NAT policy match troubleshooting fields in the web interface.
Select the policy match test to execute.
) Select device
specify which devices and virtual systems for which to test the
policy functionality. Admin and device group & Template users
are presented with the devices and virtual systems based on their
access domain. Additionally, you can select the Panorama management
server as a device.
) Selected Devices
Lists the devices and virtual systems selected
Enter the zone where the traffic originated.
Select the destination zone of the traffic.
Enter the IP address where the traffic originated.
Enter the destination IP address of the
Enter the specific port the traffic originated
Enter the specific destination port for
which traffic is intended.
Enter the IP protocol used for routing.
Can be 0 to 255.
Enter the destination interface
on the device for which the traffic is intended.
HA Device ID
Enter the ID of the HA device:
—Secondary HA peer
Select to view the Result Details of the
) When executing the
test for multiple managed devices, the Results display the following
information for each device tested:
of the device group to which the firewall that is processing traffic
Firewall—Name of the firewall that is processing traffic
Status—Indicates the status of the test:
Result—Displays the test result. If the test could not be performed,
one of the following is displayed:
was not applicable to the device.
Device not connected
connection was dropped.
Shared policy disabled on device
Panorama settings on the device do not allow for the policy to be
pushed from Panorama.