Multiple Value Variables, All Values Are the Same Type

Several policy object and system variables resolve to multiple values of the same type. For example, an object variable that points to a network object group resolves to a list of the IP addresses within the group. Similarly, the system variable $SYS_FW_INTERFACE_NAME_LIST resolves to a list of interface names.

You can also create text objects for multiple values of the same type. For example, the predefined text object enableInspectProtocolList can contain more than one protocol name.

Multiple value variables that resolve to a list of items of the same type are frequently of indeterminate length. For example, you cannot know beforehand how many interfaces on a device are named, as users can configure or unconfigure interfaces at any time.

Thus, you would typically use a loop to process multiple value variables of the same type. For example, the predefined FlexConfig Default_Inspection_Protocol_Enable uses a #foreach loop to go through the enableInspectProtocolList object and process each value.

policy-map global_policy
    class inspection_default
    #foreach ( $protocol in $enableInspectProtocolList) 
    inspect $protocol
    #end 

In this example, the script assigns each value in turn to the $protocol variable, which is then used in an ASA inspect command to enable the inspection engine for that protocol. In this case, you simply type in $protocol as a variable name. You do not use the Insert menu to add it, because you are not assigning an object or system value to the variable. However, you must use the Insert menu to add $enableInspectProtocolList.

The system loops through the code between #foreach and #end until there are no values remaining in $enableInspectProtocolList.