Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
182
Views
2
Helpful
3
Replies

Copy ALL of my authorization policies?

Go to solution
JayJeffcoat7636
Level 1
Level 1

‎12-19-2024 02:38 PM

Hi, is there a way to make a copy of all my Authorization Policies? Just want to be clear, not one individual authorization rule, but all of them? We have tons of authorization policies that have zero hit count so I wanted to disable those and move them all to the bottom, but would feel more comfortable saving a copy of the current policy placement before moving forward?

Thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-20-2024 08:36 AM

ISE Backup and Restore is all or nothing.

ISE REST APIs are the only way to do this for Policy Sets or only Authorization Rules.

I have an ise-get.py script that I have used to do this to JSON or YAML files.

Save most configurable objects from ISE:
ise-get.py all -v --details -f yaml --save saved_config

Save authorization rules per policy set id:
ise-get.py na-policy-set-authz --vars id=11a1d056-7a2b-4b58-bdd0-624d005ac92e

These commands and more are documented in the help: ise-get.py --help

View solution in original post

3 Replies 3

Go to solution
JPavonM
VIP
VIP

‎12-19-2024 10:47 PM

Yes you can create a backup of the policies, but then you cannot restore only the policies but the whole ISE backup.

Go to solution
thomas
Cisco Employee
Cisco Employee

‎12-20-2024 08:36 AM

ISE Backup and Restore is all or nothing.

ISE REST APIs are the only way to do this for Policy Sets or only Authorization Rules.

I have an ise-get.py script that I have used to do this to JSON or YAML files.

Save most configurable objects from ISE:
ise-get.py all -v --details -f yaml --save saved_config

Save authorization rules per policy set id:
ise-get.py na-policy-set-authz --vars id=11a1d056-7a2b-4b58-bdd0-624d005ac92e

These commands and more are documented in the help: ise-get.py --help

Go to solution
JayJeffcoat7636
Level 1
Level 1
In response to thomas

‎12-31-2024 08:48 AM

Thomas, not going to lie, your YouTube and Github page took me down an obsessed rabbit hole, but I enjoyed every single minute of it! For the life of me I couldn't figure out how to successfully do any of the /api/ Postman Gets, but could do all the /ers/, but finally figured out it was something silly like enabling that functionality in the ISE GUI, doh!

Anyway, thanks a TON, I was a complete novice to API calls, Postman, etc and now I'm understanding it and enjoying it! I do have a question though, but I'm sure this isn't the correct forum for it, but I'll ask anyway! I've used Postman a handful of times in my past and needed to generate authorization tokens for certain Vendors, why is that not required for my Cisco ISE API calls?

Thanks again!

Jay

0 Helpful
Customers Also Viewed These Support Documents