04-21-2025 02:12 AM
Dear all:
I have a question about search security policys. We have lots of security policys on our pa ngfw. some of them use a address group as a source& destination condition, some are not. The content of address-group may be a range or a subnet, but now I want to search security policys that relate a pariticular address, this address maybe contain in one or more address-group, and I also want to add some filter conditions such as action, source zone, destiontion zone,and so on, how can I do this? I try to write a filter like (source/member contains '1.1.1.1'), but it doesn't work..
Best Wishes
04-22-2025 09:19 AM
Hello,
What I find helpful is when on the policies page and I want to filter for something, I hover the mouse cursor over that object and a drop down chevron shows up, the I click 'Filter' and it builds it for me.
Another way is just to type what you are looking for, i.e. 1.1.1.1 and hit enter and it will filter for every policy that has that referenced.
You can create simple and/or filters but its a simple database so super complex filters might not work.
Just remember to hit 'enter' to apply the filter of the arrow on the right.
Regards,
04-22-2025 10:58 AM
@459768405 wrote:
Dear all:
I have a question about search security policys. We have lots of security policys on our pa ngfw. some of them use a address group as a source& destination condition, some are not. The content of address-group may be a range or a subnet, but now I want to search security policys that relate a pariticular address, this address maybe contain in one or more address-group, and I also want to add some filter conditions such as action, source zone, destiontion zone,and so on, how can I do this? I try to write a filter like (source/member contains '1.1.1.1'), but it doesn't work..
Best Wishes
@OtakarKlier mentioned the 2 best ways to find objects, the first one in policy and the second being the "Global Find." Depending on your use case one might be more efficient than the other.
The Global Find, is a more complete search as it will show objects that simply exist that might not be used in policy.
04-22-2025 10:25 PM
Hi,
Thanks for your help! But I think these two way can't let me achieve my goal. Maybe it will work if i can use these two way together. I mean that I want to find the security policies which not only use a address-group include a particular address like 1.1.1.1, but also conform to other filters like from A zone to B zone, is there any way can let me do this?
Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
