Task: Zone firewall (v7.8.0) ================================================== Category: Security Description: Firewall security policy configuration New: No | IPv6: Yes Vendor Support: ○ aws (IPv6: ○) ○ alcatel@aos (IPv6: ○) ✗ azure (IPv6: ✗) ✗ brocade@fastiron (IPv6: ✗) ○ cisco@ios (IPv6: ○) ○ cisco@ios-xe (IPv6: ○) ○ cisco@nx-os (IPv6: ○) ○ cisco@ios-xr (IPv6: ○) ○ cisco@asa (IPv6: ○) ○ cisco@wlc-air (IPv6: ○) ○ cisco@sg (IPv6: ○) ✓ cisco@ftd (IPv6: ✓) ○ cisco@aci (IPv6: ○) ○ cisco@meraki (IPv6: ○) ✗ cisco@viptela (IPv6: ✗) ○ cisco@apic (IPv6: ○) ○ cisco@encs (IPv6: ○) ○ dell@ftos (IPv6: ○) ○ dell@powerconnect (IPv6: ○) ○ dell@os10 (IPv6: ○) ✗ fs@fsos (IPv6: ✗) ○ gcp (IPv6: ○) ○ hpe@comware (IPv6: ○) ○ hpe@aruba (IPv6: ○) ○ hpe@arubasw (IPv6: ○) ○ hpe@arubacx (IPv6: ○) ○ hpe@3com (IPv6: ○) ○ hpe@aruba-iap (IPv6: ○) ○ riverbed@steelhead (IPv6: ○) ✓ fortinet@fortigate (IPv6: ✓) ○ fortinet@fortiswitch (IPv6: ○) ✓ forcepoint@ngfw (IPv6: ✗) ✓ paloalto@pan-os (IPv6: ✓) ✗ paloalto@prisma (IPv6: ✗) ✓ juniper@junos (IPv6: ✓) ○ juniper@mist (IPv6: ○) ✓ checkpoint@gaia (IPv6: ✓) ✓ checkpoint@gaia-embedded (IPv6: ✓) ○ extreme@boss (IPv6: ○) ○ extreme@enterasys (IPv6: ○) ○ extreme@voss (IPv6: ○) ○ extreme@exos (IPv6: ○) ○ arista@eos (IPv6: ○) ○ f5@big-ip (IPv6: ○) ○ f5@f5osa (IPv6: ○) ○ f5@f5osc (IPv6: ○) ○ huawei@vrp (IPv6: ○) ○ mikrotik@routeros (IPv6: ○) ○ quagga (IPv6: ○) ○ frr (IPv6: ○) ✗ versa@vos (IPv6: ✗) ✗ silverpeak@unity (IPv6: ✗) ✗ vmware@nsx-t (IPv6: ✗) ○ vmware@velocloud (IPv6: ○) ○ ruckus@vsz (IPv6: ○) ○ opengear@og (IPv6: ○) ○ opengear@og-om (IPv6: ○) ✓ stormshield@sn (IPv6: ✓) ○ nokia@timos (IPv6: ○) ○ citrix@adc (IPv6: ○) CLI Commands: checkpoint@gaia-embedded: show security-gateway policy checkpoint@gaia-embedded: POST /web_api/show-access-rulebase checkpoint@gaia-embedded: POST /web_api/show-gateways-and-servers checkpoint@gaia-embedded: POST /web_api/show-object checkpoint@gaia-embedded: POST /web_api/show-objects checkpoint@gaia-embedded: POST /web_api/show-packages checkpoint@gaia-embedded: POST /web_api/show-updatable-objects checkpoint@gaia-embedded: POST /web_api/show-application-site checkpoint@gaia-embedded: show extended commands checkpoint@gaia-embedded: POST /web_api/show-access-layers checkpoint@gaia-embedded: ipf_pep show user all checkpoint@gaia-embedded: ipf_pep show user query pdp forcepoint@ngfw: sg-status -l forcepoint@ngfw: ip address forcepoint@ngfw: GET elements forcepoint@ngfw: GET elements/rbvpn_tunnel/ forcepoint@ngfw: GET elements/single_fw//internal_gateway//internal_endpoint/ checkpoint@gaia: POST /web_api/show-objects fortinet@fortigate: get webfilter categories fortinet@fortigate: show webfilter ftgd-local-rating fortinet@fortigate: show webfilter profile fortinet@fortigate: show webfilter urlfilter checkpoint@gaia: POST /web_api/show-access-layers checkpoint@gaia: POST /web_api/show-access-rulebase checkpoint@gaia: POST /web_api/show-gateways-and-servers checkpoint@gaia: POST /web_api/show-object forcepoint@ngfw: GET elements/[single_fw|virtual_fw|fw_cluster]|single_layer2|virtual_layer2|layer2_cluster/ checkpoint@gaia: POST /web_api/show-packages checkpoint@gaia: POST /web_api/show-updatable-objects checkpoint@gaia: POST /web_api/show-application-site checkpoint@gaia: show extended commands checkpoint@gaia: show security-gateway policy checkpoint@gaia: ipf_pep show user all checkpoint@gaia: ipf_pep show user query pdp stormshield@sn: cli forcepoint@ngfw: GET elements/host/ forcepoint@ngfw: GET /elements/mgt_server/ juniper@junos: show configuration security | display inheritance juniper@junos: show configuration applications | display inheritance juniper@junos: show configuration groups junos-defaults applications | display set juniper@junos: show interfaces statistics detail stormshield@sn: cat /usr/Firewall/ConfigFiles/Filter/slotinfo stormshield@sn: cat /usr/Firewall/ConfigFiles/Filter/ forcepoint@ngfw: GET elements/icmp_service/ stormshield@sn: config network interface show stormshield@sn: config object list type=all stormshield@sn: config object group show name="" stormshield@sn: config object internet show stormshield@sn: cat /usr/Firewall/ConfigFiles/objectgroup stormshield@sn: cat /usr/Firewall/ConfigFiles/geogroup stormshield@sn: config network ipv6 state forcepoint@ngfw: GET elements/fw_policy//fw_ipv4_access_rule/ forcepoint@ngfw: GET elements/single_fw//snapshot forcepoint@ngfw: GET elements/single_fw//snapshot/ forcepoint@ngfw: GET elements/network/ forcepoint@ngfw: GET elements/tcp_service/ forcepoint@ngfw: GET elements/udp_service/ forcepoint@ngfw: GET elements/application_situation/ forcepoint@ngfw: GET elements/ip_service/ forcepoint@ngfw: GET elements/fw_policy//fw_ipv4_access_rule fortinet@fortigate: diagnose sys external-resource-list forcepoint@ngfw: GET elements/interface_zone/ forcepoint@ngfw: GET elements/ip_country_group/ forcepoint@ngfw: GET elements/ip_list/ forcepoint@ngfw: GET elements/match_expression forcepoint@ngfw: GET elements/match_expression/ forcepoint@ngfw: GET elements/address_range/ forcepoint@ngfw: GET elements/single_fw//alias_resolving cisco@ftd: GET /api/fmc_config/v1/domain//policy/prefilterpolicies?