Verify the Bypass Rule Configuration

Table of Contents

Configure Third-Party Agent Coexistence with Bypass Rules

Configure Advanced DNS Security Resolver for Prisma Access Agent

Verify the Bypass Rule Configuration

Verify bypass rules are working using the Prisma Access Agent command line interface (PACli).

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by Panorama)	Check the prerequisites for the deployment you're using Minimum required Prisma Access Agent version: 25.7 macOS 14 and later or Windows 10 version 2024 and later desktop devices Contact your Palo Alto Networks account representative to activate the Prisma Access Agent feature

After deploying the configuration, verify that bypass rules are working correctly on an endpoint that has the bypass rule configuration.

Use PACli commands on an endpoint to monitor traffic processing and confirm that bypassed traffic shows the Bypass connectivity in traffic logs.

For example, you set up a forwarding rule to bypass the *.cnn.com destination and you want to verify the traffic from *.cnn.com is bypassed.
1. On an endpoint, access cnn.com in a browser.
2. In a command prompt or terminal on the endpoint, issue the following command to show the forwarding rules in a forwarding profile:
  pacli traffic show
  
  The following image is an example of a forwarding profile on Windows. Note the forwarding rule named cnn bypass rule.
3. To show the details of the cnn bypass rule forwarding rule (rule 1 in the forwarding profile table), issue the following command:
  pacli traffic show 1
  
  The following is an example of the bypass forwarding rule:
4. To check the traffic log for the DNS packets of *.cnn.com that got bypassed, run the following command:
  pacli traffic log | grep cnn.com
  
  The following is an example of the DNS packets of cnn.com that got filtered on Windows:
5. To show the data connection for cnn.com that got bypassed:
  Run the curl command to transfer data from cnn.com. For example:
  curl cnn.com
  Grep the traffic log for the curl command:
  pacli traffic log | grep curl
  In the command output, make sure the data connection is Bypass. For example:
Verify that non-bypassed traffic continues to route through Prisma Access according to your other forwarding rules.

Suppose that the traffic from the booking.com website is supposed to go through the tunnel according to your forwarding profiles configuration.
1. Access the booking.com website on an endpoint.
2. Issue the following command:
  pacli traffic log | grep booking.com
3. In the command output, ensure that traffic from booking.com goes through the Tunnel. For example: