- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
on 01-16-2024 12:30 PM
Digging into the depths of policy details can be quite the task, especially after a long and tiring day. But fear not, handy search tools are here to lighten your load!
Here's how it works: Simply pop in a keyword related to what you're hunting for. This could be the name of a policy (just squish it into one word), an IP address or object name, maybe an application, or even a service.
Keep in mind though, wildcards (like *) aren't supported. You'll need a partial or an exact match.
Add a partial IP address and you'll get all the partial and exact matches in the result:
Want to narrow things down even further? You can target your search to specific fields like the source zone or application. And guess what? There’s a super handy drop-down function that sets up your search filter in a snap. Easy-peasy!
You can also create a search string manually. I've provided a list of all fields below:
Name: (name contains 'unlocate-block')
Tags: (tag/member eq 'tagname')
Type: (rule-type eq 'intrazone|interzone')
Source Zone: (from/member eq 'zonename')
Source Address: (source/member eq 'any|ip|object')
Source User: (source-user/member eq 'any|username|groupname')
Hip profile: (hip-profiles/member eq 'any|profilename')
Destination Zone: (to/member eq 'zonename')
Destination Address: (destination/member eq 'any|ip|object')
Destination User: (destination-user/member eq 'any|username|groupname')
Application: (application/member eq 'any|applicationname|applicationgroup|applicationfilter')
Service: (service/member eq 'any|servicename|application-default')
URL Category: (category/member eq 'any|categoryname')
This is a destination category, not a URL filtering security profile
Action: (action eq 'allow|drop|deny|reset-client|reset-server|reset-both')
Action send ICMP unreachable: (icmp-unreachable eq 'yes')
Security Profiles:
(profile-setting/profiles/virus/member eq 'profilename')
(profile-setting/profiles/spyware/member eq 'profilename')
(profile-setting/profiles/vulnerability/member eq 'profilename')
(profile-setting/profiles/url-filtering/member eq 'profilename')
(profile-setting/profiles/file-blocking/member eq 'profilename')
(profile-setting/profiles/wildfire-analysis/member eq 'profilegroupname')
(profile-setting/group/member eq 'profilename')
Disable server response inspection: (option/disable-server-response-inspection eq 'yes')
Log at session start: (log-start eq 'yes|no')
Log at session end: (log-end eq 'yes|no')
Schedule: (schedule eq 'schedulename')
Log Forwarding: (log-setting eq "forwardingprofilename')
Qos Marking: (qos/marking/ip-dscp eq 'codepoint')
(qos/marking/ip-precedence eq 'codepoint')
(qos/marking/follow-c2s-flow eq '')
Description: (description contains '<keyword>')
Disabled policy: (disabled eq yes|no)
policies will only respond to 'no' if they have been disabled before
As you can see in the examples above the operands are 'contains' and 'eq' (=equals).
Note that you can also use the negate option using the operand 'neq' (=not equals).
For example, here's how you can use the negate option to list all the rules that do NOT have a ALLOW action: (action neq 'allow'):
Tag Browser can also come in very handy if you're able to tag all your security policies. It can be used in a similar way as the search function and display only the selected tags.
More information and a tutorial video on the Tag Browser can be found here: Tutorial: Tag Browser
Hope this was helpful, feel free to ask questions or post remarks below.
Thanks for taking time to read this blog.
Don't forget to hit that Like (thumbs up) button and don't forget to subscribe to the LIVEcommunity Blog.
Stay Secure,
Kiwi out!
Hi @BYates ,
You can filter on the columns. Click the arrow next to the column name. From there select "Columns" and you can check/uncheck all the columns you would like to see.
You can also drag/drop the columns to change the order you would like to see.
As far as I know there is no filter option in the search bar at the top to filter out certain columns that way.
Still not what you need ? In that case custom reports also allow you define specific colums in the report.
Hope this helps,
-Kim.
If you want to filter for Rule ID which is called UUID the filter is:
(uuid eq xyz)
Hi @J.Healy ,
You can't seem to add a filter based on modified date on the policies tab.
However, knowing the modified date should allow you to do a Config Audit (Device tab > Config Audit) for that date/config version and verify all the changes in the config (including the rules).
If that doesn't provide you the requested information then a feature request might be in order.
Hello Team,
Can I create filter to see only rules in specific Device Group. I have device group which have 3 parent Device Groups and there are 500 rules coming from them. This is pre-rules, so every time I have to scroll down to the local rules for the Device Group. Can I filter only for local rules in this Device Group without seeing all the rules coming from parents?
Kind Regards