Skip to main content

 

 

Cisco Defense Orchestrator

Search and Filter ASA Network Policies and Rules

Search

Use the search bar to search for names, keywords, or phrases in the names of the network policies and in the rules within the policies. Search is not case-sensitive.

Filter

Use the filter sidebar to find network policy issues, shared policies, and policies on specific devices. Filtering is not additive, each filter setting acts independently of the other.

Policy Issues

CDO identifies network policies that contain shadow rules. The number of policies that contain shadow rules is indicated in the Policy Issues filter:

policy_issue_shadow.png

CDO marks shadowed rules and network policies that contain them with the shadow badge shadow_badge.png on the network policies page. Click Shadowed to view all the policies containing shadow rules. See Shadow Rules for more information.

Shared Policies

Shared policies are policies that are found on more than one device. Changes that are made to a shared policy impact all devices where that policy is found. In the example below, the inside-acl-in policy is shared by two devices. See Shared Network Policies for more information.

shared_shadow_rule.png

Devices

Filter the network policies list by device by expanding the Device filter, entering the name or IP address in the Search devices field, and then selecting a device found in the result.

netw_policy_device_filter.png

Hits

Use this filter to find policies across your devices that have been triggered a number of times over a specified period. 

hit_filter.png

Filtering Use Cases

Find all network policies that have zero hits

If you have network policies without any hits, you can edit them to make them more effective or simply delete them.

  1. Navigate Policies > Network.
  2. In the Filter pane, click Show All to clear any existing filters.
  3. Expand the Hits filter.
  4. Select a time period
  5. Select 0 hits.
Find all network policies on a device that have zero hits
  1. Navigate Policies > Network.
  2. In the Filter pane, click Show All to clear any existing filters.
  3. Expand the Devices filter and select the device you want to filter on.
  4. Expand the Hits filter.
  5. Select a time period
  6. Select 0 hits.
Find out how often rules in a network policy are being hit
  1. Navigate Policies > Network.
  2. In the Filter pane, click Show All to clear any existing filters.
  3. Select a network policy used on one device.
  4. Look in the Hits column of the rule table to get an idea of how often each rule in the network policy is getting hit. 
  5. If there are too many rules in the network policy to see the results at a glance, expand the Hits filter.
  6. Select a time period
  7. Select the different hits filters to see what category the different rules fall into.  
Find out how often a shared network policy is being hit.

Hits on network policies are calculated for individual devices. You won't be able to see a hit rate for a single network policy shared on two or more devices without specifying a device in the filter:

  1. Navigate Policies > Network.
  2. In the Filter pane, click Show All to clear any existing filters.
  3. Expand the Shared Policies filter and click Shared.
  4. Select a shared network policy.
  5. In the details pane for that policy, make note of the devices using that network policy and then return to the network policies table. 
  6. In the Filter pane, click Show All to clear any existing filters.
  7. Enter the name of the shared policy in the search field.
  8. Expand the Devices filter and filter by one of the devices that uses the shared policy.  
  9. Expand the Hits filter
  10. Select a time period
  11. Select the different hits filters to determine what category it falls into. 

Or, you can filter this way:

  1. Navigate Policies > Network.
  2. In the Filter pane, click Show All to clear any existing filters.
  3. Expand the Hits filter.
  4. Select a time period
  5. Select the different hit rate categories. If there is a shared network policy, there will be a separate row for every device that uses it. 
  • Was this article helpful?