Global Find

Global Find

24751
Created On 09/25/18 18:56 PM - Last Modified 06/07/23 10:10 AM


Resolution


What address or application objects are used in what rules? What other places is a deprecated object used? Am I using older security profiles anywhere in my rulebase? Have all references from an application been cleaned up? Need to delete an object or profile -- how do I find all references to that object?

 

Using Global Find, we offer a one-click search solution for all the above questions across the entire configuration for items such as rules, objects, objects groups, profiles, Threat IDs, and port numbers.  You can search across device groups (Panorama) and/or across VSYS.

 

 

So what we've added (since PAN-OS 7.0) is the 'Search' option in the top right corner as shown in the screenshot below:

 

2016-06-27_15-29-22.pngSearch OptionFrom there, if you type in something and search for it, you search across the entire configuration and are presented with the search result:

 

2016-06-27_16-00-24.pngSearch Result

 

If you drill down the result, you can hover over the outcome to get more details, as shown below:

 

 Screen Shot 2016-06-28 at 09.35.46.pngHover over details

If you find what you were looking for and click it, you will jump to the configuration, rule or object where you can edit and/or delete it.  In our example, you will be directed to the Antivirus Security Profile TestUserProfile:

 

Screen Shot 2016-06-28 at 09.25.53.pngAntivirus Security Profiles

 

Some notes on the search:

  • It's a freeform text field based on a string match which is case insensitive.
  • If you type 2 criteria, it will perform a recursive lookup on both terms.  Use "quotes" if you want an exact match.
  • It works on the CANDIDATE CONFIG!
  • It has role-based access control, meaning that you will only find the things you have access to.
  • All past searches are saved.
  • Since we are doing searches against the configuration, it cannot find anything that is dynamic in nature, such as DHCP addresses, dynamic address groups addresses, or routing information.
  • Not possible to search for IP' within a range! (e.g. 1.1.1.1-1.1.1.10 or 1.1.1.0/24) > You will not find 1.1.1.9
  • No CLI or XML API ... GUI only!

 

As always, feel free to post feedback or comments below and like if this article has helped you in any way.

 

Thanks for reading!
Kim.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRuCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language