- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-30-2014 01:29 AM
Hi All,
Is there a way to search on differentially assigned ( or null ) different security profiles ( AntiSpam / URL / Vulnerability etc ) within a policy ?
We use a couple of different vulnerability profiles/URL Filtering profiles within the same policy and its painful not being able to find where they are assigned. Am I missing something dreadfully obvious ?
Daniel
01-30-2014 08:27 AM
Hello Sir,
I am not clear about your exact query. Could you please explain your requirement in details (with an example).
Just an update, we can add a group security profile or individual profile i.e Antivirus, vulnerability, Data-filtering.
Example:
Thanks
01-30-2014 11:42 AM
Thanks for the reply. Since we have multiple different vulnerability profiles, under the policies tab ( as below ) I want to show in the rulebase GUI where each vulnerability profile is used. Similar to if I was looking for a address object I would put the objects name in the search bar of the policies tab and the rule base would then only show me rules where that object is in use. I was looking for away of NOT having to check each vulnerability in a 200 rule + config by manually having to check each rule and what vulnerability profile is assigned.
Does that make it clearer ?
Screenshot taken from home PA, not work policy in question.
01-30-2014 01:22 PM
Hello Daniel,
Thanks for your update. As per my knowledge, we can't make a search from the GUI as per "vulnerability profile name". But, you can fetch the same information through CLI.
Example:
> set cli config-output-format set
admin@Subhankar> configure
Entering configuration mode
[edit]
admin@Subhankar# show rulebase security rules | match "Basic AV" >>>>>>>>>> the profile name you are searching for.
set rulebase security rules "Outbound Services" profile-setting profiles virus "Basic AV"
set rulebase security rules "Permitted Applications" profile-setting profiles virus "Basic AV"
set rulebase security rules "Email Out" profile-setting profiles virus "Basic AV"
Hope this helps
Thanks
01-30-2014 02:57 PM
Hey Hulk,
Thanks for that, should have also mentioned the we are running Panorama so figured had to run these commands on that device.
- set cli config-output-format set
- configure
- show device-group "Policy Name" pre-rulebase security rules
Key issue is that match command doesnt work here so had to manually copy from the CLI output and search via notepad.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!