This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Searching Policy for different security profiles

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Searching Policy for different security profiles

dpenhall
L2 Linker

‎01-30-2014 01:29 AM

Hi All,

       Is there a way to search on differentially assigned ( or null ) different security profiles ( AntiSpam / URL / Vulnerability etc ) within a policy ?

      We use a couple of different vulnerability profiles/URL Filtering profiles within the same policy and its painful not being able to find where they are assigned. Am I missing something dreadfully obvious ?

Daniel

0 Likes Likes
4 REPLIES 4

HULK
L7 Applicator

‎01-30-2014 08:27 AM

Hello Sir,

I am not clear about your exact query. Could you please explain your requirement in details (with an example).

Just an update, we can add a group security profile or individual profile i.e Antivirus, vulnerability, Data-filtering.


Example:


Sec-profile.JPG.jpg


sec-profile-1.JPG.jpg


Thanks

0 Likes Likes

dpenhall
L2 Linker
In response to HULK

‎01-30-2014 11:42 AM

Thanks for the reply. Since we have multiple different vulnerability profiles, under the policies tab ( as below ) I want to show in the rulebase GUI where each vulnerability profile is used. Similar to if I was looking for a address object I would put the objects name in the search bar of the policies tab and the rule base would then only show me rules where that object is in use. I was looking for away of NOT having to check each vulnerability in a 200 rule + config by manually having to check each rule and what vulnerability profile is assigned.

Does that make it clearer ?

Screenshot taken from home PA, not work policy in question.

0 Likes Likes

HULK
L7 Applicator
In response to dpenhall

‎01-30-2014 01:22 PM

Hello Daniel,

Thanks for your update. As per my knowledge, we can't make a search from the GUI as per "vulnerability profile name". But, you can fetch the same information through CLI.

Example:

> set cli config-output-format set

admin@Subhankar> configure

Entering configuration mode

[edit]

admin@Subhankar# show rulebase security rules | match "Basic AV"  >>>>>>>>>> the profile name you are searching for.

set rulebase security rules "Outbound Services" profile-setting profiles virus "Basic AV"

set rulebase security rules "Permitted Applications" profile-setting profiles virus "Basic AV"

set rulebase security rules "Email Out" profile-setting profiles virus "Basic AV"

Hope this helps

Thanks

0 Likes Likes

dpenhall
L2 Linker
In response to HULK

‎01-30-2014 02:57 PM

Hey Hulk,

      Thanks for that, should have also mentioned the we are running Panorama so figured had to run these commands on that device.

- set cli config-output-format set

- configure

- show device-group "Policy Name" pre-rulebase security rules

Key issue is that match command doesnt work here so had to manually copy from the CLI output and search via notepad.

0 Likes Likes
  • 2434 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks