Tips & Tricks: Filtering, Tags and Group Tags

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Last Reviewed: 04-08-2024 10:20 AM
Audited By: JayGolf
Community Team Member
No ratings

Searching for the obvious can sometimes be hard. You simply might have overlooked something or you might have never needed it before. Things can become especially tricky when you have a security policy that's several hundreds of rules long.


Luckily, Palo Alto Networks offers different ways to filter out what you're looking for.


Simply typing any string you're interested in in the search bar and hitting 'enter' will already display any rule that contains the string as seen in the screenshot below, where I used the string "demo" as an example. Notice that the string is NOT case sensitive :




As seen in the example above, the search will display any rule where the string matches. The match can be in any of the columns and, depending on how big the result is, you might even have to restrict your search further.


NOTE: Notice how in the example, rule #42 (Outbound-Trust) does not seem to have the string 'demo' anywhere. Why is it shown in the search result ? The answer to that is because the search will also look in the rule's description which isn't visible unless you go into the rule details:




As mentioned, it's possible to narrow down your search further. To do so you could, for example, limit the search result to the source zone specifically. For that, you can use the following search-filter : (name contains 'demo') and (from/member eq 'L3-Untrust')


Fear not, if you don't know the specific syntax for a filter, there are a couple of tricks you can use.


You could use the arrow next to the zone-name (or next to any other object you would like to filter on) and click on "Filter".  This will automatically populate the search-filter:




 Alternatively, you can also drag and drop any object you want to filter on in the search filter:



An alternative way to filter is by using tag groups (not to be confused with regular tags). By enabling the checkbox "View Rulebase as Groups" you can display the rulebase using these group tags. Doing so will maintain the policy order and priority but it allows you to select the group tag and view all the rules that are grouped by that tag:


It's important to understand the difference between the regular tag vs the group tag in the security policy details.  As you can see you can perfectly add a policy rule to a group tag but not have a tag attached to the rule or even have a different tag and group tag:


Feel free to share how filtering, tags and group tags have made your life easier!


Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎05-17-2023 12:34 PM
Updated by: