Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

R80.10 - Where Used object

Hi,

I try to find a way to do a "Where used" object in one policy package only.

There is existing way to do this ?

Or maybe an enhancement request to perform a "where used policy X" inside a "where used object Y" ?

Thanks for your help!

Labels (1)
18 Replies
Highlighted
Employee++
Employee++

are you asking for API-wise?

Robert.

0 Kudos
Highlighted
Champion
Champion

I'm using the Policies tab inside of the -Where used- window for this.

0 Kudos
Highlighted

I assume he wants to filter for a specific policy package and not see all usages.

0 Kudos
Highlighted
Employee++
Employee++

I'm not familiar with such filter.

0 Kudos
Highlighted

That's because there is none 😉

But I assume that's what Arthur is searching for.

0 Kudos
Highlighted
Collaborator

Yes this is the point !

So no way to do this, you confirm my assumption Smiley Sad

0 Kudos
Highlighted
Participant

In R77.30 you used to be able to do a per policy lookup of objects, however in R80.10 its merged with results from all policies.  I have brought this up as an issue and requested through our SE to have the feature returned to the product.

Highlighted
Collaborator

Nice !

I'm not alone Smiley Happy

Can you please keep us informed when you get an announcement date for these "new" feature ?

0 Kudos
Highlighted
Employee++
Employee++

please let me understand, do you want yes/no answer whether object x is contained in policy package y, or full details in which contexts is it used?

0 Kudos
Highlighted
Collaborator

Yes I want a yes/no checkbox.

As in R77.30, I wand to find "Where used" object x for a specific policy and not for all policies.

0 Kudos
Highlighted
Employee++
Employee++

I can give you a Management API script (R80.10) to accomplish this, if you are interested.

Robert.

Highlighted
Collaborator

With pleasure! I'm really interested by this, and I except that i'm not alone Smiley Happy

Arthur

0 Kudos
Highlighted
Employee++
Employee++

Here you go: this is only an example bash script that you run on your R80.10 management server.

It uses Management API to query if object X exists in access rulebase Y in policy package Z.

Of course, you can improve this script as you wish. It works fine on my machine.

There is a little trick here - in order to tell API to perform an exact search, it should recieve object's UID, not its name. It is retrieved from the first API command.

JQ=${CPDIR}/jq/jq
OBJECT_NAME=$1
mgmt_cli -r true show objects offset 0 limit 1 in.1 name in.2 $OBJECT_NAME --format json > $OBJECT_NAME.json
OBJECT_COUNT=$($JQ -r ".total" $OBJECT_NAME.json)
if [ $OBJECT_COUNT -ne 1 ]; then
echo 'The requested object does not exist. Aborting!'
exit 1
fi
OBJECT_UID=$($JQ -r ".objects[0].uid" $OBJECT_NAME.json)
PACKAGE_NAME=$2
RULEBASE_NAME=$3
mgmt_cli -r true show access-rulebase package "$PACKAGE_NAME" name "$RULEBASE_NAME" offset 0 limit 1 filter $OBJECT_UID --format json > $OBJECT_NAME.json
OBJECT_COUNT=$($JQ -r ".total" $OBJECT_NAME.json)
if [ $OBJECT_COUNT -ne 0 ]; then
echo 'The requested object exists in policy package.'
else
echo 'The requested object does not exists in policy package.'
fi

Hope this helps,

Robert.

0 Kudos
Highlighted
Collaborator

Successfully tested, thanks a lot!

Hope this feature come back in the next version via SmartConsole Smiley Happy

Highlighted

Hi, as for the UI - 

Option 1:

1. right click the object and choose "where used..."

2. click the Policies tab

3. sort by the policy name - this will group all the results for a specific given policy.

Option 2:

search the name of the object in the search bar of the rulebase in a given policy. It will search groups that hold this object as well.

I understand that this isn't exactly like in R77.30, and we will add this request to our backlog, but what do you think about these approaches for now?

Highlighted
Collaborator

Yes I used this, but this is not really easy...

About option 1: when we sort by policy name, we cannot sort in the same time by rule number.....

With more than 500 object usage, this is not really easy to find what want...

About option 2: It will search groups that hold this object and the network that include this object.

A lot of useless result....

These approaches is the only way to proceed, but not really easy to use.

The best way to do this right now is the script provided by Robert Decker !

I'm waiting to get back this feature in next release !!

Highlighted

thank you for this feedback.

Highlighted
Participant

Agree with all of this.

Option 1: Resorts by policy but reorders the row numbers, which makes it frustrating to filter to the proper rows in large policies.

Option 2:  I'm looking for a quick list view, not going over each row line by line. 

*One additional item with the new object explorer.  When doing a search for a specific host IP, I sometimes get all the networks that match before the exact match host.  It will be covered up and need to press the ellipses button to expand to find the exact match.