Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

commit simultaneously on various policy packages

Jump to solution

Hi, is there a way to deploy the changes you do on an object simultaneously on all policy package where the object is involved? Every time I need to modify an object that's involved in about 30 policy packages I have to open the single policy package and install, it would be glad to push in one single command or single operation this kind of change.

Thanks for your help

1 Solution

Accepted Solutions
Highlighted
Champion
Champion

For R77.30 you could write a shell script for execution from the CLI on your SMS, and run it whenever you have made an object change in the SmartConsole (and done a Save) that you want to propagate to all gateways.  Note that gateway and policy names are case-sensitive...

#!/bin/bash

fwm load Policy_1_Name Gateway1_Name

fwm load Policy_2_Name Gateway2_Name

etc...

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

9 Replies
Highlighted
Collaborator
That's interesting, I'm really curious as well.
0 Kudos
Highlighted
Employee++
Employee++

You can use Layers (Ordered or Inline). If the Layer is part of the Policy Package, any change you preform on it will be applied across all Policy Packages.

Please refer to Security Management R80.30 Administration Guide > Creating an Access Control Policy > Ordered Layers and Inline Layers

0 Kudos
Highlighted
Participant

But layers are available only on 80.10? Because we have 77.30

Highlighted
Champion
Champion

In R80.20+ MDS/Provider-1 you can automate and/or schedule mass installation of policies using the "Policy Presets" feature.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Champion
Champion
And on top of that you can also install policies directly from the MDS view, right click on the domain and select install policy.
Regards, Maarten
Highlighted
Participant

but is a solution also for R77.30?

0 Kudos
Highlighted
Champion
Champion
Nope, As @Timothy_Hall said only R80.20+
Regards, Maarten
0 Kudos
Highlighted
Champion
Champion

For R77.30 you could write a shell script for execution from the CLI on your SMS, and run it whenever you have made an object change in the SmartConsole (and done a Save) that you want to propagate to all gateways.  Note that gateway and policy names are case-sensitive...

#!/bin/bash

fwm load Policy_1_Name Gateway1_Name

fwm load Policy_2_Name Gateway2_Name

etc...

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com

View solution in original post

Highlighted
Admin
Admin
You pretty much have to do the same thing in R80.x as well, even if you use Policy Layers (though the exact command is different).
0 Kudos