fw sam_policy get

Description

The "fw sam_policy get" and "fw6 sam_policy get" commands:

  • Show all the configured Suspicious Activity Monitoring (SAM) rules.

  • Show all the configured Rate Limiting rules.

Notes:

  • These commands are interchangeable:

    • For IPv4: "fw sam_policy" and "fw samp".

    • For IPv6: "fw6 sam_policy" and "fw6 samp".

  • You can run these commands in Gaia Clish, or Expert mode.

  • Security Gateway stores the SAM Policy rules in the $FWDIR/database/sam_policy.db file.

  • Security Gateway stores the SAM Policy management settings in the $FWDIR/database/sam_policy.mng file.

Important:

  • Configuration you make with these commands, survives reboot.

  • VSX mode does not support Suspicious Activity Policy configured in SmartView Monitor. See sk79700.

  • In VSX mode, you must go to the context of an applicable Virtual System.

    • In Gaia Clish, run: set virtual-system <VSID>

    • In the Expert mode, run: vsenv <VSID>

  • In a Cluster, you must configure all the Cluster Members in the same way.

Best Practice - The SAM Policy rules consume some CPU resources on Security Gateway. Set an expiration for rules that gives you time to investigate, but does not affect performance. Keep only the required SAM Policy rules. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk.

Syntax for IPv4

fw [-d] sam_policy get [-l] [-u '<Rule UID>'] [-k '<Key>' -t <Type> [+{-v '<Value>'}] [-n]]

Syntax for IPv6

fw6 [-d] sam_policy get [-l] [-u '<Rule UID>'] [-k '<Key>' -t <Type> [+{-v '<Value>'}] [-n]]

Parameters

Note - All these parameters are optional.

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-l

Controls how to print the rules:

  • In the default format (without "-l"), the output shows each rule on a separate line.

  • In the list format (with "-l"), the output shows each parameter of a rule on a separate line.

  • See the "fw sam_policy add" command.

-u '<Rule UID>'

Prints the rule specified by its Rule UID or its zero-based rule index.

The quote marks and angle brackets ('<...>') are mandatory.

-k '<Key>'

Prints the rules with the specified predicate key.

The quote marks are mandatory.

-t <Type>

Prints the rules with the specified predicate type.

For Rate Limiting rules, you must always use "-t in".

+{-v '<Value>'}

Prints the rules with the specified predicate values.

The quote marks are mandatory.

-n

Negates the condition specified by these predicate parameters:

  • -k

  • -t

  • +-v

Examples