# SRC+ DST Any
domain { id = 1 }  AND rule { (source.any = true) and (destination.any=true) }
# SRC + SVC Any
domain { id = 1 }  AND rule { (source.any= true) and (service.any=true) }
# DST + SVC Any
domain { id = 1 }  AND rule { (destination.any= true) and (service.any=true) }
# SRC + DST + SVC Any
domain { id = 1 }  AND rule { (source.any=true) and  (destination.any= true) and (service.any=true) }
# Last 30days Hit.Count=0
domain { id = 1 }  AND rule { usage(date('last 30 days')).count = 0 }
# 전체 정책
domain { id = 1 } and device {name=DIT_FG}
domain { id = 1 } and device {id=2}
# 사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count >0}
# 미사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count =0}
# Log Disable
domain { id = 1 }  AND rule { (disabled = true) }
# No Logging
domain { id = 1 }  AND rule { (log = false) }
# Disable or No Logging
domain { id = 1 }  AND rule { (disabled = true OR log = false) }
# No Comment
domain { id = 1 }  AND rule { comment is null } 
# Create rule last 30 days
domain { id = 1 } and rule{created ~ date('last 30 days')}
# Management IP로 검색
device{managementIp='192.168.222.222’}
# Action Filter
domain { id = 1 } and device{id=1} AND rule { action='ACCEPT' or action='AUTHENTICATE' or action='DROP' or action='ENCRYPT' or action='REJECT'  } 
# Action & Service.any
rule {action = 'ACCEPT' and service.any=true}
# Source Filter
rule { source is subset of ('7.7.7.4','7.7.7.5’)}
rule { source is subset of ('7.7.7.4','7.7.7.5') and usage (date('last 30 
days')).count >100}
domain { id = 1 } and  device{id=2} and rule {source EQUALS  '7.7.7.5' and source.zone='internal'}
# SRC + 정책 활성화/비활성화 + Action
rule{source is subset of ('7.7.7.4','7.7.7.5','7.7.7.6') and disabled=true and action='ACCEPT’}
# 기간 + Count
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count =0 }
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count >1 }
# 기간 + Created Policy
domain {id=1} and device{id=2} and  rule {created ~ date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00) }
# 기간 + last Changed Policy
rule {date('2017-08-01T00:00:00+09:00','2017-08-02T23:59:59+09:00') ~ lastchanged}

자주 사용하는 쿼리
전체 방화벽 중 비활성화 정책을 제외, 2 28일 부터 3 29일안에 신규 생성된 정책을 제외특정기간동안(30) Hitcount 0인 정책을 출력
and rule{ disabled= false or log= false and created !~ date(2017-02-28T00:00:00, 2017-03-29T23:59:59) and usage(date(2017-02-28T00:00:00, 2017-03-29T23:59:59)).count = 0 }
특정기간 동안(30, 90, 180일 등사용률이 없는 정책 조회
특정기간 동안(30, 90, 180일 등사용률이 있는 정책 조회
and rule {usage(date('last 30 days')).count=0}
 
