'fw sam_policy get' and 'fw6 sam

'fw sam_policy get' and 'fw6 sam_policy get'

Description

The 'fw sam_policy get' and 'fw6 sam_policy get' commands let you:

Show all the configured Suspicious Activity Monitoring (SAM) rules.
Show all the configured Rate Limiting rules.

Notes:

You can run these commands interchangeably: 'fw sam_policy get add' and 'fw samp get'.
Security Gateway stores the SAM Policy rules in the $FWDIR/database/sam_policy.db file.
The SAM Policy management file is $FWDIR/database/sam_policy.mng.
You can run these commands in Gaia Clish, or Expert mode.

Important:

VSX Gateway does not support Suspicious Activity Policy configured in SmartView Monitor. See sk79700.
The SAM Policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM Policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk.
On VSX Gateway, first go to the context of an applicable Virtual System.
In Gaia Clish, run: set virtual-system <VSID>

In Expert mode, run: vsenv <VSID>
In Cluster, you must configure the SecureXL in the same way on all of the Cluster Members.

Syntax for IPv4

fw [-d] sam_policy get [-l] [-u '<Rule UID>'] [-k '<Key>' -t <Type> [+{-v '<Value>'}] [-n]]

Syntax for IPv6

fw6 [-d] sam_policy get [-l] [-u '<Rule UID>'] [-k '<Key>' -t <Type> [+{-v '<Value>'}] [-n]]

Parameters

Note - All these parameters are optional.

Parameter	Description
`-d`	Runs the command in debug mode. Use only if you troubleshoot the command itself.
`-l`	Controls how to print the rules: In the default format (without `-l`), the output shows each rule on a separate line. In the list format (with `-l`), the output shows each parameter of a rule on a separate line. See 'fw sam_policy add' and 'fw6 sam_policy add'.
`-u '<`Rule UID`>'`	Prints the rule specified by its Rule UID or its zero-based rule index. The quote marks and angle brackets ('<...>') are mandatory.
`-k '`<Key>'	Prints the rules with the specified predicate key. The quote marks are mandatory.
`-t` <Type>	Prints the rules with the specified predicate type. For Rate Limiting rules, you must always use "`-t in`".
`+{-v '<`Value`>'}`	Prints the rules with the specified predicate values. The quote marks are mandatory.
`-n`	Negates the condition specified by these predicate parameters: `-k` `-t` `+-v`

Example 1 - Output in the default format

[Expert@GW:0]# fw samp get

operation=add uid=<5ac3965f,00000000,3403a8c0,0000264a> target=all timeout=300 action=notify log=log name=Test\ Rule comment=Notify\ about\ traffic\ from\ 1.1.1.1 originator=John\ Doe src_ip_addr=1.1.1.1 req_tpe=ip

Example 2 - Output in the list format

[Expert@GW:0]# fw samp get -l

uid

<5ac3965f,00000000,3403a8c0,0000264a>

target

all

timeout

2147483647

action

notify

log

name

Test\ Rule

comment

Notify\ about\ traffic\ from\ 1.1.1.1

originator

John\ Doe

src_ip_addr

1.1.1.1

req_type

Example 3 - Printing a rule by its Rule UID

[Expert@GW:0]# fw samp get -u '<5ac3965f,00000000,3403a8c0,0000264a>'

Example 4 - Printing rules that match the specified filters

[Expert@MyGW:0]# fw samp get

no corresponding SAM policy requests

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp add -a d -l r -t 3600 quota service any source range:172.16.7.11-172.16.7.13 new-conn-rate 5 flush true

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp add -a n -l r quota service 1,50-51,6/443,17/53 service-negated true source cc:QQ byte-rate 0

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp add -a b quota source range:172.16.8.17-172.16.9.121 service 6/80

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp add -a d quota service any source-negated true source cc:QQ concurrent-conns-ratio 655 track source

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get

operation=add uid=<5bab3acf,00000000,3503a8c0,00003ddc> target=all timeout=indefinite action=drop service=any source-negated=true source=cc:QQ concurrent-conns-ratio=655 track=source req_type=quota

operation=add uid=<5bab3ac6,00000000,3503a8c0,00003dbf> target=all timeout=3586 action=drop log=log service=any source=range:172.16.7.11-172.16.7.13 new-conn-rate=5 flush=true req_type=quota

operation=add uid=<5bab3acc,00000000,3503a8c0,00003dd7> target=all timeout=indefinite action=bypass source=range:172.16.8.17-172.16.9.121 service=6/80 req_type=quota

operation=add uid=<5bab3ac9,00000000,3503a8c0,00003dd5> target=all timeout=indefinite action=notify log=log service=1,50-51,6/443,17/53 service-negated=true source=cc:QQ byte-rate=0 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'service' -t in -v '6/80'

operation=add uid=<5bab3acc,00000000,3503a8c0,00003dd7> target=all timeout=indefinite action=bypass source=range:172.16.8.17-172.16.9.121 service=6/80 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'service-negated' -t in -v 'true'

operation=add uid=<5bab3ac9,00000000,3503a8c0,00003dd5> target=all timeout=indefinite action=notify log=log service=1,50-51,6/443,17/53 service-negated=true source=cc:QQ byte-rate=0 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'source' -t in -v 'cc:QQ'

operation=add uid=<5bab3acf,00000000,3503a8c0,00003ddc> target=all timeout=indefinite action=drop service=any source-negated=true source=cc:QQ concurrent-conns-ratio=655 track=source req_type=quota

operation=add uid=<5bab3ac9,00000000,3503a8c0,00003dd5> target=all timeout=indefinite action=notify log=log service=1,50-51,6/443,17/53 service-negated=true source=cc:QQ byte-rate=0 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k source -t in -v 'cc:QQ' -n

operation=add uid=<5bab3ac6,00000000,3503a8c0,00003dbf> target=all timeout=3291 action=drop log=log service=any source=range:172.16.7.11-172.16.7.13 new-conn-rate=5 flush=true req_type=quota

operation=add uid=<5bab3acc,00000000,3503a8c0,00003dd7> target=all timeout=indefinite action=bypass source=range:172.16.8.17-172.16.9.121 service=6/80 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'source-negated' -t in -v 'true'

operation=add uid=<5baa94e0,00000000,860318ac,00003016> target=all timeout=indefinite action=drop service=any source-negated=true source=cc:QQ concurrent-conns-ratio=655 track=source req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'byte-rate' -t in -v '0'

operation=add uid=<5baa9431,00000000,860318ac,00002efd> target=all timeout=indefinite action=notify log=log service=1,50-51,6/443,17/53 service-negated=true source=cc:QQ byte-rate=0 req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'flush' -t in -v 'true'

operation=add uid=<5baa9422,00000000,860318ac,00002eea> target=all timeout=2841 action=drop log=log service=any source=range:172.16.7.11-172.16.7.13 new-conn-rate=5 flush=true req_type=quota

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw samp get -k 'concurrent-conns-ratio' -t in -v '655'

operation=add uid=<5baa94e0,00000000,860318ac,00003016> target=all timeout=indefinite action=drop service=any source-negated=true source=cc:QQ concurrent-conns-ratio=655 track=source req_type=quota

[Expert@MyGW:0]#