Modify the Configuration
You can also modify the device configuration from the CLI using the
editcommands (if your administrative role has a Privilege Level that allows you to write to the configuration). In most cases you must be in Configure mode to modify the configuration.
- To change the value of a setting, use asetcommand. For example, to configure an NTP server, you would enter the complete hierarchy to the NTP server setting followed by the value you want to set:admin@PA-3060#set deviceconfig system ntp-servers primary-ntp-server ntp-server-address pool.ntp.orgTo target a command to a specific virtual system (vsys), enter the following operational mode command:set system setting target-vsys. To go back to issuing commands that apply to the firewall instead of the targeted vsys, use<vsys-name>set system target-vsys none.
- To change to a different location in the configuration hierarchy and/or to modify a setting, use theeditcommand. Theeditcommands are very similar to thesetcommands, except that when you enter aneditcommand, you switch context to the corresponding node in the command hierarchy. This can be useful if you need to enter several commands in a node that is nested far down in the command hierarchy. For example, if you want to configure all of the NTP server settings, instead of entering the full command syntax each time using thesetcommand, you could use theeditcommand to move to thentp-serversnode as follows: admin@PA-3060#edit deviceconfig system ntp-servers[edit deviceconfig system ntp-servers] admin@PA-3060#Notice that when you enter the command, your new location in the command hierarchy is displayed. You can now use thesetcommand to configure the NTP server settings without entering the entire command hierarchy:admin@PA-3060#set secondary-ntp-server ntp-server-address 10.1.2.3Use theupcommand to move up a level in the command hierarchy. Use thetopcommand to move back to the top of the command hierarchy.
- To delete an existing configuration setting, use adeletecommand. For example, to delete the secondary NTP server address, you would enter the following command:admin@PA-3060#delete deviceconfig system ntp-servers secondary-ntp-server ntp-server-addressWhen deleting configuration settings or objects using the CLI, the device does not check for dependencies like it does in the web interface. Therefore, when you usedeletefrom the CLI, you must manually search the configuration for other places where the configuration object might be referenced. For example, before you delete an application filter group named browser-based business, you should search the CLI for that value to see if it is used anywhere in profiles or policies, using the following command:admin@PA-3060>show config running | match "browser-based business"Notice that because the object you are matching on has a space in it, you must enclose it in quotation marks.
Recommended For You
Recommended videos not found.