and rule {usage(date('last 30 days')).count!=0}
특정기간 동안(30, 90, 180일 등생성된 정책 중 7일 이내 생성된 정책을 제외한 정책 사용률 조회
and rule{usage(date('last 30 days')).count>=1 and date('last 7 days') !~ 'Created'}
특정기간 동안(30, 90, 180일 등) Any허용 정책 중 미사용 된 정책을 제외하고 조회
and rule {source.any=true and destination.any=true and service.any=true and action='ACCEPT' and disabled='FALSE' and usage(date('last 30 days')).count!=0}
특정기간 동안(30, 90, 180일 등) Hit Count(사용률) 1개 이상인 정책 조회
and rule{usage(date('last 30 days')).count>=1}
2017 02 01 ~ 현재(혹은 2017 04 30)까지 미사용 된 정책
and rule{ disabled= false and created !~ date(2017-02-01T00:00:00, 2017-04-30T23:59:59) and usage(date(2017-02-01T00:00:00, 2017-04-30T23:59:59)).count = 0}
Last used 2017 02 01일 이전인 정책
and rule {  disabled= false and lastuseddate <= 2017-02-01T23:59:59+09:00 }
Policy Pri to DB 정책 중 한번도 사용되지 않은
and policy { name = 'From: PRI To: DB' }  AND rule { usage().count = 0 }
ANY 검색 쿼리
1. 출발지 허용정책, Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 
2. 목적지 허용정책 Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  } 
3. 서비스 허용정책, Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) )  } 
4. 출발지 + 목적지 허용정책, Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 
5. 출발지 + 서비스 허용정책, Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  }
6. 목적지 + 서비스 허용정책, Disable 제외
and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (service.any = true OR (( service intersects 'ANY' )) )  } 
7. 출발지 + 목적지 + 서비스 허용정책, Disable 제외
and rule { (destination.any = true OR (( destination intersects '0.0.0.0' )) ) AND action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 
특정 포트 검색
1. ANY 포함
and rule { action='ACCEPT' AND (service.any = true OR (( service intersects 'udp/137' )) )  } 
2. ANY제외
and rule { action='ACCEPT' AND (service.any = false AND (( service intersects 'udp/137' )) }
호스트로 검색 - 그룹 포함 오브젝트 검색 / 대역 renge 제외
RULE { SOURCE IS SUPERSET OF '192.0.0.5' AND SOURCE.ANY = FALSE AND ( SOURCE.TYPE != 'NETWORK' OR SOURCE.TYPE != 'ADDRESS_RANGE') }
또는
RULE {SOURCE  IS SUPERSET OF '30.30.0.10' or SOURCE  IS SUPERSET OF '40.40.0.10' AND SOURCE.ANY = FALSE AND (SOURCE.TYPE !=  'NETWORK' OR SOURRCE.TYPE != 'ADDRESS_RANGE') }
특정 DEVICE를 여러 개 선택하여   검색
DEVICE { ID = 152 OR ID = 7 } AND RULE{ DESTINATION IS SUPERSET OF '192.168.10.55' AND DESTINATION.ANY = FALSE }
IP대역에 ANY를 제외하고 허용정책이면서 Disable이 안된 정책 검색
RULE {  action='ACCEPT' AND disabled='FALSE' AND (SOURCE IS SUPERSET OF '121.125.26.0/24' ) AND source.any = false }
특정 오브젝트/그룹을 사용하는 정책 검색
Rule { SOURCE.name ~ 'SOFT' }
양방향 정책 검색 기능 제공
Rule { SOURCE.ANY =FALSE and  DESTINATION.ANY=FALSE AND  SOURCE equals  DESTINATION }
하나의 정책에 IP 10개 들어 있는 정책 검색 기능 또는 하나의 정책에 IP 10개 이하가 들어 있는 정책 검색 기능
Rule { SOURCE.EXPANDEDOBJECTCOUNT = 10 } 또는 Rule { SOURCE.EXPANDEDOBJECTCOUNT != 10 }
출발지에 특정 IP가 있거나 목적지에 특정 IP가 있고 ANY를 제외한 허용 정책 검색
RULE { SOURCE IS SUPERSET OF '218.232.186.219' OR DESTINATION IS SUPERSET OF '114.202.129.73' AND source.any = false AND destination.any = false AND ACTION ='ACCEPT' }

 


'업무이야기 > Firemon' 카테고리의 다른 글

Firemon SIQL  (0) 2018.05.08
웹로그인유저 패스워드 복구방법  (0) 2018.05.08
Firemon CLI  (0) 2018.05.08
Firemon SIQL  (0) 2017.08.08
[웹로그인유저 패스워드 복구방법] 

(1) SSH접속

MacBook-Pro:~ $ ssh firemon@172.17.232.75
firemon@172.17.232.75's password: 
Last login: Wed Aug 30 19:28:23 2017
This is FireMon FMOS 8.9.0
ALERT: Could not get system monitor status
For assistance, contact support@firemon.com
[firemon@firemon ~]$ 


