, then maybe the following is useful. In this example there are 2 policy packages and 2 gateways and a query in the management server displays which gateways are installable targets of each policy:

cpmiquerybin attr "" policies_collections "" -a __name__,installable_targets

The result
SamplePolicyPackage01       Name: testfwobj01 (Table: network_objects)
Standard        Name: testfwobj02 (Table: network_objects)

6 Replies
Admin
Admin

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

Probably the easiest way is to query the gateway directly and ask what policy package is already installed, either with fw stat or cpstat -f policy fw.

Then install that one.

Otherwise, I'm not sure how you'd achieve that with dbedit.

0 Kudos

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

you can get all policies and targets with dbedit / printxml policies_collections

Can't give you more than that as it depends if you run MDS or regular mgmt and if you have multiple targets per policy

But XML output looks like this

<policies_collections_object>vs-example-rulebase<all_internal_modules>false</all_internal_modules>
<color><![CDATA[black]]></color>
<comments><![CDATA[]]></comments>
<default>0</default>
<installable_targets>
     <unnamed_element setname="">ReferenceObject
     <Name>vs-example</Name>
     <Table>network_objects</Table>
     <Uid>{939CA8AC-8D77-4540-B7E7-93F06C86AC99}</Uid>
     </unnamed_element>
</installable_targets>
<type><![CDATA[policies_collection]]></type>
</policies_collections_object>‍‍‍‍‍‍‍‍‍‍‍‍‍

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

And from GuiDBedit

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

If XML is not your best friend, then maybe the following is useful. In this example there are 2 policy packages and 2 gateways and a query in the management server displays which gateways are installable targets of each policy:

cpmiquerybin attr "" policies_collections "" -a __name__,installable_targets

The result
SamplePolicyPackage01       Name: testfwobj01 (Table: network_objects)
Standard        Name: testfwobj02 (Table: network_objects)

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

Hi Olavi,

This is exactly what I searched for !

Thank you very much.

Kind regards,
Jozko Mrkvicka
0 Kudos

Re: How to found out Policy Package from R77.30 CLI

Jump to solution

Found 2 options:

cpmiquerybin attr "" policies_collections "" -a installable_targets,__name__ | grep <CLUSTER_NAME> | awk '{print $5}'

echo -e "query policies_collections, type='policies_collection'\nquit" | dbedit -local | grep <CLUSTER_NAME> -B 13 | head -n 1 | awk '{print $3}'

Kind regards,
Jozko Mrkvicka
0 Kudos