Manually searching through the policies can be pretty hard if there are many rules and it's been a long day. Luckily, there are search functions available to you to make life a little easier.
First off, you can simply type in any keyword you are looking for, which can be a policy name (as one word), an IP address/subnet or object name, an application, or a service.
One caveat is that this needs to be a string match, so it cannot be a subnet. Wildcards (*) are not supported.
You can also search within a specific field, like source zone or application. There's an easy drop-down function you can use to automatically create the search filter.
You can also create a search string manually. I've provided a list of all fields below:
Tags: (tag/member eq 'tagname')
Name: (name contains 'unlocate-block')
Type: (rule-type eq 'intrazone|interzone')
Source Zone: (from/member eq 'zonename')
Source Address: (source/member eq 'any|ip|object')
Source User: (source-user/member eq 'any|username|groupname')
Hip profile: (hip-profiles/member eq 'any|profilename')
Destination Zone: (to/member eq 'zonename')
Destination Address: (destination/member eq 'any|ip|object')
Destination User: (destination-user/member eq 'any|username|groupname')
Application: (application/member eq 'any|applicationname|applicationgroup|applicationfilter')
Service: (service/member eq 'any|servicename|application-default')
URL Category: (category/member eq 'any|categoryname')
This is a destination category, not a URL filtering security profile
Action: (action eq 'allow|drop|deny|reset-client|reset-server|reset-both')
Action send ICMP unreachable: (icmp-unreachable eq 'yes')
(profile-setting/profiles/virus/member eq 'profilename')
(profile-setting/profiles/spyware/member eq 'profilename')
(profile-setting/profiles/vulnerability/member eq 'profilename')
(profile-setting/profiles/url-filtering/member eq 'profilename')
(profile-setting/profiles/file-blocking/member eq 'profilename')
(profile-setting/profiles/wildfire-analysis/member eq 'profilegroupname')
(profile-setting/group/member eq 'profilename')
Disable server response inspection: (option/disable-server-response-inspection eq 'yes')
Log at session start: (log-start eq 'yes|no')
Log at session end: (log-end eq 'yes|no')
Schedule: (schedule eq 'schedulename')
Log Forwarding: (log-setting eq "forwardingprofilename')
Qos Marking: (qos/marking/ip-dscp eq 'codepoint')
(qos/marking/ip-precedence eq 'codepoint')
(qos/marking/follow-c2s-flow eq '')
Description: (description contains '<keyword>')
Disabled policy: (disabled eq yes|no)
policies will only respond to 'no' if they have been disabled before
- searched terms are case sensitive! (Untrust or untrust)
- operands include 'eq', 'neq', 'contains'
Lastly, the Tag Browser can also come in very handy if you're able to tag all your security policies. It can be used in a similar way as the search function and display only the selected tags.
More information and a tutorial video on the Tag Browser can be found here: Tutorial: Tag Browser
Also take a look at our video and transcript on Filtering the Security Policy.
Hope this was helpful, feel free to ask questions or post remarks below.