ngfw> pf inspect-rule description <text>>Set description of unclassified session rule. Spaces not allowed.
ngfw> pf inspect-rule author <text>>Set author of unclassified session rule. Spaces not allowed.
ngfw> pf inspect-rule profile <security-profile-name>Set security profile for unclassified sessions.
ngfw> show pf inspect-ruleShow security rule for unclassified sessions. This command outputs data in JSON format.
Example output:
ngfw> show pf inspect-rule
{
"ngfw-packet-filter:rules": {
"inspect-rule": {
"profile": "00000000-0000-4000-0000-000000000001",
"session-logging": {
"start": true,
"end": false },
"enable": true,
"id": "00000000-0000-4000-0000-000000000002",
"name": "inspect-rule",
"action": "enforce" } }
}
ngfw> [no] pf inspect-rule (log-start|log-end)Enable (or disable, if no) logging of sessions starting/ending.
no pf rule <name>Delete rule with name <name>.
pf rule <name>Go to the configuration submenu of rule with name <name>.
ngfw> pf rule=['name']> action (permit|deny|enforce|reset-both)Set action for security rule.
ngfw> pf rule=['name']> description <text>Set rule description. Spaces not allowed.
ngfw> pf rule=['name']> [no] enableEnable (or disable, if no) rule.
ngfw> pf rule=['name']> [no] service <service-name>Add <service-name> to the rule (or remove, if no). The service must exist.
ngfw> pf rule=['name']> src-ipGo to the source addresses configuration submenu.
ngfw> pf rule=['name']> src-ip> [no] host <ipv4-address>Add (or remove if no) host address.
ngfw> pf rule=['name']> src-ip> [no] object <object-name>Add <object-name> to the rule (or remove, if no). The object must exist.
ngfw> pf rule=['name']> src-ip> [no] range <ip-range>Add a range of IP addresses to the rule (or remove, if no). A range is specified as two IP addresses separated by the hyphen - character (that is, <ip-range> is <ipv4-address>-<ipv4-address>). In a range, the left address must be less than or equal to the right address.
Example: ngfw> pf rule=['name']> src-ip> range 10.10.10.5-10.10.10.10
ngfw> pf rule=['name']> src-ip> [no] subnet <ipv4-prefix>Add (or remove, if no) subnet.
ngfw> pf rule=['name']> dst-ipGo to the destination addresses configuration submenu. The dst-ip commands work in the same way as src-ip commands.
ngfw> pf rule=['name']> move <other-name>Move this rule in the list to the position above rule <other-name>.
ngfw> pf rule=['name']> rename <name>Set new name <name> for this rule.
ngfw> pf rule=['name']> profile <security-profile-name>Set security profile. Works only with action = enforce.
ngfw> [no] pf rule=['name']> (log-start|log-end)Enable (or disable, if no) logging of sessions starting/ending.
ngfw> pf rule=['name']> [no] src-zone <zone-name>Add (or remove, if no) inbound zone <zone-name>.
ngfw> pf rule=['name']> [no] dst-zone <zone-name>Add (or remove, if no) outbound zone <zone-name>.
ngfw> pf rule=['name']> [no] src-user <user-name>Add (or remove, if no) source user <user-name>.
ngfw> pf rule=['name']> [no] src-group <group-name>Add (or remove, if no) source group <group-name>.
ngfw> pf rule=['name']> recurring-schedule <name>Add recurrent schedule with name <name> as schedule for rule.
ngfw> pf rule=['name']> one-time-schedule <name>Add one-time schedule with name <name> as schedule for rule.
ngfw> pf rule=['name']> schedule-group <name>Add schedule group with name <name> as schedule for rule.
ngfw> pf rule=['name']> no scheduleClear schedule for rule.
ngfw> pf recurring-schedule <name>Go to the configuration submenu of recurrent schedule with name <name>.
ngfw> no pf recurring-schedule <name>Delete recurrent schedule with name <name>.
ngfw> pf recurring-schedule=['name']> [no] description <description>Add (or remove, if no) description for this recurrent schedule.
ngfw> pf recurring-schedule=['name']> rename <name>Set new name <name> for this recurrent schedule.
ngfw> show pf recurring-schedule <name>Show configuration of recurrent schedule with name <name>. This command outputs data in JSON format.
Example output:
ngfw> show pf recurring-schedule xd
{
"ngfw-rule-schedule:rule-schedules": {
"recurring-schedule": [ {
"id": "7e4652e3-3bf7-41b8-9fbd-fe028fe5ff1a",
"name": "xd",
"recurring-schedule": {
"day-schedule": [ {
"day": "Monday",
"start-day-time": "12:00",
"end-day-time": "17:00" } ] } } ] }
}
ngfw> pf recurring-schedule=['name']> [no] week-day <day>Add (or remove, if no) the day of the week when this schedule is active.
Add Monday as active day for schedule: ngfw> pf recurring-schedule=['name']> week-day Monday
Add Mondays from 12:00 to 14:00 (local time zone) as active time for schedule: ngfw> pf recurring-schedule=['name']> week-day Monday,12:00,14:00
ngfw> pf one-time-schedule <name>Go to the configuration submenu of one-time schedule with name <name>.
ngfw> no pf one-time-schedule <name>Delete one-time schedule with name <name>.
ngfw> pf one-time-schedule=['name']> [no] description <description>Add (or remove, if no) description for this one-time schedule.
ngfw> pf one-time-schedule=['name']> rename <name>Set new name <name> for this one-time schedule.
ngfw> show pf one-time-schedule <name>Show configuration of one-time schedule with name <name>. This command outputs data in JSON format.
