Does anyone know if the Palo Alto 3020 boxes have an equivalent feature to the Cisco ASA Packet-tracer ?
Solved! Go to Solution.
this is not the same thing. test security-policy-match does not take into consideration the entire packet life, it only checks to see if there if there is a matching security profile. you can create a deny all at the top, followed by an allow, and if you run a test against the allow rule, it will show you an "allow" result.