Technical Tip: Configure installation target scope for a policy within policy package
Description
This article describes how to configured policies to install only to specific unit instead of all the units under the installation target for a policy within the policy package using CLI script.
Solution
This article describes how to configured policies to install only to specific unit instead of all the units under the installation target for a policy within the policy package using CLI script.
Solution
1) By default, firewall policies within the policy package will be install to all units as configure in policy package’s installation targets.
2) By running the following script to the policy package, installation limit on policy 1 will be enable.
# config firewall policyedit "1"set _limit_scope enableend3) There’s no unit specify in the script earlier. 'Install On' is empty for policy 1.4) The following script will set 'FGT01' as the installation target for policy 1. In this case, VDOMis not enable on 'FGT01'. However, it is necessary to specify the VDOM (root) in the script.
# config firewall policyedit "1"set _scope "FGT01"-"root"end
5) It is possible to have multiple entries in the installation target.
# config firewall policyedit "1"set _scope "FGT01"-"root" "FGT02"-"root"end6) The following script will turn off install limit. Policy 1 installation target will back to default.# config firewall policyedit "1"set _limit_scope disableend
