Modify the Configuration
Table of Contents
11.0 (EoL)
Expand all | Collapse all
End-of-Life (EoL)
Modify the Configuration
You can also modify the device configuration
from the CLI using the set, delete,
and edit commands (if your administrative
role has a Privilege
Level that allows you to write to the configuration). In
most cases you must be in Configure mode to modify the configuration.
- To change the value of a setting, use a set command. For example, to configure an NTP server, you would enter the complete hierarchy to the NTP server setting followed by the value you want to set:
admin@PA-3060# set deviceconfig system ntp-servers primary-ntp-server ntp-server-address pool.ntp.org
To target a command to a specific virtual system (vsys), enter the following operational mode command: set system setting target-vsys <vsys-name>. To go back to issuing commands that apply to the firewall instead of the targeted vsys, use set system target-vsys none.To change to a different location in the configuration hierarchy and/or to modify a setting, use the edit command. The edit commands are very similar to the set commands, except that when you enter an edit command, you switch context to the corresponding node in the command hierarchy. This can be useful if you need to enter several commands in a node that is nested far down in the command hierarchy. For example, if you want to configure all of the NTP server settings, instead of entering the full command syntax each time using the set command, you could use the edit command to move to the ntp-servers node as follows:[edit] admin@PA-3060# edit deviceconfig system ntp-servers [edit deviceconfig system ntp-servers] admin@PA-3060#
Notice that when you enter the command, your new location in the command hierarchy is displayed. You can now use the set command to configure the NTP server settings without entering the entire command hierarchy:admin@PA-3060# set secondary-ntp-server ntp-server-address 10.1.2.3
Use the up command to move up a level in the command hierarchy. Use the top command to move back to the top of the command hierarchy.To delete an existing configuration setting, use a delete command. For example, to delete the secondary NTP server address, you would enter the following command:admin@PA-3060# delete deviceconfig system ntp-servers secondary-ntp-server ntp-server-address
When deleting configuration settings or objects using the CLI, the device does not check for dependencies like it does in the web interface. Therefore, when you use delete from the CLI, you must manually search the configuration for other places where the configuration object might be referenced. For example, before you delete an application filter group named browser-based business, you should search the CLI for that value to see if it is used anywhere in profiles or policies, using the following command:admin@PA-3060> show config running | match "browser-based business"
Notice that because the object you are matching on has a space in it, you must enclose it in quotation marks.