This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Tips and Tricks: Filtering the Security Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Blogs
- Tips and Tricks: Filtering the Security Policy
reaper
Cyber Elite
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Printer Friendly Page
06-26-2017
07:27 AM
Manually searching through the policies can be pretty hard if there are many rules and it's been a long day. Luckily, there are search functions available to you to make life a little easier.
First off, you can simply type in any keyword you are looking for, which can be a policy name (as one word), an IP address/subnet or object name, an application, or a service.
One caveat is that this needs to be a string match, so it cannot be a subnet. Wildcards (*) are not supported.
You can also search within a specific field, like source zone or application. There's an easy drop-down function you can use to automatically create the search filter.
You can also create a search string manually. I've provided a list of all fields below:
Tags: (tag/member eq 'tagname')
Name: (name contains 'unlocate-block')
Type: (rule-type eq 'intrazone|interzone')
Source Zone: (from/member eq 'zonename')
Source Address: (source/member eq 'any|ip|object')
Source User: (source-user/member eq 'any|username|groupname')
Hip profile: (hip-profiles/member eq 'any|profilename')
Destination Zone: (to/member eq 'zonename')
Destination Address: (destination/member eq 'any|ip|object')
Destination User: (destination-user/member eq 'any|username|groupname')
Application: (application/member eq 'any|applicationname|applicationgroup|applicationfilter')
Service: (service/member eq 'any|servicename|application-default')
URL Category: (category/member eq 'any|categoryname')
This is a destination category, not a URL filtering security profile
Action: (action eq 'allow|drop|deny|reset-client|reset-server|reset-both')
Action send ICMP unreachable: (icmp-unreachable eq 'yes')
Security Profiles:
(profile-setting/profiles/virus/member eq 'profilename')
(profile-setting/profiles/spyware/member eq 'profilename')
(profile-setting/profiles/vulnerability/member eq 'profilename')
(profile-setting/profiles/url-filtering/member eq 'profilename')
(profile-setting/profiles/file-blocking/member eq 'profilename')
(profile-setting/profiles/wildfire-analysis/member eq 'profilegroupname')
(profile-setting/group/member eq 'profilename')
Disable server response inspection: (option/disable-server-response-inspection eq 'yes')
Log at session start: (log-start eq 'yes|no')
Log at session end: (log-end eq 'yes|no')
Schedule: (schedule eq 'schedulename')
Log Forwarding: (log-setting eq "forwardingprofilename')
Qos Marking: (qos/marking/ip-dscp eq 'codepoint')
(qos/marking/ip-precedence eq 'codepoint')
(qos/marking/follow-c2s-flow eq '')
Description: (description contains '<keyword>')
Disabled policy: (disabled eq yes|no)
policies will only respond to 'no' if they have been disabled before
NOTES:
- searched terms are case sensitive! (Untrust or untrust)
- operands include 'eq', 'neq', 'contains'
Lastly, the Tag Browser can also come in very handy if you're able to tag all your security policies. It can be used in a similar way as the search function and display only the selected tags.
More information and a tutorial video on the Tag Browser can be found here: Tutorial: Tag Browser
Also take a look at our video and transcript on Filtering the Security Policy.
Hope this was helpful, feel free to ask questions or post remarks below.
