This document explains how to add tags to security policies and how to filter security policies based on the tags associated with them.
Note: One rule can be configured with more than one tag.
Filtering Security Rules
The filtered security policies based on the tag 'Inbound' will be shown as below
Thats a usefull trick. I also often filter by name of the policies [i.e. "(name eq deny-ssh)" shows all rules that contain "deny-ssh" in their name]. But I wonder if its possible to filter for the other fields (like source address) as well. Does anyone know about this (and the syntax)?
is it possible to remove or edit the tag entries? I don' aks for removing from policy, I ask for removing from the dropdown list!
Thank you in advance for your answer...
Same question. Also it's easy to make new custom tag and drag it later to any "none" tag, but impossible to drag and drop "none" tag to custom tag. Drag and drop new custom tag to previously made tag, doesn't change it, but adds second tag. Why?
I found "my failure". The tag has to be removed in every policy manually, than the tag dissapears from the dropdown menu...
I can add multiple tags to a rule. For example rule1 tags: inbound and ssh; rule2 tags: inbound and http. How do I filter for all rules containing "inbound"? I am seeing only rules that contain only a single tag.
I re-read the example. I did not know I could type a single word in the search field. I was searching "(tag eq inbound)". I am getting proper results.
Where I'm at we set the tags to be descriptions based on source and destinations. So it would be something like S.Trust_D.Internet that way if you know where your traffic is coming from or going to you can just put the whole tag or part of the tag to filter out the specific traffic.
Is there an option to filter OUT a specific tag?
(tag/member eq 'TAGNAME') works great if you want to see everything with that tag but (tag/member neq 'TAGNAME') gives no results.
I don't have a PA to test with at the moment but I think throwing an ! in front of the statement negates it.
So !(tag/member eq 'TAGNAME') should work
Thanks for the quick response! Unfortunately, I just tested that and adding an "!" in the front negates the entire command so it just lists everything as if there isn't a filter applied. Any other suggestions?
Change the "eq" to "neq"
So (tag/member neq 'TAGNAME') should work
Dave is correct, unless of course your rule has more than one tag assigned to it. :smileysad:
The solution (at least as of 6.0.4) I guess is to create more specific tags to your rules or do an standard search instead of filtering out using "eq" and "and" as this apparently *will* work (where "neq" and "and" wont).
As an example...
Will work to search for if it has multiple tags assigned to the rule:
(tag/member eq 'tag1') and (tag/member eq 'tag2')
Will not work to filter out if it has multiple tags:
(tag/member neq 'tag1') and (tag/member neq 'tag2')
(tag/member neq 'tag1') or (tag/member neq 'tag2')
(tag/member eq 'tag1') and (tag/member neq 'tag2')
They squashed the bug I mentioned above in 7.0. It wasn't fixed as of 6.0.9. I never checked on 6.0.10-6.1.x.
On a related topic, there is a way to show only disabled rules in your view. I did it once but can't recall how. Anyone know?
Edit: I found it, enter "disabled eq yes" in the filter.