Example output:
ngfw> show pf one-time-schedule xd
{
"ngfw-rule-schedule:rule-schedules": {
"one-time-schedule": [ {
"id": "0aa9071b-0204-4a18-86a7-c45128cf02b7",
"name": "xd",
"one-time-schedule": {
"start-date": "2024-01-01T00:00",
"end-date": "2025-01-01T00:00",
"expiration-notification-start": 7 } } ] }
}
ngfw> pf one-time-schedule=['name']> [no] one-time-schedule <lifetime>Add (or remove, if no) the time span when this schedule is active.
Add active time span for schedule from 7:00 2024-10-01 to 00:00 2024-11-01 (local time zone): ngfw> pf one-time-schedule=['name']> one-time-schedule 2024-10-01T07:00,2024-11-01T00:00
ngfw> pf one-time-schedule=['name']> [no] expiration-notification-start <days>Change the number of days before the expiration of the schedule when notification begin about schedule expiration (7 days by default, no expiration-notification-start restores this value).
Example: ngfw> pf one-time-schedule=['name']> expiration-notification-start 3
ngfw> pf schedule-group <name>Go to the configuration submenu of schedule group with name <name>.
ngfw> no pf schedule-group <name>Delete schedule group with name <name>.
ngfw> pf schedule-group=['name']> [no] description <description>Add (or remove, if no) description for this schedule group.
ngfw> pf schedule-group=['name']> rename <name>Set new name <name> for this schedule group.
ngfw> show pf schedule-group <name>Show configuration of schedule group with name <name>. This command outputs data in JSON format.
Example output:
ngfw> show pf schedule-group xd
{
"ngfw-rule-schedule:rule-schedules": {
"schedule-group": [ {
"id": "76073e36-6248-40fa-aba2-50f11d22e26e",
"name": "xd",
"recurring-schedule-id": "ba98ca17-fac7-4da6-9a5b-5fb4eef939f5",
"one-time-schedule-id": "edd1bc22-4c8a-4fb5-af95-03eae3390ca4" } ] }
}
ngfw> pf schedule-group=['name']> [no] recurring-schedule-name <name>Add (or remove, if no) schedule group with name <name> as recurrent schedule for the current schedule object.
Example: ngfw> pf schedule-group=['name']> recurring-schedule-name name2
ngfw> pf schedule-group=['name']> [no] one-time-schedule-name <lifetime>Add (or remove, if no) schedule group with name <name> as one-time schedule for the current schedule object.
Example: ngfw> pf schedule-group=['name']> one-time-schedule-name name2
ngfw> show pf rule <name>Show configuration for security rule with name <name>. This command outputs data in JSON format.
ngfw> show pf rulesShow list of all security rules. This command outputs data in JSON format.
Example output:
{
"ngfw-packet-filter:rules": {
"rule": [ { "id": "00000000-0000-4000-0000-000000000001", "name": "default",
"action": "deny",
"enable": true,
"session-logging": {
"end": false } } ] }
}
ngfw> show pf schedulesShow list of all schedule objects for security rules. This command outputs data in JSON format.
Example output:
ngfw> show pf schedules
{
"ngfw-rule-schedule:rule-schedules": {
"recurring-schedule": [ {
"id": "7e4652e3-3bf7-41b8-9fbd-fe028fe5ff1a",
"name": "xd",
"recurring-schedule": {
"day-schedule": [ {
"day": "Monday",
"start-day-time": "12:00",
"end-day-time": "17:00" } ] } } ],
"one-time-schedule": [ {
"id": "0aa9071b-0204-4a18-86a7-c45128cf02b7",
"name": "xd",
"one-time-schedule": {
"start-date": "2024-01-01T00:00",
"end-date": "2025-01-01T00:00",
"expiration-notification-start": 7 } } ],
"schedule-group": [ {
"id": "76073e36-6248-40fa-aba2-50f11d22e26e",
"name": "xd",
"recurring-schedule-id": "7e4652e3-3bf7-41b8-9fbd-fe028fe5ff1a",
"one-time-schedule-id": "0aa9071b-0204-4a18-86a7-c45128cf02b7" } ] }
}
ngfw> show pf rules-statisticShow statistics for all rules.
Example output:
{
"ngfw-packet-filter:rules-statistic": {
"rule-statistic": [ {
"id": "b3501f40-dd2a-4ae4-b903-85707564504f",
"name": "rule10",
"hit-count": "91",
"first-hit-time": "2024-10-30T12:12:52+00:00",
"last-hit-time": "2024-10-30T12:13:36+00:00" }, {
"id": "8b2a4710-7108-4962-b54c-3fed63bfdebc",
"name": "rule20",
"hit-count": "0" }, { "id": "00000000-0000-4000-0000-000000000001", "name": "default",
"hit-count": "6",
"first-hit-time": "2024-10-30T12:11:47+00:00",
"last-hit-time": "2024-10-30T12:12:09+00:00" } ] }
}
clear pf rules-statistic (all|<rule name>)Clear the number of times all security rules or a specific rule with name <rule name> have been triggered.