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/portobjectgroups?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/protocolportobjects?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/securityzones?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/icmpv4objects?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/icmpv4objects/ cisco@ftd: GET /api/fmc_config/v1/domain//object/icmpv6objects?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//assignment/policyassignments?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/interfacegroups?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/networkgroups?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//policy/prefilterpolicies//prefilterrules?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/anyprotocolportobjects?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/urls?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/urlgroups?expanded=true paloalto@pan-os: show config pushed-shared-policy vsys paloalto@pan-os: show config pushed-shared-policy paloalto@pan-os: show interface cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//vlaninterfaces?expanded=true cisco@ftd: show dns cisco@ftd: show managers cisco@ftd: GET /api/fmc_config/v1/domain//policy/accesspolicies?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//policy/accesspolicies//accessrules?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//physicalinterfaces?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//subinterfaces?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//etherchannelinterfaces?expanded=true paloalto@pan-os: show interface all cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//fpphysicalinterfaces?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devices/devicerecords//fplogicalinterfaces?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//devicehapairs/ftddevicehapairs?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftddevicecluster?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain/{domainUUID}/devicegroups/devicegrouprecords?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/applications?expanded=true cisco@ftd: GET /api/fmc_config/v1/domain//object/networkaddresses?expanded=true fortinet@fortigate: show firewall vipgrp fortinet@fortigate: show firewall address6 fortinet@fortigate: show firewall addrgrp fortinet@fortigate: show firewall addrgrp6 fortinet@fortigate: show firewall policy fortinet@fortigate: show firewall profile-group fortinet@fortigate: show firewall service custom fortinet@fortigate: show firewall service group fortinet@fortigate: show firewall vip fortinet@fortigate: show firewall address fortinet@fortigate: show full-configuration application list fortinet@fortigate: show system interface fortinet@fortigate: show system zone fortinet@fortigate: show system sdwan fortinet@fortigate: diagnose sys external-address-resource list fortinet@fortigate: diagnose sys external-address-resource list fortinet@fortigate: show sys external-resource cisco@ftd: show summary fortinet@fortigate: get system status fortinet@fortigate: get system interface fortinet@fortigate: diagnose internet-service id [] fortinet@fortigate: diagnose firewall fqdn6 list fortinet@fortigate: diagnose firewall fqdn list-ip fortinet@fortigate: diagnose firewall fqdn list fortinet@fortigate: diagnose firewall auth ipv6 list fortinet@fortigate: diagnose firewall auth list paloalto@pan-os: request system external-list show type predefined-ip name paloalto@pan-os: request system external-list show type ip name paloalto@pan-os: request system external-list show type url name paloalto@pan-os: show object dynamic-address-group all paloalto@pan-os: show dns-proxy fqdn all paloalto@pan-os: request system fqdn show paloalto@pan-os: show config merged Legend: ✓=Full, ✗=Not Yet, ○=N/A