Screen OS

Is it possible to set 'application ignore'  on a policy without knowing the policy id? I want to write a script that creates cofigs but I can't set this without knowing what policy ID will be used. I know it's possible to set the policy id manually when creating the policy but I would prefer to not do that.

Example, this is how it's normally done:

set policy from zone1 to zone2 network-A Network-B SQL permit
policy id = 34
set policy id 34 application "IGNORE"

Ideally it would be good to be able to put it all on one line for example:

set policy from zone1 to zone2 network-A Network-B SQL permit application ignore (which isn't possible)

Thanks

Mark

Unfortunately, this is not a parameter permitted on the inital policy line.  You can see the allowed options by adding the ? after permit.

ScreenOS does reply with the new policy number when it is created.

and you have identified the work around to set the policy id manually.

Thanks for the answer, that's unfortunate. I wonder why it's like that, doesn't make a lot of sense.

ScreenOS is not really designed for automation the way Junos is.

When you use NSM, what policy manager does to keep track of this is keep a database of the current policy set.   This way it knows what the next available id numbers are and manages them when it sends the bulk cli updates.

If your program has access to a database you could do something similiar.