Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
05-26-2014 02:12 AM
Hello
I have to make some order on my PAN device.
I'm looking for CLI command:
- that will show me all addresses and groups defined on my device
- that will show me all services and groups defined on my device
- how to list aplications from one policy and put the list of aplication to aplication group
I hope that for You it is easy 
With regards
Slawek
05-26-2014 07:40 AM
Hello Slawek,
As per your requirement, please find below sets of CLI command:
----- - that will show me all addresses and groups defined on my device
Ans:
admin@DADA> configure
Entering configuration mode
admin@DADA# show address >>>>>>>>>>>>>>>>>>>>> show configured address-object in this PAN firewall.
admin@DADA# show address-group >>>>>>>>>>>>>>>> show configured address-group in this PAN firewall.
---- - that will show me all services and groups defined on my device
Ans:
admin@DADA# show service
admin@DADA# show service-group
-------- how to list aplications from one policy and put the list of aplication to aplication group.
Note: for better understanding, i have set CLI output in SET format ( admin@DADA> set cli config-output-format set )
Ans:
admin@DADA# show rulebase security rules rule1
set rulebase security rules rule1 from Trust-LAN
set rulebase security rules rule1 to Untrust-ISP
set rulebase security rules rule1 source any
set rulebase security rules rule1 destination any
set rulebase security rules rule1 source-user any
set rulebase security rules rule1 category social-networking
set rulebase security rules rule1 application [ facebook twitter web-browsing ] >>>>>>>>>>>>>>>>>> List of aapplications defined on a security rule
set rulebase security rules rule1 service application-default
set rulebase security rules rule1 hip-profiles any
set rulebase security rules rule1 action deny
set rulebase security rules rule1 disabled no
The command to set above mentioned applications on a "Application-group".
admin@DADA# set application-group test-application-group [ facebook twitter web-browsing ]
Hope this helps.
Thanks
05-26-2014 05:51 AM
Hi Slawek
in CLI if you go into configure mode:
admin@PA-5050> configure
Entering configuration mode
[edit]
admin@PA-5050# show address
address {
test {
ip-netmask 192.168.0.70/32;
}
google.com {
fqdn www.google.com;
}
yahoo.com {
fqdn www.yahoo.com;
}
[edit]
admin@PA-5050# show address-group
address-group {
grp {
test;
}
[edit]
admin@PA-5050# show service
service {
test82 {
protocol {
tcp {
port 82;
}
}
}
}
[edit]
admin@PA-5050# show service-group
service-group {
testgrp {
members test82;
}
}
[edit]
and for your last one, i'd guess you could do
admin@PA-5050# show rulebase security rules mcafee
mcafee {
from any;
to any;
source any;
destination any;
source-user any;
category any;
application mcafee-update;
service application-default;
hip-profiles any;
action allow;
}
[edit]
admin@PA-5050# set application-group mynewgroup mcafee-update
[edit]
admin@PA-5050# show application-group mynewgroup
mynewgroup mcafee-update
;
[edit]
hope this helps
Tom
05-26-2014 07:40 AM
Hello Slawek,
As per your requirement, please find below sets of CLI command:
----- - that will show me all addresses and groups defined on my device
Ans:
admin@DADA> configure
Entering configuration mode
admin@DADA# show address >>>>>>>>>>>>>>>>>>>>> show configured address-object in this PAN firewall.
admin@DADA# show address-group >>>>>>>>>>>>>>>> show configured address-group in this PAN firewall.
---- - that will show me all services and groups defined on my device
Ans:
admin@DADA# show service
admin@DADA# show service-group
-------- how to list aplications from one policy and put the list of aplication to aplication group.
Note: for better understanding, i have set CLI output in SET format ( admin@DADA> set cli config-output-format set )
Ans:
admin@DADA# show rulebase security rules rule1
set rulebase security rules rule1 from Trust-LAN
set rulebase security rules rule1 to Untrust-ISP
set rulebase security rules rule1 source any
set rulebase security rules rule1 destination any
set rulebase security rules rule1 source-user any
set rulebase security rules rule1 category social-networking
set rulebase security rules rule1 application [ facebook twitter web-browsing ] >>>>>>>>>>>>>>>>>> List of aapplications defined on a security rule
set rulebase security rules rule1 service application-default
set rulebase security rules rule1 hip-profiles any
set rulebase security rules rule1 action deny
set rulebase security rules rule1 disabled no
The command to set above mentioned applications on a "Application-group".
admin@DADA# set application-group test-application-group [ facebook twitter web-browsing ]
Hope this helps.
Thanks
05-27-2014 02:44 AM
Thank You for detailed informations.
Yesterday was created doc Export a List of Address Objects or Security Policies and Import into a Spreadsheet
that could be helpfull if You prefer do it without CLI.
Regards
Slawek
06-06-2014 12:22 AM
Hi
One more question.
How to filter output ie. "admin@DADA# show service | grep 192.168" << this is incorect command.
What is the correct one?
Regards
Slawek
06-06-2014 05:37 AM
Try something along the lines of
show service | match 1492
tab complete will also work to show you the remaining available command strings
show service {hit the tab key on your keyboard}
<name> <name>
| Pipe through a command
<Enter> Finish input
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
