How to find objects and rules using CLI?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to find objects and rules using CLI?

L3 Networker

Hello,

I need to know if there is any method to make research based on ip adresses or groups to find out witch rules are using it on the cli. In other words, how can i use the cli to search policies in witch an ip adresse or a group of ip adresses is used.

Regards.

6 REPLIES 6

L5 Sessionator

Pre 3.1, the CLI command test security-policy-match show-all yes source (ip address) will display all security policies that apply to an ip address or source-user .   Tab through the command to find the various search options.

In 3.1 the command requires that you specify the application name, source and destination IP address, ports, zone, protocol and user.

Hello

Thank you nrice, i tried the command given, but it seems to be not working, it return only the rules in witch the source and destination adresses are "any", even if i have rule's that should be returned based on a specific ip address. Also, it doesn't work on panorama.

Any idea please, it is so important in case of debugging.

Regards.

L4 Transporter

Hello Asia,

the way to do this is via the traffic logs by simply filtering them by source Ip. This of course can be done from the gui and from the cli.

The following command from the cli will also get you what you requested:

)> show log traffic src in 10.16.0.110


Time                App             From            Src Port   Source
Rule                Action          To              Dst Port   Destination
                    Src User        Dst User
===============================================================================
2010/03/18 06:15:20 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.253
                    paloaltonetwork
2010/03/18 06:15:20 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:26 dns             corp-trust      55609     10.16.0.110
rule15              allow           corp-untrust    53        10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:26 dns             corp-trust      64021     10.16.0.110
rule15              allow           corp-untrust    53        10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:26 dns             corp-trust      51470     10.16.0.110
rule15              allow           corp-untrust    53        10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:26 dns             corp-trust      64022     10.16.0.110
rule15              allow           corp-untrust    53        10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:26 dns             corp-trust      50010     10.16.0.110
rule15              allow           corp-untrust    53        192.175.48.1
                    paloaltonetwork
2010/03/18 06:15:33 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.252
                    paloaltonetwork
2010/03/18 06:15:33 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.253
                    paloaltonetwork
2010/03/18 06:15:33 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.246
                    paloaltonetwork
2010/03/18 06:15:33 ping            corp-trust      0         10.16.0.110
rule15              allow           corp-untrust    0         10.0.0.247

...........notice there are other filtering options after "show log traffic" that you can user other than "src (source ip)"...............

thanks,

Stephen

Thank stephen,

But i'am interesting in finding the objects in configuration, what about the option mentioned by nrice, is it working? Traffic logs doesn't cover all cases (what about a case in witch the object was used in a rule but there was not traffic matching it).

Regards.

Hello,

Any other idea please, the docs are so poor concerning this.

Regards,

One suggestion:

While in the web UI ==> Policies tab ==> Security rules, you can hit CTRL-F to perform a text search on the entire web page.  This requires that your search is an exact match.  For example, if a rule has IP address = 192.168.10.0/24, and you search for 192.168.10.8 then it is not an exact match.  This will not work if you search for a object name, and the rule is an object group.

Cheers,

  • 6057 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!