05-31-2019 07:38 AM - edited 02-21-2020 09:11 AM
Hello,
How to export All the rules in a FirePower Policy. Reason I am asking this question is searching items in SourceFire is not that much user friendly. Like If I want to search with a AD Group name it really does not look at User field. That's why just wondering how to search AD Group in a Firewall Policy. Also better to know after exporting a Firewall Policy How to view them ?
05-31-2019 10:06 PM
05-31-2019 10:11 PM
The deployed access control policy should be located in:
/var/sf/detection_engines/UUID/ngfw.rules
The UUID (Universally Unique Identifier) will vary - look in /var/sf/detection_engines folder for your UUIDs and, if there are multiple, choose the one with the latest timestamp.
You can export and/or search that file (e.g. with grep utility) to examine the ACP in more detail.
07-02-2019 09:22 AM
Hello Marvin,
How can I get rid of below message while trying to scp
root@HH-HHH-HH1:/var/sf/detection_engines/302e2fca-7a77-11e6-870d-af9f5b863148# sudo scp ngfw.rules admin@10.7.XX.XX:/var/tmp
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:4raWthjsdjfhsdjhfkjsdhfiwryeiuweryVgdqAQLwraTy3L0NJk.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
ECDSA host key for 10.7.XX.XX has changed and you have requested strict checking.
Host key verification failed.
lost connection
07-02-2019 06:10 PM
Do like the message says and:
"Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide