inspect network-policy lookup
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
inspect network-policy lookup
Use the inspect network-policy lookup command
to identify the potential network policies for an application flow.
The
options Source IP, Destination IP, and Network Context provide to
limit the list displayed and make it easier to identify changes.
Rules that override by another rule in the Active Override column
show the currently active policy rule.
Command
inspect network-policy lookup (app-wildcard | application= application name| nctx-wildcard | network-context= network context ID| srcv4=src-ipv4| dstv4=dstipv4)
Options
| all | Enter all to display hit count information for all network policy rules. |
| reset-diff | Enter reset-diff to reset New Hits to zero. |
| diff-only | Enter diff-only to display policy rules where the New Hits value is non-zero. |
| reset-diff | Enter reset-diff to reset New Hits to zero. |
| diff-only | Enter diff-only to display policy rules where the New Hits value is non-zero. |
Command Notes
| Role | Super, Read Only |
| Related Commands | — |
| Introduced in | Release 5.0.1 |
Example
inspect network-policy hits policy-rules diff-only Network Policy Name Policy ID Total Hits New Hits -------------------------- ----------------- ------------- ---------- enterprise-default 15037814306340038 175 175 Cloudgenix-Control-Policy 14732427836910250 58 58 ssl-Policy 14732427833800136 18 18 Cloudgenix-PCM-Policy 14732427839350042 48 48 ntp-Policy 14732427820940210 6 6
inspect network-policy lookup application=1658139887050014528 srcv4=30.1.1.2 dstv4=10.1.1.2 nctx-wildcard Requested App Id: 1658139887050014528 : icmp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Network Policy Rule : 1664343200310006628 : match icmp Policy Set : 1662009498094024828 : test user-id Stack Index | Order Number: 0 | 1024 Matching App Id : 1658139887050014528 : icmp Source Prefix : none Destination Prefix : none Users : UserGroups : : CN=engineering,DC=sdwanamsteltest,DC=onmicrosoft,DC=com : : CN=sales,DC=sdwanamsteltest,DC=onmicrosoft,DC=com : Network_Context Id : none Source : Destination : Active Override 0.0.0.0/0 : 0.0.0.0/0 : inspect network-policy lookup application=ssh Requested App Id: 16282366122080176 : ssh - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Network Policy Rule : 1652700894751007228 : testService Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 512 Matching App Id : 16282366122080176 : ssh Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 0.0.0.0/0 : 0.0.0.0/0 : Network Policy Rule : 1680667485074019628 : test-1 Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 0.0.0.0/0 : 0.0.0.0/0 : Network Policy Rule : 1666103611987024728 : pp_global_rule_1 Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : 1666155200086004428 : GlobalP1 Destination Prefix : 1666155062360019328 : GlobalP2 Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 172.16.0.0/12 : 10.0.0.0/8 : 10.0.0.0/8 : 10.0.0.0/8 : Network Policy Rule : 1652700894994004728 : enterprise-default Policy Set : 1652700894674004428 : Default Rule Policy Set (Simple) Stack Index | Order Number: 1 | 10024 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : 16282366020950094 : EnterpriseGlobalPrefix Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 0.0.0.0/0 : 10.23.23.3/32 : : 10.34.2.5/32 : : 20.5.4.0/32 : : 24.0.0.0/32 : : 192.168.0.0/32 : : 20.2.0.0/25 : : 12.0.2.0/24 : : 17.7.7.0/24 : : 20.0.0.0/24 : : 123.23.23.0/24 : : 192.0.2.0/24 : Network Policy Rule : 1652700894752004628 : default Policy Set : 1652700894674004428 : Default Rule Policy Set (Simple) Stack Index | Order Number: 1 | 10240 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 0.0.0.0/0 : 0.0.0.0/0 : 1680667485074019628 : test-1 Requested App Id: 16282366122080176 : ssh - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Network Policy Rule : 1652700894751007228 : testService Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 512 Matching App Id : 16282366122080176 : ssh Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override ::/0 : ::/0 : Network Policy Rule : 1666246797922021528 : Local-test-rule Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : 1666245510839004328 : Local-Test Destination Prefix : 1666246951267022228 : Local-Test-IPV6 Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 2001::/65 : 2001::/67 : : 2001::/65 : Network Policy Rule : 1680667485074019628 : test-1 Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override ::/0 : ::/0 : Network Policy Rule : 1666103611987024728 : pp_global_rule_1 Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : 1666155200086004428 : GlobalP1 Destination Prefix : 1666155062360019328 : GlobalP2 Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 2001:db8:3c4d:15::/64 : fc00::/7 : Network Policy Rule : 1671548683418013528 : test-count Policy Set : 1652700894685007028 : Policy Set (Simple) Stack Index | Order Number: 0 | 1024 Matching App Id : WILDCARD : Source Prefix : 1667902393539019128 : Nag Destination Prefix : 1667902393539019128 : Nag Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override 2222::/64 : 2222::/64 : Network Policy Rule : 1652700894994004728 : enterprise-default Policy Set : 1652700894674004428 : Default Rule Policy Set (Simple) Stack Index | Order Number: 1 | 10024 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : 16282366020950094 : EnterpriseGlobalPrefix Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override ::/0 : 2011:219a:3c4d:15::/64: : 2022:219a:3c4d:15::/64: Network Policy Rule : 1652700894752004628 : default Policy Set : 1652700894674004428 : Default Rule Policy Set (Simple) Stack Index | Order Number: 1 | 10240 Matching App Id : WILDCARD : Source Prefix : none Destination Prefix : none Users : any UserGroups : any Network_Context Id : none Source : Destination : Active Override ::/0 : ::/0 : 1680667485074019628 : test-1