Reaper out
Labels:
36 Comments
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
About the Author
I drink and I know things
Labels
-
10.0
1 -
10.1
1 -
10.2
2 -
2 factor authentication
1 -
2020
1 -
2fa
1 -
3.0
1 -
30DaysCloud
5 -
5G
9 -
7000
2 -
7000 series
1 -
9.0
1 -
ACC
2 -
addressgroups
1 -
ADEM
1 -
admin
1 -
admin roles
2 -
administration
10 -
Administrator Profile
1 -
Adobe Acrobat
1 -
AdTacking
1 -
Advanced Threat Mitigation
1 -
Advanced URL Filtering
6 -
Agent
1 -
Agentless
1 -
agentless user id
1 -
AIOps
9 -
AIOps for NGFW
4 -
AIOps NGFW
6 -
ALERTS
1 -
Alibaba
1 -
Alibaba Cloud
3 -
AMA
7 -
Analytics
3 -
Announcement
3 -
Aperture
3 -
API
6 -
API Security
1 -
App-ID
14 -
App-Portal
1 -
application
1 -
Application Framework
4 -
Application Override
1 -
applications
2 -
apps
1 -
Apps Threats Content Update
1 -
Ask Me Anything
3 -
Asset Detail View
1 -
Asset inventory
1 -
ATP
1 -
Authentication
2 -
Authentication Sequence
1 -
autofocus
10 -
autofocus threat
1 -
Automation
1 -
Autonomous
2 -
Autonomous DEM
3 -
Autonomous Digital Experience Management
2 -
AWS
20 -
Azure
14 -
Basic Configuration
1 -
Beacon
11 -
Best Practice
2 -
Best Practice Assessment
4 -
Best Practices
6 -
blog
4 -
Books
1 -
BPA
7 -
BPAPlus
1 -
Bridgecrew
2 -
Build
1 -
Canon
1 -
CASB
1 -
Case Creation
4 -
case management
1 -
Cases
1 -
categories
3 -
CBDR
1 -
CDSS
5 -
certificate
1 -
certificates
1 -
Certification
2 -
Certifications
3 -
Certifications & Exams
3 -
Checkov
2 -
cicd
1 -
Cisco ACI
2 -
CLI
2 -
CLI Command
2 -
CLI Reference Guide
1 -
cloud
48 -
cloud code security
2 -
Cloud Identity Engine
5 -
cloud managed prisma access
2 -
Cloud NGFW
3 -
Cloud NGFW for AWS
7 -
Cloud Security
12 -
cloud service
3 -
Cloud Services Portal
3 -
CloudBlade
2 -
CloudBlades
4 -
cloudgenix
4 -
CloudSecured
1 -
CN-Series
21 -
CNAME Cloaking
1 -
Cobalt Strike
1 -
Code
1 -
Code & Build
1 -
Code Security
1 -
Code Security module
1 -
Commit Process
1 -
community
127 -
Community Experience Refresh
1 -
community feedback
1 -
Community Guidance
2 -
community news
12 -
Community Team
1 -
company and culture
2 -
Compatibility
1 -
Compatibility View
1 -
Compute
1 -
Compute Edition
4 -
Configuration
20 -
Configuration and Management
5 -
consulting
1 -
Container
1 -
Containers
1 -
Content Updates
1 -
Content-ID
1 -
Cortex
50 -
Cortex Data Lake
10 -
Cortex XDR
52 -
Cortex XDR 2.0 Features
2 -
Cortex XDR 2.2 Features
1 -
Cortex XDR 2.3
1 -
Cortex XDR 2.4 Features
1 -
Cortex XDR 2.5 Features
1 -
Cortex XDR 2.6 Features
1 -
Cortex XDR 2.7 Features
1 -
Cortex XDR 2.9 Features
1 -
Cortex XDR 3.0 Features
1 -
Cortex XDR 3.1
1 -
Cortex XDR 7.4 Features
1 -
Cortex XDR 7.5 Features
1 -
Cortex XDR Agent
3 -
Cortex XDR Agent 7.3 features
1 -
Cortex XDR Features
1 -
Cortex Xpanse
9 -
Cortex XSIAM
4 -
Cortex XSOAR
52 -
Cortex XSOAR Webinar
1 -
COVID-19
2 -
creating policies
1 -
creating rules
2 -
credits
1 -
CSP
11 -
CSP outage
1 -
custom policies
1 -
custom report
2 -
Custom Reports
2 -
Custom Signatures
1 -
Customer Experience
2 -
Customer Help
2 -
Customer Journey
1 -
Customer News
4 -
Customer Success
15 -
Customer Support Portal
5 -
Customer Support Resources
1 -
CVE-2021-1675
1 -
CVE-2022-22963
1 -
CVE-2022-22965
1 -
CWPP
1 -
CX Day
3 -
CXDay2020
1 -
cyber elite
21 -
Cyber Elite Program
26 -
Cyberelite
17 -
cybersecurity
11 -
Cybersecurity Academy
1 -
Data Center
1 -
data lake
1 -
Data Loss Prevention
6 -
Data Loss Prevention 7000
1 -
data pattern
1 -
Data Security
1 -
dataplane
1 -
DDoS
1 -
Debug
4 -
Decryption
5 -
Defender
