Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
oconnork
Contributor
Jump to solution

Change cloning group features with a script

Hello Team,

 

Please could you help, I don't know how to change a cloning group feature from the Multidomain server ? 

When i do the following : 

 $CPDIR/bin/cprid_util -server <IP_address_of_Security_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set config-lock on override'

 $CPDIR/bin/cprid_util -server <IP_address_of_Security_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set 'cloning-group-management on'

 $CPDIR/bin/cprid_util -server <IP_address_of_Security_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'delete allowed-client host ipv4-address x.X.X.X'

I have this error :  This Command is only available in Cloning Group Mode, please login as cadmin in order to use it

It seems the 'set cloning-group-management on' run before doesn't work.

Do you please have any advice on how to work around this problem ? 

1 Solution

Accepted Solutions
oconnork
Contributor

Many thanks @PhoneBoy 

The solution was to create a script from mds to the firewall, Run the remote script and remove the script

I used the following commands for that : 

mgmt_cli put-file file-path "/home/admin/" file-name "tmp_commands" file-content @commands --treat-value-as-file-by-prefix @ targets "$1" -s sid.txt`
mgmt_cli run-script script-name "script_firewall" script "clish -f /home/admin/tmp_commands" targets "MyGTW" -s sid.txt`
mgmt_cli run-script script-name "remove_script" script "rm /home/admin/tmp_commands" targets "MyGTW" -s sid.txt`

My commands line are located within the file "commands" which will be write inside file tmp_commands on the firewall MyGTW
The content of the file commands is : 

set cloning-group-management on
delete allowed-client host ipv4-address A.B.C.D
delete allowed-client host ipv4-address A.B.C.D
save config
set cloning-group-management off

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

clish -c runs a single command and exits afterwords.
Which means the way you're doing this won't work.
You need to put the relevant commands in a script and run clish against that script instead. 

(1)
oconnork
Contributor

Well actually this commands is already within a script and usually it works well as long as I don't need to be in a specific mode like the cloning group mode. 

Can you please advise how I could make multiples commands in one session ? 

I have read about the command start transaction/commit. I will try this way and let you know the results. 

(1)
PhoneBoy
Admin
Admin

Instead of making three separate calls to clish as you are doing now, which literally creates three separate sessions, you will make a single call.
That single call will be something like: clish -f scriptfile
The script file will contain all the necessary commands and will be run in a single session.

0 Kudos
oconnork
Contributor

Many thanks @PhoneBoy 

The solution was to create a script from mds to the firewall, Run the remote script and remove the script

I used the following commands for that : 

mgmt_cli put-file file-path "/home/admin/" file-name "tmp_commands" file-content @commands --treat-value-as-file-by-prefix @ targets "$1" -s sid.txt`
mgmt_cli run-script script-name "script_firewall" script "clish -f /home/admin/tmp_commands" targets "MyGTW" -s sid.txt`
mgmt_cli run-script script-name "remove_script" script "rm /home/admin/tmp_commands" targets "MyGTW" -s sid.txt`

My commands line are located within the file "commands" which will be write inside file tmp_commands on the firewall MyGTW
The content of the file commands is : 

set cloning-group-management on
delete allowed-client host ipv4-address A.B.C.D
delete allowed-client host ipv4-address A.B.C.D
save config
set cloning-group-management off

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events