(2)아래 명령어 실행

[firemon@firemon ~]$ sudo psql -U postgres firemon

firemon=# select * from users;
 id | domainid |              email               |   firstname   | lastname |                           password                           |  username  | enabled | expired | locked | passwordexpired |        lastlogin        |      prev
iouslogin      | passwordchanged | authtype | authserverid | authfailures 
----+----------+----------------------------------+---------------+----------+--------------------------------------------------------------+------------+---------+---------+--------+-----------------+-------------------------+----------
---------------+-----------------+----------+--------------+--------------
  2 |        1 | firemon@example.com              | Workflow      | Executor | $2a$06$DsG8KTZEarX65pl8aeZiEuQiFP3pXQ7Id/T461PW3Yt2KH5PkWvXa | workflow   | t       | f       | f      | f               |                         |          
               |                 |          |              |            0
  1 |        1 | firemon@example.com              | FireMon       | FireMon  |$2a$10$WzkdgLahF10w26sWf.wl0OLGsljsOwUv3SgKU9BaSL.viZuLGHNZi | firemon    | t       | f       | t      | f               | 2017-08-24 17:45:35.205 | 2017-08-0
8 17:20:48.173 |                 | LOCAL    |              |            5
  3 |        1 |                                  | ndexec        | firemon  | $2a$10$UN7Ucd07pCSQSn8CMBtbmeP9S47GqGp6eXM5PBco0NvVrmBfXWU.i | nd_firemon | t       | f       | f      | f               | 2017-08-30 19:45:45.188 | 2017-08-3
0 19:45:44.995 |                 | LOCAL    |              |            0
  5 |        1 | sec.network.support@nicstech.com | nics          | nicst    | $2a$10$19R2htVQDDf.5jr4dRAcY.BEU59xaK.PKx0LxIw7wN5YZiifTaoBO | nicstech   | t       | f       | f      | f               | 2017-08-30 19:32:33.971 |          
               |                 | LOCAL    |              |            0
  4 |        1 |                                  | datacollector | firemon  | $2a$10$Q3OT80zHUetQWtH60pX7mOXS44A9t12MDZEjY38sF2IjAS2pLf./C | dc_firemon | t       | f       | f      | f               | 2017-08-30 19:45:42.796 | 2017-08-3
0 19:43:42.786 |                 | LOCAL    |              |            0
(5 rows)

firemon=# sudo psql -U postgres firemon

firemon=# update users set password='$2a$10$WzkdgLahF10w26sWf.wl0OLGsljsOwUv3SgKU9BaSL.viZuLGHNZi' where id=1;
UPDATE 1
firemon=# 
firemon=# postgresql exit
firemon-# 
firemon-# \q
[firemon@firemon ~]$



=>관련 문서
Forgot Password:
If a user forgets the password for the "firemon" account run this command to set it back to the default password; the word "firemon”:
sudo psql -U postgres firemon
update users set password='$2a$10$WzkdgLahF10w26sWf.wl0OLGsljsOwUv3SgKU9BaSL.viZuLGHNZi' where id=1;
#You can use this to change anyone's password to "firemon" you just need their id
postgresql exit
\q

(2) firemon계정이 잠긴경우, 아래와 같이 수정


[firemon@firemon ~]$ sudo psql -U postgres firemon

firemon=# select * from users;

# locked=t인경우, 아래 명령어 실행  (t를 f로 변경)

firemon=# update users set locked=‘f' where id=1;




[기간만료 대비, 날짜 변경방법]

(1) firemon계정으로 로그인
(2) 아래 명령어 입력

sudo date -s ‘2017-8-28 00:00:00'


'업무이야기 > Firemon' 카테고리의 다른 글

Firemon SIQL  (0) 2018.05.08
웹로그인유저 패스워드 복구방법  (0) 2018.05.08
Firemon CLI  (0) 2018.05.08
Firemon SIQL  (0) 2017.08.08
Firemon Firmware 8.15.x 이상에서 Interface 정보 변경 방법
fmos config --e 또는 https://firemon_ip:55555

