- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-26-2014 09:07 AM
Does anyone know a good way to find out everywhere an object is used?
It would be great if there were an easy way to this.
06-26-2014 09:33 AM
PA really, really needs to implement Check Point's "Where used?" functionality. The backend code that determines where objects are used is already there, because if you try to delete an object that is used in the firewall rule base it won't let you, and it will prompt you as to where the object exists.
That's the closest I've been able to get to "Where used?" - try to delete the object, and if it doesn't let you it will tell you where the object is used. If it does let you delete it you can just "Revert to last saved configuration"
06-26-2014 09:33 AM
PA really, really needs to implement Check Point's "Where used?" functionality. The backend code that determines where objects are used is already there, because if you try to delete an object that is used in the firewall rule base it won't let you, and it will prompt you as to where the object exists.
That's the closest I've been able to get to "Where used?" - try to delete the object, and if it doesn't let you it will tell you where the object is used. If it does let you delete it you can just "Revert to last saved configuration"
06-26-2014 11:03 AM
Thanks for the advice, I was afraid that might be the case. I will put in a feature request (or another vote for any existing FR).
I will add that Cisco ASA has this capability as well.
06-26-2014 11:04 AM
If you get an FR let me know, I'd like to talk to my SE and vote for that FR too.
Thanks,
Eric
06-26-2014 11:32 AM
Hello ericgearhart and DMast,
Following is the feature request submitted to the development team for 'Where used objects functionality':
FR ID : 1285
Thanks and regards,
Kunal Adak
06-26-2014 12:37 PM
Thanks kadak! I will add my vote to the FR.
06-27-2014 07:58 AM
I will definitely be adding my vote as well. Thanks
06-27-2014 05:32 PM
Thanks for submitting. I've added a vote for FR ID : 1285 too.
Right now I use the following technique
Change the display of configuration to set mode:
set cli config-output-format set
the pipe the configuration to match with the address object name
show vsys | match net-192.168.1.0-24
this pulls out all the set commands that contain the object name.
06-30-2014 06:07 AM
Thank you Steven for sharing! I'm going to go ahead and steal your idea and share it with my team 🙂
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!