This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

List all deny rules from cli

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

List all deny rules from cli

jls3j999
L1 Bithead

‎11-01-2020 09:43 AM

I have to list all deny rules (from cli)

The following command "show running security-policy | match index " list all security rules by name

For example:

"AllowBrach1IN; index: 1" {

....etc

What I want is:

- deny INBOUND traffic rules only but regarding entire subnets (those having CIDR as their destination ...like 192.168.1.0/24..etc)

Is there any way to filter out that type of information?

Thanks,

 

0 Likes Likes
14 REPLIES 14

jls3j999
L1 Bithead
In response to rmfalconer

‎11-10-2020 10:27 AM

@rmfalconer thanks this command works fine:

show vsys vsys1 rulebase security | match deny

example output:

set vsys vsys1 rulebase security rules FTP-INBOUND-DENY action deny

....

But I expected to get network details as well such as:

192.168.0.10/24  or whatever related to every rule whose action is equal to deny

0 Likes Likes

rmfalconer
L4 Transporter
In response to jls3j999

‎11-10-2020 11:06 AM

Using the match command will only output the line where that word specifically appears. If you want detail on each policy, you'll need to match on the policy name.

show vsys vsys1 rulebase security | match FTP-INBOUND-DENY

Is there a specific reason you want to use CLI? There's a filter and export function in the GUI that might work for you. You can filter on the action and then export the table to csv or pdf.

0 Likes Likes

jls3j999
L1 Bithead
In response to rmfalconer

‎11-15-2020 02:40 PM

Your suggestion sounds good but my purpose is to get details about the subnets involved

So as well as the list of all DENY rules whose action is actually "deny" I'd like to get further details on the network segment

For instance, with reference to the rule called FTP-INBOUND-DENY, it would be great if I could see something like:

 FTP-INBOUND-DENY 192.168.1.0/24

Through cli it would be better I believe

 

0 Likes Likes

rmfalconer
L4 Transporter
In response to jls3j999

‎11-16-2020 08:27 AM

I think using the GUI would be easier in this case. Filer the security policies with (action eq 'deny') or (action eq 'drop') [or whatever action you want to filter on] and export to CSV. 

It shows rule name, src/dst addresses, zones, plus other info. At that point, you can just hide any columns you don't want and you'll have what you're looking for. 

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to rmfalconer

‎11-16-2020 09:02 AM

@rmfalconer wrote:

I think using the GUI would be easier in this case. Filer the security policies with (action eq 'deny') or (action eq 'drop') [or whatever action you want to filter on] and export to CSV. 

It shows rule name, src/dst addresses, zones, plus other info. At that point, you can just hide any columns you don't want and you'll have what you're looking for. 

In this case the best filter is probably (action neq 'allow') 🙂

 

 

Tom Piens
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks