Searching the SmartConsole Rule Bases
You can search the SmartConsole
Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Bases for rules, objects, IP addresses, or any other information related to each Rule Base All rules configured in a given Security Policy. Synonym: Rulebase..
To search an object in a Rule Base, use one of these search methods:
General Search
This is the default search mode. General Search performs a text-based search across the Rule Base. Enter the required object name in the search box above the Rule Base.
You can search for an object by its full name or:
- Enter the prefix of the object's name. For example, to find USGlobalHost, enter USG in the search box.
- Enter any sequence of characters in the object’s name, preceded by an asterisk (*). For example, to find USGlobalHost, enter *oba, *host, or *SG.
General Search for an IP Address or a Network
When you enter a valid IP address or a network, the search returns these results:
- Objects with an IP address property (direct results).
- Objects containing the IP address as text (for example, in comments in the object editor).
- Networks, IP address ranges, groups (including groups with exclusions), and rules containing the specified IP address or network.
To refine your search, SmartConsole supports these predefined search tokens:
|
View |
Search Tokens |
|---|---|
| Security Policies view > Access Control > Policy | Source, Destination, VPN, Services, Applications, Install On, Action, Track, Hits. |
| Security Policies view > Access Control > NAT | Original Source, Original Destination, Original Services, Translated Source, Translated Destination, Translated Services, Install On, Hits. |
| Security Policies view > Threat Prevention > Custom Policy | Scope, Source, Destination, Service, Protection, Install On. |
| Security Policies > HTTPS Inspection > Inbound Policy or Outbound Policy | Source, Destination, Install On, Category/Custom Application |
| Security Policies > Shared Policies > Mobile Access > Policy | Applications, User Groups, Install On |
| Security Policies > Shared Policies > Mobile Access > Profiles Policy | Mobile Profiles, User Groups |
To search a Rule Base using a search token:
-
In the search box, select the required search token .
-
Enter the name of the object you wish to search.
|
|
Note - To navigate between search results, use the arrows on the right side of the search box. |
Packet Search
Packet Search simulates how a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. processes a real packet. It scans the Source and Destination columns in the Rule Base and identifies all rules and objects (including nested groups) that can capture the packet.
Packet Search returns these results:
- When searching for an IP address - The specified IP address and any networks that contain it.
- When searching for a network - The specified network, all IP addresses that the network contains, and any larger networks that contain it.
- All rules where the Source or Destination column is set to Any.
- Rules that include the IP address or network within groups using exclusions, or in fields set to "negated" (matching everything except the specified IP address).
To run a Packet Search:
- Click the search box above the Rule Base.
- Select Packet Mode > On, or enter: "mode:Packet".
- To search a specific rule column, enter: ColumnName:Criteria.
|
|
Note - To navigate between search results, use the arrows on the right side of the search box. |
|
|
Known Limitation- Packet Search does not support IPv6. |
Packet Search in Intersection Mode
Starting from R81.20 Jumbo Hotfix Accumulator Collection of hotfixes combined into a single package. Acronyms: JHA, JHF, JHFA. Take 122.
Packet search in Intersection mode refines the packet search, enabling you to apply these specific search filters:
-
Any - Returns rules in which the Source or Destination column includes the IP address or network you entered in the search.
-
Exact - Returns only rules in which the Source or Destination column has the exact IP address or network you entered in the search.
-
Containing - Returns rules in which the IP address or network you entered in the search, contains the IP address or network in the Source or Destination column.
For example: A search for 1.1.0.0/16 matches rules with 1.1.0.0/24 as well as 1.1.0.0/16 itself.
-
Contained - Returns rules in which the IP address or network in the Source or Destination column contains the IP address or network you searched for.
For example: A search for 1.1.0.0/8 matches rules with 1.1.0.0/24 as well as 1.1.0.0/16 itself
Packet search in Intersection mode is only available through API. There is currently no user interface for it in SmartConsole. For more information, see the API Management Reference Guide.
|
|
Known Limitation- Packet search in Intersection mode does not support IPv6. |
Rule Base Results
Matched rules in the Rule Base are highlighted to help you quickly identify relevant results.
|
Text contains |
This is highlighted |
|---|---|
|
A direct match on an object name or on textual columns |
Only the specific matched characters |
|
A direct match on object properties |
The entire object name |
|
A negated column |
The negated label |
|
A match on "Any" |
"Any" |