1 -
Dependency
1 -
Deploy
1 -
Deployment
1 -
Detection and Response
1 -
dev_ops
1 -
Developers
1 -
device management
1 -
DevSecOps
1 -
Discovery
1 -
discussion
2 -
discussions
1 -
DLP
5 -
dns
8 -
DNS Security
13 -
DoS Protection
1 -
dotw
8 -
Download
1 -
Drift Detection
1 -
Dynamic Updates
1 -
Dynamic Updates - Antivirus
1 -
EDL
3 -
edu
1 -
EDU-114
1 -
Education
17 -
Education Services
10 -
Educational Services
7 -
ela
1 -
email notification
1 -
Email Notifications
1 -
End of life
1 -
Endpoint
8 -
Endpoint Security Manager (ESM)
2 -
Enterprise
1 -
EOL
1 -
Error Message
1 -
Event
2 -
Events
75 -
Exams
1 -
Expedition
3 -
Expert Program
1 -
FAQ
1 -
feature request
1 -
FeatureRequest
2 -
Features
4 -
File Blocking
1 -
Filtering
2 -
filters
1 -
Firewall
87 -
Flow Logs
1 -
fuel
5 -
Fuel User Group
11 -
Fundamentals
1 -
gateway
1 -
gateway selection
1 -
gcp
6 -
Getting Started
1 -
Github
1 -
Global
1 -
Global Protect
1 -
GlobalProtect
46 -
GlobalProtect 5.0
3 -
GlobalProtect App
2 -
GlobalProtect Cloud Service
2 -
GlobalProtect HIP check
1 -
GlobalProtect Portal
1 -
GlobalProtect-COVID19
24 -
GlobalProtect-Resources
19 -
google
1 -
Google Chrome extension
1 -
google cloud platform
3 -
GP
3 -
GPCS
1 -
Grateful
1 -
Grayware
2 -
Guidance and Guidelines
2 -
ha
1 -
Happy Holidays
1 -
Hardening
1 -
Hardware
3 -
High Availability
1 -
HIP
1 -
HIP Check
1 -
How to
8 -
How-to
3 -
how_to
2 -
HTTP
1 -
hub
6 -
Hybrid Cloud
3 -
Hyper Scale
1 -
IAC
3 -
ICS
1 -
Identity
1 -
ignite
4 -
Ignite '22
2 -
Ignite 2021
8 -
Ignite 2022
13 -
Ignite 21
1 -
Ignite 22
4 -
Ignite conference
2 -
ignite2019
3 -
Ignite2020
8 -
Ignite21
5 -
IGNITEQ&A
1 -
Image Analysis Sandbox
1 -
initial configuration
1 -
Interactive Event
2 -
Interactive Events
1 -
Internet of Things
1 -
Investigation
1 -
IoMT
3 -
ION
1 -
IoT
18 -
IoT Security
31 -
IPSec
2 -
IPv6
1 -
Iron Skillet
1 -
IronSkillet
1 -
Kubernetes
4 -
LatinxHeritage
1 -
LatinxHeritageMonth
4 -
Learning
3 -
Learning Center
1 -
license
1 -
License Keys
1 -
licenses
2 -
licensing
1 -
live community
3 -
Live Community Help
4 -
livecommunity
14 -
log forwarding
5 -
Log Forwarding and Alerting
1 -
log retention period
1 -
Log Settings
1 -
Log4Shell
1 -
Logging
7 -
logging service
3 -
logging_services
1 -
login
1 -
LogJam
1 -
Logs
1 -
Mac OS X
1 -
machine learning
7 -
MacOS
2 -
Magnifier
1 -
Malware
4 -
Manage Drift
1 -
managed services
1 -
Management
29 -
Management & Administration
2 -
Mapping
3 -
MDR
1 -
member spotlight
1 -
MFA
3 -
micro-credentialing
1 -
Microsoft 365
1 -
Migration
3 -
Migration Tool
2 -
minemeld
2 -
Misconfiguration
1 -
ML-Powered NGFW
5 -
Mobile Workforce
1 -
Monthly Release
1 -
MSP
3 -
MSSP partners
1 -
multi factor authentication
1 -
Multi-Category URL Filtering
2 -
multi-factor authentication
1 -
multi-vsys
1 -
Nebula
2 -
Network
1 -
Network Exposure
1 -
Network Perimeter
2 -
network security
36 -
Network Security Management
1 -
Networking
1 -
New Features
8 -
News
4 -
next-generation firewall
13 -
Next-Generation Firewall. NGFW
4 -
Next-Generation Firewalls
2 -
NGFW
55 -
NGFW Configuration
25 -
notifications
1 -
NOVA
1 -
NPI
1 -
NSX
2 -
NSX-T
2 -
nutanix
1 -
OCI
3 -
office 365
1 -
Okta
1 -
on demand
2 -
Oracle Cloud
2 -
Oracle Cloud Infrastructure
5 -
OT
1 -
OT Security
1 -
Out of Band WAAS
1 -
PA Firewall
1 -
PA-220R
1 -
PA-7000 Series Firewall
1 -
Palo Alto Networks
1 -
PAN-Os
79 -
PAN-OS 10.0
4 -
PAN-OS 10.1
4 -
PAN-OS 10.2
3 -
PAN-OS 11.0
1 -
PAN-OS 9.0
7 -
PAN-OS 9.1
2 -
PANCast
2 -
PANCast. community
1 -
Panorama
35 -
Panorama Configuration
