Print Download Documentation Send Feedback

Previous

Next

Searching a Rule Base

What can I do here?

Use this window to search the access control, NAT, or Threat Prevention Rule Base.

Getting Here

Getting Here - Security Policies > Access/NAT/Threat Prevention > Policy. Click inside the Rule Base search bar.

Rule Base Search

The search box looks for the query term in all columns of the Rule Base. For example, if the query term is "Check Point" , the search finds all rules that use this term. The results returned by the query are direct or indirect.

You can also search the Rule Base using these predefined tokens:

Button Name

Text name

Refers to an object in the:

Source

src:

Source column

Destination

dst:

Destination column

VPN

vpn:

VPN column

Services

svc:

Services and Applications column

Applications

app:

Services and Applications column

Install On

installOn:

Install On column

Action

action:

Action column

Track

track:

Track column

Note - These tokens are used for searching the access control policy. The NAT and Threat Prevention policies use different but similar ones.

To use a token in a search:

  1. Enter a token in to the search bar
    • Click on a token button, for example Source or Destination.

      Suggestions for Source or Destination show.

    • Type the full name, for example Source: with a colon at the end.

      Suggestions for source show after typing the final colon (:)

    • Type the shortcut name, for example: src:

      Suggestions for source show after typing the final colon (:)

    A token can be written in any combination of upper and lower case letters.

  2. Select one or more of the suggestions from the list.

    The content name is appended to the token, for example: src:DMZNet.

  3. Click the search icon or hit Enter.

Note - Typing the token name into the search box does not always produce the same results as selecting from the list. For example:

IP Search

You can run an advanced search for an IP address, network, or port. It returns direct and indirect matches for your search criteria.

These are the different IP search modes:

General IP Search

This is the default search mode. Use it to search in Rule Bases and in objects. If you enter a string that is not a valid IP or network, the search engine treats it as text.

When you enter a valid IP address or network, an advanced search is done and on these objects and rules:

Packet Search

A Packet Search matches rules as if a packet with your IP address arrives at the gateway. It matches rules that have:

To run a Packet Search:

  1. Click the search box.

    The search window opens.

  2. Click Packet or enter: "mode:Packet"
  3. To search a specific rule column, enter: ColumnName:Criteria

Rule Base Results

When you enter search criteria and view the matched results, the value that matched the criteria in a rule is highlighted.

If there is...

This is highlighted

A direct match on an object name or on textual columns

Only the specific matched characters

A direct match on object properties

The entire object name

A negated column

The negated label

A match on "Any"

"Any"

Known Limitation:

Using Boolean Operators in a Search Query

Use operators by typing them into the query in upper case format only. For example: "mycompany OR src: AuxiliaryNet".

If an operator is not used, the default AND operator applies. For example app:http John produces the same result as app:http AND John.

Query Examples:

To stop a running query:

Query Examples

Stopping a Running Query

  1. Click the X button in the search box.
  2. Clear the search box and press enter.
  3. Start a new search. The new search overrides the previous one.

Keyboard Navigation