Security Policy Search Results

Reply
L2 Linker

Security Policy Search Results

We have a 3020 firewall with version 8.0.10 and need to allow a new server access to resources in other zones. An existing server, 10.100.100.10 already has this access, so I need to mimic the access of this server.

 

In Objects\Addresses there is an entry for 10.100.100.10 with the name Server1.
In Objects\Address Groups there are a couple of groups in which server name Server1 belongs.

 

In Policies\Security, when I search for Server1, four Security Policy Rules result. When I check them, all have Server1 in either Source or Destination.

 

When I search Policies\Security using the Server1 IP address, 10.100.100.10, a half dozen result, two of the results have Server1 name, but the other four don't. I checked these four, and they don't have the server name or IP address anywhere in the rule.

 

I appreciate any help in understanding the logic of how the other four policies result by IP address.
Thank you.

Jeff

 

 

Passionate about network infrastructure and all things Palo Alto Networks.
Community Team Member

Re: Security Policy Search Results

Hi @jeff6strings ,

 

Maybe you have another object in there that contains the private address space range ?

 

For example if you have an object or a group that contains the private range 10.0.0.0/8 then 10.100.100.10 would also return in your search result while not having the IP address explicitly configured.

 

Cheers !

-Kiwi.

 
Highlighted
L4 Transporter

Re: Security Policy Search Results

with "Object NAME" just the server is found.

 

with "IP" the server and any groups it belongs to are returned.

 

It's just the way the search works, not sure if it's different in later versions.

L2 Linker

Re: Security Policy Search Results

I didn't think of that and there is an object with a 10.100.100.0/24. I checked the other rules and they do have this object as either source or destination.

Thank you.

 

Jeff

Passionate about network infrastructure and all things Palo Alto Networks.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!