cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7006
Views
11
Helpful
2
Replies
Beginner

Cisco ASA packet-tracer Palo Alto equivalent

Hi All

 

 

 

Does anyone know if the Palo Alto 3020 boxes have an equivalent feature to the Cisco ASA Packet-tracer ?

 

 

many thanks

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

I have used the "test

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

2 REPLIES 2
Beginner

I have used the "test

I have used the "test security-policy-match" cli command which identifies the specific policy rule a source/destination traffic pair matches against.  You need to make sure you specify all fields (zone, src/dst network, protocol and ports.

Highlighted

Re: I have used the "test

this is not the same thing.  test security-policy-match does not take into consideration the entire packet life, it only checks to see if there if there is a matching security profile.  you can create a deny all at the top, followed by an allow, and if you run a test against the allow rule, it will show you an "allow" result.

CreatePlease to create content
Content for Community-Ad