What can I do here?
Use this window to search the access control, NAT, or Threat Prevention Rule Base.
Getting Here - Security Policies > Access/NAT/Threat Prevention > Policy. Click inside the Rule Base search bar. |
The search box looks for the query term in all columns of the Rule Base. For example, if the query term is "Check Point" , the search finds all rules that use this term. The results returned by the query are direct or indirect.
You can also search the Rule Base using these predefined tokens:
Button Name |
Text name |
Refers to an object in the: |
---|---|---|
Source |
|
Source column |
Destination |
|
Destination column |
VPN |
|
VPN column |
Services |
|
Services and Applications column |
Applications |
|
Services and Applications column |
Install On |
|
Install On column |
Action |
|
Action column |
Track |
|
Track column |
Note - These tokens are used for searching the access control policy. The NAT and Threat Prevention policies use different but similar ones.
To use a token in a search:
Suggestions for Source or Destination show.
Suggestions for source show after typing the final colon (:)
Suggestions for source show after typing the final colon (:)
A token can be written in any combination of upper and lower case letters.
The content name is appended to the token, for example: src:DMZNet
.
Note - Typing the token name into the search box does not always produce the same results as selecting from the list. For example:
app:http
searches for words with an http prefix.app:
then selecting http from the list searches for exact matches on http. Objects selected from the list show in bold font.You can run an advanced search for an IP address, network, or port. It returns direct and indirect matches for your search criteria.
These are the different IP search modes:
General IP Search
This is the default search mode. Use it to search in Rule Bases and in objects. If you enter a string that is not a valid IP or network, the search engine treats it as text.
When you enter a valid IP address or network, an advanced search is done and on these objects and rules:
Packet Search
A Packet Search matches rules as if a packet with your IP address arrives at the gateway. It matches rules that have:
To run a Packet Search:
The search window opens.
Rule Base Results
When you enter search criteria and view the matched results, the value that matched the criteria in a rule is highlighted.
If there is... |
This is highlighted |
---|---|
A direct match on an object name or on textual columns |
Only the specific matched characters |
A direct match on object properties |
The entire object name |
A negated column |
The negated label |
A match on "Any" |
"Any" |
Known Limitation:
Use operators by typing them into the query in upper case format only. For example: "mycompany OR src: AuxiliaryNet".
If an operator is not used, the default AND operator applies. For example app:http John
produces the same result as app:http
AND John
.
Query Examples:
To stop a running query: