Scribd Logo
Upload

Welcome to Scribd!

  • How To View Security Policies From The CLI

    Uploaded by

    Chau Nguyen
    26 views4 pages
    PCNSE7-course201-Day1-Policy and NAT

    Original Title

    How to View Security Policies From the CLI

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    PCNSE7-course201-Day1-Policy and NAT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    26 views4 pages

    How To View Security Policies From The CLI

    Uploaded by

    Chau Nguyen
    PCNSE7-course201-Day1-Policy and NAT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    How to View Security Policies from the CLI | Palo Alto Networks Live 3/22/15, 4:27 PM

    All Places > Knowledge Base > Documents

    How to View Security Policies from the


    CLI Version 4

    created by nrice on Apr 4, 2010 10:55 AM, last modified by nrice on Feb 7, 2014 9:22 AM

    To view the Palo Alto Networks security policies:

    > show running security-policy

    Rule From Source To


    Dest. User Proto Port Range
    e Application Action
    ---------------- ------------ -------------------------------- ------------ ------------------------
    -------- -------------------------------- ----- ---------
    -- ---------------- ------
    Doms DLP untrust-vwir 10.16.0.92 untrust-vwir any
    any any any
    any allow
    trust-vwire trust-vwire
    rule4 untrust-vwir any untrust-vwir
    10.16.0.92 any any any
    any allow
    trust-vwire trust-vwire
    rule3 trust-vwire any untrust-vwir
    any any any any
    any allow

    The following command will output the entire configuration (show config running):

    For set format output:


    > set cli config-output-format set
    > configure
    Entering configuration mode
    [edit]
    # edit rulebase security
    [edit rulebase security]
    # show
    set rulebase security rules rashi from trust-vwire
    set rulebase security rules rashi from untrust-vwire
    set rulebase security rules rashi to trust-vwire
    set rulebase security rules rashi to untrust-vwire
    set rulebase security rules rashi source 10.16.0.21

    https://live.paloaltonetworks.com/docs/DOC-1383 Page 1 of 4
    How to View Security Policies from the CLI | Palo Alto Networks Live 3/22/15, 4:27 PM

    set rulebase security rules rashi destination any


    set rulebase security rules rashi service any
    set rulebase security rules rashi application adobe-meeting-remote-control
    set rulebase security rules rashi application adobe-meeting
    set rulebase security rules rashi application adobe-online-office
    set rulebase security rules rashi action deny
    set rulebase security rules rashi source-user any
    set rulebase security rules rashi option disable-server-response-inspection no
    set rulebase security rules rashi negate-source no
    set rulebase security rules rashi negate-destination no
    set rulebase security rules rashi disabled yes
    set rulebase security rules rashi log-start no
    set rulebase security rules rashi log-end yes

    To switch to the default output:


    # run set cli config-output-format default
    [edit rulebase security]
    # show
    security {
    rules {
    rashi {
    from [ trust-vwire untrust-vwire];
    to [ trust-vwire untrust-vwire];
    source 10.16.0.21;
    destination any;
    service any;
    application [ adobe-meeting-remote-control adobe-meeting adobe-online-
    office];
    action deny;
    source-user any;
    option {
    disable-server-response-inspection no;
    }
    negate-source no;
    negate-destination no;
    disabled yes;
    log-start no;
    log-end yes;
    profile-setting {
    profiles {
    file-blocking rashi_file_alert;
    data-filtering rashi_dlp;
    }

    https://live.paloaltonetworks.com/docs/DOC-1383 Page 2 of 4
    How to View Security Policies from the CLI | Palo Alto Networks Live 3/22/15, 4:27 PM

    To view the configuration in XML format:


    # run set cli config-output-format xml
    [edit rulebase security]
    # show
    <response status="success" code="19">
    <result total-count="1" count="1">
    <security>
    <rules>
    <entry name="rashi">
    <from>
    <member>trust-vwire</member>
    <member>untrust-vwire</member>
    </from>
    <to>
    <member>trust-vwire</member>
    <member>untrust-vwire</member>
    </to>
    <source>
    <member>10.16.0.21</member>
    </source>
    <destination>
    <member>any</member>
    </destination>
    <service>
    <member>any</member>
    </service>
    <application>
    <member>adobe-meeting-remote-control</member>
    <member>adobe-meeting</member>
    <member>adobe-online-office</member>
    </application>
    <action>deny</action>
    <source-user>
    <member>any</member>
    </source-user>
    <option>
    <disable-server-response-inspection>no</disable-server-response-
    inspection>
    </option>
    <negate-source>no</negate-source>
    <negate-destination>no</negate-destination>
    <disabled>yes</disabled>

    https://live.paloaltonetworks.com/docs/DOC-1383 Page 3 of 4
    How to View Security Policies from the CLI | Palo Alto Networks Live 3/22/15, 4:27 PM

    <log-start>no</log-start>
    <log-end>yes</log-end>
    <profile-setting>
    <profiles>
    <file-blocking>
    <member>rashi_file_alert</member>
    </file-blocking>
    <data-filtering>

    owner: panagent

    3423 Views Categories: Policies Tags : cli, configuration, security_policy

    Average User Rating My Rating:

    (7 ratings)

    0 Comments

    There are no comments on this document.

    1.866.320.4788 Privacy Policy Legal Notices Site Index Subscriptions


    Copyright 2007-2013 Palo Alto Networks

    Home | Top of page | About Jive | Help 2007-2012 Jive Software |

    https://live.paloaltonetworks.com/docs/DOC-1383 Page 4 of 4

    You might also like