5 -
panorama_csr
1 -
PANOS-9.0
2 -
Parked
1 -
Path Visibility
1 -
PCCET
2 -
PCCSA
3 -
PCNSA
4 -
PCNSE
9 -
PDF summary report
1 -
Phishing
1 -
Playbook of the Week
1 -
plugin
3 -
policies
1 -
policy
2 -
Postman
1 -
Pre-Logon
1 -
PrintNightmare
1 -
prisma
24 -
Prisma "cloud code security" (CCS) module
2 -
Prisma Access
44 -
Prisma Access 2.0
1 -
Prisma Access 2.0 Upgrade
1 -
prisma access app
1 -
Prisma Access Cloud Management
3 -
prisma access insights
2 -
Prisma Access MSP
4 -
Prisma Cloud
23 -
Prisma Cloud Code Security
1 -
Prisma Cloud Compute Edition
2 -
Prisma Cloud Data Security
1 -
Prisma Cloud Enterprise Edition
1 -
Prisma Coud
1 -
Prisma SaaS
5 -
Prisma SASE
6 -
prisma SD-WAN
15 -
PrismaAccess
2 -
PrismaAccess-COVID19
11 -
prismaaccessinsights
2 -
Privacy Data Sheets
1 -
Private Cloud
4 -
Professional Services
2 -
Proxy
1 -
Proxy Avoidance
2 -
Public Cloud
2 -
Query Builder
1 -
Questionable
1 -
Quickplay Solutions
2 -
radar view
1 -
registry scanning
1 -
Release Notes
5 -
Release-Notes
3 -
Remediation
1 -
Remote Code Execution
1 -
Remote location
1 -
Remote Networks
2 -
report group
1 -
reporting and logging
2 -
Reports
3 -
Resource Explorer
1 -
Resources
4 -
RQL
2 -
RSA
1 -
Rule
1 -
Run
1 -
saas
6 -
Saas Security
6 -
SAML
2 -
SASE
13 -
SCADA
1 -
scanning
1 -
SD-WAN
13 -
Second Watch
1 -
Secure Input
1 -
secureinput
1 -
Security
9 -
Security Advisory
1 -
Security Operations
1 -
security policy
5 -
security profile
1 -
Security Profiles
2 -
Security Rulebase
1 -
security Service
2 -
Service Provider
1 -
Services
3 -
session
1 -
Setup & Administration
2 -
Shift-Left
2 -
SIEM
2 -
Skillets
3 -
Smart NIC
1 -
smb
1 -
SNMP Monitoring
1 -
SOC
1 -
Social Media
1 -
Software
1 -
Software Composition Analysis
1 -
SolarStorm
1 -
SolarWinds
1 -
Spark User Summit Event
1 -
Split Tunneling
1 -
Spring Framework
1 -
SpringShell
1 -
SSL
1 -
SSL Decryption
5 -
SSL Forward Proxy
1 -
Strata
5 -
Strata Firewall
2 -
Subscriptions
1 -
SUNBURST
1 -
Supply Chain Security
1 -
Support
25 -
Support Guidance
1 -
support portal
1 -
Symphony
1 -
Symphony 2023
1 -
TCP
2 -
Technologies
3 -
Terraform
3 -
Thankful 2020
1 -
Thanksgiving
1 -
Threat
31 -
Threat Detection
2 -
Threat Intelligence Management
3 -
threat log
1 -
Threat Management
4 -
threat prevention
8 -
Threat Prevention License
1 -
threat protection
1 -
Threat Vulnerability Advisory
1 -
Threats
2 -
Tips & Tricks
6 -
tls
1 -
TMS
4 -
Tools
3 -
Training
1 -
Traps
8 -
Traps Agent
8 -
Traps Management Service
4 -
Troubleshooting
8 -
Tutorial
13 -
Unified Asset Inventory
1 -
unit 42
21 -
unit42
6 -
upgrade
3 -
url categories
2 -
URL Filtering
12 -
URL Filtering (PAN-DB)
3 -
URL-Filtering
1 -
User Context
1 -
User-ID
8 -
User-ID & Authentication
1 -
User-ID mapping
2 -
userid
2 -
users
1 -
Veteran Training
3 -
Veterans Day
1 -
Video
8 -
Videos
4 -
VIP
1 -
Virtualization
7 -
VirusTotal
1 -
VM
1 -
VM-Series
56 -
VM-Series on AWS
4 -
VM-Series on Azure
3 -
VMware
2 -
VPN
2 -
Vsys
1 -
Vulnerability
17 -
Vulnerability Protection
3 -
WAAS
2 -
Web Application & API Security
1 -
webcast
1 -
Webinar
6 -
Wildcard DNS Abuse
1 -
WildFire
17 -
Wildfire API
1 -
Women's Equality Day
1 -
XDR
1 -
Xpanse
2 -
XSIAM
1 -
XSOAR
9 -
Year in Review
1 -
Yor
1 -
YouTube
3 -
Zero Trust
12 -
Zero Trust Network
2 -
Zero Trust Network Security
9 -
Zone Protection
1 -
ztna
2
- Previous
- Next
Top Liked Posts
| Subject | Likes |
|---|---|
| 3 Likes | |
| 3 Likes | |
| 3 Likes | |
| 2 Likes | |
| 2 Likes |
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks