I haven't had much luck with this, it doesn't seem to work as well as packet tracer. It's often returning that the traffic is blocked when in fact it is allowed.
Anyway you can give it a go, its down the bottom in the GUI "Test policy match"
On CLI:
test security-policy-match source 192.168.0.1 destination 8.8.8.8 destination-port 53 protocol 17
test security-policy-match source 192.168.0.1 destination 8.8.8.8 destination-port 443 protocol 6
Protocol 17 = udp
Protocol 6 = tcp
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/test-the-configuration/test-policy-matches
No comments:
Post a Comment