- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- How can I filter disabled rules in the 'policies'-tab
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 05:46 AM
Hi,
I am quite new with Palo Alto and I try to filter disabled rules, so that I only see the enabled rules. I know that a lot of syntax can be found in the monitoring tab, but since enabled/disabled rules are not in it, I cannot find. It is on the Palo alto itself, not Panorama.
- Labels:
-
Configuration
-
Management
-
Set Up
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 10:06 AM
Could you please test this one on policies query
(disabled eq 'yes' )
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 07:52 AM
Hello Johan,
As per my understanding, you will not be able to segregate only disabled rule from the GUI search option. Rather, you can enable "Highlight unused rule" option, it will show you all disabled rule including any other active rule, currently not being used.
But, from the CLI, you can find out all disabled rule by below mentioned command:
admin@DADA> set cli config-output-format set
admin@DADA> configure
Entering configuration mode
admin@DADA# edit rulebase security
[edit rulebase security]
admin@DADA# show | match "disabled yes"
set rulebase security rules test-1 disabled yes >>>>>>>>>>>>>> Rule test-1 is disabled
set rulebase security rules rule2 disabled yes >>>>>>>>>>>>>>> rule2 is also disabled
GUI:
Hope this helps.
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 08:33 AM
Hi Hulk,
Thanks for your answer, but was not exactly what I meant. The tab 'highlight' is more the used rules since the last reboot, this means enabled and disabled rules. What I try to do is to filter on disabled rules. The reason is that I am busy with a migration from Checkpoint to Palo Alto and have some 200 rules : all the one that I dont need anymore, I disable, but I dont them removed. I try to have the effect that I don't see them anymore in the policy tab within the webui.
thanks and greetz
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 10:06 AM
Could you please test this one on policies query
(disabled eq 'yes' )
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 10:28 AM
Thanks Panos. That was what I looked for. Is there somewhere some manual for the syntax ?
Greetz,
johan
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-14-2014 10:42 AM
I don't think there is one but at least I don't have....
Regards.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-16-2014 12:40 AM
one other way I found helpful is make use of tags when defining rules and then later on you use these tags in your filter
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
10-25-2019 11:25 PM - edited 10-25-2019 11:26 PM
If you do tag your rules you can then use the below searches to see only disabled, or only enabled. Note that there is no text between the apostrophes, which represents the 'none' in the tag column, that you cant usually filter on unless you use tags.
I tagged all enabled rules and didn't tag the disabled:
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
03-26-2021 11:37 AM
This solution isn't working for me.
If I do: (disabled eq 'yes') - it will show me all 80 disabled rules.
But if I do (disabled eq 'no') - it shows me just 12 out of 160 active rules - one of which is a local rule, the other 11 are Pano rules. Like the OP, how do I weed out "disabled" rules? Is there another method?
- Unusual Issues in Hosted ESXI Environment in General Topics
- How to set up an outbound VPC proxy with domain whitelisting and content filtering on AWS in VM-Series in the Public Cloud
- Reporting on Coin Miners in General Topics
- Extract data of all ciphers and protocols that enabled or disabled in palo alto firewalls in General Topics
- PANGP virtual adapter disabled automatically in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
