Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best Practices: PIX access-list automation via scripting

What are your thoughts/methods on automating the creation, deletion and modification of access lists on a pix using scripts (ie: perl, wsh, expect...) via ssh, telnet and/or tftp, etc..

I'm intentionally asking this open ended, but I am not looking to use the PDM or any other interactive method for modifying the access lists.


Re: Best Practices: PIX access-list automation via scripting

its possible. i don't have to make that many changes to make it worthwhile for me to do it. What I generally do that, is write my lists up in notepad, and then paste them in.

I would probably think about this:

storing existing lists. update them, and serialize the access list name (access list outside1.11, etc).

connecting to the pix

entering in new list (it is a new list because its name is incremented serially)

change the access group statement to the new list name

then clear out old access list name

this way, there is minimal downtime between the old list and new list being in place, and you avoid any hijinx for editing a list that it is production

CreatePlease to create content