AS / DC 연동
AS : fmos shareconf export
AS : scp 파일명 firemon@IP:/home/firemon
DC : fmos shareconf import 파일명

또는
AS : fmsh_registerdc 1.1.1.1(DC IP) 실행하면 DataCollector_1_1_1_1.xml 파일 생김
DC : fmsh_importdcxml DataCollector_1_1_1_1.xml

Firemon 데이터 삭제
fmsh_purgedata

sudo rm-rf /etc/localtime
sudo ln -s /usr/share/zoneinfo/Asia???Seoul /etc/localtime
sudo date -s "20170210 15:21:00"
sudo vi /etc/hosts FQDN 등록


fmos status
fmos restart all

sudo tail -F /var/log/firemon/dc/Datacommector.log

tcpdump -ni eno16777728 host 192.168.200.254 and port 514 -nnxs 0 -vv | grep Msg | grep info

fmos install wireshark
fmos install wireshark --source FMOS-8.9.1.iso
sudo gpasswd -a firemon wireshark
fmos restart all

tshark -D
ip link show
tshark -i 3 host 192.168.0.21
tshark -i 3 host 192.168.0.22
tshark -i 3 host 192.168.0.23

fmos redeploy all


1. Firemon 정보 학인 : fmsh_fmversion

2. ifconfig 정보 설정 및 확인 : fmsh_ifconfig
fmsh_ifconfig help
fmsh_ifconfig <int> <address> <netmask>
fmsh_ifconfig <int> dhcp
fmsh_ifconfig <int> disabled

fmsh_ifconfig <int> status
fmsh_ifconfig all status

3. G/W 설정 : fmsh_gateway <gateway>

4. hostname설정 : fmsh_hostname <hostname>

5. Firemon 방화벽 확인 / 정지 / 시작
fmsh_fwstatus
fmsh_fwstop
fmsh_fwstart

6. Firemon 데몬 확인 / 정지 / 시작 / 재시작
fmsh_fmstatus
fmsh_fmstop
fmsh_fmstart
fmsh_fmrestart

7. DC Debug 모드 동작
fmsh_dclogprofile <profile> Profiles: info / dugall

8. Firemon 장비 off / reboot
fmsh_reboot
fmsh_shutdown

9. FMOS 업데이트
fmsh_update file <filename>

10. Firemon Data 복구
fmsh_restorebackup <filename> [--no-verify]

11. Firemon Data 백업
명령어 : /opt/firemon/JAS/fm-server.sh -backup -filename <backupfilename>
백업경로 : /opt/firemon/backup

12. CVE업데이트
fmsh_cveupdate

15. 기타 주요 명령어

[root@device-pack JAS]$ ./fm-server.sh
[-showdcs] ## 등록된 DC 목록 확인
[-showlicense]
[-adddc ipaddress]
[-deldc ipaddress] ## 등록된 DC 삭제
[-showdn]
[-backup -filename backupfilename ] ## 데이터 백업 (위치 : /opt/firemon/backup)
[-restorebackup -filename backupfilename -outputdir destinationDirectory]
[-consolidate]
[-installCert -alias certAlias -filename certFilename]
[-deleteCert -alias certAlias]
[-listCerts]
[-uc]
[-upt]



fmos install wireshark
sudo gpasswd -a wireshark firemon
sudo gpasswd -a firemon wireshark
fmos install traceroute
fmos install bind-utils
fmos install net-tools

sudo tshark -nni eth0 host 192.168.234.2
sudo tshark -nni 3 host 192.168.234.2

curl -v telnet://192.168.234.253:22

curl -v telnet://192.168.234.253:443


'업무이야기 > Firemon' 카테고리의 다른 글

Firemon SIQL  (0) 2018.05.08
웹로그인유저 패스워드 복구방법  (0) 2018.05.08
Firemon CLI  (0) 2018.05.08
Firemon SIQL  (0) 2017.08.08

