Load a Partial Configuration into Another Configuration Using Xpath
Values
Find the xpath values to use to load the partial
configuration.
Log in to the web interface on the device
and go to the following URL:
https://<device-ip-address>/api
Select Configuration Commands.
Drill down until you find the configuration object
you want to load from one configuration to another.
For example, to find the application group xpath on a multi-vsys
firewall, you would select Configuration Commandsdeviceslocalhost.localdomainvsys > <vsys-name>application-group.
After you drill down to the node you want to load, make note of
the XPath that is displayed in the text box.
You
can also find the xpath from the CLI debug mode (use the operational
mode command debug mode on to enable this),
and then enter the configuration mode show command
that shows the object you are interested in copying. For example,
to see the xpath for the application object configuration in vsys1,
you would enter the show vsys vsys1 application command.
Look for the section of the output that begins with <requestcmd="get" obj=".
This signals the beginning of the xpath. In the following example,
the highlighted section is the xpath for the application objects
in vsys1:
Use the load config partial command to
copy sections of the configuration you just imported. For example,
you would use the following command to load the application filters
you configured on fw1 from a saved configuration file, fw1-config.xml,
you imported from fw1 (a single-vsys firewall) to vsys3 on fw2.
Notice that even though fw1 does not have multiple virtual system
support, the xpath still points to the vsys1 (the default vsys ID
on single-vsys firewalls):
The
quotation marks around the hostname and the vsys name (if applicable)
must be neutral. The command will fail if there are opened or closed
quotation marks.