Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Uri_Bialik
Jump to solution

How to make changes in a specific policy package?

I have multiple policy packages.

How do I use the add-access-rule and other policy related APIs to make changes in a specific policy package?

1 Solution

Accepted Solutions
Uri_Bialik

In R80, a policy package can hold more than one access layer (rulebase). The same layer can be shared and re-used across multiple policy packages.

Since the same layer can be used in several policy-packages, the APIs that change a rulebase do not use the name of the policy-package as an identifier.

The APIs for add-access-rule, set-access-rule, show-access-rulebase and others, requires a mandatory parameter called “layer” and this parameter identifies the layer/rulebase that the API should work with.

How do I discover the name / UID of a layer in a given policy package?

Using the “show-package” API, you can see the list of all the layers in a policy package.

Example:

The policy package, “my_package”, contains two access layers called “layer1” and “layer2”:

[Expert@gw-8b3711:0]# mgmt_cli show package name my_package --format json --root true

{

  "uid" : "5b6dc5bd-44d0-4563-89a5-1aa337d362bb",

  "name" : "my_package",

  "type" : "package",

  "domain" : {

    "name" : "SMC User",

    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

    "domain-type" : "domain"

  },

  "access" : true,

  "access-layers" : [ {

    "uid" : "4985a80d-c969-408a-82e9-33ed1ea62f23",

    "name" : "layer1",

    "type" : "access-layer",

    "domain" : {

      "name" : "SMC User",

      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

      "domain-type" : "domain"

    }

  }, {

    "uid" : "3d03f5eb-4a2d-4949-ad49-8a8caeb62e97",

    "name" : "layer2",

    "type" : "access-layer",

    "domain" : {

      "name" : "SMC User",

      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

      "domain-type" : "domain"

    }

  } ],

  "vpn-traditional-mode" : false,

  "nat-policy" : true,

  "qos" : false,

  "qos-policy-type" : "recommended",

  "desktop-security" : false,

  "threat-prevention" : false,

  "installation-targets" : "all",

  "comments" : "",

  "color" : "black",

  "icon" : "Blades/Access",

  "tags" : [ ],

  "meta-info" : {

    "lock" : "unlocked",

    "validation-state" : "ok",

    "last-modify-time" : {

      "posix" : 1461482968507,

      "iso-8601" : "2016-04-24T10:29+0300"

    },

    "last-modifier" : "aa",

    "creation-time" : {

      "posix" : 1461482968507,

      "iso-8601" : "2016-04-24T10:29+0300"

    },

    "creator" : "aa"

  },

  "read-only" : true

}

[Expert@gw-8b3711:0]#

View solution in original post

1 Reply
Uri_Bialik

In R80, a policy package can hold more than one access layer (rulebase). The same layer can be shared and re-used across multiple policy packages.

Since the same layer can be used in several policy-packages, the APIs that change a rulebase do not use the name of the policy-package as an identifier.

The APIs for add-access-rule, set-access-rule, show-access-rulebase and others, requires a mandatory parameter called “layer” and this parameter identifies the layer/rulebase that the API should work with.

How do I discover the name / UID of a layer in a given policy package?

Using the “show-package” API, you can see the list of all the layers in a policy package.

Example:

The policy package, “my_package”, contains two access layers called “layer1” and “layer2”:

[Expert@gw-8b3711:0]# mgmt_cli show package name my_package --format json --root true

{

  "uid" : "5b6dc5bd-44d0-4563-89a5-1aa337d362bb",

  "name" : "my_package",

  "type" : "package",

  "domain" : {

    "name" : "SMC User",

    "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

    "domain-type" : "domain"

  },

  "access" : true,

  "access-layers" : [ {

    "uid" : "4985a80d-c969-408a-82e9-33ed1ea62f23",

    "name" : "layer1",

    "type" : "access-layer",

    "domain" : {

      "name" : "SMC User",

      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

      "domain-type" : "domain"

    }

  }, {

    "uid" : "3d03f5eb-4a2d-4949-ad49-8a8caeb62e97",

    "name" : "layer2",

    "type" : "access-layer",

    "domain" : {

      "name" : "SMC User",

      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",

      "domain-type" : "domain"

    }

  } ],

  "vpn-traditional-mode" : false,

  "nat-policy" : true,

  "qos" : false,

  "qos-policy-type" : "recommended",

  "desktop-security" : false,

  "threat-prevention" : false,

  "installation-targets" : "all",

  "comments" : "",

  "color" : "black",

  "icon" : "Blades/Access",

  "tags" : [ ],

  "meta-info" : {

    "lock" : "unlocked",

    "validation-state" : "ok",

    "last-modify-time" : {

      "posix" : 1461482968507,

      "iso-8601" : "2016-04-24T10:29+0300"

    },

    "last-modifier" : "aa",

    "creation-time" : {

      "posix" : 1461482968507,

      "iso-8601" : "2016-04-24T10:29+0300"

    },

    "creator" : "aa"

  },

  "read-only" : true

}

[Expert@gw-8b3711:0]#

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events