Firemon SIQL


l domain{}
l devicegroup{}
l device{}
l policy{}
l rule{}
l natrule{}
l control{}
l assessment{}
l networkObj{}
l serviceObj{}
l userObj{}
l applicationObj{} 
l ticket{}
l review{}

# SRC+ DST Any
domain { id = 1 }  AND rule { (source.any = true) and (destination.any=true) }
# SRC + SVC Any
domain { id = 1 }  AND rule { (source.any= true) and (service.any=true) }
# DST + SVC Any
domain { id = 1 }  AND rule { (destination.any= true) and (service.any=true) }
# SRC + DST + SVC Any
domain { id = 1 }  AND rule { (source.any=true) and  (destination.any= true) and (service.any=true) }
# Last 30days Hit.Count=0
domain { id = 1 }  AND rule { usage(date('last 30 days')).count = 0 }
# 전체 정책
domain { id = 1 } and device {name=DIT_FG}
domain { id = 1 } and device {id=2}
# 사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count >0}
# 미사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count =0}
# Log Disable
domain { id = 1 }  AND rule { (disabled = true) }
# No Logging
domain { id = 1 }  AND rule { (log = false) }
# Disable or No Logging
domain { id = 1 }  AND rule { (disabled = true OR log = false) }
# No Comment
domain { id = 1 }  AND rule { comment is null } 
# Create rule last 30 days
domain { id = 1 } and rule{created ~ date('last 30 days')}
# Management IP로 검색
device{managementIp='192.168.222.222’}
# Action Filter
domain { id = 1 } and device{id=1} AND rule { action='ACCEPT' or action='AUTHENTICATE' or action='DROP' or action='ENCRYPT' or action='REJECT'  } 
# Action & Service.any
rule {action = 'ACCEPT' and service.any=true}
# Source Filter
rule { source is subset of ('7.7.7.4','7.7.7.5’)}
rule { source is subset of ('7.7.7.4','7.7.7.5') and usage (date('last 30 
days')).count >100}
domain { id = 1 } and  device{id=2} and rule {source EQUALS  '7.7.7.5' and source.zone='internal'}
# SRC + 정책 활성화/비활성화 + Action
rule{source is subset of ('7.7.7.4','7.7.7.5','7.7.7.6') and disabled=true and action='ACCEPT’}
# 기간 + Count
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count =0 }
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count >1 }
# 기간 + Created Policy
domain {id=1} and device{id=2} and  rule {created ~ date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00) }
# 기간 + last Changed Policy
rule {date('2017-08-01T00:00:00+09:00','2017-08-02T23:59:59+09:00') ~ lastchanged}

자주 사용하는 쿼리

전체 방화벽 중 비활성화 정책을 제외, 2 28일 부터 3 29일안에 신규 생성된 정책을 제외특정기간동안(30) Hitcount 0인 정책을 출력

and rule{ disabled= false or log= false and created !~ date(2017-02-28T00:00:00, 2017-03-29T23:59:59) and usage(date(2017-02-28T00:00:00, 2017-03-29T23:59:59)).count = 0 }

특정기간 동안(30, 90, 180일 등사용률이 없는 정책 조회

특정기간 동안(30, 90, 180일 등사용률이 있는 정책 조회

and rule {usage(date('last 30 days')).count=0}

 

and rule {usage(date('last 30 days')).count!=0}

특정기간 동안(30, 90, 180일 등생성된 정책 중 7일 이내 생성된 정책을 제외한 정책 사용률 조회

and rule{usage(date('last 30 days')).count>=1 and date('last 7 days') !~ 'Created'}

특정기간 동안(30, 90, 180일 등) Any허용 정책 중 미사용 된 정책을 제외하고 조회

and rule {source.any=true and destination.any=true and service.any=true and action='ACCEPT' and disabled='FALSE' and usage(date('last 30 days')).count!=0}

