top of page
© Copyright not allowed
Search

How To Test Security, NAT, and PBF Rules via the CLI in Paloalto

Writer's picture: Techclick co_inTechclick co_in
Jan 23, 20241 min read

Updated: 3 days ago


If we know the src , dst, port, protocol

The following arguments are always required to run the test security policy, NAT policy and PBF policy:

  • Source — source IP address

  • Destination — destination IP address

  • Destination port — specify the destination port number

  • Protocol — specify the IP protocol number expected for the packet between 1 and 255 (TCP — 6, UDP — 17, ICMP — 1, ESP — 50)

Note: In order to match the expected security policy when there are many security policies configured with the same source and destination zones, it is recommended to specify the source and destination zones

Testing Policy Rules:

Testing NAT Rules:

test nat-policy-match

CLi command-

test nat-policy-match protocol 6 from L3-Trust to L3-Untrust source 192.168.52.1 destination 171.161.148.173 destination-port 443

Testing PBF Rules:

Command-

test pbf-policy-match protocol 6 from L3-Trust source 192.168.52.1 destination 74.125.225.69 destination-port 80 application web-browsing


0 views0 comments

Recent Posts

See All
bottom of page