Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11086
Views
11
Helpful
2
Replies

Cisco ASA packet-tracer Palo Alto equivalent

Go to solution
James Simpson
Level 1
Level 1

‎08-20-2014 07:50 AM - edited ‎03-03-2019 07:34 AM

Hi All

 

 

 

Does anyone know if the Palo Alto 3020 boxes have an equivalent feature to the Cisco ASA Packet-tracer ?

 

 

many thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paulcian_2
Level 1
Level 1

‎09-18-2014 10:48 AM

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

View solution in original post

2 Replies 2

Go to solution
paulcian_2
Level 1
Level 1

‎09-18-2014 10:48 AM

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

Go to solution
MMstre
Level 3
Level 3
In response to paulcian_2

‎11-13-2018 09:00 AM

this is not the same thing.  test security-policy-match does not take into consideration the entire packet life, it only checks to see if there if there is a matching security profile.  you can create a deny all at the top, followed by an allow, and if you run a test against the allow rule, it will show you an "allow" result.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents