Focus

Prisma SD-WAN ION CLI Reference

inspect network-policy dropped

Table of Contents

inspect network-policy dropped

Use the

inspect network-policy dropped

command to inspect the dropped network policy rules. A configuration drop occurs when the complexity of the configuration requires more resources than allowed by the resource limit.

The policy rule complexity depends on multiple factors:

Number of Applications.

Number of Source IP Prefixes in the Source Prefix List.

Number of Destination IP Prefixes in the Destination Prefix List.

Application overlap within Policy Sets and within a Policy Set Stack.

Generally, rules requiring the most resources (other than default rules) are dropped first to stay within the resource limit.

Command

inspect network-policy dropped

Options

None

Command Notes

Role	Super, Read Only
Related Commands	—
Introduced in	Release 5.0.3

Example

inspect network-policy dropped
				Network Policy Resource Usage:
				Resource Limit : 1350000
				Required Resources : 10
				Adjusted Resource Use : 10
				Non-Optimized Resource Use : 10
				No dropped rules found.inspect network-policy dropped
				Network Policy Resource Usage:
				Resource Limit : 400
				Required Resources : 423
				Adjusted Resource Use : 400
				Non-Optimized Resource Use : 423
				Network Policy Rule : 15300304239150020 : newrelic-Policy
				Policy Set : 15300304235910157 : MKC-OrigPolicySet1
				Stack Index : 0
				Application Count : 1
				Source Prefix : none
				Destination Prefix : none
				Resource Count : 1
				Network Policy Rule : 15300304237690074 : scps-Policy
				Policy Set : 15300304235910157 : MKC-OrigPolicySet1
				Stack Index : 0
				Application Count : 1
				Source Prefix : none
				Destination Prefix : none
				Resource Count : 1. . .

inspect network-policy conflicts

inspect network-policy hits policy-rules

Prisma SD-WAN ION CLI Reference

inspect network-policy dropped

inspect network-policy dropped

Command

Options

Command Notes

Example

Recommended For You