dump security-policy config policy-rules
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
dump security-policy config policy-rules
Use the dump security-policy config policy-rules command
to display the security policy rule configuration for a device.
Information
displayed includes the security policy rule name, action, state,
source zone ids, destination zone ids, and application definition
ids.
Command
dump security-policy config policy-rules ( all | policy-rule= policy-rule name | application= application definition name | source-zone= source zone name | dest-zone= destination zone name | action= (allow | deny | reject) | state=( enabled | disabled ))+ ]
Options
| all | Enter all to display configuration of all security policy rules on the device. |
| application | Enter an application name to display policy rules for the application. |
| source-zone | Enter the source zone to display configuration of security policy rules for the source zone. |
| dest-zone | Enter the destination zone to display configuration of security policy rules for the destination zone. |
| action | Enter allow to display configuration for those security policy rules where the action is set to allow. |
| Enter deny to display configuration for those security policy rules where the action is set to deny. | |
| Enter reject to display configuration for those security policy rules where the action is set to reject. | |
| policy-rule | Enter an application definition policy rule name to display information for the policy rule. |
| state | Enter enabled to display configuration for those security policy rules where the state is set to enabled. |
| Enter disabled to display configuration for those security policy rules where the state is set to disabled. |
Command Notes
| Role | Super, Read Only, Monitor |
| Related Commands |
|
| Introduced in | Release 4.5.1 |
Example
dump security-policy config policy-rules all Security Policy Rule ID : 16246315738930189 Security Policy Rule Name : Rule1-Set2-20 Action : allow Rule-Type : custom Enabled : true Source Zones : 16200471619100074: Zone-LAN Destination Zones : 16204672468290016: Zone-Internet-VPN Applications : ANY Source Prefix Filters : 16242993172060125: LAN-192-168-7-100 Destination Prefix Filters : 16242993943320129: DC-192-168-20-0 Services : Protocol : 6 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 from : 5020 to : 5025 Protocol : 17 Source Port Range : ANY Destination Port Range : from : 5005 to : 5015 Protocol : 1 Source Port Range : ANY Destination Port Range : ANY ...
dump security-policy config policy-rules policy-rule=branch-zbfw_rule1 Security Policy Rule ID : 1675995765132024696 Security Policy Rule Name : branch-zbfw_rule1 Action : allow Rule-Type : custom Enabled : true Source Zones : 1675995054995018796: branch1_lan_zone Destination Zones : 1675995069171003096: branch1_vpn_zone Applications : ANY Source Prefix Filters : 1675995350736002196: branch_lan1 Destination Prefix Filters : 1675995723718016196: branch_hub_prefix Users : ANY UserGroups : ANY Services : ANY
dump security-policy config policy-rules user="1674636535551002128" Security Policy Rule ID : 1675969523166013128 Security Policy Rule Name : Test 1 Action : allow Rule-Type : custom Enabled : true Source Zones : ANY Destination Zones : ANY Applications : ANY Source Prefix Filters : ANY Destination Prefix Filters : ANY Users : 1674636535551002128: None UserGroups : NONE Services : ANY