I am looking for a way to filter all rules without any value in the description field. We use this filed to reference the incident number which has been raised to request a security rule. And by policy we are not allowed to have any rules in our set where there is not reference in the description field.
So i have tried to use the filter options and especially the "does not contain" option. But somehow i have failed to get the correct syntax. For example i have tried
( description does not contain 'test' )
But this does not return any results. So i am even uncertain if the operator has to be spelled "does not contain" oder "doesnotcontain". I have tried both but none seems to work.
I know this is hitting the way back machine a bit, apologies. But just in case someone comes across this, the only way I have found is by adding the column "description". Any empty description field shows up in there as 'none' and while (for some stupid reason) you still can't search on that, you can export it to a csv file and from there you can easily filter by none in that column giving you all the rules that don't have a description.
Hope this helps future someone...........
The reason you can't search on the description field unless it actually has information is really just because the field doesn't exist if you don't have a description. In the actual XML configuration file that the device reads and searches whenever you are filtering for something in the rulebase, the entire <description> is one of the fields that the firewall simply doesn't create if left empty.
The rulebase search functionality leaves a lot to be desired, but once understanding that it's really just parsing an XML file makes it make a bit more sense.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!