How To Test Security, NAT, and PBF Rules via the CLI in Paloalto

Posted by

if we know the src , dst, port, protocol

The following arguments are always required to run the test security policy, NAT policy and PBF policy:

  • Source — source IP address
  • Destination — destination IP address
  • Destination port — specify the destination port number
  • Protocol — specify the IP protocol number expected for the packet between 1 and 255 (TCP — 6, UDP — 17, ICMP — 1, ESP — 50)

Note: In order to match the expected security policy when there are many security policies configured with the same source and destination zones, it is recommended to specify the source and destination zones

Testing Policy Rules:

Testing NAT Rules:

test nat-policy-match

CLi command-

test nat-policy-match protocol 6 from L3-Trust to L3-Untrust source 192.168.52.1 destination 171.161.148.173 destination-port 443

Testing PBF Rules:

Command-

test pbf-policy-match protocol 6 from L3-Trust source 192.168.52.1 destination 74.125.225.69 destination-port 80 application web-browsing

[the-post-grid id=”9538″ title=””]

Leave a Reply

Your email address will not be published. Required fields are marked *

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!