Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Searching Device Rules

SUMMARY In JSA Risk Manager, you can search for rules that changed on the devices in your topology. You can also discover rule changes that occur between device configuration backups.

The results that are returned for a rule search are based on the configuration source management backup of your device. To ensure that rule searches provide up-to-date information, you can schedule device backups in your firewall policy update page.

  1. Click the Risks tab.
  2. In the navigation pane, click Configuration Monitor.
  3. Double-click a device from the Configuration Monitor page.
  4. On the Rules pane toolbar, click Search > New Search.
  5. In the Search Criteria area, click a time range.
  6. To search your device rules, choose from the following options:
    Search filter Description
    Shadowed, Deleted, or Other rule status Click a status option.

    By default, all status options are enabled. To search for shadow rules only, clear the Deleted and Other options.

    Access control list (ACL) Type in the List field.
    Order number Type a numeric value in the Entry field.
    Source or destination Type an IP address, CIDR address, hostname, or object group reference.
    Ports or object group references Type in the Service field.

    The service can include port ranges, such as 100-200, or port expressions, such as 80(TCP). If the port is negated, the port information also includes an exclamation mark and might be surrounded by parenthesis. For example, the negated port information might look like !(100-200) or !80(TCP).

    Vulnerability rule information For information defined by the IPS device, type in the Signature field.
    Applications by adapter Click Select Applications, then type an adapter or application name.
  7. Click Search.