특정기간 동안(30, 90, 180일 등) Hit Count(사용률) 1개 이상인 정책 조회

and rule{usage(date('last 30 days')).count>=1}

2017 02 01 ~ 현재(혹은 2017 04 30)까지 미사용 된 정책

and rule{ disabled= false and created !~ date(2017-02-01T00:00:00, 2017-04-30T23:59:59) and usage(date(2017-02-01T00:00:00, 2017-04-30T23:59:59)).count = 0}

Last used 2017 02 01일 이전인 정책

and rule {  disabled= false and lastuseddate <= 2017-02-01T23:59:59+09:00 }

Policy Pri to DB 정책 중 한번도 사용되지 않은

and policy { name = 'From: PRI To: DB' }  AND rule { usage().count = 0 }

ANY 검색 쿼리

1. 출발지 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

2. 목적지 허용정책 Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  } 

3. 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) )  } 

4. 출발지 + 목적지 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

5. 출발지 + 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  }

6. 목적지 + 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (service.any = true OR (( service intersects 'ANY' )) )  } 

7. 출발지 + 목적지 + 서비스 허용정책, Disable 제외

and rule { (destination.any = true OR (( destination intersects '0.0.0.0' )) ) AND action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

특정 포트 검색

1. ANY 포함

and rule { action='ACCEPT' AND (service.any = true OR (( service intersects 'udp/137' )) )  } 

2. ANY제외

and rule { action='ACCEPT' AND (service.any = false AND (( service intersects 'udp/137' )) }

호스트로 검색 - 그룹 포함 오브젝트 검색 / 대역 renge 제외

RULE { SOURCE IS SUPERSET OF '192.0.0.5' AND SOURCE.ANY = FALSE AND ( SOURCE.TYPE != 'NETWORK' OR SOURCE.TYPE != 'ADDRESS_RANGE') }

또는

RULE {SOURCE  IS SUPERSET OF '30.30.0.10' or SOURCE  IS SUPERSET OF '40.40.0.10' AND SOURCE.ANY = FALSE AND (SOURCE.TYPE !=  'NETWORK' OR SOURRCE.TYPE != 'ADDRESS_RANGE') }

특정 DEVICE를 여러 개 선택하여   검색

DEVICE { ID = 152 OR ID = 7 } AND RULE{ DESTINATION IS SUPERSET OF '192.168.10.55' AND DESTINATION.ANY = FALSE }

IP대역에 ANY를 제외하고 허용정책이면서 Disable이 안된 정책 검색

RULE {  action='ACCEPT' AND disabled='FALSE' AND (SOURCE IS SUPERSET OF '121.125.26.0/24' ) AND source.any = false }

특정 오브젝트/그룹을 사용하는 정책 검색

Rule { SOURCE.name ~ 'SOFT' }

양방향 정책 검색 기능 제공

Rule { SOURCE.ANY =FALSE and  DESTINATION.ANY=FALSE AND  SOURCE equals  DESTINATION }

하나의 정책에 IP가 10개 들어 있는 정책 검색 기능 또는 하나의 정책에 IP가 10개 이하가 들어 있는 정책 검색 기능

Rule { SOURCE.EXPANDEDOBJECTCOUNT = 10 } 또는 Rule { SOURCE.EXPANDEDOBJECTCOUNT != 10 }

출발지에 특정 IP가 있거나 목적지에 특정 IP가 있고 ANY를 제외한 허용 정책 검색

RULE { SOURCE IS SUPERSET OF '218.232.186.219' OR DESTINATION IS SUPERSET OF '114.202.129.73' AND source.any = false AND destination.any = false AND ACTION ='ACCEPT' }

 


'업무이야기 > Firemon' 카테고리의 다른 글

Firemon SIQL  (0) 2018.05.08
웹로그인유저 패스워드 복구방법  (0) 2018.05.08
Firemon CLI  (0) 2018.05.08
Firemon SIQL  (0) 2017.08.08