Searching Policy for different security profiles

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Searching Policy for different security profiles

L2 Linker

Hi All,

       Is there a way to search on differentially assigned ( or null ) different security profiles ( AntiSpam / URL / Vulnerability etc ) within a policy ?

      We use a couple of different vulnerability profiles/URL Filtering profiles within the same policy and its painful not being able to find where they are assigned. Am I missing something dreadfully obvious ?

Daniel

4 REPLIES 4

L7 Applicator

Hello Sir,

I am not clear about your exact query. Could you please explain your requirement in details (with an example).

Just an update, we can add a group security profile or individual profile i.e Antivirus, vulnerability, Data-filtering.


Example:


Sec-profile.JPG.jpg


sec-profile-1.JPG.jpg


Thanks

Thanks for the reply. Since we have multiple different vulnerability profiles, under the policies tab ( as below ) I want to show in the rulebase GUI where each vulnerability profile is used. Similar to if I was looking for a address object I would put the objects name in the search bar of the policies tab and the rule base would then only show me rules where that object is in use. I was looking for away of NOT having to check each vulnerability in a 200 rule + config by manually having to check each rule and what vulnerability profile is assigned.

Does that make it clearer ?

Screenshot taken from home PA, not work policy in question.

Hello Daniel,

Thanks for your update. As per my knowledge, we can't make a search from the GUI as per "vulnerability profile name". But, you can fetch the same information through CLI.

Example:

> set cli config-output-format set

admin@Subhankar> configure

Entering configuration mode

[edit]

admin@Subhankar# show rulebase security rules | match "Basic AV"  >>>>>>>>>> the profile name you are searching for.

set rulebase security rules "Outbound Services" profile-setting profiles virus "Basic AV"

set rulebase security rules "Permitted Applications" profile-setting profiles virus "Basic AV"

set rulebase security rules "Email Out" profile-setting profiles virus "Basic AV"

Hope this helps

Thanks

Hey Hulk,

      Thanks for that, should have also mentioned the we are running Panorama so figured had to run these commands on that device.

- set cli config-output-format set

- configure

- show device-group "Policy Name" pre-rulebase security rules

Key issue is that match command doesnt work here so had to manually copy from the CLI output and search via notepad.

  • 2718 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!