- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Searching for the obvious can sometimes be hard. You simply might have overlooked something or you might have never needed it before. Things can become especially tricky when you have a security policy that's several hundreds of rules long.
Luckily, Palo Alto Networks offers different ways to filter out what you're looking for.
Simply typing any string you're interested in in the search bar and hitting 'enter' will already display any rule that contains the string as seen in the screenshot below, where I used the string "demo" as an example. Notice that the string is NOT case sensitive :
As seen in the example above, the search will display any rule where the string matches. The match can be in any of the columns and, depending on how big the result is, you might even have to restrict your search further.
NOTE: Notice how in the example, rule #42 (Outbound-Trust) does not seem to have the string 'demo' anywhere. Why is it shown in the search result ? The answer to that is because the search will also look in the rule's description which isn't visible unless you go into the rule details:
As mentioned, it's possible to narrow down your search further. To do so you could, for example, limit the search result to the source zone specifically. For that, you can use the following search-filter : (name contains 'demo') and (from/member eq 'L3-Untrust')
Fear not, if you don't know the specific syntax for a filter, there are a couple of tricks you can use.
You could use the arrow next to the zone-name (or next to any other object you would like to filter on) and click on "Filter". This will automatically populate the search-filter:
Alternatively, you can also drag and drop any object you want to filter on in the search filter:
An alternative way to filter is by using tag groups (not to be confused with regular tags). By enabling the checkbox "View Rulebase as Groups" you can display the rulebase using these group tags. Doing so will maintain the policy order and priority but it allows you to select the group tag and view all the rules that are grouped by that tag:
Feel free to share how filtering, tags and group tags have made your life easier!
Hi, is there any way that we can filter the rules based on IP addresses from all devices groups (locations) using Panorama. Ive been looking up for this and couldnt find an answer for this. As of now if we want to filter an IP address in policies, it will only give us the rules within that specific device group. And if we search via global search, we only can exports the rules ID only (not the actual details of the rule itself with (source, destination, ports etc.). #filtering #securitypolicies #panorama
I'm afraid it's not possible to search over all device-groups as shown in the example in this article.
Global search will cover a search globally but doesn't seem to provide you the flexibility you require.
I suggest reaching out to your local SE for a feature request.