Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11095
Views
11
Helpful
2
Replies

Cisco ASA packet-tracer Palo Alto equivalent

Go to solution
James Simpson
Level 1
Level 1

‎08-20-2014 07:50 AM - edited ‎03-03-2019 07:34 AM

Hi All

 

 

 

Does anyone know if the Palo Alto 3020 boxes have an equivalent feature to the Cisco ASA Packet-tracer ?

 

 

many thanks

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paulcian_2
Level 1
Level 1

‎09-18-2014 10:48 AM

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

View solution in original post

2 Replies 2

Go to solution
paulcian_2
Level 1
Level 1

‎09-18-2014 10:48 AM

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

Go to solution
MMstre
Level 3
Level 3
In response to paulcian_2

‎11-13-2018 09:00 AM

this is not the same thing.  test security-policy-match does not take into consideration the entire packet life, it only checks to see if there if there is a matching security profile.  you can create a deny all at the top, followed by an allow, and if you run a test against the allow rule, it will show you an "allow" result.

Customers Also Viewed These Support Documents