Modify the Configuration

You can also modify the device configuration from the CLI using the
, and
commands (if your administrative role has a Privilege Level that allows you to write to the configuration). In most cases you must be in Configure mode to modify the configuration.
  • To change the value of a setting, use a
    command. For example, to configure an NTP server, you would enter the complete hierarchy to the NTP server setting followed by the value you want to set:
    set deviceconfig system ntp-servers primary-ntp-server ntp-server-address
    To target a command to a specific virtual system (vsys), enter the following operational mode command:
    set system setting target-vsys
    . To go back to issuing commands that apply to the firewall instead of the targeted vsys, use
    set system target-vsys none
  • To change to a different location in the configuration hierarchy and/or to modify a setting, use the
    command. The
    commands are very similar to the
    commands, except that when you enter an
    command, you switch context to the corresponding node in the command hierarchy. This can be useful if you need to enter several commands in a node that is nested far down in the command hierarchy. For example, if you want to configure all of the NTP server settings, instead of entering the full command syntax each time using the
    command, you could use the
    command to move to the
    node as follows:
    [edit] admin@PA-3060#
    edit deviceconfig system ntp-servers
    [edit deviceconfig system ntp-servers] admin@PA-3060#
    Notice that when you enter the command, your new location in the command hierarchy is displayed. You can now use the
    command to configure the NTP server settings without entering the entire command hierarchy:
    set secondary-ntp-server ntp-server-address
    Use the
    command to move up a level in the command hierarchy. Use the
    command to move back to the top of the command hierarchy.
  • To delete an existing configuration setting, use a
    command. For example, to delete the secondary NTP server address, you would enter the following command:
    delete deviceconfig system ntp-servers secondary-ntp-server ntp-server-address
    When deleting configuration settings or objects using the CLI, the device does not check for dependencies like it does in the web interface. Therefore, when you use
    from the CLI, you must manually search the configuration for other places where the configuration object might be referenced. For example, before you delete an application filter group named browser-based business, you should search the CLI for that value to see if it is used anywhere in profiles or policies, using the following command:
    show config running | match "browser-based business"
    Notice that because the object you are matching on has a space in it, you must enclose it in quotation marks.

Recommended For You