CLI find security rule, known IP address

Showing results for 
Search instead for 
Did you mean: 

CLI find security rule, known IP address

L2 Linker

I have one question to engineers Paloalto, why from CLI can't find security rules which include example IP address. What is to difficult create that function?

Why such an advanced device does not have such a simple search. Another thing lack this function in CLI is big problem because i must used GUI.

What for is CLI?


L6 Presenter


you can use

test security-policy-match

to find the security rule if you know source ip.

L2 Linker

it doesn't work if your security rule contain field "user"
user cn=net_server ,ou=paloalto,

it is working in my lab

test security-policy-match source-user dc\student1 source destination  protocol 1

testrule {

        from any;


        source-region none;

        to any;

        destination any;

        destination-region none;

        user dc\student1;

        category any;

        application/service [ youtube-base/any/any/any youtube-safety-m/any/any/

any youtube-uploadin/any/any/any youtube-posting/any/any/any ];

        action deny;

        terminal no;


L2 Linker

Yes i know it's working if use dc\nameuser.

Please use domain group Active Directory


user cn=net_server ,ou=paloalto,

domain group ?

there is no option for group with that command

let me try with group

seems group is not supported.

but maybe there is a way with writing in another format but I don't know that.

L2 Linker

I have about 400 rules which use domain group. domaing group match to security rules.


        from zone-lan;
        source any;
        source-region none;
        to zone-dmz ;
        destination-region none;
        user cn=red,ou=paloalto,;
        category any;
        application/service  any/tcp/any/3000;
        action allow;
        terminal yes;

It work's.

I have different way to get the rule, this not answer your question directly - but maybe will be helpfull.

from CLI:

show session all filter source

or if you know aplication:

show session all filter application ssh source

and next:

show session id XXXXX

you will see in "rule" parametr name of security policy what are you looking for.



Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!