Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 14

Negate a match

Dumb question - how can I negate a match in Cirrus Policy Manager? I'd like to match on a pattern and negate it so that the rule fails if it finds any further similar commands. For instance, in a config, I have two TACACS servers defined:

set tacacs server primary
set tacacs server

I want my rule to match only these two TACACS servers - if the policy manager finds any others, it should fail. Here's the current rule I have set up:

set tacacs server 192\.168\.(219|230)\.6( primary)?

I'd like to negate the match on 192.168.(219|230).6 so that if, for instance, shows up, the policy manager will report it. I've tried using the exclamation point, but it doesn't seem as though the regex engine that Cirrus uses accepts that as a character class.

Or, is there a better way to do this without negation?
0 Kudos
3 Replies
Level 15

We just introduced a new product which should help: FSM, Firewall Security Manager, more here

0 Kudos
Level 9

I do not have an answer, but I have a similar situation.

After checking for ACL compliance of a particular ACL; I want to report on any additional ACL assignments not already defined by the Policy rules.

I want to report on any added device ACL rules that are not part of the defined Cirrus ACL rules.

I do not know about a negation option within the RedEx engine; but I thought allowing the use of Boolean logic between defined rules would be beneficial.

0 Kudos

The best solution I have been able to come up with, is a pattern match across multiple lines (i.e. block of text).

For an acl list, this means that you can include the remark at the top of the access list, and the deny any at the bottom.

So for an acl like this...


access-list 49 remark Management Server
access-list 49 permit
access-list 49 deny   any

You can create a rule like this...

access-list 49 remark Management Server\s+access-list 49 permit 10\.1\.1\.11\s+access-list 49 deny   any


Not perfect, but without a true negation option it appears all we have.Dave.
0 Kudos