Tips & Tricks: Filtering, Tags and Group Tags

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Audit
Last Reviewed: 04-08-2024 10:20 AM
Audited By: JayGolf
Community Team Member
No ratings

Searching for the obvious can sometimes be hard. You simply might have overlooked something or you might have never needed it before. Things can become especially tricky when you have a security policy that's several hundreds of rules long.

 

Luckily, Palo Alto Networks offers different ways to filter out what you're looking for.

 

Simply typing any string you're interested in in the search bar and hitting 'enter' will already display any rule that contains the string as seen in the screenshot below, where I used the string "demo" as an example. Notice that the string is NOT case sensitive :

 

kiwi_5-1684315965856.png

 


As seen in the example above, the search will display any rule where the string matches. The match can be in any of the columns and, depending on how big the result is, you might even have to restrict your search further.

 

NOTE: Notice how in the example, rule #42 (Outbound-Trust) does not seem to have the string 'demo' anywhere. Why is it shown in the search result ? The answer to that is because the search will also look in the rule's description which isn't visible unless you go into the rule details:

 

kiwi_6-1684316386526.png

 

As mentioned, it's possible to narrow down your search further. To do so you could, for example, limit the search result to the source zone specifically. For that, you can use the following search-filter : (name contains 'demo') and (from/member eq 'L3-Untrust')

 

Fear not, if you don't know the specific syntax for a filter, there are a couple of tricks you can use.

 

You could use the arrow next to the zone-name (or next to any other object you would like to filter on) and click on "Filter".  This will automatically populate the search-filter:

 

kiwi_7-1684317006050.png

 


 Alternatively, you can also drag and drop any object you want to filter on in the search filter:

 

draganddrop.gif

An alternative way to filter is by using tag groups (not to be confused with regular tags). By enabling the checkbox "View Rulebase as Groups" you can display the rulebase using these group tags. Doing so will maintain the policy order and priority but it allows you to select the group tag and view all the rules that are grouped by that tag:
 
kiwi_0-1684323860011.png

 

It's important to understand the difference between the regular tag vs the group tag in the security policy details.  As you can see you can perfectly add a policy rule to a group tag but not have a tag attached to the rule or even have a different tag and group tag:
 
kiwi_10-1684323180943.png

 

Feel free to share how filtering, tags and group tags have made your life easier!

 

Rate this article:
Comments
L0 Member

Hi, is there any way that we can filter the rules based on IP addresses from all devices groups (locations) using Panorama. Ive been looking up for this and couldnt find an answer for this. As of now if we want to filter an IP address in policies, it will only give us the rules within that specific device group. And if we search via global search, we only can exports the rules ID only (not the actual details of the rule itself with (source, destination, ports etc.). #filtering #securitypolicies #panorama

Community Team Member

@amirminhat1 ,

 

I'm afraid it's not possible to search over all device-groups as shown in the example in this article.  

Global search will cover a search globally but doesn't seem to provide you the flexibility you require.

I suggest reaching out to your local SE for a feature request.

  • 4520 Views
  • 2 comments
  • 0 Likes
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎05-17-2023 12:34 PM
Updated by: