Hi James,
Not sure that there is a command to deactivate multiple policies in one cli command. However you can use groups to change all the policies from say 'then permit' to 'then deny', which would produce the same result that you are trying to achieve.
The group configuration
groups {
www-servers {
security {
policies {
from-zone trust to-zone untrust {
policy <www-prod*> {
then {
permit;
}
}
}
}
}
}
}
Apply the group
security {
policies {
apply-groups [ www-servers ];
}
}
The policies then need to start with "www-prod" and the group configuration will be applied
security {
policies {
from-zone trust to-zone untrust {
policy www-prod-server1 {
match {
source-address prod-s1;
destination-address any;
application www-prod;
}
}
policy www-prod-server2 {
match {
source-address prod-s2;
destination-address any;
application www-prod;
}
}
}
}
}
Notice there is no then statement configured, it will be inherited from the group. So then when I want to block the servers I can just change the group configuration
set groups www-servers security policies from-zone trust to-zone untrust <www-prod*> then deny
Tim