AFA search rule fields

The following are lists of possible search field values based on the devices searched.

Note:  

Support for the Forcepoint brands (Sidewinder, StoneGate) and Hillstone was deprecated in ASMS version A30.00.

If you had defined these devices in an earlier version of ASMS, these devices are still available to you, with all the existing capabilities, but you cannot add new ones after upgrading.

We recommend backing up device data before or after upgrading and then removing these devices from AFA. Make sure to download any report zip files for the device before deleting.

For more details, see View an earlier report for a specific device and the relevant AlgoPedia KB article.

No device selected

If no device is selected, the search is run on all devices.

  • [EMPTY] – all fields
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (Source or Destination)
  • SERVICE
  • ACTION
  • FROM (from zone)
  • TO (to zone)
  • USER
  • APPLICATION
  • NAME
  • COMMENT
  • LOG
  • TIME
  • ENABLE
  • DOCUMENTATION

Back to top

Symantec Blue Coat Devices

  • [EMPTY] – all fields
  • RULE (rule number)
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • Service
  • TIME
  • ACTION
  • TRACK
  • COMMENTS

Back to top

Check Point Devices

  • [EMPTY] – all fields
  • ACTION
  • COMMENTS
  • DESTINATION
  • ENABLE
  • INSTALL (installed on)
  • NAME (rule name)
  • RULENUM (rule number)
  • SERVICES
  • SOURCE
  • SOURCE_DESTINATION (Source or Destination)
  • TIME
  • TRACK
  • VPN

Back to top

Cisco Firewalls

  • [EMPTY] – all fields
  • ENABLE
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • LOG
  • TIME
  • COMMENTS

Back to top

Cisco Routers

  • [EMPTY] – all fields
  • NAME (rule id)
  • LINE (text in the configuration line)

Back to top

Forcepoint (McAfee) Sidewinder Devices

  • [EMPTY] – all fields
  • NAME (rule name)
  • ENABLE
  • ACTION
  • SERVICE
  • FROM (source burb)
  • SOURCE
  • TO (destination burb)
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • COMMENT (description)
  • APPLICATION DEFENSE
  • AUTHENTICATION
  • DESCRIPTION
  • PORTS
  • IPS SIGNATURE GROUP
  • IPS RESPONSE
  • TRUSTEDSOURCE
  • SOURCE NAT
  • DESTINATION REDIRECT

Back to top

Fortinet FortiGate and FortiManager Devices

  • [EMPTY] – all fields
  • RULE (rule ID)
  • FROM
  • TO
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • COMMENT
  • LOG
  • SCHEDULE

Back to top

Juniper Space and SRX Devices

  • [EMPTY] – all fields
  • RULE (rule name)
  • FROM (from zone)
  • TO (to zone)
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE (Application)
  • ACTION
  • LOG
  • TIME

Back to top

Juniper NSM and NetScreen Devices

  • [EMPTY] – all fields
  • RULE (rule ID)
  • NAME (rule name)
  • FROM ZONE
  • TO ZONE
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • SOURCENAT (source NAT)
  • DESTINATIONNAT (destination NAT)
  • TIMECLAUSE
  • ENABLE
  • TRACK

Back to top

Palo Alto Devices

  • [EMPTY] – all fields
  • NAME
  • TAG
  • FROM (from zone)
  • SOURCE
  • USER
  • HIP PROFILE
  • TO (to zone)
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • APPLICATION
  • SERVICE
  • ACTION
  • PROFILE
  • OPTIONS
  • COMMENT

Back to top