08-20-2014 07:50 AM - edited 03-03-2019 07:34 AM
Hi All
Does anyone know if the Palo Alto 3020 boxes have an equivalent feature to the Cisco ASA Packet-tracer ?
many thanks
Solved! Go to Solution.
09-18-2014 10:48 AM
I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against. You need to make sure you specify all fields (zone, src/dst network, protocol and ports.
09-18-2014 10:48 AM
I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against. You need to make sure you specify all fields (zone, src/dst network, protocol and ports.
11-13-2018 09:00 AM
this is not the same thing. test security-policy-match does not take into consideration the entire packet life, it only checks to see if there if there is a matching security profile. you can create a deny all at the top, followed by an allow, and if you run a test against the allow rule, it will show you an "allow" result.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: