- Products
- Learn
- Local User Groups
- Partners
- More
Technically, there are multiple ways to script what you are trying to do.
But, I would consider looking at the way you manage your target gateways and the Install On column. It's possible that with some changes, you can greatly simplify things and avoid having to do all this work every time you add another gateway.
In general, every policy package has a definition for the potential installation targets. By default it's set to "All Gateways", but you can (and usually should) set the specific gateways that should get this policy.
When editing your actual FW rulebase, there is no need to explicitly put your gateways in the Install On column. You can leave the default of "Policy Targets" and your rules will be applied to all gateways that are installed with this package.
There are of course legitimate cases for applying specific rules only to a subset of the gateways that get this policy. Usually this doesn't include all rules, but can still include a large number.
In such cases, it's advised to create a Network Object group and place the relevant gateways in that group. Then put that group in the Install On column. When you have another gateway that should get the same rules, just add that gateway to the group. Using groups keeps the entire policy more organized (also for Source and Destination columns).
Make sure to only place gateways in that group, otherwise it won't let you put that group in the Install On cell.
You might want to create a script to identify all the rules that currently reference the set of gateways and modify the Install On to reference the new group. This would be a one-time effort.
You can also use the "Where Used" dialog with the "Replace" option and choose one of the gateways and replace all references to it with the group. Just do it carefully since you may not want to accidentally replace references in other contexts.
You can double-check your changes before you publish with the Changes Report.
