AFA search rule fields

The following are lists of possible search field values based on the devices searched.

Note:  

Support for the Forcepoint brands (Sidewinder, StoneGate) and Hillstone was deprecated in ASMS version A30.00. As of A32.20, AlgoSec no longer supports adding new Symantec Blue CoatClosed As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. devices.

If you had defined these devices in an earlier version of ASMS, these devices are still available to you, with all the existing capabilities, but you cannot add new ones.

We recommend backing up device data before or after upgrading and then removing these devices from AFA. Make sure to download any report zip files for the device before deleting.

For more details, see View an earlier report for a specific device and the relevant AlgoPedia KB article.

No device selected

If no device is selected, the search is run on all devices.

  • [EMPTY] – all fields
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (Source or Destination)
  • SERVICE
  • ACTION
  • FROM (from zone)
  • TO (to zone)
  • USER
  • APPLICATION
  • NAME
  • COMMENT
  • LOG
  • TIME
  • ENABLE
  • DOCUMENTATION

Symantec Blue CoatClosed As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. Devices

  • [EMPTY] – all fields
  • RULE (rule number)
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • Service
  • TIME
  • ACTION
  • TRACK
  • COMMENTS

Check Point Devices

  • [EMPTY] – all fields
  • ACTION
  • COMMENTS
  • DESTINATION
  • ENABLE
  • INSTALL (installed on)
  • NAME (rule name)
  • RULENUM (rule number)
  • SERVICES
  • SOURCE
  • SOURCE_DESTINATION (Source or Destination)
  • TIME
  • TRACK
  • VPN

Cisco Firewalls

  • [EMPTY] – all fields
  • ENABLE
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • LOG
  • TIME
  • COMMENTS

Cisco Routers

  • [EMPTY] – all fields
  • NAME (rule id)
  • LINE (text in the configuration line)

Forcepoint (McAfee) Sidewinder Devices

  • [EMPTY] – all fields
  • NAME (rule name)
  • ENABLE
  • ACTION
  • SERVICE
  • FROM (source burb)
  • SOURCE
  • TO (destination burb)
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • COMMENT (description)
  • APPLICATION DEFENSE
  • AUTHENTICATION
  • DESCRIPTION
  • PORTS
  • IPS SIGNATURE GROUP
  • IPS RESPONSE
  • TRUSTEDSOURCE
  • SOURCE NAT
  • DESTINATION REDIRECT

Fortinet FortiGate and FortiManager Devices

  • [EMPTY] – all fields
  • RULE (rule ID)
  • FROM
  • TO
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • COMMENT
  • LOG
  • SCHEDULE

Juniper Space and SRX Devices

  • [EMPTY] – all fields
  • RULE (rule name)
  • FROM (from zone)
  • TO (to zone)
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE (Application)
  • ACTION
  • LOG
  • TIME

Juniper NSM and NetScreen Devices

  • [EMPTY] – all fields
  • RULE (rule ID)
  • NAME (rule name)
  • FROM ZONE
  • TO ZONE
  • SOURCE
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • SERVICE
  • ACTION
  • SOURCENAT (source NAT)
  • DESTINATIONNAT (destination NAT)
  • TIMECLAUSE
  • ENABLE
  • TRACK

Palo Alto Devices

  • [EMPTY] – all fields
  • NAME
  • TAG
  • FROM (from zone)
  • SOURCE
  • USER
  • HIP PROFILE
  • TO (to zone)
  • DESTINATION
  • SOURCE_DESTINATION (source or destination)
  • APPLICATION
  • SERVICE
  • ACTION
  • PROFILE
  • OPTIONS
  • COMMENT