Troubleshoot Policy Rule Traffic Match

Test the traffic policy match of the running firewall configuration.
To perform policy match tests for managed firewalls, test the policy rule configuration for your managed devices to ensure that the running configuration appropriately secures your network by allowing and denying the correct traffic. After the results are generated for traffic that was matched to configured rules, you can Export to PDF for auditing purposes.
  1. Log in to the Panorama Web Interface.
  2. Select PanoramaManaged DevicesTroubleshooting to perform a policy match.
    You may also run a policy match test from the Policies tab.
  3. Enter the required information to perform the policy match test. In this example, a Security policy match test is run.
    1. Select Security Policy Match from the Select Test drop-down.
    2. Select device/VSYS and select the managed firewalls to test.
    3. Enter the Source IP address from which traffic originated.
    4. Enter the Destination IP address of the target device for the traffic.
    5. Enter the Protocol IP used for the traffic.
    6. If necessary, enter any additional information relevant for your Security policy rule testing.
  4. Execute the Security policy match test.
  5. Select the Security policy match Results to review the policy rules that match the test criteria.
    test-policy-rule-match-example.png

Related Documentation