03-12-2014 08:40 AM
Are there any examples on how to reference list values in a policy rule? I'd like to have a list with two columns- username and password. I would like the policy rule to check the username and password on devices. If the policy rule fails then it would trigger a script to fix the username and/or password. I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change.
03-12-2014 08:59 AM
Use of lists within policy rules is not supported. There is an existing request for this; you may want to contact your rep so they can help get it prioritized.
03-12-2014 09:14 AM
Hi Jeremy -
How is this different than the in the device viewer -> Settings & Status -> CLI Credentials? I would imagine you could create a Perl or maybe a CSS script to find out which ones were failing and go from there.
If the devices have local authentication and a encrypted password you can create a policy that checks these. The policy would need to contain the encrypted password (in encrypted form) to compare against. Using this method requires that when you create the config of the device you cut/paste the encrypted password rather than having the device generate the encryption each time, which makes it different each time.
It also might not be a good best practice to keep passwords in clear text in a List.
03-12-2014 10:37 AM
I want to have a policy that checks that only permitted usernames are in use and that the encrypted passwords are correct. If a device is not compliant I have a trigger that runs a script to remove invalid usernames or update the passwords. I already have it set up and working, but I'd like to have the username and password values in a list so that I don't have to update the policy rule and the script when the usernames or passwords change. All I would have to do is update the values in the list.
03-12-2014 03:18 PM
06-19-2015 06:40 AM
06-19-2015 09:57 AM
I have uploaded some examples at the link below. One for the list, and another for using the ConfigBlockCheck which breaks a configuration file in to blocks and performs checks on each block.
I also uploaded the XSD file that describes the XML language (this is also available in the product directly).
06-19-2015 12:13 PM
I'm also going to add to it as well