if we know the src , dst, port, protocol
The following arguments are always required to run the test security policy, NAT policy and PBF policy:
- Source — source IP address
- Destination — destination IP address
- Destination port — specify the destination port number
- Protocol — specify the IP protocol number expected for the packet between 1 and 255 (TCP — 6, UDP — 17, ICMP — 1, ESP — 50)
Note: In order to match the expected security policy when there are many security policies configured with the same source and destination zones, it is recommended to specify the source and destination zones
Testing Policy Rules:
Testing NAT Rules:
test nat-policy-match
CLi command-
test nat-policy-match protocol 6 from L3-Trust to L3-Untrust source 192.168.52.1 destination 171.161.148.173 destination-port 443
Testing PBF Rules:
Command-
test pbf-policy-match protocol 6 from L3-Trust source 192.168.52.1 destination 74.125.225.69 destination-port 80 application web-browsing
Leave a Reply