I have one question to engineers Paloalto, why from CLI can't find security rules which include example IP address. What is to difficult create that function?
Why such an advanced device does not have such a simple search. Another thing lack this function in CLI is big problem because i must used GUI.
What for is CLI?
it is working in my lab
test security-policy-match source-user dc\student1 source 192.168.10.17 destination 0.0.0.0 protocol 1
application/service [ youtube-base/any/any/any youtube-safety-m/any/any/
any youtube-uploadin/any/any/any youtube-posting/any/any/any ];
Yes i know it's working if use dc\nameuser.
Please use domain group Active Directory
user cn=net_server ,ou=paloalto,dc=paloalto.org
I have about 400 rules which use domain group. domaing group match to security rules.
to zone-dmz ;
I have different way to get the rule, this not answer your question directly - but maybe will be helpfull.
show session all filter source 192.168.1.35
or if you know aplication:
show session all filter application ssh source 192.168.1.35
show session id XXXXX
you will see in "rule" parametr name of security policy what are you looking for.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!