If we run show object-group command, it will list down all the object-group on the firewall.
Pix(config)# show object-group
object-group network dmz_servers
description: The DMZ shared servers
network-object host 192.168.2.3
network-object host 192.168.2.4
network-object host 192.168.2.5
object-group network Partners
description: The dealer and supplier partners
network-object host 172.16.21.119
network-object 192.168.7.0 255.255.255.0
network-object 192.168.12.0 255.255.253.0
Is there any specific command how to show only specific object-group?
As example, if I only want to get what is inside dmz_servers only, which command should I use?
show object-group dmz_servers
Show object-group network dmz_servers
But didn’t work. Please advice. Thanks
Solved! Go to Solution.
Unfortunately you won't be able to show just that particular object.
The closest you can do is to list that particular object on top of your show output as follows:
sh run object-group network | b Partners
Hope that helps.
i wonder why this feature is not added,as it is becoming a nightmare to find exact NAT statement for a particular IP's esp.when you have thousands of object statements. CLI is becoming unmanageable
thanks halijenn & pkampana for your reply.. forgot that ASA & PIX differ a little bit in their command.
Btw, this is the correct command to view specific group in both ASA & PIX
sh run object-group id dmz_servers
show object-group id dmz_servers
The command above can be used to verify object-group in ASA. But it won’t work against the object-group for service as below. Any advise in this matter would be highly appreciated.
The command below failed.
ASA5510# sh run object-group service Port_ABC
ERROR: % Invalid input detected at '^' marker.
This object-group actually exist on the firewall
object-group service Port_ABC tcp
port-object eq 2000
port-object eq 2111
port-object eq 2222
ASA5510# sh run object-group ?
icmp-type Show 'icmp-type' type of object group(s)
id Show specific object group
network Show 'network' type of object group(s)
protocol Show 'protocol' type of object group(s)
service Show 'service' type of object group(s)
| Output modifiers
ASA5510# sh run object-group service ?
| Output modifiers
Hi Anyone can suggest how many IP addresses can configure under a object-group network? (ASA 5550 ver 8.2)
My customer wants to configure 6000 IPs under a object-group and add the deny rule for this group.