Use Global Find to Search the Firewall or Panorama Management Server

Global Find enables you to search the candidate configuration on a firewall or on Panorama for a particular string, such as an IP address, object name, policy rule name, threat ID, application name. In addition to searching for configuration objects and settings, you can search by job ID or job type for manual commits that administrators performed or auto-commits that the firewall or Panorama performed. The search results are grouped by category and provide links to the configuration location in the web interface, so that you can easily find all of the places where the string is referenced. The search results also help you identify other objects that depend on or make reference to the search term or string. For example, when deprecating a security profile enter the profile name in Global Find to locate all instances of the profile and then click each instance to navigate to the configuration page and make the necessary change. After all references are removed, you can then delete the profile. You can do this for any configuration item that has dependencies.
Global Find will not search dynamic content (such as logs, address ranges, or allocated DHCP addresses). In the case of DHCP, you can search on a DHCP server attribute, such as the DNS entry, but you cannot search for individual addresses allocated to users. Global Find also does not search for individual user or group names identified by User-ID unless the user/group is defined in a policy. In general, you can only search content that the firewall writes to the configuration.
  • Launch Global Find by clicking the
    Search
    icon located on the upper right of the web interface.
    global-find-search-location.png
  • To access the Global Find from within a configuration area, click the drop-down next to an item and select
    Global Find
    :
    global-find-search-drop-down.png
    For example, click
    Global Find
    on a zone named
    l3-vlan-trust
    to search the candidate configuration for each location where the zone is referenced. The following screen capture shows the search results for the zone l3-vlan-trust:
    global-find-search-example.png
    Search tips:
    • If you initiate a search on a firewall that has multiple virtual systems enabled or if custom Administrative Role Types are defined, Global Find will only return results for areas of the firewall in which the administrator has permissions. The same applies to Panorama device groups.
    • Spaces in search terms are handled as AND operations. For example, if you search on
      corp policy
      , the search results include instances where corp and policy exist in the configuration.
    • To find an exact phrase, enclose the phrase in quotation marks.
    • To rerun a previous search, click Search (located on the upper right of the web interface) to see a list of the last 20 searches. Click an item in the list to rerun that search. Search history is unique to each administrator account.

Related Documentation